What’s Different about Testing Serverless Applications?
Serverless computing is a DevOps technique that uses cloud-provided runtimes to execute code components in a defined workflow. For example, if you have a login sequence for a web application, you might use a serverless component to accept the username and password, check them against a database, then execute a login successful function.
Serverless applications aren’t literally serverless—they do, in fact, run on a server. They are more properly called “function as a service” or “event-driven processing.” An application executes by making its way through a defined series of components, rather than running as a full application at all times.
Serverless components execute on runtimes, such as Amazon Lambda and Azure Functions. We’re familiar with general-purpose runtimes, such as the .NET Common Language Runtime (CLR) or the Java Virtual Machine (JVM). Like the CLR and JVM, the serverless runtimes will work with multiple programming languages, so teams have some flexibility in how they implement their components.
Many people like serverless because you pay only for the actual compute time involved in processing the event. However, from a technical standpoint, the execution model is really more about processing those discrete events rather than accounting for cloud costs.
On to Testing
One key thing to remember when testing serverless applications and components is that the components are stateless; by themselves, they do not persist data. This means that there is no need to reset state between tests, which simplifies testing.
However, it also means testers have to completely understand the application architecture and the precise flow of data before beginning, which means being involved in the design process.
Serverless computing is primarily API-driven, as data is passed via APIs between application components and external services, such as the database and user interface. Because there are no calls into the runtime or operating system, only the code and the interactions between code and data have to be tested.
Invoking the runtime in order to test can be a challenge. You can sometimes test individual components on a desktop system, but this approach has a lot of limitations. The runtime has to behave like it is in the cloud, which typically means using a separate framework or wrapper to emulate a cloud environment.
The only true way of testing serverless application components is in the cloud itself. The runtime has to run in its native environment in order to avoid missing details in the workflow and the passing of data between the components and services.
Continuous testing is vital to serverless application development. Whenever a new build is deployed to the cloud, it also needs to undergo testing to ensure the flow of data is correct. These applications also require traditional performance, load, and security testing. In fact, security testing is even more vital than with traditional applications, because the many APIs used greatly expands the attack surface.
Serverless applications require both monitoring and synthetic testing in deployment after they go into production. That’s the only way testers can ensure that they are meeting their quality goals. Testing is easier in some ways with the new model, but more difficult in others, as the scope of cloud-based applications continues to expand.
Peter Varhol and Gerie Owen are presenting the session Conquering the Testing Challenges of Serverless Applications at STARWEST 2019, September 29–October 4 in Anaheim, California.