As Code Testing: Characterizing Test Quality in Open Source Ansible Development

Mohammad Mehedi Hassan and Akond Rahman in International Conference of Software Testing, Validation, and Veriification (ICST), 2022 Pre-print

Infrastructure as code (IaC) scripts, such as Ansible scripts, are used to provision computing infrastructure at scale. Existence of bugs in IaC test scripts, such as, configuration and security bugs, can be consequential for the provisioned computing infrastructure. A characterization study of bugs in IaC test scripts is the first step to understand the quality concerns that arise during testing of IaC scripts, and also provide recommendations for practitioners on quality assurance. We conduct an empirical study with 4,831 Ansible test scripts mined from 104 open source software (OSS) repositories where we quantify bug frequency, and categorize bugs in test scripts. We further categorize testing patterns, i.e., recurring coding patterns in test scripts, which also correlate with appearance of bugs. From our empirical study, we observe 1.8% of 4,831 Ansible test scripts to include a bug, and 45.2% of the 104 repositories to contain at least one test script that includes bugs. We identify 7 categories of bugs, which includes security bugs, and performance bugs that are related with metadata extraction. We also identify 3 testing patterns that correlate with appearance of bugs: assertion roulette, local only testing, and remote mystery guest. We conclude our paper by discussing the implications of our findings for practitioners.