13 KiB
Announcing servant-quickcheck
Some time ago, we released servant-mock. The idea behind it is to use
QuickCheck to create a mock server that accords with a servant API. Not long
after, we started thinking about an analog that would, instead of mocking a
server, mock a client instead - i.e., generate random requests that conform to
an API description.
This is much closer to the traditional use of QuickCheck. The most obvious
use-case is checking that properties hold of an entire server rather than of
individual endpoints. (But there are other uses that you can skip to if they
sound more interesting.)
serverSatisfies
A useful guideline when writing and maintaing software is that, if there isn't a test for a behaviour or property, sooner or later that property will be broken. Another important perspective is that tests are a form of documentation - the present developer telling future ones "this matters, and should be this way".
The advantage of using tests for this form of documentation is that there's simply too much information to convey, some of it only relevant to very specific use cases, and rather than overload developers with an inexhaustible quantity of details that would be hard to keep track of or remember, tests are a mechanism of reminding developers of only the relevant information, at the right time. <>.
We might hope that we could use tests to communicate the wide array of best practices that have developed around APIs. About to return a top-level integer in JSON? A test should say that's bad practice. About to not catch exceptions and give a more meaningful HTTP status code? Another test there to stop you.
Traditionally, in web services these things get done at the level of individual endpoints. But this means that if a developer who hasn't had extensive experience with web programming best practices writes a new endpoint which does return a top-level integer literal, there's no test there to stop her. Code review might help, but code review is much more error prone than tests, and really only meant for those things that are too subtle to automate. (Indeed, if code review were such a reliable defense mechanism against bugs and bad code, why have tests and linters at all?)
The problem, then, with thinking about tests as only existing at the level of individual endpoints is that there are no tests for tests - tests that check that new behaviour and tests conforms to higher-level, more general best practices.
servant-quickcheck aims to solve that. It allows describing properties that
all endpoints must satisfy. If a new endpoint comes along, it too will be
tested for that property, without any further work.
Why isn't this idea already popular? Well, most web frameworks don't have a reified description of APIs (beyond perhaps the routes). When you don't know what the endpoints of an application are, and what request body they expect, trying to generate arbitrary requests is almost entirely going to result in 404s (not found) and 400s (bad request). Maybe one in a thousand requests will actually test a handler. Not very useful.
servant applications, on the other hand, have a machine-readable API description
already available. And they already associate "correct" requests with particular
types. It's a small step, therefore, to generate 'arbitrary' values for these
requests, and all of them will go through to your handlers. (Note: all of the
uses of servant-quickcheck work with applications not written with servant-server -
and indeed not *in Haskell - but the API must be described with the servant
DSL.)
Let's see how this works in practice. As a running example, let's use a simple service that allows adding, removing, and querying biological species. Our SQL schema is:
schema.sql
CREATE TABLE genus ( genus_name text PRIMARY KEY, genus_family text NOT NULL ); CREATE TABLE species ( species_name text PRIMARY KEY, species_genus text NOT NULL REFERENCES genus (genus_name) )
And our actual application:
Main.hs
{-# LANGUAGE DataKinds #-} {-# LANGUAGE DeriveAnyClass #-} {-# LANGUAGE DeriveGeneric #-} {-# LANGUAGE TypeOperators #-} {-# LANGUAGE OverloadedStrings #-} {-# LANGUAGE RecordWildCards #-} module Main where import Servant import Data.Aeson import Database.PostgreSQL.Simple import GHC.Generics (Generic) import Data.Text (Text) import Network.Wai.Handler.Warp import Control.Monad.IO.Class (liftIO) type API = "species" :> (Capture "species-name" Text :> ( Get '[JSON] Species :<|> Delete '[JSON] ()) :<|> ReqBody '[JSON] Species :> Post '[JSON] ()) -- The plural of 'species' is unfortunately also 'species' :<|> "speciess" :> Get '[JSON] [Species] api :: Proxy API api = Proxy data Species = Species { speciesName :: Text , speciesGenus :: Text } deriving (Eq, Show, Read, Generic, ToJSON, FromJSON) data Genus = Genus { genusName :: Text , genusFamily :: Text } deriving (Eq, Show, Read, Generic, ToJSON, FromJSON) instance FromRow Genus instance FromRow Species server :: Connection -> Server API server conn = ((\sname -> liftIO (lookupSpecies conn sname) :<|> liftIO (deleteSpecies conn sname)) :<|> (\species -> liftIO $ insertSpecies conn species)) :<|> (liftIO $ allSpecies conn) lookupSpecies :: Connection -> Text -> IO Species lookupSpecies conn name = do [s] <- query conn "SELECT * FROM species WHERE species_name = ?" (Only name) return s deleteSpecies :: Connection -> Text -> IO () deleteSpecies conn name = do _ <- execute conn "DELETE FROM species WHERE species_name = ?" (Only name) return () insertSpecies :: Connection -> Species -> IO () insertSpecies conn Species{..} = do _ <- execute conn "INSERT INTO species (species_name, species_genus) VALUES (?)" (speciesName, speciesGenus) return () allSpecies :: Connection -> IO [Species] allSpecies conn = do query_ conn "SELECT * FROM species" main :: IO () main = do conn <- connectPostgreSQL "dbname=servant-quickcheck" run 8090 (serve api $ server conn)
(You'll also also need to run:
createdb servant-quickcheck
psql --file schema.sql -d servant-quickcheck
If you want to run this example.)
This is a plausible effort. You might want to spend a moment thinking about what could be improved.
Spec.hs
{-# LANGUAGE OverloadedStrings #-} module Spec (main) where import Main (server, api, Species(..)) import Test.Hspec import Test.QuickCheck.Instances import Servant.QuickCheck import Test.QuickCheck (Arbitrary(..)) import Database.PostgreSQL.Simple (connectPostgreSQL) spec :: Spec spec = describe "the species application" $ beforeAll check $ do let pserver = do conn <- connectPostgreSQL "dbname=servant-quickcheck" return $ server conn it "should not return 500s" $ do it "should not return 500s" $ do withServantServer api pserver $ \url -> serverSatisfies api url defaultArgs (not500 <%> mempty) it "should not return top-level json" $ do withServantServer api pserver $ \url -> serverSatisfies api url defaultArgs (onlyJsonObjects <%> mempty) where check = do mvar <- newMVar [] withServantServer api pserver $ \url -> serverSatisfies api url defaultArgs (onlyJsonObjects <%> mempty) main :: IO () main = do hspec spec instance Arbitrary Species where arbitrary = Species <$> arbitrary <*> arbitrary
But this fails in quite a few ways.
<>
This was an example created with the knowledge of what it was supposed to
exemplify. To try to get a more accurate assessment of the practical usefulness
of servant-quickcheck, I tried running serverSatisfies with a few
predicates over some of the open-source servant servers I could find, and
results were also promising.
There are probably a lot of other interesting properties that one might to add besides those I've included. As an example, we could have a property that all HTML is checked against, which is sometimes tricky for HTML that's generated dynamically. Or check that every page has a Portuguese translation.
Why best practices are good
As a side note: you might have wondered "why bother with API best practices?". It is, it has to be said, a lot of extra (as in not only getting the feature done) work to do, for dubious benefit. And indeed, the relevance of discoverability, for example, unclear, since not that many tools use it as perhaps was anticipated.
But servant-quickcheck both makes it easier to conform to best practices,
and exemplifies their advantage in enabling better tooling. If we pick 201 (Success, the 'resource' was
created), rather than the more generic 200 (Success), and do a little more work
by knowing to make this decision, servant-quickcheck knows this means there
should be some representation of the resource created. So it knows to ask you
for a link to it (the RFC creators thought to ask for this). And if you do (again,
a little more work), servant-quickcheck will know to try to look at that
resource by following the link, checking that it's not broken, and maybe even
returns a response that equivalent to the original POST request). And then it
finds a real bug - your application allows species with '/' in their name to
be created, but not queried with a 'GET' for! This, I think, is already a win.
serversEqual
There's another very appealing application of the ability to generate "sensible"
arbitrary requests. It's for testing that two applications are equal. We can generate arbitrary
requests, send them to both servers (in the same order), and check that the responses
are equivalent. (This was, incidentally, one of the first applications of
servant-client, albeit in a much more manual way, when we rewrote a microservice
originally in Python in Haskell.) Generally with rewrites, even if there's some
behaviour that isn't optimal, perhaps a lot of things already depend on that service
and make interace poorly with "improvements", so it makes sense to first mimick
exactly the original behaviour, and only then aim for improvements.
servant-quickcheck provides a single function, serversEqual, that attempts
to verify the equivalence of servers. Since some aspects of responses might not
be relevant (for example, whether the the Server header is the same, or whether
two JSON responses have the same formatting), it allows you to provide a custom
equivalence function. Other than that, you need only provide an API type and two
URLs for testing, and the rest serversEqual handles.
Future directions: benchmarking
What else could benefit from tooling that can automatically generate sensible (vis-a-vis a particular application's expectations) requests?
One area is extensive automatic benchmarking. Currently we use tools such as
ab, wrk, httperf in a very manual way - we pick a particular request that
we are interested in, and write a request that gets made thousands of times.
But now we can have a multiplicity of requests to benchmark with! This allows
finding slow endpoints, as well as (I would imagine, though I haven't actually
tried this yet) finding synchronization issues that make threads wait for too
long (such as waiting on an MVar that's not really needed), bad asymptotics
with respect to some other type of request.
(On this last point, imagine not having an index in a database for "people", and having a tool that discovers that the latency on a search by first name grows linearly with the number of POST requests to a different endpoint! We'd need to do some work to do this well, possibly involving some machine learning, but it's an interesting and probably useful idea.)
Conclusion
I hope this library presents some useful functionality already, but I hope you'll also think how it could be improved!
There'll be a few more packages in the comings weeks - check back soon!
Note: This post is an anansi literate file that generates multiple source files. They are:
** Main.hs**
Main.hs
** schema.sql**
schema.sql
** Spec.hs**
Spec.hs