Testing RESTful services: The What, The How and The Automated

Testing RESTful services
The What, The How and The Automated
@AlexeyBuzdin

View Slide

Lets start
with a tale…

View Slide

View Slide

Layered
Architecture

View Slide

View Slide

UI
Service
Unit

View Slide

UI
Service
Unit
Effort

View Slide

UI
Service
Unit
Effort Cost

View Slide

View Slide

BFF
BFF
DB
DB
DB
AMQP

View Slide

API is the new UI!

View Slide

To test a microservice
test it’s API

View Slide

Why API tests?

View Slide

Why API tests?
• Tests routing
• Tests serialization/deserialization
• Tests server response
• Can be written by a QA who does not knows the
code

View Slide

public class SimpleServlet extends GenericServlet {
public void service(ServletRequest request, ServletResponse response)
throws ServletException, IOException {
// do something in here
}
}
Simple Servlet

View Slide

Simple Servlet
@Controller
@RequestMapping("/")
public class SimpleController {
@RequestMapping(method = RequestMethod.GET)
public String get() {
return “Hello”;
}
}
(Annotation Driven Development … he.. he..)

View Slide

Why API tests?
• Tests routing
code

View Slide

Simple Servlet
@Controller
@RequestMapping("/")
public class SimpleController {
@RequestMapping(method = POST)
public String post(MyBean bean) {
….
}
}
Annotation Driven Development

View Slide

Why API tests?
• Tests routing
code

View Slide

DB
DB
AMQP
1. Isolate the Subject

View Slide

Hint: Decouple integrations from
your app
Design your integrations to be easily pluggable
and mockable in advance, or feel the
consequences

View Slide

http://projects.spring.io/spring-integration/

View Slide

Spring Integration
service-interface=“com.my.RequestGateway”
default-request-channel="requestChannel"/>

url="http://localhost:8080/http/receiveGateway"
http-method="POST"
expected-response-type="java.lang.String"/>

View Slide

Spring Integration
public interface RequestGateway {
String echo(String request);
}

View Slide

Moco
https://github.com/dreamhead/moco
java -jar moco-runner.jar http -p 12306 -c foo.json
{
"request": {
"json": { "foo": “bar" }
},
"response": { "text": “foo" }
}

View Slide

Moco
https://github.com/dreamhead/moco
server.request(by("foo")).response("bar");
MocoHttpServer server = new MocoHttpServer(ActualHttpServer.createLogServer(of(port())));
server.start();

View Slide

For DB Mocking

View Slide

For DB Mocking
• Substitute to an in-memory DB (Spring Data and
JPA/ Hibernate will help here a lot)
• Start up a clean instance of a DB for testing
• Reuse developers instance for testing purposes
• Mock data to be fetched from ﬁle system or
memory

View Slide

DB
DB
AMQP
2. Automate service startup

View Slide

Application Server?

View Slide

@RunWith(SpringJUnit4ClassRunner.class)
@SpringApplicationConﬁguration(classes = Application.class)
@WebAppConﬁguration
@IntegrationTest("server.port:0")
public class CharacterControllerTest {
@Value("${local.server.port}")
int port;
….
}

View Slide

@RunWith(Arquillian.class)
public class GreeterTest {
@Deployment
public static WebArchive.class createDeployment() {
return ShrinkWrap.create(WebArchive.class)
.addClasses(Greeter.class)
.setWebXML("WEB-INF/web.xml");
}
….
}
https://github.com/arquillian

View Slide

3. Write a HealthCheck test
@Test
public void applicationIsUp() {
given().port(8888).
when().get("/healthcheck").
then().statusCode(200);
}
https://github.com/jayway/rest-assured

View Slide

https://github.com/jayway/rest-assured
RequestSpeciﬁcation - build the request
ResponseSpeciﬁcation - contains parsed response
given().
param("name", "Johan").
cookie("cookie", "is mine").
body("{}").
header("Accept", "application/json")
then().
statusCode(200).
header("Content-Type", "application/json")

View Slide

@Test
public void applicationIsUp() {
given().port(8888).
when().get("/healthcheck").
then().statusCode(200);
}
Scenario: Application is up
Given baseUri is http://localhost:8888/
When GET request on /healthcheck
Then status code is 200
https://github.com/ctco/cukes-rest

View Slide

Hint: Always make url/port
configurable
At some point you would like to run the tests
against your hotfixed api or even generate some
traffic on your staging environment

View Slide

Lets test a Sample Server

View Slide

View Slide

REST is all about the resources
/robots

View Slide

C
R
U
D

View Slide

C
R
U
D
- POST
- GET
- PUT
- DELETE

View Slide

Scenario: Should accept a cute RoboGirl
Given request body:
"""
name : Tay.ai
personality : {
name : Tãy
race : Hispanic
age : 20
}
"""
When POST request on /robots
HJson / HumanJSON

View Slide

Scenario: Should accept a cute RoboGirl
Given request body:
"""
name : Tay.ai
personality : {
name : Tãy
race : Hispanic
age : 20
}
"""
And header Location ends with "/robots/Tay.ai"

View Slide

Accept tested
• Application is started
• Resource collection exists
• Provided JSON is parsed successfully
• No validation errors

View Slide

But we haven’t tested if the
resource was created on the server!

View Slide

Scenario: Should create a new Robot
…
And header Location ends with “/robots/Tay.ai"
When GET request on {(header.Location)}

View Slide

Created tested
• Application is started
• Resource collection exists
• Provided JSON is parsed successfully
• No validation errors
• Resource was stored on the server

View Slide

What did we miss?
Scenario: …..
Given request body:
"""
name : Tay.ai
personality : {
name : Tãy
race : Hispanic
age : 20
}
"""

View Slide

Test Actual Data
….
When GET request on /robots/Tay.ai
And response equals to:
"""
name : Tay.ai
personality : {
name : Tãy
race : Hispanic
age : 20
}
"""

View Slide

Unicode is not working
java.lang.AssertionError: 1 expectation failed.
Response body doesn't match expectation.
Expected: "{\"name\" : \"Tay.ai\", \"personality\" : { \"name\": \"Tãy\",\"race\" : \"Hispanic\",
\"age\" : 20}}"
Actual: {"name" : "Tay.ai", "personality" : { "name" : "T y","race" : "Hispanic","age" : 20}}

View Slide

Test Actual Data
….
And response equals to:
"""
name : Tay.ai
personality : {
name : Tãy
race : Hispanic
age : 20
}
"""

View Slide

Hint: Never use equals to compare
server response
Usually you have tons of stuff generated
automatically on the backend which value can not
be predicted in advance*:
createdOn, updatedOn, auto generated IDs, etc

View Slide

Hint: Use JSONPath and XPath to
assert equality
And response contains properties:
"""
name : Tay.ai
personality : {
name : Tãy
race : Hispanic
age : 20
}
"""
name = Tay.ai
personality.name = Tãy
personality.race = Hispanic
personality.age = 20

View Slide

JSONPath and Arrays
name : Tay.ai
personality : {
name : Tãy
race : Hispanic
age : 20
}
skills: [
"driving",
"hacking",
"translating"
]
name = Tay.ai
personality.name = Tãy
personality.race = Hispanic
personality.age = 20
skills[0] = driving
skills[1] = hacking
skills[2] = translating

View Slide

Hint: Arrays are unordered if
fetched straight from DB
Either implement order by or ﬁnd the correct
index programmatically

View Slide

JSONPath and the World

View Slide

To Sum Up

View Slide

View Slide

Hint: Always prepare test data
yourself
You don’t want to have race conditions or any
other unexpected trouble born from shared state.

View Slide

Hint: Run your tests in parallel
• Conﬁgure failsafe or gradle conﬁg to have
maxParallelForks > 1
• Organise your test scenarios into Test Suites
with atomic sense

View Slide

More POST on a resource
• Created successfully -> Created (201)
• Missing a mandatory property -> BadRequest (400)
• Validation failed -> BadRequest (400)
• Resource already exists -> Conﬂict (409)
• Unsupported Media Type (415)

View Slide

• Created successfully -> Created (201)
• Resource already exists -> Conﬂict (409)
More POST on a resource

View Slide

Hint: Expose all errors and conditions
to the client in RESTful way!
REST is statless; be statless with errors as well!

View Slide

C
R
U
D
- POST
- GET
- PUT
- DELETE

View Slide

More GET on a resource
• Get existing resource -> OK (200)
• Get non existing resource -> Not Found (404)

View Slide

DELETE on a resource

View Slide

DELETE on a resource
• Delete non existing resource -> Not Found (404)
• Delete existing resource -> OK (200)
• Resource is in use -> Forbidden (403)

View Slide

PUT on a resource

View Slide

PUT on a resource
• Update non existing resource -> Not Found (404)
• Update existing resource -> OK (200)
• Resource is in use -> Forbidden (403)

View Slide

One CRUD but a lot of effort
/robots

View Slide

Hint: Invest into describing your API
Either it be a API Doc or better an API
representation in some data format

View Slide

Open APIs
https://openapis.org/

View Slide

swagger: 2.0
host: petstore.swagger.io
schemes: [ “http" ]
consumes: [ “application/json" ]
produces: [ “application/json" ]
paths: {
/pets: {
post: {
summary: Create a pet
responses: {
201: { description: "Null response” }
default: {
description: unexpected error,
schema: { $ref: “#/deﬁnitions/Error" }
}
….
}}}}
Error: {
required: [
“code", “message"
],
properties: {
code: {
type: integer
format: int32
},
message: {
type: string
}
}
}

View Slide

View Slide

Alternatives
http://nordicapis.com/top-speciﬁcation-formats-for-rest-apis/
• http://raml.org/
• https://github.com/apiaryio/api-blueprint

View Slide

Asynchronous
Scenario: …..
….
And header Location contains "/robots/Tay.ai"
….

View Slide

Asynchronous
await().until(newRobotIsCreated());
await().until( getRobot(“Tay.ai”), isNotNull() );
https://github.com/jayway/awaitility

View Slide

Asynchronous
https://github.com/jayway/awaitility
with().pollInterval(ONE_HUNDERED_MILLISECONDS)
.and().with().pollDelay(20, MILLISECONDS)
.await(“creating a robot”)
.until(getRobot(“Tay.ai”), hasProperty(“status”, is(“live”));

View Slide

Other REST-assured features
• form
• basic
• certiﬁcate
• oauth
• oauth2
Easy authentication mechanism

View Slide

Other REST-assured features
• proxy support
• JSON-Shema validation
• Multi-value headers and cookies
• Multi-part form data support
• Filters

View Slide

Points Made

View Slide

Points Made
• In addition to unit, integration and ui tests, cover at
least core functionality and cases with API tests
• Design your app integrations to be easily pluggable
and mockable
• Decouple connection settings with the test suite itself
(uri, proxy settings, authentication methods, etc)
• Never use equals to compare server response and try
to identify the most signiﬁcant properties for a the
comparison, over making an all-to-all comparison

View Slide

Points Made
• Don’t relay on existing data and prepare ones for
testing before test starts
• Design your tests to be easily parallel and sort
them in a way that they won’t affect each other
• Invest in having a descriptive API
representation like Swagger, RAML, or API
Blueprints
• Use JSONPath to assert the results

View Slide

Points Made
• Don’t relay on existing data and prepare ones for
testing before test starts
• Design your tests to be easily parallel and sort
them in a way that they won’t affect each other
• Invest in having a descriptive API
representation like Swagger, RAML, or API
Blueprints
• Use JSONPath/XPath to assert the results

View Slide

Tools to look at
• REST-assured or cukes-rest for testing RESTful api
• Awaitility to deal with asynchronous jobs
• Swagger, RAML, API Blueprint for API description
• Arquillian to start up your Java EE based projects
• Moco to startup a mock web service
• HJSON is awesome!

View Slide

TESTS ARE MADE
TO MAKE YOU FEEL SECURE!

View Slide

LIKE A LOVELY HUG ♥

View Slide

Q&A
Thank You!

View Slide

Testing RESTful services: The What, The How and The Automated

Testing RESTful services: The What, The How and The Automated

Alexey Buzdin

More Decks by Alexey Buzdin

Other Decks in Programming

Featured

Transcript