According to many polls, testing serverless applications and fear of the cloud vendor lock-in are among the top five challenges organizations face when adopting serverless. We often hear that using serverless effectively requires a mind shift. But what does that mean? Do we need new tools and strategies for testing serverless applications, or can we use existing tools we already use for our non-serverless applications? And what about cloud vendor lock-in? Is that a real thing or just a fictional story that scares people away from serverless? Can we decrease a risk of vendor lock-in using a well-known architecture, such as hexagonal architecture?
Writing Testable Serverless Apps Using Hexagonal Architecture
Transcription
Hello. What's the scariest thing about serverless? There are many scary things, right? Well, some people would say that the scariest thing is long-running tasks. But that's not really the scariest thing because there are many ways to have longer-running functions and things like this. Have you heard about cold start? That was a really scary thing at the beginning, but now it's not that much because with Node.js your cold start is maybe 100 milliseconds or something like that. What about local development and debugging? That's still a really hard thing to do, but tooling is getting better every day, so it's not really that scary anymore. But there's one thing that everyone is mentioning. It's losing control. Yeah, maybe, but on the other side, with losing control you're gaining speed and some other things. So I don't think that's the scariest thing. But again, there's one thing that everyone is scared about. And it doesn't matter if you talk to a developer or some business person, everyone will mention big bad vendor lock-in. It's really scary, right? But let's see what's vendor lock-in. If you go to Wikipedia, you'll see that in economics, vendor lock-in makes a customer dependent on a vendor for products or services unable to use another vendor without substantial switching costs. I don't really like definition, so let's try to explain with a few diagrams. So let's say that you need a server. I don't know why, but you just want to have a server and build some kind of application. You can buy it or rent it, but no one is buying servers anymore, so you decide to rent it. You find a guy that has a lot of servers in his basement. Let's call that guy Jeff. And you rent one server from Jeff, and that's now your cloud. You're using that server, and after some time, Jeff is really smart, and he knows how to use his servers. And he knows that you're building databases, some caching and things like this. So he starts building services for you. You can use just a database without the server, or just use cache or maybe machine learning or functions. And it's even better because you can pay for these things only when you use them. It's really awesome, and he will love your cloud services now. But what if Jeff is actually a villain? And at some point, you're so dependent that he hits services, and he increased costs of all of these services. And of course, your wallet would not be happy in this moment, and you will not be happy for sure. But fortunately, you have some options. For example, you can find another guy that has a lot of servers in his basement or whatever. Let's call this one Bill. And Bill also has a database and compute and machine learning and everything else. And the costs are more or less the same as the cost of Jeff's services before he increased the pricing. But what's expensive is migration, because Jeff's database is not exactly the same as Bill's database. So you need to invest a lot of time to move your application from one services to other. And that's basically cloud vendor lock-in. We saw another example lately with Parler, but that's slightly different because they're not able to migrate to any big vendor. So this is really extreme case, but this presentation will not cover that. Regarding vendor lock-in, I really think that Mark Schwartz, enterprise strategist at AWS is right. He thinks that the term lock-in is misleading, because we're actually talking about switching costs. As soon as we commit to any platform or a vendor, we'll have switching costs if we later decide to change that vendor or platform. For example, if you build your application in PHP, and then at some point you want to migrate that to Node.js or Go or something else, you'll have a big switching cost because you need to pause for some time, rebuild everything in a different language, and then continue from that point. So how do we fight vendor lock-in? Or let's ask the better question, how do we keep our switching costs reasonable? We can do a few things. First, we need to do planning and analysis. For example, we need to answer some questions such as, how likely will I need to switch to another platform or service? What would be the cost for that switch? If there is no big chance to switch to something else, for example, you picked your database and you don't think you will need to switch in the near future, it's okay to have a slightly higher cost of migration, but for some other things, you need to keep that cost lower. You need to have good architecture, of course. And finally, you need to have deployment procedures because if you don't have them, it will be really, really hard to migrate anywhere. That leads us to our topic for today, and that's writing testable serverless applications and preventing vendor lock-in using hexagonal architecture. But before we continue, let me introduce myself. I'm Slobodan Stojanovic. I'm CTO and partner at Cloud Horizon and Vacation Tracker. Vacation Tracker is a lead tracking management system, and Cloud Horizon is basically an agency where we're doing web apps for other people. I also wrote the book, Serverless Applications with Node.js with my friend, Aleksandr Simovic, and it's published by Manning Publications. And I'm also AWS Serverless Hero. You can follow me on my website. I write about serverless a lot and testing also. So let's go back to our topic because that's definitely more interesting than I am. So we'll talk about writing testable serverless apps using hexagonal architecture, but let's focus on the testable part first. Why is testing important for serverless apps? You basically outsource some parts of your app to a vendor, but that's not covering everything. They'll manage infrastructure for you, but you still own your code and your business logic, so you need to test that part of the application. And also, most of the time, serverless applications are not fully isolated monoliths without integrations. Instead, they contain a lot of small services that are interacting with each other all the time, and they have a lot of external dependencies. I mentioned Vacation Tracker, so here's an example. Our application is Web App that has also Slack chatbot, and inside Slack, you can type slash vacation and request vacation in just a few clicks. It's so easy, you can do that in just a few minutes, actually a few seconds. But in the background, that looks something like this. Slack sends some requests to our Amazon API gateway. API gateway receives that HTTP request and decides which Lambda function to run. That Lambda function will parse that request, send that to something called Amazon Event Bridge that will just communicate with our business logic in the background. It's an enterprise service bus. And then immediately, AWS Lambda function will return the answer through Amazon API gateway to Slack and tell Slack that we received a message. In the background, our business logic will catch that message and do something with it, for example, request a leave for yours or do something like that. There are a lot of things that can change or fail every moment. For example, Slack can change the payload. It happened a few times in the last few years. Or for example, Slack can be down. Then Amazon API gateway can change its payload or something like that. Then AWS Lambda function, maybe our Lambda function is not sending the right message to Amazon Event Bridge, or we don't have rights to send that message. So that can fail. And then finally, maybe Amazon Event Bridge cannot trigger our business logic for some reason. So there are a lot of changes that can happen all the time. And tests will not prevent these changes for sure. But they'll make sure that the changes we're doing are not accidental. So how do we prevent changes? We can't. Our application needs to adapt really fast and start working with a different payload or whatever. So how do we know which part of the application, what should we test actually in our serverless application? In traditional applications, there's something called testing pyramid. It's defined by Michael Kahn in his book, Succeeding with Agile. And it looks something like this. At the bottom of pyramid, there are unit tests because they're fast and really cheap. You don't need anything external for these tests. So they're cheap and fast because of that. And you need to write a lot of unit tests. Then for integration tests, they're a bit more expensive and slower because they need to connect to some kind of database or other services. So you need less integration tests, but they're also a bit more expensive. And finally, UI or end-to-end tests are the most expensive and the slowest ones because you need to have the whole application and everything. And that's why you don't want to have too many of them. Finally, many teams have some manual session-based testing. That is the slowest one because people need to do that and they're the most expensive. With serverless, actually serverless testing pyramid would look more like Mayan pyramid instead of Egyptian pyramid. So unit tests are the same, but integration tests and UI tests are a bit faster and a bit cheaper because it's cheaper to spin up another instance of your application and you paper things that you only use in serverless. And you can do things in parallel. That's why they're a bit faster. Integration tests in serverless application are cheaper and faster than ever before, but they're also more important because the common serverless application is split into many small pieces. So we mentioned architecture. Which architecture is the best for serverless apps? Basically, there's no one architecture. You can use any architecture that will let you to test your serverless app easily and keep your switching costs low because sooner or later you'll need to switch or migrate parts of your application from not to another cloud vendor, but most of the time you will use another service or you'll change some integration and things like this. There are some things that you need to consider when you're building serverless application and choosing architecture. You have configuration risks. So if your function is configured as it should. Technical workflow risk, if you're handling errors and success responses as you should. Business logic risks, if your business logic is working the way it should. And finally, integration risks. For example, if you're connected to the right database and if you have rights to write to that database and things like this. One of the architectures that fits these needs really good is hexagonal architecture or ports and adapters. Let's talk about that for a second. So its creator, Alistair Coburn, explains it as an architecture that allows an application to equally be driven by users, programs, automated tests, or batch scripts, and to be developed and tested in isolation from its eventual runtime and databases, which is really good for serverless because as we said at the beginning, debugging and local development sometimes can be a bit more complex than before. It's called ports and adapters because it works the same way as ports and adapters. For example, if you travel in some happier times, if you travel to some other countries, you need a different power plug for your laptop and you don't want to buy another charging cable. Instead, you can buy a small adapter and just use your regular charging cable. We want to do the same for our applications, and we do that by isolating business logic in the middle. Then we have some certain ports for our events, basically for events, and then we have adapters for different services. For example, when we are testing our service locally, we can use local trigger adapter and with the serverless app, we can use some kind of Lambda event adapter or something like that. Let's see this in an example. Let's go back to this example and let's focus on one Lambda function. If we want to build our application in a way that can be easily testable, we can do something like this. We can have Lambda.js file. We do that for a vacation tracker that fires the dependencies. That file has no tests, but it has just a few lines of code. Then we have our main.js file or multiple files that represents our business logic. This business logic has its own unit tests and also its own integration tests. But, for example, we have a lot of functions connected to EventBridge. We don't want to test each function against EventBridge. We have a repository for that, and integration tests will test this against some kind of local repository with the same API and basically the same interface as the real EventBridge repository. Then we have EventBridge repository with its own unit tests and integration tests. Here we want to test that against the real Amazon EventBridge service to be sure that that works. We can have some helper files, for example, event parser that will basically run just unit tests because it's not connected to anything outside of our function. Let's see the code for this. This can represent our Lambda.js file. We require some things from, let's say, our business logic and some things for our common folder or whatever that is. Then inside the function, we want to create an instance of our EventBridge repository. Finally, there's the most important part of this code, and that's this line. We invoke our business logic. We pass the event that we received. We pass the parser that will be able to parse this event. That's our adopter, for example, Lambda trigger. Finally, we pass the instance of our notification repository. With unit tests, we can easily test this by passing some static values for the event. We can mock parser and we can mock notification repository. For integration tests, we can pass, again, some static values for the event. Then we can pass some parser function and lock a notification adopter. Of course, as we said, the real notification adopter will have its own integration test, so we don't really care if this function can talk to EventBridge. Instead, we just want to check if this function is able to talk to a notification adopter. It's simple and nice, but at the beginning, we mentioned big, bad vendor lock-in. I'm pretty sure you still remember it. Well, how does this hexagonal architecture help you with fighting vendor lock-in or, as we said, keeping our switching costs reasonable? Let's do another story. Again, vacation tracker. We built the serverless prototype in the beginning. We had a small team with one full-time developer. Initial product was serverless chatbot plus ExpressJS and MongoDB. It was growing fast. After a few months, we had more than 200 teams using it. Now we have much more than that. Of course, we had a lot of bad decisions as a bonus that we did during that process. We did a lot of migrations in the past few months and years. For example, we replaced ExpressAPI with serverless API. We replaced MongoDB with DynamoDB, and we replaced API Gateway now with AppSync and GraphQL. Let's focus on MongoDB to DynamoDB. It's really, really hard to switch the database, but with hexagonal architecture, basically, you can start with the same interface as we said. For example, our MongoDB, whenever you want to get the user, you can invoke db.getUser, and it will return the user object. What we did with DynamoDB, we created the same interface. Basically, it has the same function, getUser. When you pass the ID of that user, you'll have the same return object. User1 will be the same as user2. We did the following. We still have our function, and it's connected to MongoDB repository. At some point, we also connected that function to DynamoDB repository and simply switched that adapter in the application. That was just a small part, of course, that is used by our code. But this is, of course, we needed to migrate the data and everything. But it's really important to do this because this way, our business logic stays the same. It doesn't really matter for our business logic if the data is inside DynamoDB or MongoDB and how do they work in the background. If we go back to this integration test, we can do simply something like this. Before all, we can create a test database with serverless, and after all, we can destroy it. The code is really simple. It looks something like this. We create the table, wait for table to be created. It takes maybe 15 to 20 seconds, and then at the end, we can just destroy that table and wait two, three seconds for that table to be destroyed. You only pay for this table when you're running tests, and after that, your account is clear. You're becoming a superhero of testing. Basically, let's do a short summary to end this presentation. Good architecture helps you to maintain your switching cost low or at least reasonable. You're not able to really look at some in some situations. Hexagonal architecture is nice for serverless apps because it helps you to test these applications in isolation. You should really test your integrations with serverless apps. Of course, you should test other parts of your application, but integrations are more important than ever. Sometimes tests are not enough, so you'll need to add some monitoring and error tracking to be sure that everything works all the time. That's it for today. As I said, I'm speaking and writing a lot about serverless. You can go to my website and see the content. I'm also doing a testing serverless apps workshop soon, so if you're interested into that, you'll be able to go to my website and get more info. Thank you very much. That's it for today. Hi, welcome. It's so great to have you here. Thank you for the amazing talk. Thank you. I saw 29% of people using serverless, so I'm actually really happy with that number because serverless is still new. It'll take a few more years until we have a bigger percentage of people using serverless, but so far, almost each third person using serverless is actually better than I expected. I'm happy with that number. I guess it depends a little bit on your market. I always feel like the American market is a little bit ahead of the European market, so I was a little bit surprised that it's only about a third, but I guess it depends. It's a good number. Of course, of course. But I remember the days when we had a really small percentage of people using serverless, like less than maybe 5% or something like that. So 29% is a really good number. Yeah, when it just started out. So it has grown a lot in recent years and acceptance has grown a lot as well. So the number will hopefully rise some more. We have a few questions from the audience from you. Aaron wants to know, where do you put Docker in the scale between traditional and serverless? So I'm probably not the right person to answer container questions because I'm not really using containers that much. But yeah, the only thing I'm using Docker for is for testing some of the serverless functions. I see another question related to AWSM and this is exactly the part where I'm using Docker from time to time. I'm not really sure where does it fit that serverless pyramid and yeah, testing. It's probably somewhere in between, but there are some managed containers now that are really close to serverless. So yeah, it really depends. I'm not the best person to answer container questions at the moment. Okay, then let's go to the next question. Jama task wants to know, do you use AWS SAM and its local capabilities to test serverless apps locally? That was the question you were referring to, right? Yeah, exactly. So AWS SAM or serverless application model is a really nice tool that helps you to deploy, but also run locally some parts of your serverless application. And we're using that from time to time to test our, not really to test, not to run automated tests, but to see if the function really works the way that we want it to work. But I'm not using this every day. So when I need to test something locally, it's much easier for me to just write some unit tests or something like that, or integration tests, then to spin up the Docker, probably update Docker because I'm not using it every day. So it can be really useful, especially when you're just starting with serverless. But for me, it's not the tool that I'm using every day, but we are using AWS SAM for deployment and for basically our infrastructure as a code. Okay, cool. Jamatask also asked, did you try to migrate AWS API stack to Kubernetes plus Istio or Google cloud or Microsoft Azure? Oh yeah, definitely not. And we're not planning to do that. So it's, so the next follow up question is basically how practical hexagonal architecture is. If we want to do some big migration, we would need still to write a lot of code for sure. But the good thing with serverless architecture is that the business logic of your function stays the same. So I know that the business logic of the function, for example, I talk about our product location tracker, the way you're requesting a lead or approving a lead will stay the same. What will change is basically connectors, how that data is stored to some database and things like this. Also adapters and things like this, but the business logic is independent of the platform. So that's why the, when you mentioned ports and adapters at the beginning, this is really good explanation. For example, if you travel somewhere, of course not this year, but hopefully soon in the future, you don't want to buy a new adapter. For example, when you go to the US or some other country with different power sockets, you don't want to buy the whole power cable for your Mac or something like that and pay a lot of money. Instead, you buy a small adapter just to allow your computer to be actually to use your power adapt, existing power adapter with a power supply in your hotel or something like that. You want to do the same with your code. Exactly, because you wouldn't just be done with buying a power adapter for your laptop, but you would need one for all of your electronics. Right? So it's much cheaper to just get the nice and compact adapter. It's the same with code. You don't want to rewrite your business logic because it should be independent of the platform where you're running your application. So no, we never tried to migrate everything to Kubernetes, but on the other side, we tried to migrate our business logic to GraphQL and that changed a lot of things, but a lot of functions stayed the same. We fortunately managed to delete a lot of functions and replace them with some other services, but the business logic still stayed the same. Okay. I think we have time for one last question. Aaron wants to know, I heard MongoDB has bad performance on serverless deployments. Is that why you migrated to DynamoDB? So no, we didn't show that bad performance, at least not in our application. But what was the problem with MongoDB was that we still own the infrastructure for that MongoDB. We need to scale that database and sometimes we have a lot of traffic because for example, Slack is sending us a lot of webhooks and people are using our applications. So instead of having a non-serverless database, we tried to migrate to DynamoDB because that database is fully serverless. It will automatically scale. We had a bug and in a month we had like 250 million write requests to our database in addition to what we normally have. And yeah, it just survived. Our bill was like $300 more, but yeah, everything just worked. Okay, cool. Thank you for answering all the questions. There were a few more questions and for answering those, please join Slobodan in the speaker room on special chat. Thank you so much for joining us on this evening. Thank you.