Consumer-driven contracts: avoid microservices integration hell! (LondonCD - Oct 2016)

•Download as PPTX, PDF•

4 likes•1,496 views

Talk from Oct 11th 2016 at LondonCD (https://www.meetup.com/London-Continuous-Delivery) Autonomy and isolation are some of the core values of microservices, allowing for independent changes and independent deployments. As loosely coupled services interact on interfaces managed under different life-cycles and even different teams, making sure that a simple change did not break the application can turn into an integration nightmare. Consumer-Driven Contracts testing brings an alternative integration testing approach for distributed systems, relying less on live-like integration environments and more on making interactions explicit and quickly verifiable. This talk cover how Newsweaver (https://www.newsweaver.com/email-overview) has made CDCs part of its pipeline with Pact and how it improved collaboration and confidence between teams when designing APIs.

Technology

Consumer-driven contracts
Avoid microservices integration hell!
@PierreVincent
Oct 11th, 2016

Pierre Vincent
Technical Team Lead at Newsweaver
techblog.newsweaver.com
@PierreVincent

Login
Service
User
Service
API
GET /users/pierre
{
"user": "pierre",
"name": "Pierre Vincent",
"role": "publisher"
}
200 OK
How do we
test this?

Running in Prod
Tests Pass in
Build
Implement
changes
Deployed in
Prod
User
Service
Login
Service
!
✓ ✓ ✓ ✓
✓
{
...
"role": "editor"
}
{
...
"roles": ["publisher","editor"]
}
Running in Prod
✓ ✓

Maybe we should have tested before deploying to
production…?
Tested what
though?

Users
Service
Login
Service
IP
Check
Service
Token
Gen
Service
Cert/Key
Service
Login
Frontend
We only
wanted to
test this bit!

Contract
Login
Service
User
Service
API
Authentication Team Users Team

[docs.pact.io]
PACT Specification
Verification philosophy: Tolerant Reader
Implementation guidelines
Implementations

Login
Service
User
Service
A
P
I
Pact
Mock
Server
Authentication Team Users Team
Pact
Consumer
Unit Test
Define
interaction
Trigger
interaction
Generate
Pact
Pact
Provider
Test
Share
Pact
Replay
interaction
Replay &
Verify
Play &
Record

Consumer
Provider
Assumption
Request
Expected
Response
Login Service
User Service
Given that user 'pierre' exists
Method GET
Path /users/pierre
Headers
Accept: application/json
Status 200
Headers
Content-Type: application/json
Body
{
"user": "pierre",
"name": "Pierre Vincent",
"role": "publisher"
}
Interaction

Authentication
Dev Team
Users
Dev Team
CMS
Dev Team
Billing
Dev Team
Pact
Broker
PACT
PACT
PACT
PACT
PACT
PACT
PACTPACT
PACT
PACT

Pact
Broker
Dependency
Graphs
Living documentation
by example
✓ Versioning
✓ Tagging
✓ REST Api
Build/Deployment
Pipeline integration

Provider pipeline
Implement changes Get Pacts from Broker
Replay & Verify
Interactions
Deploy Service
Build
Deploy to EU
PROD-EU
Get Pacts from Broker
Replay & Verify
Interactions
Stop deployment of
incompatible Provider
Stop introduction of
breaking change
PROD-US
PROD-EU

Consumer pipeline
Implement
changes
Generate Pacts
(Build)
Push Pacts to
Broker
Tag Pacts
Each Provider verifies Pacts Deploy Service Tag Pacts
Build
Deploy to EU
HEAD
Stop deployment of
incompatible Consumer
HEAD
PROD-EU

Caution: side-effects may include teams
collaborating on API design

Provider state setup for each interaction
Confidence comes from coverage:
don’t limit to happy paths
Automation within
deployment pipeline isn’t trivial
What’s the catch…?

After 2 years of CDCs...
Increased confidence when coding & deploying
✓
Collaborative API design
✓
Living API documentation
✓

Pact docs.pact.io, github.com/pact-foundation
Pact Broker github.com/bethesque/pact_broker
Try it out!
“Pact Matrix” (Beth Skurrie) rea.tech/enter-the-pact-matrix-or-how-to-decouple-the-release-
cycles-of-your-microservices
Why should you use CDC for microservices integration tests
techblog.newsweaver.com/why-should-you-use-consumer-driven-contracts-for-microservices-
integration-tests
Sharing CDCs with Pact Broker
techblog.newsweaver.com/sharing-consumer-driven-contracts-with-pact-broker
More reading...

techblog.newsweaver.com
Questions?
@PierreVincent

The API economy is here and it's fueling disruption in many established industries. In response to this. many companies are looking to increase their agility through breaking down legacy monoliths into discrete services focused around specific business capabilities. Whilst this approach has many advantages, there are potential pitfalls awaiting the unwary. The number of integration points between these distributed components is greatly increased. Considering such an architecture, a naïve approach could be to simply continue to apply traditional integration testing techniques as this can lead to spiraling cost of ownership through brittle test suites. What can we do to mitigate this risk while still giving us the confidence that the various services will work cohesively? In this session we will explore using consumer driven contacts, specifically Pact, to solve this problem and share some lessons learned from the trenches.

Consumer Driven Contracts and Your Microservice Architecture

Marcin Grzejszczak

TDD introduced many improvements into the development process, but in our opinion the biggest impact relates to code design. Looking at the code from the usage perspective (by first writing an acceptance test) allows us to focus on usability rather than concrete implementation. Unfortunately, we usually rest on our laurels not trying to uplift this practice to the architecture level. This presentation will show you how you can use the Spring Cloud Contract Verifier functionality in order to have a fully automated solution to stub your HTTP / Messaging collaborators. Just by adding proper configuration, you'll surround the microservices you are testing with faked stubs that are tested against their producer, making much more realistic tests. We will write a system using the CDC approach together with Spring Boot, Spring Cloud and Spring Cloud Contract Verifier. I'll show you how easy it is to write applications that have a consumer-driven API, allowing a developer to speed up the time for writing better quality software.

Pacts to the Rescue - Making your microservices play nicely together with Con...

Beth Skurrie

The document discusses how consumer-driven contracts (CDCs), as implemented by the Pact framework, can help microservices interact reliably through contract testing. It outlines issues with traditional integrated tests, such as being slow, brittle, and difficult to maintain as services evolve. Pact addresses these by automating contract verification between independently-developed services through fast, isolated tests. This allows teams to catch integration issues early and continuously validate interoperability.

TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...

Michael Kuehne-Schlinkert

It can be tough to test an apparently simple service comprehensively. A microservice architecture brings a new level of complexity to the question “How can we validate that our API is working as intended?” In this talk Michael will explain how to use test driven development for APIs and even further how TDD can drive an API Design towards a more usable design, and how to build an well-tested ecosystem of microservices. This approach is applicable for different kinds of services (REST APIs, websockets, industrial protocols). Independent from the type of interface we always ran into similar problems when we build an ecosystem of services. We have to deal with dependency, asynchronous behaviours, fallback mechanisms, endpoint versioning and sometimes even shared databases. It’s not trivial to apply TDD to these kinds of problems cause you have to think of scenarios. But there are ways of identify these scenarios and to test them. As an API specialist Michael worked with various clients designing, building, testing, maintaining and even redesigning private and public services. Based on his project experience he developed a practical approach to apply TDD to APIs in microservice ecosystems.

Digital Methods Winterschool 2012: API - Interfaces to the Cloud

Digital Methods Initiative

This document discusses APIs (application programming interfaces) and their role in web development. It defines APIs as specifications that allow software components to communicate with each other. On the web, APIs typically use HTTP requests and JSON/XML responses to allow access to structured data and services. This has enabled the combination of multiple online services into new applications. As more websites provide APIs, the web itself is becoming a platform that outside developers can build upon. However, there are also limitations and ethical issues to consider regarding APIs, including restricted access, changing formats, and debates around scraping data versus using official APIs.

Contract testing and Pact

Seb Rose

The document discusses contract testing in software development. It begins with background on contract testing and describes the need for contract testing to validate assumptions about how code components collaborate. It then discusses different types of contracts, including explicit contracts defined by interfaces and implicit contracts assumed during testing. The document introduces the Pact framework for defining contracts between services and consumers through mock implementations. It emphasizes that contract testing supports independent deployment of services but is not a substitute for other types of testing or communication between teams.

Consumer contract testing

Rafiq Gemmail

The document discusses consumer contracts when building applications with a microservices architecture. It defines a contract as a shared understanding between a service provider and consumer about the expected behavior of their interaction. It recommends using consumer contract testing tools like Pact to validate contracts and provide feedback to both internal and external services when changes may break expectations. The tests check that a service still behaves as its consumers anticipate even as it evolves independently. This allows faster innovation while maintaining confidence in collaborations between loosely coupled services.

This document discusses consumer-driven contract testing and introduces Pact, a testing framework that uses consumer-driven contracts. It poses four problems around evolving services without breaking clients. It then describes the basic flow of consumer-driven contracts where the consumer generates and shares a contract with the provider to test against. Pact enables evaluating contracts throughout a provider's development cycle to ensure fast, confident and less error-prone continuous delivery of services.

Contract testing. Isolated testing of microservices with pact.io - Evgeniy Ku...

Evgeniy Kuzmin

vodQA(Pune) 2018 - Consumer driven contract testing using pact

vodQA

This document introduces consumer-driven contract testing using Pact. It discusses problems with traditional unit, integration and end-to-end tests. Contract testing captures the interactions between a consumer and provider as tests. It registers expectations of the request and validates the response. This allows each component to be tested independently and improves test isolation, speed and reliability over other strategies. Pact is a framework for contract testing that supports multiple languages and platforms.

Consumer-Driven Contract Testing - Workshop - January 2021

Paulo Clavijo

Paid Content Platforms

Juan Varela

The document profiles various platforms for monetizing digital content from newspapers. It summarizes responses from companies to a Request for Information issued by the Newspaper Association of America. The profiles provide information on each company's solution, business model, timeline and key capabilities. The profiles cover both publisher-focused systems under development and existing tools/services that could be used to create a solution. The goal is to help newspapers make strategic decisions on paid content approaches.

Consumer Driven Contracts and Your Microservice Architecture

Marcin Grzejszczak

Consumer driven contracts (CDC) are like TDD applied to the API. It’s especially important in the world of microservices. Since it’s driven by consumers, it’s much more user friendly. Of course microservices are really cool, but most people do not take into consideration plenty of potential obstacles that should be tackled. Then instead of frequent, fully automated deploys via a delivery pipeline, you might end up in an asylum due to frequent mental breakdowns caused by production disasters. We will write a system using the CDC approach together with Spring Boot, Spring Cloud Contract verifier. We’ll show you how easy it is to write applications that have a consumer driven API and that will allow a developer to speed up the time of writing his better quality software.

Spring Cloud Contract And Your Microservice Architecture

Marcin Grzejszczak

Consumer driven contracts (CDC) are like TDD applied to the API. It’s especially important in the world of microservices. Since it’s driven by consumers, it’s much more user friendly. Of course microservices are really cool, but most people do not take into consideration plenty of potential obstacles that should be tackled. Then instead of frequent, fully automated deploys via a delivery pipeline, you might end up in an asylum due to frequent mental breakdowns caused by production disasters. We will write a system using the CDC approach together with Spring Boot, Spring Cloud Contract verifier. I'll show you how easy it is to write applications that have a consumer driven API and that will allow a developer to speed up the time of writing his better quality software.

Consumer Driven Contracts and Your Microservice Architecture @ Warsaw JUG

Marcin Grzejszczak

This document discusses using Spring Cloud Contract to help define contracts between microservices. It notes that without contracts, tests between services can break when implementations change. The document demonstrates coding a sample app to check ages for alcohol purchases, then generating contract stubs using Spring Cloud Contract. It addresses questions like storing contracts in a shared repo, generating stubs without writing scripts using WireMock and RestDocs, and learning more about Spring Cloud Contract.

Microservices pattern language (microxchg microxchg2016)

Chris Richardson

My talk from http://microxchg.io/2016/index.html. Here is the video - https://www.youtube.com/watch?v=1mcVQhbkA2U When architecting an enterprise Java application, you need to choose between the traditional monolithic architecture consisting of a single large WAR file, or the more fashionable microservices architecture consisting of many smaller services. But rather than blindly picking the familiar or the fashionable, it’s important to remember what Fred Books said almost 30 years ago: there are no silver bullets in software. Every architectural decision has both benefits and drawbacks. Whether the benefits of one approach outweigh the drawbacks greatly depends upon the context of your particular project. Moreover, even if you adopt the microservices architecture, you must still make numerous other design decisions, each with their own trade-offs. A software pattern is an ideal way of describing a solution to a problem in a given context along with its tradeoffs. In this presentation, we describe a pattern language for microservices. You will learn about patterns that will help you decide when and how to use microservices vs. a monolithic architecture. We will also describe patterns that solve various problems in a microservice architecture including inter-service communication, service registration and service discovery.

Microservices. Test smarter, not harder. Voxxed Days 2019

Beth Skurrie

Microservices have become mainstream now. Writing and deploying small, independent services has many benefits, but on the downside, it increases the number of integration points, which increases the amount of integration testing required. How can we be confident that all our services will work correctly together, without being burdened by increasingly complex and brittle integration tests? Learn how Pact solves this problem by using consumer driven contracts, allowing you to escape Integration Testing Hell and ship your code with speed and confidence.

Contract Testing

kloia

The document discusses implementing a scalable testing strategy for microservices using consumer-driven contract tests. It describes the testing pyramid concept of grouping tests into unit, integration, and acceptance categories. Consumer-driven contract tests involve defining interactions and behaviors in unit tests on both the consumer and provider sides. The document recommends the Pact tool for generating contracts from code and providing provider verification. It provides examples of implementing consumer-driven contract tests on both the consumer and provider sides and references additional resources on the topic.

Atagg2015 BDD in Test pyramid

Agile Testing Alliance

The document discusses the role of behavior-driven development (BDD) in the test automation pyramid strategy. It explains that BDD involves exploring requirements collaboratively using examples to build shared understanding. BDD frameworks link feature files containing scenarios to step definitions and code implementations. While frameworks automate testing, BDD primarily focuses on collaboration. The document recommends categorizing scenarios by criticality and level to efficiently map them to the test pyramid of unit, integration and UI tests. This helps make automation more stable, maintainable and reduce execution time.

Behavior-Driven Development (BDD) in context

Alexander Kress

Behavior Driven Development (BDD) is an essential part of an Agile implementation. What makes BDD so powerful is that it brings all members of a scrum team together in the common goal of defining and releasing a quality product. The talk will provide an introduction to BDD: Gherkin, writing BDD scenarios, common frameworks. The second part of the talk will focus on how BDD fits into the SCRUM team. We will concentrate on ways BDD can be used to bridge the communication gap often present between various SCRUM players to enable them to become more productive by using a common language.

An introduction to Behavior-Driven Development (BDD)

Suman Guha

BDD helps develop the correct software by codifying customer requirements into automated test scenarios. Traditional QA focuses on adherence to documented requirements but often misses the actual requirements. BDD establishes a feedback loop through automated scenarios to ensure requirements are met. BDD scenarios describe real user behaviors to test software in a continuous integration process. This catches defects early and reduces costs and time compared to traditional waterfall development.

Consumer Driven Contracts

Visuality

This document discusses consumer driven contracts (CDC), which define the interactions between a consumer (e.g. frontend) and provider (e.g. backend service). A contract specifies a set of interactions that the provider must support. The consumer tests its interactions with the provider to create a contract, which is stored in a pact broker. The provider then tests that its implementation matches the contract to ensure any changes do not break the consumer. Using CDC allows both consumer and provider teams to develop with confidence that APIs will not break unintentionally.

BDD-Driven Microservices

John Ferguson Smart Limited

The document discusses testing approaches for microservices, including unit tests, integration tests, and end-to-end tests. It advocates for an outside-in development approach using behavior-driven development (BDD) with automated tests written at multiple levels to ensure software delivers expected functionality. BDD involves collaboratively defining requirements as structured scenarios to guide development and act as executable tests.

Coherent REST API design

Frederik Mogensen

This document discusses contract-driven API design using Swagger and Pact. It introduces Swagger for defining provider contracts by specifying API endpoints and parameters. It then discusses using Pact for consumer-driven contracts, where consumers define expectations of responses from providers. It provides examples of defining pacts between a mapping service consumer and datastandard provider. It also demonstrates validating pacts by testing provider implementations meet consumer expectations.

Implementing BDD at scale for agile and DevOps teams

Laurent PY

Improve collaboration and confidence with Consumer-driven contracts

Pierre Vincent

Talk from March 21th 2017 at Pipeline, the Continuous Delivery conference (https://web.pipelineconf.info) Autonomy and isolation are some of the core values of microservices, allowing for independent changes and independent deployments. As loosely coupled services interact on interfaces managed under different life-cycles and even different teams, making sure that a simple change did not break the application can turn into an integration nightmare. Consumer-Driven Contracts testing brings an alternative integration testing approach for distributed systems, relying less on live-like integration environments and more on making interactions explicit and quickly verifiable. This talk cover how Newsweaver (https://www.newsweaver.com/email-overview) has made CDCs part of its pipeline with Pact and how it improved collaboration and confidence between teams when designing APIs.

[Test bash manchester] contract testing in practice

Pierre Vincent

End-to-end integration plays a strong part in testability, unfortunately when an application grows, these kind of tests become a burden: brittleness, slower feedback and overall poor return on investment to improve quality. Contract testing brings an alternative approach for validating integration points in fast-changing distributed systems. Because contracts don’t need integration environments, they can give very fast feedback to prevent API and messaging breaking changes from being introduced early-on. Contracts are also a catalyst for inter-team communications. They help interactions between services become a central attribute in designing solutions, as opposed to an emergency concern when they break at a late integration stage. This workshop covers the core concepts of contracts testing and contracts can play a part in reducing the struggles of integration tests. The attendees will be working on practical examples of defining contracts between teams and services, as well as implement them using the Pact tool-chain.

What's hot

Consumer-driven contracts with Pact and PHP

Andy Kelk

Consumer-Driven Contract Testing

Paulo Clavijo

Consumer-Driven Contract Testing PACT

VodqaBLR

Contract testing. Isolated testing of microservices with pact.io - Evgeniy Ku...

Evgeniy Kuzmin

vodQA(Pune) 2018 - Consumer driven contract testing using pact

vodQA

Consumer-Driven Contract Testing - Workshop - January 2021

Paulo Clavijo

Paid Content Platforms

Juan Varela

Consumer Driven Contracts and Your Microservice Architecture

Marcin Grzejszczak

Spring Cloud Contract And Your Microservice Architecture

Marcin Grzejszczak

Consumer driven contracts (CDC) are like TDD applied to the API. It’s especially important in the world of microservices. Since it’s driven by consumers, it’s much more user friendly. Of course microservices are really cool, but most people do not take into consideration plenty of potential obstacles that should be tackled. Then instead of frequent, fully automated deploys via a delivery pipeline, you might end up in an asylum due to frequent mental breakdowns caused by production disasters. We will write a system using the CDC approach together with Spring Boot, Spring Cloud Contract verifier. I'll show you how easy it is to write applications that have a consumer driven API and that will allow a developer to speed up the time of writing his better quality software.

Consumer Driven Contracts and Your Microservice Architecture @ Warsaw JUG

Marcin Grzejszczak

Microservices pattern language (microxchg microxchg2016)

Chris Richardson

Microservices. Test smarter, not harder. Voxxed Days 2019

Beth Skurrie

Contract Testing

kloia

Atagg2015 BDD in Test pyramid

Agile Testing Alliance

Behavior-Driven Development (BDD) in context

Alexander Kress

An introduction to Behavior-Driven Development (BDD)

Suman Guha

Consumer Driven Contracts

Visuality

BDD-Driven Microservices

John Ferguson Smart Limited

Coherent REST API design

Frederik Mogensen

Implementing BDD at scale for agile and DevOps teams

Laurent PY

What's hot (20)

Consumer-driven contracts with Pact and PHP

Consumer-Driven Contract Testing

Consumer-Driven Contract Testing PACT

Contract testing. Isolated testing of microservices with pact.io - Evgeniy Ku...

vodQA(Pune) 2018 - Consumer driven contract testing using pact

Consumer-Driven Contract Testing - Workshop - January 2021

Paid Content Platforms

Consumer Driven Contracts and Your Microservice Architecture

Spring Cloud Contract And Your Microservice Architecture

Consumer Driven Contracts and Your Microservice Architecture @ Warsaw JUG

Microservices pattern language (microxchg microxchg2016)

Microservices. Test smarter, not harder. Voxxed Days 2019

Contract Testing

Atagg2015 BDD in Test pyramid

Behavior-Driven Development (BDD) in context

An introduction to Behavior-Driven Development (BDD)

Consumer Driven Contracts

BDD-Driven Microservices

Coherent REST API design

Implementing BDD at scale for agile and DevOps teams

Similar to Consumer-driven contracts: avoid microservices integration hell! (LondonCD - Oct 2016)

Improve collaboration and confidence with Consumer-driven contracts

Pierre Vincent

[Test bash manchester] contract testing in practice

Pierre Vincent

CIS14: Enterprise Identity APIs

CloudIDSummit

Trusted by Default: The Forge Security & Privacy Model

Atlassian

Security and trust have become increasingly important requirements for our customers in Cloud. We’re working to make it easier for you to build and maintain secure apps for Atlassian products. In this session, Engineering Team Lead Dugald Morrow and Principal Product Manager Joël Kalmanowicz will explain how security and trust have been baked into the Forge framework and the benefits the platform can offer you and your users. Learn how much less work it can be to build trusted apps customers will love on Forge by going deep on the safeguards we’re putting in place. Developers or attendees with some software security experience will get the most out of this session.

Complex architectures for authentication and authorization on AWS

Boyan Dimitrov

In this talk we discuss key architecture patterns for designing authentication and authorization solutions in complex microservices environments. We focus on the key advantages and capabilities of AWS Cognito User Pools and Federated Identities and explore how this service can address the challenges of implementing client to service, service to service and service to infrastructure auth. In addition, we discuss patterns and best practices around building a highly available and resilient decentralised authorization solution in a microservices environment based on fine-grained permissions and end to end automation.

Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)

Codit

Find here the slides of the presentation on Sentinet, given by Massimo Crippa (Codit) on the BTUG Event of 13th of October 2015. Sentinet has recently introduced the support for the OAuth and OpenID Connect protocols. In this presentation you will see the supported authentication flows, how to secure a regular BizTalk SOAP and REST service with OAuth 2.0 and how to call an OAuth-protected API from BizTalk with no coding or any changes in the existing application.

Principles and Practices in Continuous Deployment at Etsy

Mike Brittain

This document discusses principles and practices of continuous deployment at Etsy. It describes how Etsy moved from deploying code changes every 2-3 weeks with stressful release processes, to deploying over 30 times per day. The key principles that enabled this are innovating continuously, resolving scaling issues quickly, minimizing recovery time from failures, and prioritizing employee well-being over stressful releases. Automated testing, deployment to staging environments, dark launches, and extensive monitoring allow for frequent, low-risk deployments to production.

Altitude San Francisco 2018: Authentication at the Edge

Fastly

Turning away unwanted traffic close to the source is a common and key use case for edge networks like Fastly, but identity, authentication, and authorization at the edge can go far beyond blocking DDoS. The unique way that you identify your site’s users can probably move to the edge too, allowing you to cut response times in your critical path, offload more origin traffic, and make smarter routing decisions at the edge. In this talk we’ll cover a number of patterns in use by real Fastly customers. Whether you prefer token authentication, pre-shared keys, OAuth, HTTP auth, JSON web tokens, or a complex paywall, learn how you can potentially make your authentication decisions at the edge.

Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...

Atlassian

The existence of an API allows developers to extend software so as to cater for unique use cases beyond the software's original scope. Administrators and end users of JIRA 5 can expect its REST API to enable the creation of integrated applications to solve their unique concerns. This presentation aims to describe ways in which the JIRA 5 REST API can be used to make a tangible impact for the end user. Several use cases will be discussed, ranging from running simple command line apps, through to creating web applications that integrate with the JIRA 5 REST API.

Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...

Atlassian

Design for Compliance - AWS FS Cloud Symposium Apr 2019.pdf

Amazon Web Services

The document discusses three common audit findings related to security and compliance: 1) insufficient understanding of permissions, 2) developers having privileged access to production systems, and 3) internal systems lacking user authentication. It then provides examples of the underlying causes for each finding and recommendations for addressing them using AWS services and best practices around zero trust architecture, just-in-time access, immutable infrastructure, and centralized identity and access management.

[Test bash NL] Contract testing in practice with Pact

Pierre Vincent

The document provides an agenda and overview for a workshop on contract testing with Pact. The agenda includes introductions to contract testing fundamentals, implementing contracts with Pact, scaling contracts with Pactflow, designing APIs with contracts, and questions. The workshop will guide participants through activities to design APIs for a sample game scoring application, implement the API contract using Pact, and verify the contract. Breaks are scheduled in the morning and afternoon.

Intro to Muon - How to build Polyglot Message and Event Microservices

David Dawson

How to Manage Microservices and APIs with Apigee and Istio

VMware Tanzu

OAuth

Iván Fernández Perea

This 20-minute presentation introduces OAuth through defining it, explaining why it is useful, providing background information, defining key terminology, outlining the workflow, and including a live example. It defines OAuth as a method for users to grant third-party access to their resources without sharing passwords and to grant limited access. It highlights issues with traditional client-server authentication and how OAuth addresses them. The presentation then covers OAuth background, terminology like consumer and service provider, the redirection-based authorization workflow, and concludes with a live example and references for further information.

Cloud Foundry Cookbook: Recipes for a Successful Cloud Foundry Deployment in ...

VMware Tanzu

Technical Track presented by Vinícius Carvalho, Senior Field Engineer at Pivotal. Cloud Foundry provides the foundation for your PaaS infrastructure. It streamlines deployment and turns your developers and your ops into super heroes when it comes to time to market. But what about your architecture? How should you build your services (or microservices)? How can you guarantee security is being enforced on every layer of your architecture? How can you solve cross-service dependencies? How can services discover each other? How could developers leverage an API explorer to test your services and build apps on top of it? How could you leverage a data pipeline to solve polyglot persistence and cascading operations on diverse persistence technologies? How can you monetize on top of your public services? How could you use a service registry to boost your models with extended metadata? This session presents a few recipes to demonstrate how to solve some of the problems found when applying cloud patterns to real business scenarios.

Recipes for a successful production cloudfoundry deployment - CF Summit 2014

Vinícius Carvalho

Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...

Amazon Web Services

Learn how to set up an end-user directory, secure sign-up and sign-in, manage user profiles, authenticate and authorize your APIs, federate from enterprise and social identity providers, and use OAuth to integrate with your app—all without any server setup or code. With clear blueprints, we show you how to leverage Amazon Cognito to administer and secure your end users and enable identity for the applied patterns of mobile, web, and enterprise apps.

Complex architectures for authentication and authorization on AWS

Boyan Dimitrov

In this talk we discuss key architecture patterns for designing authentication and authorization solutions in complex microservices environments. We focus on the key advantages and capabilities of AWS Cognito User Pools and Federated Identities and explore how this service can address the challenges of implementing client to service, service to service and service to infrastructure auth. In addition, we discuss patterns and best practices around building a highly available and resilient decentralised authorization solution for microservices environments based on OIDC. We present a simple RBAC implementation together with fine-grained permissions and end to end automation.

User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...

Amazon Web Services

This document contains a summary of a workshop on user management and app authentication with Amazon Cognito. The workshop covers setting up Cognito user pools for user sign-up, sign-in, and password management. It also covers getting temporary AWS credentials from Cognito identity pools to access AWS services like S3. The hands-on portion involves building a desktop app for user authentication with Cognito user pools and getting credentials to call AWS services.

Similar to Consumer-driven contracts: avoid microservices integration hell! (LondonCD - Oct 2016) (20)

Improve collaboration and confidence with Consumer-driven contracts

[Test bash manchester] contract testing in practice

CIS14: Enterprise Identity APIs

Trusted by Default: The Forge Security & Privacy Model

Complex architectures for authentication and authorization on AWS

Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)

Principles and Practices in Continuous Deployment at Etsy

Altitude San Francisco 2018: Authentication at the Edge

Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...

Design for Compliance - AWS FS Cloud Symposium Apr 2019.pdf

[Test bash NL] Contract testing in practice with Pact

Intro to Muon - How to build Polyglot Message and Event Microservices

How to Manage Microservices and APIs with Apigee and Istio

OAuth

Cloud Foundry Cookbook: Recipes for a Successful Cloud Foundry Deployment in ...

Recipes for a successful production cloudfoundry deployment - CF Summit 2014

Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...

Complex architectures for authentication and authorization on AWS

User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...

More from Pierre Vincent

DevOpsDays Galway 2019 - Zero-downtime deployments

Pierre Vincent

Applications built over the years carry historical design assumptions, such as: it is acceptable to take a system out for upgrade maintenance for a few hours every 6 months. In today’s world, embracing continuous delivery practices means more frequent releases, which means more downtime. Besides, finding a good maintenance window becomes a struggle with worldwide users, as well as for the operators managing the upgrade out of business hours. In this talk, I demonstrate that by mapping out complex deployments processes, it becomes possible to prioritise work and progressively reduce the deployment impact. I will also give practical advice on how to tackle blockers to zero-downtime deployments, such as: Migrating database schemas while keeping an application running Ensuring backward compatibility of messages and APIs Dealing with long-running background jobs Mitigating user session loss Deploying without the comfort of a maintenance window also means that stability during the upgrade is a critical concern. I will go through how it can be achieved through systematic pipeline automation and good system visibility to help operators during the upgrade. The trick is: zero-downtime doesn’t mean everything is up or running the latest version, it only means nobody notices!

[Test Bash Manchester] Observability and Testing

Pierre Vincent

The document discusses observability and testing systems. It notes that pre-production testing only covers known failure modes and observability is needed to understand unknown issues. Observability involves collecting metrics, structured logging, and distributed tracing to understand system behavior and troubleshoot problems. When combined with testing, observability can help reduce the need for extensive pre-production testing and allow issues to be discovered and debugged after deployment.

QCon London - How to build observable distributed systems

Pierre Vincent

Being able to observe the state of a running application is key to understanding a system's behaviour and essential if you want to fix production problems quickly and efficiently. Like a lot of other things, this is harder to do in distributed systems than it is with a monolith. At Poppulo we've been running a distributed system of hundreds of microservices in production for more than 4 years and we got to understand how critical this visibility is. If you want to succeed with operating a distributed system, observability should be an integral part of system design. I'll cover key techniques to build a clearer picture of distributed applications in production, including details on useful health checks, best practices for instrumentation with metrics, logging and tracing.

[RebelCon] Increasing visibility of distributed systems in production

Pierre Vincent

Pierre Vincent gives a presentation on increasing visibility of distributed systems in production. He discusses hierarchy of service reliability, designing systems for recovery from failures, and how distributing a system also distributes places where failures can occur. He covers strategies for health checks, collecting system, application, and business metrics using tools like Prometheus. Vincent emphasizes making metrics and logs usable and limiting alerts to focus on user-impacting issues. Tracing is discussed as a way to correlate errors across services. In closing, Vincent notes that visibility enables operability, justifiable decisions, and builds trust in systems.

Deploying microservices in a fast-paced customer-centric environment: How and...

Pierre Vincent

Consumer-driven contracts: avoid microservices integration hell! (MuCon Londo...

Pierre Vincent

Talk from Nov 8th 2016 at MuCon London (https://skillsmatter.com/conferences/7412-con-2016-the-microservices-conference) Autonomy and isolation are some of the core values of microservices, allowing for independent changes and independent deployments. As loosely coupled services interact on interfaces managed under different life-cycles and even different teams, making sure that a simple change did not break the application can turn into an integration nightmare. Consumer-Driven Contracts testing brings an alternative integration testing approach for distributed systems, relying less on live-like integration environments and more on making interactions explicit and quickly verifiable. This talk cover how Newsweaver (https://www.newsweaver.com/email-overview) has made CDCs part of its pipeline with Pact and how it improved collaboration and confidence between teams when designing APIs.

Agile at Newsweaver (Agile Cork March 2016)

Pierre Vincent

Agile is about continuous improvement, not only for the product we are building but for own process as well. In this talk, Pierre will go through the evolution of the processes used over the last few years at Newsweaver (https://www.newsweaver.com/email-overview), from a large iteration based development approach, to Scrum and more recently Kanban, DevOps and Continuous Delivery. Talk given at Agile Cork on March 15th 2016

More from Pierre Vincent (7)

DevOpsDays Galway 2019 - Zero-downtime deployments

[Test Bash Manchester] Observability and Testing

QCon London - How to build observable distributed systems

[RebelCon] Increasing visibility of distributed systems in production

Deploying microservices in a fast-paced customer-centric environment: How and...

Consumer-driven contracts: avoid microservices integration hell! (MuCon Londo...

Agile at Newsweaver (Agile Cork March 2016)

Recently uploaded

Serial Arm Control in Real Time Presentation

tolgahangng

GenAI Pilot Implementation in the organizations

kumardaparthi1024

Fueling AI with Great Data with Airbyte Webinar

Zilliz

Trusted Execution Environment for Decentralized Process Mining

LucaBarbaro3

Introduction of Cybersecurity with OSS at Code Europe 2024

Hiroshi SHIBATA

I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems. The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS. Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application. I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.

Columbus Data & Analytics Wednesdays - June 2024

Jason Packer

A Comprehensive Guide to DeFi Development Services in 2024

Intelisync

DeFi represents a paradigm shift in the financial industry. Instead of relying on traditional, centralized institutions like banks, DeFi leverages blockchain technology to create a decentralized network of financial services. This means that financial transactions can occur directly between parties, without intermediaries, using smart contracts on platforms like Ethereum. In 2024, we are witnessing an explosion of new DeFi projects and protocols, each pushing the boundaries of what’s possible in finance. In summary, DeFi in 2024 is not just a trend; it’s a revolution that democratizes finance, enhances security and transparency, and fosters continuous innovation. As we proceed through this presentation, we'll explore the various components and services of DeFi in detail, shedding light on how they are transforming the financial landscape. At Intelisync, we specialize in providing comprehensive DeFi development services tailored to meet the unique needs of our clients. From smart contract development to dApp creation and security audits, we ensure that your DeFi project is built with innovation, security, and scalability in mind. Trust Intelisync to guide you through the intricate landscape of decentralized finance and unlock the full potential of blockchain technology. Ready to take your DeFi project to the next level? Partner with Intelisync for expert DeFi development services today!

5th LF Energy Power Grid Model Meet-up Slides

DanBrown980551

5th Power Grid Model Meet-up It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology. Power Grid Model The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services. Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability. Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization. What to expect For the upcoming meetup we are organizing, we have an exciting lineup of activities planned: -Insightful presentations covering two practical applications of the Power Grid Model. -An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024. -An interactive brainstorming session to discuss and propose new feature requests. -An opportunity to connect with fellow Power Grid Model enthusiasts and users.

HCL Notes and Domino License Cost Reduction in the World of DLAU

panagenda

Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/ The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this! We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model. Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward. These topics will be covered - Reducing license cost by finding and fixing misconfigurations and superfluous accounts - How do CCB and CCX licenses really work? - Understanding the DLAU tool and how to best utilize it - Tips for common problem areas, like team mailboxes, functional/test users, etc - Practical examples and best practices to implement right away

Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...

saastr

UI5 Controls simplified - UI5con2024 presentation

Wouter Lemaire

Main news related to the CCS TSI 2023 (2023/1695)

Jakub Marek

An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers. The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 . The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .

Artificial Intelligence for XMLDevelopment

Octavian Nadolu

In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject. We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup. Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved. The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring. The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise. By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.

Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...

saastr

GraphRAG for Life Science to increase LLM accuracy

Tomaz Bratanic

Operating System Used by Users in day-to-day life.pptx

Pravash Chandra Das

Dive into the realm of operating systems (OS) with Pravash Chandra Das, a seasoned Digital Forensic Analyst, as your guide. 🚀 This comprehensive presentation illuminates the core concepts, types, and evolution of OS, essential for understanding modern computing landscapes. Beginning with the foundational definition, Das clarifies the pivotal role of OS as system software orchestrating hardware resources, software applications, and user interactions. Through succinct descriptions, he delineates the diverse types of OS, from single-user, single-task environments like early MS-DOS iterations, to multi-user, multi-tasking systems exemplified by modern Linux distributions. Crucial components like the kernel and shell are dissected, highlighting their indispensable functions in resource management and user interface interaction. Das elucidates how the kernel acts as the central nervous system, orchestrating process scheduling, memory allocation, and device management. Meanwhile, the shell serves as the gateway for user commands, bridging the gap between human input and machine execution. 💻 The narrative then shifts to a captivating exploration of prominent desktop OSs, Windows, macOS, and Linux. Windows, with its globally ubiquitous presence and user-friendly interface, emerges as a cornerstone in personal computing history. macOS, lauded for its sleek design and seamless integration with Apple's ecosystem, stands as a beacon of stability and creativity. Linux, an open-source marvel, offers unparalleled flexibility and security, revolutionizing the computing landscape. 🖥️ Moving to the realm of mobile devices, Das unravels the dominance of Android and iOS. Android's open-source ethos fosters a vibrant ecosystem of customization and innovation, while iOS boasts a seamless user experience and robust security infrastructure. Meanwhile, discontinued platforms like Symbian and Palm OS evoke nostalgia for their pioneering roles in the smartphone revolution. The journey concludes with a reflection on the ever-evolving landscape of OS, underscored by the emergence of real-time operating systems (RTOS) and the persistent quest for innovation and efficiency. As technology continues to shape our world, understanding the foundations and evolution of operating systems remains paramount. Join Pravash Chandra Das on this illuminating journey through the heart of computing. 🌟

Taking AI to the Next Level in Manufacturing.pdf

ssuserfac0301

Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as: 1. How quickly AI is being implemented in manufacturing. 2. Which barriers stand in the way of AI adoption. 3. How data quality and governance form the backbone of AI. 4. Organizational processes and structures that may inhibit effective AI adoption. 6. Ideas and approaches to help build your organization's AI strategy.

June Patch Tuesday

Ivanti

Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.

System Design Case Study: Building a Scalable E-Commerce Platform - Hiike

Hiike

Programming Foundation Models with DSPy - Meetup Slides

Zilliz

Recently uploaded (20)

Serial Arm Control in Real Time Presentation

GenAI Pilot Implementation in the organizations

Fueling AI with Great Data with Airbyte Webinar

Trusted Execution Environment for Decentralized Process Mining

Introduction of Cybersecurity with OSS at Code Europe 2024

Columbus Data & Analytics Wednesdays - June 2024

A Comprehensive Guide to DeFi Development Services in 2024

5th LF Energy Power Grid Model Meet-up Slides

HCL Notes and Domino License Cost Reduction in the World of DLAU

Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...

UI5 Controls simplified - UI5con2024 presentation

Main news related to the CCS TSI 2023 (2023/1695)

Artificial Intelligence for XMLDevelopment

Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...

GraphRAG for Life Science to increase LLM accuracy

Operating System Used by Users in day-to-day life.pptx

Taking AI to the Next Level in Manufacturing.pdf

June Patch Tuesday

System Design Case Study: Building a Scalable E-Commerce Platform - Hiike

Programming Foundation Models with DSPy - Meetup Slides

Consumer-driven contracts: avoid microservices integration hell! (LondonCD - Oct 2016)

1. Consumer-driven contracts Avoid microservices integration hell! @PierreVincent Oct 11th, 2016

2. Pierre Vincent Technical Team Lead at Newsweaver techblog.newsweaver.com @PierreVincent

3. From this... … to this.

4. Login Service User Service API GET /users/pierre { "user": "pierre", "name": "Pierre Vincent", "role": "publisher" } 200 OK How do we test this?

5. Running in Prod Tests Pass in Build Implement changes Deployed in Prod User Service Login Service ! ✓ ✓ ✓ ✓ ✓ { ... "role": "editor" } { ... "roles": ["publisher","editor"] } Running in Prod ✓ ✓

6. Maybe we should have tested before deploying to production…? Tested what though?

7. Users Service Login Service IP Check Service Token Gen Service Cert/Key Service Login Frontend We only wanted to test this bit!

8. Contract Login Service User Service API Authentication Team Users Team

9. [docs.pact.io] PACT Specification Verification philosophy: Tolerant Reader Implementation guidelines Implementations

10. Login Service User Service A P I Pact Mock Server Authentication Team Users Team Pact Consumer Unit Test Define interaction Trigger interaction Generate Pact Pact Provider Test Share Pact Replay interaction Replay & Verify Play & Record

11. Consumer Provider Assumption Request Expected Response Login Service User Service Given that user 'pierre' exists Method GET Path /users/pierre Headers Accept: application/json Status 200 Headers Content-Type: application/json Body { "user": "pierre", "name": "Pierre Vincent", "role": "publisher" } Interaction

12. Authentication Dev Team Users Dev Team CMS Dev Team Billing Dev Team Pact Broker PACT PACT PACT PACT PACT PACT PACTPACT PACT PACT

13. Pact Broker Dependency Graphs Living documentation by example ✓ Versioning ✓ Tagging ✓ REST Api Build/Deployment Pipeline integration

14. Provider pipeline Implement changes Get Pacts from Broker Replay & Verify Interactions Deploy Service Build Deploy to EU PROD-EU Get Pacts from Broker Replay & Verify Interactions Stop deployment of incompatible Provider Stop introduction of breaking change PROD-US PROD-EU

15. Consumer pipeline Implement changes Generate Pacts (Build) Push Pacts to Broker Tag Pacts Each Provider verifies Pacts Deploy Service Tag Pacts Build Deploy to EU HEAD Stop deployment of incompatible Consumer HEAD PROD-EU

16. Caution: side-effects may include teams collaborating on API design

17. Provider state setup for each interaction Confidence comes from coverage: don’t limit to happy paths Automation within deployment pipeline isn’t trivial What’s the catch…?

18. After 2 years of CDCs... Increased confidence when coding & deploying ✓ Collaborative API design ✓ Living API documentation ✓

19. Pact docs.pact.io, github.com/pact-foundation Pact Broker github.com/bethesque/pact_broker Try it out! “Pact Matrix” (Beth Skurrie) rea.tech/enter-the-pact-matrix-or-how-to-decouple-the-release- cycles-of-your-microservices Why should you use CDC for microservices integration tests techblog.newsweaver.com/why-should-you-use-consumer-driven-contracts-for-microservices- integration-tests Sharing CDCs with Pact Broker techblog.newsweaver.com/sharing-consumer-driven-contracts-with-pact-broker More reading...

20. techblog.newsweaver.com Questions? @PierreVincent

Editor's Notes

Been working for >8 years in Newsweaver SaaS company, Internal Comms platform for large enterprises improve and unify communication across channels by giving them tools to manage their content and measuring engagement across channels Worked 6 years on large J2EE app Could be qualified as Monolithic app Still going great, making for 90% of the company’s income 2 years ago, moved to a new team New product, greenfield, analytics based Focus on Continuous Delivery Microservices emerged as our architecture of choice Now all of our new work is on microservices / splitting the monolith
Rarely start from scratch - even if we do, we’ve usually been working on this system (left) - large, with components (if lucky), on one single DB etc - typically called monolith Then moving to microservices, look like this (right) - boundaries are clearer, concepts more clearly separate What’s missing is the interactions - in monolith, implicit, compile time, hard to break - in micro, more central, less validation (almost none!), easy to break if not careful
Different dev cycles Different teams Different languages Different dependencies
Breaking example of API backward compatibility: Provider tests are all passing in build Provider deploys new version Some services then start throwing errors, even though they have not changed Why? Interactions got broken How do we test the interactions
What are we testing? Can we login? Are we breaking an interaction? Who should test that? At what stage? Testing is there to stop us from doing something stupid We want to know as early as possible if we’re doing something stupid
The problem with end to end testing Why was this wrong? - team responsible for users need to concern themselves more than what they should - environment will take time to come up This is turning into a full e2e acceptance test. - there might still be value for e2e AT in the pipeline - but this is not what we’re trying to test here - temptation to think e2e AT cover everything Can we test that small thing here earlier? - anything we get faster feedback on is a win for our pipeline time In general e2e integration is really not practical - illusion of coverage (explosion of potential branches as nb of services go up)- slow, painful to maintain (e.g. UI based) - if it’s slow, this is stopping us from deploy (or even fixing forward) How do we get rid of this? This is where contracts testing comes in...
We wanted to test the interaction - the idea behind CDC is to put the interaction at the center of the problem. By creating a contract between the 2 services, it makes things more explicit This is not an API specification that we write once and drift away from as the weeks go by! Consumers will have to ensure that they are using the provider in the way the contract specified Providers will have to ensure that they work the way the contract specified These contracts need to be tested and validated
I will talk more specifically about PACT, framework we are using Some people roll their own thing, and it’s perfectly fine - PACT has worked great for our workflow, so why reinvent the wheel Pact terminology = a Pact (or Pact file) is a CDC between 2 services Pact spec = what the pact file contains, will go in more details, but quite simple - specify how interactions are defined Verif as Tolerant Reader / Postel’s Law: allows for flexibility in API evolution - ex. If provider starts sending back more fields, consumers shouldn’t be considered as broken (should ignore the new fields) - steers away for API versioning nightmares Implementation guidelines for the verification. Support in a lot of languages - on both sides of the puzzle (consumer / provider)
Both parties are responsible for the interactions Consumer can define their expectations Provider can check that they are fulfilling them Contracts: Consumer define a contract, which is a set of interactions Interaction = request, response (in short) Provider verifies interactions by replaying requests and checking responses Benefits: Share the work, with each side keeping their concerns. Each step can be done separately, repeatedly and on their own time
What’s inside the PACT file? Request: also query params, POST body...
How do we share the PACTs? For small number of services/teams, start by copy/pasting - we did this for more than a year and it was fine (with 2 teams) When it starts becoming painful, Pact Broker will help to scale up Pact Broker Consumers push the contracts they have generated Providers can query the broker for all contracts consumers have with them
So it’s just some database of contracts? Kind of, but with a few added bonuses…
Provider build workflow > Fast feedback during development > Find out unindented breaking change before commit Deployment workflow > Important if gap of time between build and deploy > Important if deploying to different environment (in that case there can be different PROD tags)
Prevented breaking before deploying anything! (didn’t even break a test server!) HEAD pacts are “tentative” contracts that need to be verified by each related providers before the service can go forward. Provider pact tests are still unit tests, very quick to run - still no need to deploy anything.
Original advantage: cover more interactions, faster, increase confidence in having backward compatible API. Extra finding: PACTs become very central to our way to work Team discuss them first thing when planning a new interaction
Pacts against services that rely on state (e.g. with saved data) will require some setup logic (catered for with the assumptions piece) Large number of interactions and assumed starting state can put some pressure on the provider Confidence from the Pacts comes from interaction coverage Consumer tests must interact with mock and assert results, not check responses directly Beware of only testing happy paths. Errors are also interactions. But! Beware of being overzealous - this is probably not a place to test the Provider’s business logic (e.g. validation criteria) Integration in Build/Deploy workflow is key to scale Automating the verification prevents mistakes (CD book is all about this) Can be trickier when dealing with multiple live environments but tags are very powerful with the Broker Take the time to think about your flow and where the tests should sit best
Increased in confidence when coding & deploying > Break fast, without having to deploy anything anywhere > Saved us many times (forgot consumers, forgot use case…) Relying less and less on full e2e env and tests > Reserved for acceptance and synthetic API design at the forefront > Interactions are discussed early “let’s see what the pact would look like” Consumer-driven benefits > API are designed with consumer in mind > Consumers are responsible for documenting their usage in PACT (“please don’t break this”) API documents itself as it’s being used > New consumers can check out existing pacts for examples of usage

Consumer-driven contracts: avoid microservices integration hell! (LondonCD - Oct 2016)

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Consumer-driven contracts: avoid microservices integration hell! (LondonCD - Oct 2016)

Similar to Consumer-driven contracts: avoid microservices integration hell! (LondonCD - Oct 2016) (20)

More from Pierre Vincent

More from Pierre Vincent (7)

Recently uploaded

Recently uploaded (20)

Consumer-driven contracts: avoid microservices integration hell! (LondonCD - Oct 2016)

Editor's Notes