Testing microservices is challenging. Dividing a system into components naturally creates inter-service dependencies, and each service has its own performance and fault-tolerance characteristics that need to be validated during development, the QA process, and continually in production. Join Daniel Bryant to learn about the theory, techniques and practices needed to overcome this challenge. Learning Outcomes: – Introduction to the challenges of testing distributed microservice systems – Learn tactics for isolating tests within a complex microservice ecosystem – Whistle stop tour of consumer-driven contract testing and API simulation – Implementing fault-injection testing to validate nonfunctional requirements in development and QA – An introduction and discussion of the need for continually validating microservice systems running in production, both through observability and practices like chaos engineering

1. Testing Microservices:
From Development to Production
Daniel Bryant
(with thanks to Abraham Marín-Pérez)

2. tl;dr
● Testing microservices brings additional challenges
● Pay special attention to integration surfaces
● Isolate services for loosely coupled tests
● Include tests that resemble production
● Make security testing a priority

3. Who am I?
@danielbryantuk
Product Architect at Datawire
Consultant, Writer
Java Champion, Conference Tourist
@abrahammarin
Developer, Consultant, Writer
Associate of Equal Experts
Software Plumber

4. (Microservice) Testing 101

5. Types of tests
From Agile Testing, by Lisa Crispin and Janet Gregory
https://lisacrispin.com/2011/11/08/using-the-agile-testing-quadrants/

6. https://martinfowler.com/articles/practical-test-pyramid.html
Fractal Nature of Testing

7. https://medium.com/@copyconstruct/testing-microservices-the-sane-way-9bb31d158c16
Evolution of QA

8. https://blog.getambassador.io/cloud-native-patterns-canary-release-1cb8f82d371a
https://learning.oreilly.com/library/view/chaos-engineering/9781491988459/
https://landing.google.com/sre/sre-book/chapters/monitoring-distributed-systems/

10. Testing Challenges with Microservices
● Cannot share a single environment: testing locally
● Full ecosystem unsuitable for local testing
● Lack of control over third-party dependencies

11. Isolation

12. Isolating Parts
Third Party

13. Isolating Parts
Third Party

14. https://martinfowler.com/articles/microservice-testing/#conclusion-summary

15. Isolating Parts: No Isolation
Third Party
https://www.continuousdeliveryconsulting.com/blog/end-to-end-testing-considered-harmful/

16. Wise words from Steve Smith
1. “The idea that testing a whole system will simultaneously
test its constituent parts is a Decomposition Fallacy.”
1. “The idea that testing a whole system will be cheaper than
testing its constituent parts is a Cheap Investment Fallacy.
https://www.continuousdeliveryconsulting.com/blog/end-to-end-testing-considered-harmful/

17. Semantic Txns / Synthetic Monitoring
https://martinfowler.com/bliki/SyntheticMonitoring.html

18. Isolating Parts: Unowned Components
Third Party

19. Test Doubles

20. Test Doubles
Dummy objects: passed around but never actually used.
Fake objects: working implementations not suitable for production
Stubs: provide canned answers to calls made during the test
Spies: stubs that also record some information based on how they were called.
Mocks: objects pre-programmed with expectations which form a specification of the
calls they are expected to receive.
Virtualizations: emulation of services, with expectations (not suitable for production)
https://www.martinfowler.com/articles/mocksArentStubs.html

27. JUnit Example

28. API Simulation Thoughts
● Useful when a dependency is “expensive” to mock
● Facilitates error handling tests when dependency failure
modes are challenging to recreate
● Simulations can be fragile and/or complicated

30. Isolating Parts: Service Interaction
Third Party

31. Focused on
service/function
Focused on
system
Contract Tests

32. API Contracts
APIs are service contracts
Many are producer-driven
It’s possible to design outside-in:
Consumer-Driven Contracts

33. Consumer-Driven
Contracts

34. Consumer-Driven Contracts
https://www.baeldung.com/pact-junit-consumer-driven-contracts

36. Consumer-Driven
Contracts

37. Consumer-Driven Contract Frameworks
https://docs.pact.io/ https://cloud.spring.io/spring-cloud-contract/

38. Consumer-Driven Contract Thoughts
● Useful in low-trust or low-communication organisations
○ Don’t use for blame: it’s a cue for a conversation
● Can be used to implement “TDD for the API”
● Resource intensive to create and maintain

39. https://bit.ly/2p68gBS

40. Isolating Parts: Data

42. www.owasp.org
https://www.owasp.org/index.php/C
ategory:OWASP_Top_Ten_Project

43. Security: Code

44. Security: Dependencies

45. Security: Container Images
github.com/arminc/clair-scanner

46. Conclusion
● Testing microservices brings additional challenges
● Pay special attention to integration surfaces
● Isolate services for loosely coupled tests
● Include tests that resemble production
● Make security testing a priority

47. Thanks!
I’m happy to take questions now
Or throughout the conference