Writing Testable Serverless Apps Using Hexagonal Architecture

Hello. What's the scariest thing about serverless? There are many scary things, right? Well, some people would say that the scariest thing is long-running tasks, but that's not really the scariest thing because there are many ways to have longer-running functions and things like this. Have you heard about cold start? That was a really scary thing at the beginning, but now it's not that much because with Node.js, your cold start is maybe 100 milliseconds or something like that.

What about local development and debugging? That's still really hard thing to do but tooling is getting better every day so it's not really that scary anymore. But there's one thing that everyone is mentioning, it's losing control. Yeah, maybe, but on the other side, with losing control, you're gaining speed and some other things. So I don't think that's the scariest thing. But again, there's one thing that everyone is scared about and it doesn't matter if you talk to developer or some business person, everyone will mention big bad vendor lock-in. It's really scary, right?

But let's see what's vendor lock-in. If you go to Wikipedia, you'll see that in economics, vendor lock-in makes a customer dependent on a vendor for products or services unable to use another vendor without substantial switching costs. I don't really like the definition so let's try to explain with a few diagrams. So let's say that you need a server. I don't know why, but you just want to have a server and build some kind of application. You can buy it or rent it, but no one is buying servers anymore. So you decide to rent it. You find a guy that has a lot of servers in his basement, let's call that guy Jeff, and you rent one server from Jeff and that's now your cloud. You're using that server and after some time, Jeff is really smart and he knows how to use his servers and he knows that you're building databases, some caching and things like this. So he starts building services for you. You can use just a database without the server or just use cache or maybe machine learning or functions. And it's even better because you can pay for these things only when you use them. It's really awesome and he will love your cloud services now. But what if Jeff is actually a villain and at some point you're so dependent that he'd services and he increased costs of all of these services. And of course your wallet would not be happy in this moment and you will not be happy for sure. But fortunately you have some options. For example, you can find another guy that has a lot of servers in his basement or whatever, let's call this one Bill And Bill also has a database and compute and machine learning and everything else. And the costs are more or less the same as the cost of Jeff's services before he increased the pricing. But what's expensive is migration because Jeff's database is not exactly the same as Bill's database. So you need to invest a lot of time to move your application from one services to other. And that's basically cloud vendor lock in. We saw another example lately with Parler, but that's likely different because they're not able to migrate to any big vendor.

So this is really extreme case, but this presentation will not cover that. Regarding vendor lock-in, I really think that Mark Schwartz, enterprise strategist at AWS is right. He thinks that term lock-in is misleading because we're actually talking about switching costs. As soon as we commit to any platform or a vendor, we'll have switching costs if we later decide to change that vendor or platform. For example, if you build your application in PHP, and then at some point you want to migrate that to Node.js or Go or something else, you'll have a big switching cost because you need to pause for some time, rebuild everything in a different language, and then continue from that point.

So, how do we fight vendor lock-in, or let's ask the better question, how do we keep our switching costs reasonable? Well, we can do a few things. First, we need to do planning and analysis. For example, we need to answer some questions such as how likely will I need to switch to another platform or service? What would be the cost for that switch? If there is no big chance to switch to something else, for example, you picked your database and you don't think you will need to switch in the near future, it's okay to have a slightly higher cost of migration, but for some other things, you need to keep that cost lower. You need to have a good architecture, of course. And finally, you need to have deployment procedures because if you don't have them, it will be really, really hard to migrate anywhere.

That leads us to our topic for today, and that's writing testable serverless applications and preventing vendor lock-in using hexagonal architecture. But before we continue, let me introduce myself. I'm Slobodan Stanovich, I'm CTO and partner at Cloud Horizon and VacationTracker, VacationTracker is a lead tracking management system and Cloud Horizon is basically an agency we are doing web apps for other people. I also wrote the book, Serverless Applications with Node.js with my friend Alexander Simovich, and it's published by many publications. And I'm also AWS serverless hero. You can follow me on my website. I write about serverless a lot and testing also. So let's go back to our topic because that's definitely more interesting than I am. So we'll talk about writing testable serverless apps using hexagonal architecture. But let's focus on testable part first. Why is testing important for serverless apps? You basically outsource some parts of your app to a vendor, but that's not covering everything. They'll manage infrastructure for you, but you still own your code and your business logic. So you need to test that part of the application. And also most of the time serverless applications are not fully isolated monoliths without integrations. Instead, there contain a lot of small services that are interacting with each other all the time, and they have a lot of external dependencies. I mentioned vacation tracker, so here's an example. Our application is WebApp that has also Slack chatbot. And inside Slack, you can type slash vacation and request vacation in just a few clicks. It's so easy, you can do that in just a few minutes, actually a few seconds. But in the background, that looks something like this.

Slack sends some requests to our Amazon API gateway. API gateway receives that HTTP request and decides which Lambda function to run. That Lambda function will parse that request, send that to something called Amazon event bridge that will just communicate with our business logic in the background, it's an enterprise service bus. And then immediately, AWS Lambda function will return the answer through Amazon API gateway to Slack and tells Slack that you received the message. In the background, our business logic will catch that message and do something with it, for example, request a leave for you or do something like that.

There are a lot of things that can change or fail every moment, for example, Slack can change the payload. It happened a few times in the last few years. Or for example, Slack can be down. Then Amazon API gateway can change its payload or something like that. Then AWS Lambda function, maybe our Lambda function is not sending the right message to Amazon EventBridge or we don't have rights to send that message. So that can fail. And finally, maybe Amazon EventBridge cannot trigger our business logic for some reason. So there are a lot of changes that can happen all the time and tests will not prevent these changes for sure. But they'll make sure that the changes we're doing are not accidental.

So how do we prevent changes? We can't, our application needs to adapt really fast and start working with a different payload or whatever. So how do we know which part of the application what should we test actually in our serverless application? In traditional applications, there's something called testing pyramid. It's defined by Michael Cohen, his book, Succeeding with Agile. And it looks something like this. At the bottom of Pyramid, there are unit tests because they're fast and really cheap. You don't need anything external for these tests. So they're cheap and fast because of that. And you need to write a lot of unit tests. Then for integration tests, they're a bit more expensive and slower because they need to connect to some kind of database or other services. So you need less integration tests, but they're also a bit more expensive. And finally, UI or end-to-end tests are the most expensive and the slowest ones because you need to have the whole application and everything. And that's why you don't want to have too many of them. Finally, many teams have some manual session-based testing. That is the slowest one because people need to do that and they're the most expensive. With serverless, actually serverless testing pyramid would look more like Mayan pyramid instead of Egyptian pyramid. So unit tests are the same, but the integration tests and UI tests are a bit faster and a bit cheaper because it's cheaper to spin up another instance of your application and you paper things that you only use in serverless and you can do things in parallel.

That's why they're a bit faster. Integration tests in serverless application are cheaper and faster than ever before. But they're also more important because the common serverless application is split into many small pieces.

So we mentioned architecture. Which architecture is the best for serverless apps? Basically, there's no one architecture. You can use any architecture that will let you to test your serverless app easily and keep your switching costs low. Because sooner or later you'll need to switch or migrate parts of your application not to another cloud vendor, but most of the time you will use another service or you'll change some integration and things like this.

There are some things that you need to consider when you're building serverless application and choosing architecture. You have configuration risks. So if your function is configured as it should, technical workflow risk, if you're handling errors and success responses as you should, business logic risks, if your business logic is working the way it should and finally integration risks. For example, if you're connected to the right database and if you have rights to that database and things like this. One of the architectures that fits these needs really good is hexagonal architecture or ports and adapters.

Let's talk about that for a second. So its creator Alistair Coburn explains it as an architecture that allows an application to equally be driven by users programs, automated tests or batch scripts and to be developed and tested in isolation from its eventual runtime and databases, which is really good for serverless because as we said at the beginning, debugging and local development sometimes can be a bit more complex than before. It's called ports and adapters because it works the same way as ports and adapters. For example, if you travel in some happier times, if you travel to some other countries, you need a different power plug for your laptop and you don't want to buy another charging cable. Instead, you can buy a small adapter and just use your regular charging cable. We want to do the same for our applications and we do that by isolating business logic in the middle. And then we have some certain ports for our events, basically for, yeah, for events. And then we have adapters for different services. For example, when we are testing our service locally, we can use local trigger adapter and with the serverless app, we can use some kind of Lambda event adapter or something like that. So let's see this in an example. Let's go back to this example and let's focus on one Lambda function. If you want to build our application in a way that can be easily testable, we can do something like this. We can have Lambda JS file. We do that for a vacation tracker that fires the dependencies. That file has no tests, but it has just a few lines of code. Then we have our main JS file or multiple files which represents our business logic. This business logic has its own unit tests and also its own integration test. But for example we have a lot of functions connected to EventBridge.

We don't want to test each function against EventBridge. We have a repository for that and integration tests will test this against some kind of local repository with the same API and basically the same interface as the real EventBridge repository. And then we have EventBridge repository with its own unit tests and integration tests. And here we want to test that against the real Amazon EventBridge service to be sure that that works. And we can have some helper files for example, event parser that will basically run just unit test because it's not connected to anything outside of our function.

So let's see the code for this. This can represent our Lambda.js file. We require some things from let's say our business logic and some things for our common folder or whatever that is. And then inside the function we want to create an instance of our EventBridge repository. And finally, there's a most important part of this code and that's this line, we invoke our business logic, we pass the event that we received, we pass the parser that will be able to parse this event. That's our adopter for example, the Lambda trigger. And finally, we pass the instance of our notification repository.

With unit tests, we can easily test this by passing some static values for the event, we can mock parser and we can mock a notification repository. For integration tests, we can pass again some static values for the event and then we can pass some parser function and lock a notification adopter. And of course, as we said, the real notification adopter will have its own integration test so we don't really care if this function can talk to event bridge. Instead, we just want to check if this function is able to talk to notification adopter.

It's simple and nice, but at the beginning, we mentioned big, bad vendor lock-in. I'm pretty sure you still remember it. Well, how does this hexagonal architecture help you with fighting vendor lock-in or as we said, keeping our switching costs reasonable? Let's see another story. Again, vacation tracker. So we built the serverless prototype in the beginning. We had a small team with one full-time developer. Initial product was serverless chatbot plus express.js and MongoDB, and it was growing fast after like a few months. We had more than 200 teams using it. Now we have much more than that. And of course we had a lot of bad decisions as a bonus that we did during that process. So we did a lot of migrations in the past few months and years. For example, we replaced Express API with serverless API. We replace MongoDB with DynamoDB and we replace API gateway now with AppSync and GraphQL. Let's focus on MongoDB to DynamoDB.

It's really, really hard to switch the database, but with hexagonal architecture, basically you can start with the same interface as we said. So for example, our MongoDB, whenever you want to get the user, you can invoke db.getUser and it will return the user object. What we did with DynamoDB, we've created the same interface. So basically it has the same function getUser. When you pass the ID of that user, you'll have the same return object. So user one will be the same as user two. So we did the following. We still have our function and it's connected to MongoDB repository at some point. We also connected that function to DynamoDB repository and simply switched that adapter in the application. That was just a small part, of course, that is used by our code. But this is, of course, we needed to migrate the data and everything. But it's really important to do this because this way, our business logic stays the same. It doesn't really matter for our business logic if the data is inside DynamoDB or MongoDB and how do they work in the background.

And if we go back to this integration tests, we can do simply something like this. Before all, we can create a test database with serverless and after all, we can destroy it. The code is really simple. It looks something like this. We create the table, wait for table to be created. It takes maybe 15 to 20 seconds, and then at the end, we can just destroy that table and wait like two, three seconds for that table to be destroyed. And you only pay for this table when you're running tests and after that, your account is clear. And yeah, you're becoming a superhero of testing.

Basically, let's do a short summary to end this presentation. Good architecture helps you to maintain your switching cost low, or at least reasonable if you're not able to bring it in some situations. Hexagonal architecture is nice for serverless apps because it helps you to test these applications in isolation. And you should really test your integrations with serverless apps. And of course, you should test other parts of your application, but integrations are more important than ever. And sometimes tests are not enough, so you'll need to add some monitoring and error tracking to be sure that everything works all the time.

And that's it for today. As I said, I'm speaking and writing a lot about serverless. You can go to my website and see the content. And I'm also doing a testing serverless apps workshop soon. So if you're interested into that, you'll be able to go to my website and get more info. Thank you very much. That's it for today. Hi, welcome. So great to have you here. Thank you for the amazing talk. Thank you. I saw 29% of people using serverless, so I'm actually really happy with that number because serverless is still new. So it will take a few more years until we have a bigger percentage of people using serverless but so far like almost one, each third person using serverless is actually the better than I expected. So, yeah, I'm happy with that number. I guess it depends a little bit on your market. I always feel like the American market is a little bit ahead of the European market.

And so I was a little bit surprised that it's only like about a third, but yeah, I guess it depends. It's a good number. Yes. Of course, of course. But I remember the days when we had a really small percentage of people using serverless like less than maybe 5% or something like that. So 29 is a really good number. Yeah, when it just started out. So it has grown a lot and in recent years and acceptance has grown a lot as well. So the number will hopefully rise some more.

We have a few questions from the audience from you. Aaron wants to know where do you put Docker in the scale between traditional and serverless? So I'm probably not the right person to answer container questions because I'm not really using containers that much, but yeah, the only thing I'm using Docker for is for testing some of the serverless functions. I see another question related to AWSM and this is exactly the part where I'm using Docker from time to time. I'm not really sure where does it fit that serverless pyramid. And yeah, testing, it's probably somewhere in between, but there are some managed containers now that are really close to serverless. So yeah, it really depends. I'm not the best person to answer container questions at the moment.

Then let's go to the next question. Jamatask wants to know, do you use AWS SAM and its local capabilities to test several apps locally? That was the question you were referring to, right? Yeah, exactly. So AWS SAM or serverless application model is a really nice tool that helps you to deploy, but also run locally some parts of your serverless application. And we're using that from time to time to test our... Not really to test, not to run an automated test, but to see if the function really works the way that we want it to work. But I'm not using this every day. So when I need to test something locally, it's much easier for me to just write some unit tests or something like that, or integration tests than to spin up the Docker, probably update Docker because I'm not using it every day. So it can be really useful, especially when you're just starting with serverless. But for me, it's not a tool that I'm using every day, but we are using AWS SAM for deployment and for basically our infrastructure as a code.

DammaTask also ask, did you try to migrate AWS AppiStack to Kubernetes plus Istio or Google Cloud or Microsoft Azure? Oh yeah, definitely not. On the other hand, we're not planning to do that. So it's so that the next follow-up question is basically how practical hexagonal architecture is.

On the other hand, we're not planning to do that. So it's so that the next follow-up question is basically how practical hexagonal architecture is. So if we want to do some big migration, we would need still to write a lot of code for sure. But the good thing with serverless architecture is that the business logic of your functions stays the same. So I know that the business logic of the function, for example, I talk about our product, Location Tracker, the way you're requesting a leave or approving a leave will stay the same. What will change is basically connectors, how that data is stored to some database and things like this. So adapters and things like these. But the business logic is independent of the platform. So that's why when you mentioned ports and adapters at the beginning, this is really good explanation. For example, if you travel summer, of course not this year, but hopefully soon in the future, you don't want to buy a new adapter. For example, when you go to the US or some other country with different power sockets, don't want to buy the whole power cable for your Mac or something like that and pay a lot of money. Instead, you buy a small adapter just to allow your computer to, actually to use your existing power adapter with a power supply in your hotel or something like that. You want to do the same with your code. Exactly, because you wouldn't just be done with buying a power adapter for your laptop, but you would need one for all of your electronics. So, it's much cheaper to just get the nice and compact adapter. It's the same with code. You don't want to rewrite your business logic because it should be independent of the platform where you're running your application. So, no, we never tried to migrate everything to Kubernetes, but on the other side, we tried to migrate our business logic to GraphQL, and that changed a lot of things. But a lot of functions stayed the same. We fortunately managed to delete a lot of functions and replace them with some other services, but the business logic still stayed the same.