Abstract: A computer-implemented method, according to one approach, includes: receiving a request to migrate sensitive data from a first volume in a first trusted TEE to a second volume in a second TEE. The computer-implemented method further includes generating migration metadata that outlines the sensitive data. The sensitive data is also extracted from the first volume. A new container image is created, such that the migration metadata and the sensitive data are packaged therein. Furthermore, the new container image is sent to the second TEE.

Abstract: Method, systems, and computer program products for access configuration in hybrid network environments are disclosed. According to the method, an access configuration request is received from a client device in a first network environment, wherein the access configuration request is associated with an access to a network resource in a second network environment and comprises first authentication information associated with the client device. Further, second authentication information associated with the network resource is obtained. The first and second authentication information is further used to determine whether the access configuration request is verified. If the access configuration request is verified, connectivity between the client device and the network resource can be automatically established.

Abstract: A method, system, and computer program product for improving debugging efficiency through fallibility skip functionality are provided. The method initiates a fallibility skip mode within a programming environment. The method identifies a code module to be translated from a first coding language to a second coding language. The code module including a function statement. A modified function statement is generated based on the function statement and the initiation of the fallibility skip mode. One or more exception handling functions are added based on the modified function statement and the fallibility skip mode. The method generates a modified code module in the second coding language based on the fallibility skip mode.

Abstract: Embodiments of the present invention provide computer-implemented methods, computer program product, and computer systems. One or more processors assign an identifier that specifies a number of resources and a category associated with a respective image layer of a plurality of image layers. One or more processors, in response to receiving a user request, identify image layers of the plurality of image layers that match the identifier based on dependencies between the plurality of image layers. One or more processors can retrieve matched layers based on the functionality of respective image layers and the dependencies of those respective image layers.

Abstract: Mechanisms are provided for collecting telemetry data from an observability tool of a container executing on a host computing system. The mechanisms configure a shared memory to implement a telemetry data buffer. The telemetry data buffer is shared by observability tool instances of a plurality of containers on one or more host computing systems. Observability tool instance(s) collect telemetry data from a corresponding container in the plurality of containers. The collected telemetry data is written to a record in the telemetry data buffer. A backend computing system accesses the records in the telemetry data buffer to apply analytics to the telemetry data.

Abstract: A computer-implemented method for a service mesh to simulate and address a situation in which there are several transactions among services with an asynchronous relationship between the services is provided. The computer-implemented method includes identifying that the situation occurs with a response provided to a user upon a user invocation of one of the services, analyzing the situation to determine that the asynchronous relationship between the services caused an error in at least one of the several transactions, recording data of a next user invocation of the one of the services, modifying the data of the next user invocation of the one of the services to correct the error and to thereby generate modified data, simulating an execution of the next user invocation of the service using the modified data and confirming that the modified data corrects the error based on results of the simulating.

Abstract: Examples described herein provide a computer-implemented method for identifying regression test failures that includes comparing a base code to a new code to locate an updated aspect of a program. The method further includes inserting debug code into corresponding source files for each of the base code and the new code for the updated aspect. The method further includes building a first image for the base code and a second image for the new code, the first and second images running in respective first and second containers. The method further includes comparing debugging outputs from a regression test of the respective first and second containers to identify a regression test failure. The method further includes implementing a corrective action to correct the regression test failure.

Abstract: Converting shared libraries is provided. A shadow shared library is generated based on symbol information of each respective symbol of an original shared library. A symbol receiver that corresponds to the shadow shared library is generated. The symbol receiver corresponding to the shadow shared library and the original shared library are deployed as a microservice on a set of servers.

Abstract: Computer implemented method, systems, and computer program products include program code executing on a processor(s) obtain a first container comprising image layers, wherein the image layers include a base image layer and one or more image layers. The program code determines dependencies between the image layers. The program code obtains a request for an application where at least one image layer of the one or more image layers comprises features of the application. The program code identifies, based on the dependencies, at least one additional image layer related to the at least one image layer. The program code generates and deploys a second container, where image layers of the second container consist of the at least one image layer, the at least one additional image layer related to the at least one image layer, and the base layer.

Abstract: Secure container use is provided. The method generates respective user group permission identifications associated with image layer staging operations permissions assigned to different user groups as well as a list of the user group permission identifications. Responsive to a request from a user to perform an image layer staging operation, the method verifies whether the user has a user group permission identification in the list of the user group permission identifications. Responsive to verification that the user has a user group permission identification in the list of the user group permission identifications, the requested operation is executed. Responsive to determination that the user does not have a user group permission identification in the list of the user group permission identifications, the requested operation is denied.

Abstract: Methods, computer program products, and systems are presented. The method computer program products, and systems can include, for instance: examining image layers of a container image and generating, in dependence on the examining, layer dependency relationship data that specifies layer dependency relationships of the container image; storing in a container repository the layer dependency relationship data that specifies layer dependency relationships of the container image; in response to receipt of a download request that specifies a targeted layer of the container image, analyzing relationship data of the layer dependency relationship data; in dependence on the analyzing, identifying a subset of image layers of the container image preceding the targeted layer; and establishing a deployment container image in dependence on the identified subset of image layers.

Abstract: Techniques according to the present disclosure may include receiving, at a computer, a command for performing an action on a first image layer of a first container repository. A second container repository is determined which has a dependency on the first container repository, based on a dependency graph storing dependencies of a plurality of container repositories. The action is performed on the first image layer of the first container repository and a corresponding action on a second image layer of the second container repository based on the command.

Abstract: A computer-implemented method for a service mesh to simulate and address a situation in which there are several transactions among services with an asynchronous relationship between the services is provided. The computer-implemented method includes identifying that the situation occurs with a response provided to a user upon a user invocation of one of the services, analyzing the situation to determine that the asynchronous relationship between the services caused an error in at least one of the several transactions, recording data of a next user invocation of the one of the services, modifying the data of the next user invocation of the one of the services to correct the error and to thereby generate modified data, simulating an execution of the next user invocation of the service using the modified data and confirming that the modified data corrects the error based on results of the simulating.

Abstract: An example operation may include one or more of storing access requirements of a containerized environment, identifying a plurality of types of users of the containerized environment based on the access requirements, identifying a plurality of different restriction priorities for the plurality of types of users within the containerized environment, respectively, based on the access requirements, dynamically generating an access policy that satisfies the plurality of different restriction priorities for the plurality of types of users within the containerized environment, and transforming the access policy into a plugin.

Abstract: A method, computer program product, and computer system for implementing tasks on managed nodes. A specified task to be performed by an Ansible module on one or more managed nodes of two or more managed nodes is received. The one or more managed nodes are determined based on an attribute value of a hostDecision attribute of the Ansible module. The attribute value may be primaryNode, allNodes, or Dynamic, where: primary Node requires the one or more managed nodes to be a primary node, allNodes requires the one or more managed nodes to be the two or more managed nodes, and Dynamic requires the one or more managed nodes to be determined dynamically based on runtime information. The Ansible module is sent to the one or more managed nodes to perform the task on the one or more managed nodes.

Abstract: A method, system, and computer program product are configured to: create a link tracing data structure in response to receiving a request from a user interface (UI), wherein the link tracing data structure includes a synchronization identifier and information about user actions in the UI; handle the request by calling plural microservices; add respective synchronization content for each one of the plural microservices to the link tracing data structure, wherein the respective synchronization content for a respective one of the plural microservices comprises: the synchronization identifier; a respective step identifier that identifies the respective one of the plural microservices; and a respective synchronization message that describes an execution status of the respective one of the plural microservices; store the link tracing data structure; and provide the link tracing data structure to a requesting user.

Abstract: Managing execution of eBPF program capabilities is provided. A comparison of a currently in use helper-id list with an allowable helper-id list of an eBPF program is performed. It is determined whether a set of unallowable helper-ids exists that is included in the currently in use helper-id list but not in the allowable helper-id list based on the comparison. A blocked helper-id list of the eBPF program that includes the set of unallowable helper-ids and a corresponding unallowable capability of each respective unallowable helper-id is generated in response to determining that the set of unallowable helper-ids does exist. The set of unallowable helper-ids and the corresponding unallowable capability of each respective unallowable helper-id is removed from bytecode of the eBPF program in order to have only allowable helper-ids remain in the bytecode along with corresponding allowable capabilities of the eBPF program.

Abstract: Embodiments relate to methods, systems, and computer program products for path management in a processing system. In a method, in response to receiving a request for adding a target controlling unit into a processing system, a plurality of network nodes in the processing system are divided into a group of subnets based on a topology of the plurality of network nodes, the plurality of network nodes being connected to at least one controlling unit in the processing system. A workload estimation is determined, the workload estimation representing a workload to be caused by the target controlling unit to the processing system. A target subnet is selected from the group of subnets for connecting the target controlling unit into the processing system based on the workload estimation. With these embodiments, the target subnet may be selected in an automatic way such that the performance of the processing system may be increased.

Abstract: Embodiments of the invention include a computer-implemented method that includes accessing, using a processor, a loader library; using the processor to generate a mock library comprising a mock version of the loader library; using the processor to containerize the loader library; and using the processor to unload the loader library.

Abstract: Data protection using portable data structures includes packaging ciphertext blocks into portable data structures, the ciphertext blocks being produced based on encryption of plaintext blocks according to a block encryption mode that includes dependencies between cryptographic processing of the plaintext blocks, the dependencies including decryption of a first ciphertext block being dependent on a second ciphertext block or decryption processing of the second ciphertext block, the packaging including providing, for each ciphertext block that has a dependency on another ciphertext block, an associated dependency label in the portable data structure in which the ciphertext block is packaged, and distributing the portable data structures to nodes such that portable data structures, of the portable data structures, that package ciphertext blocks between which at least one dependency exists are distributed to different nodes of the nodes.