Testing microservices is challenging. Dividing a system into components (à la microservices) naturally creates inter-component dependencies, and each service has its own performance and fault-tolerance characteristics that need to be validated during development, the QA process, and continually in production. Attend this meetup to learn about the theory, techniques, and practices needed to overcome this challenge. You will:
• Get an introduction to the challenges of testing distributed microservice systems
• Learn how to isolate tests within a complex microservice ecosystem
• Hear about several tools for automating vulnerability and security scanning for code, dependencies, and deployment artifacts
2. tl;dr
● Testing microservices brings additional challenges
● Pay special attention to integration surfaces
● Isolate services for loosely coupled tests
● Include tests that resemble production
● Make security testing a first-class citizen
3. Who are we?
@danielbryantuk
Tech Consultant and Writer
Product Architect at Datawire
Java Champion
Conference Tourist
@abrahammarin
Developer, Consultant, Writer
Associate of Equal Experts
Software Plumber
5. Challenges
● Cannot share a single environment: test locally
● Full ecosystem unsuitable for local testing
● Lack of control over third-party dependencies
13. Test Doubles
Dummy objects: passed around but never actually used.
Fake objects: working implementations not suitable for production
Stubs: provide canned answers to calls made during the test
Spies: stubs that also record some information based on how they were called.
Mocks: objects pre-programmed with expectations which form a specification of the
calls they are expected to receive.
Virtualisations: emulation of services, with expectations (not suitable for production)
21. API Simulation Thoughts
● Useful when a dependency is “expensive” to
access or tricky to mock
● Facilitates error handling tests when dependency
failure modes are challenging to recreate
● Simulations can be fragile and/or complicated
29. Consumer-Driven Contract Thoughts
● Great in low trust or low communication organisations
○ Act as a cue for a conversation
● Can be used to implement “TDD for the API”
● Resource intensive to create and maintain
51. Conclusion
● Testing microservices brings additional challenges
● Pay special attention to integration surfaces
● Isolate services for loosely coupled tests
● Include tests that resemble production
● Make security testing a first-class citizen
The quadrants hint at a number of challenges, which for microservices is even harder because… (and then bullet points)
Full ecosystem: too large, too diverse, too evolving
to avoid gaps:
expanding levels (concentric dotted lines, brittle, inefficient)
chained levels (overlapping dotted lines, requires more management)
All about trade-offsto avoid gaps:
expanding levels (concentric dotted lines, brittle, inefficient)
chained levels (overlapping dotted lines, requires more management)
the whole is more than the sum of the parts, need to avoid silos
no isolation, but closest to user experience. Necessary evil?
biggest fully-controlled test. Need to use test doubles for unowned components
Try to find better word for unowned
to avoid gaps:
expanding levels (concentric dotted lines, brittle, inefficient)
chained levels (overlapping dotted lines, requires more management)
Expect people to know this, just in case.
Back-up: DBUnit, Utilis
Prepare for anecdotes
Expect people to know this, just in case.
Back-up: DBUnit, Utilis
Prepare for anecdotes
Expect people to know this, just in case.
Back-up: DBUnit, Utilis
Prepare for anecdotes
Expect people to know this, just in case.
Back-up: DBUnit, Utilis
Prepare for anecdotes
QPid works with AMQP 1.0
ActiveMQ as well, but only later versions (5.8 or later)
Mention Franck Pachot’s talk about how SQL varies
“Copy” tl;dr
Extra challenges when workin with microservice
Test doubles, options
Careful with Long-running queries, different tools for isolation,e tc. (one liner)
security