These tests are written to make sure that the code you have written does exactly what it is supposed to do. Depending on what the code under test actually does, the scope of these tests can be divided into several groups:

• Pure Functions: Tests will vary different input parameter combinations and check that the result is equal to what is expected.

• Stateful Functions: For these functions, the result of their invocation is dependent on the state of their parent component (e.g. objects). Tests usually involve setting up a new instance for each test. Other than that the tests themselves are pretty similar to those of pure functions.

• Orchestration Components: These components "orchestrate" the invocation and data transfer of multiple dependency components in order to achieve an overarching functionality. Their tests usually involve mocking the behaviour of the different dependencies and are focused on verifying that concerns like error handling, invocation order, correct data transfer etc. are handled as intended.

Because the tests only refer to your own code and everything else is mocked, they are extremely fast and can be run by the thousands in a very short time. This makes them the best tests to get quick feedback on the core components, e.g. the business logic, of your application.

In our example application, isolated functionality tests would be used mainly in the BookCollection component.

Important Methods and Technologies:

• MockK for mocking dependencies

• AssertJ for additional assertions

Technology integration tests are used to verify code that you have written to use a particular technology. Examples include, but are not limited to:

• HTTP endpoints (@Controller, @RestController)

• caching (@Cachable)

• transactions (@Transactional)

• asynchronous invocation (@Async)

• asynchronous messaging (@KafkaListener, @RabbitListener, KafkaTemplate, @AmqpTemplate)

• event handling (@EventListener)

• method-level security (@RolesAllowed, @PreAuthorize, @PostAuthorize, @Secured)

• web security configuration

• database access (JpaRepository, MongoRepository, JdbcTemplate etc.)

• HTTP client calls (RestTemplate, HttpClient, WebClient etc.)

The goal is not to check if a given technology works. Instead, it is to check if you are using the technology correctly to achieve your goal.

As an example, let’s assume that you are connecting to a SQL database using JDBC and have written a SQL query to read some data. You don’t need to test that the JDBC driver or the database works. What you need to test is whether you have written valid SQL that will return the desired result when used with a particular database.

Since technology integration tests involve bootstrapping some kind of technology (external services, framework features etc.), they are a lot slower that isolated tests. At least the initial setup will usually take a couple of seconds, while each single test will most likely take only a couple of milliseconds.

In our example application, technology integration tests would be used to test the in the BookRestController and BookRepository components.

Important Methods and Technologies:

• WireMock for simulating external HTTP services

• Testcontainers for running and managing Docker containers in your tests (e.g. for databases)

• Spring Boot Test Slices (@WebMvcTest, @JpaTest, @SpringBooTest(classes=[MyCustomConfig::class]) etc.)

End-to-end tests are written from the perspective of a user of our software. Particularly crucial here is which options the user has for interacting with the application under test. Frontend single-page applications are usually tested end-to-end using a browser and the backend is simulated. Meanwhile, backend applications, which are our focus here, are tested using their API. Any Dependencies, like other services or databases, are either simulated or replaced by test instances.

Questions that end-to-end tests can answer, and a combination of just isolated and technology integration tests can’t:

• Does my application start given a default configuration? → Do all my components fit and are all required compontents part of the application context.

• Does my global error handling work for all of my endpoints? → If there are global error handlers, testing them in each and every relevant technology integration test is error-prone (you might forget them) and redundant.

• Do my global security rules work? → A lot of security aspects are defined globally. So the same logic as for global error handlers applies here.

In addition to questions like this, it is generally useful to include a couple of smoke tests. These kinds of tests execute one or two happy path scenarios per endpoint, just to see that the whole control flow from request to response works. Basically if "everything fits and works together".

In our example application, the end-to-end tests would use the BooksRestController’s HTTP endpoints and the BooksRepository’s database would be a test instance.

The scope of an end-to-end test starts with the available input channels of the application under test as they would be used in production and ends where the application’s responsibility ends.

Architecture #1 is basically the classical 3 layer architecture:

1. The BooksRestController handles the translation of the HTTP protocol, and the public language (external model) into business logic, and the internal domain model.

2. The BooksCollection handles all core business logic and acts exclusively on the internal domain model.

3. The BooksRepository is responsible for the persistence of the state of the internal domain model in some kind of database.

Having a clear separation of concerns with each component focusing on a single job (e.g. translating business logic into SQL), it is very easy to also write tests that focus on that job and do not need to take too much else into consideration.

Architecture example #2 removes the "business" layer, or more general the technology-independent components. Leaving the BooksRestController to interact directly with the BooksRepository.

This mix of responsibilities for the BooksRestController has an immediate impact on the lower levels of the test automation pyramide.

Example #3 removes all concepts of separation of concern / layers and puts the BooksRestController in charge of everything. From translating the public language to interacting directly with the database, all while also containing any business logic. Basically there is no architecture, but there is a big ball of mud.

Doing this, kills any hope for writing small and focused tests or having different kinds of tests at all. Purely technical white-box isolated tests for a single do-it-all component are basically unmaintainable. Each tests setup has to consider which database state to set up based on which logical path will be traversed based on a specific HTTP request. This makes the tests fragile, complex to write and hard to understand.

Without other components to mock, there is also no real advantage to writing technical integration tests. Bootstrapping the application only partially does not really save any startup time but does add a lot more complexity. Simply writing everything as end-to-end tests is usually the only option left.

With less design (e.g. fewer abstractions, bigger multi-use components etc.) in the production code, the ability to write efficient tests decreases. From example #1 to #2 the difference is not yet as serious as from #2 to #3, so there is a point at which not all aspects of the application are testable without excessive effort. The basic principle is: The better the production code is decomposed / structured, the more of it can be verified purely with isolated and individual technology integration tests.