Software Quality at the Speed of Agile & DevOps

Archive for the ‘QA’ Category

Software Quality at the Speed of Agile & DevOps

Posted by admin | Posted On December 24th, 2020 | QA, Quality Assurance

 
 
 

Projects using waterfall often have release cycles measured in months (some even years). Agile and scrum revolutionized so much in software by being able to ship at the end of each sprint – it could be anywhere from weeks to days, even hours in some projects. DevOps often has automated deployments scheduled multiple times per day. This means the production code change rate can be orders of magnitude faster in DevOps than in agile. This sets the stage for delivering Quality at the Speed of DevOps and Agile.

In an Agile world, teams are being asked to move faster — reducing the length of time to delivery while continuing to improve the Quality of each release. At the same time, they are faced with increased pressure to reduce testing costs.

“testing at every step” and not “QA” at the end.

Testing is a lean process of Quality at every step. It includes quality user stories, quality environments, quality test data, quality unit tests, quality functional tests, and quality performance tests. It is “testing at every step” and not “QA” at the end.

We Don’t Compromise Between Speed And Quality

As digital disrupts business, we see an unprecedented demand for speed, while Quality is a given; as a result, old ways of testing don’t cut it anymore. We at QualiTlabs never compromise on Quality to achieve ‘speed.’

At QualiTlabs, we achieve Quality at Speed by implementing the following

Shift Left Testing

From the very start, our testers join design sessions to ask questions about how customers work and try to find gaps in requirements in the user stories, which ultimately leads to design changes. Some team members can work closely with back-end developers to ask questions and create test ideas and ‘what if scenarios. Others sat down with the API developers and stubbed out tests for new services while they were being developed. And yet others find themselves pairing up with the UI and API developers to test something new on their machine before it hits a build.

Actual testing still happens at the end, but it will be smaller and faster because of the problems you could find earlier. Shift left doesn’t exactly move testing closer to the beginning of a release cycle. It sprinkles it over each step and each iteration.

In this approach, we have test cases ready when new code moves into the QA environment; we execute the test cases related to the features/stories of the current sprint while we run the automated tests for all regression testing of the already released features. This helps us find bugs early in the sprint cycle, thus giving more time for the developers to fix the bugs.

Test Automation

Test automation is undoubtedly no longer an optional idea in quality assurance. Increasing the adoption of DevOps and Agile are some of the key factors driving the growth of the automation testing market. Test automation has become indispensable as more businesses adopt the latest Agile and DevOps processes to fulfill the demand for Quality at Speed.

We create reliable and maintainable automated tests for all regression areas of the past sprints using the latest test automation tools. We have implemented Test Automation for more than 95% of the clients.

We create automated tests for the UI end-to-end test cases, API (REST, GraphQL, Microservices), and DB layer.

To expedite the development of the automation tests, we use the in-house developed automation frameworks; this also improves the reliability of the test execution results and maintainability.

QAOps

Quality Assurance Sees Changes in DevOps Transformation

‘DevOps’—a set of software development practices that combines development (Dev) and information technology operations (Ops). DevOps aims to shorten the systems development life cycle (SDLC) while teams can focus on building features, fixing bugs, and pushing frequent updates aligned with business objectives. DevOps bridges the collaboration between developers and business operationalists.

In the same spirit, QAOps helps increase the direct communication flow between testing engineers and developers by integrating software testing into the CI/CD pipeline rather than having the QA team operate in isolation. In short, QAOps is defined in two key principles:

  1. QA activities should be incorporated into the CI/CD pipeline
  2. QA engineers should work in alignment with developers and be involved throughout the CI/CD process.

QAOps in Continuous Integration/Testing

We integrate the Automation scripts into the CICD pipeline (using DevOps tools) and leverage the cloud platforms (web and mobile testing platforms) such as BrowserStack, LambdaTest, Sauce Labs, Kobiton, AWS Device Farm, etc. to execute the automated tests on a vast variety of device and browser combinations.

This helps us execute the automated tests early and more frequently during the sprint cycles; this helps us find the bugs at the early stages of the testing cycle.

QAOps for Continuous Reporting

With the help of the DevOps tools and Test Automation, we publish the test execution results on different platforms based on the client requirements –

  1. Inbox – a most convenient option for many of our clients
  2. Jira-XRAY – we integrate automation tools with XRAY GraphQL API to post the results in real-time so that the entire team will have access to the test reports any time, anywhere
  3. PractiTest – we integrate automation tools with PractiTest’s REST API to post the results in real-time so that the entire team will have access to the test reports any time, anywhere
  4. TestRail,
  5. qTest, the list goes on …

Test automation, along with continuous testing, leads by helping teams perform repetitive tasks, detect bugs faster and more precisely, provide continuous feedback loops, and ensure test coverage. Therefore, implementing test automation and QAOps in the QA processes can save significant costs, time, and human resources while achieving Software Quality at speed.

QAOps can help detect errors faster and resolve them way ahead in the development process. If the QAOps approach is not followed, it will take stretched periods between integrations, making fixing these gaps a longer and exceedingly stressful task. It will reduce constant back-pedaling to identify issues and focus on building various features.

This approach is helping our clients go to Market Fast to be market leaders.

Please contact us at sales@qualitlabs.com if you’d like to talk to our technology leaders and understand the process better.

 
 
 

Performance Testing Encrypted REST API using JMeter

Posted by admin | Posted On October 15th, 2020 | API Testing, Performance Testing, QA

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
RESTAPI
aes_encryption_requst_response

 

The Problem Statement

It’s becoming more common practice to develop end-to-end encrypted REST APIs or Microservices (i.e., request/response body, headers, and even request URL paths are being encrypted) to enhance security, especially in the industries such as finance, banking, insurance, healthcare, legal tech, travel, etc.  Let’s imagine a scenario where API is completely encrypted for additional security. Then the ultimate question arises – will you be able to handle this encryption scenario and still perform the testing using JMeter? The answer is YES!!

Possible Solution

User JMeter JSR223 PreProcessor and JMeter JSR223 PostProcessor to encrypt or decrypt request/response body/headers/URLs.

You can also achieve the same using other API/Performance Test automation tools, such as Katalon Studio, SaopUI, Postman, Load Runner, etc.

Encryption/Description Algorithm to be used

create aeslib.groovy file with the following code

def  encrypt (def plainText) {GroovyShell shell = new GroovyShell()

def cipher = Cipher.getInstance(“AES/CBC/PKCS5Padding”.getBytes(“UTF-8”), “SunJCE”)

SecretKeySpec key = new SecretKeySpec(“put your secret key here”.getBytes(“UTF-8”))
, “AES”)

IvParameterSpec iv = new IvParameterSpec(“put your IV key here”)

cipher.init(Cipher.ENCRYPT_MODE, key, iv)

def result = cipher.doFinal(plainText.getBytes(“UTF-8”)).encodeBase64().toString()

def ivString = cipher.getIV()

ivString = new String(ivString, “UTF-8”)

return result

}

def decrypt (def cypherText) {

byte[] decodedBytes = cypherText.decodeBase64()

def cipher = Cipher.getInstance(“AES/CBC/PKCS5Padding”, “SunJCE”)

SecretKeySpec key = new SecretKeySpec(“put your secret key here”.getBytes(“UTF-8”), “AES”)

cipher.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(“put your IV key here”.getBytes(“UTF-8”)))

return new String(cipher.doFinal(decodedBytes), “UTF-8”)

}

 

AES encrypted Request / Parameters / URL / Header

Let’s take a real-world scenario to solve this problem; let’s assume the following scenarios exist in your project, then how do we go ahead with the API automation

HTTP Request Body (JSON) is encrypted

HTTP Response Body (JSON) is encrypted

HTTP Request Headers are encrypted

HTTP Response Headers are encrypted

HTTP Request URL is encrypted

 

How to encrypt Request URL

In JSR223 PreProcessor  write the below code

   def aesLib = shell.parse(new File(“${System.getProperty(“user.dir”)}/scripts/aeslib.groovy”))

sampler.setDomain(“api.example.com”)

sampler.setPath(“${aesLib.encrypt(<URL path here >)}”)

 

How to encrypt Request Headers

In JSR223 PreProcessor  write the below code

sampler.getHeaderManager().add(new Header(“x-access-token”, aesLib.encrypt(“your token here”)))

 

How to encrypt Request Body (POST request)

def requestPostData = ‘{“param1″:”Value”,”param2″:1234,”param3″:”en”}’

def requestPostDataJOSN = ‘{“data”:”‘ + aesLib.encrypt(requestPostData) + ‘”}’

ctx.getCurrentSampler().getArguments().getArgument(0).setValue(requestPostDataJOSN);

 

How to decrypt Response Body

def encryptedResponseData = ctx.getPreviousResult().getResponseDataAsString()

def JSONResponse = aesLib.decrypt(encryptedResponseData )

def jsonSlurper = new JsonSlurper()

def jsonParsedObj = jsonSlurper.parseText(JSONResponse)

def is_success = jsonParsedObj.success

log.info  “success: ” + jsonParsedObj.success

vars.put(“dept_id”, “${jsonParsedObj.data[0].dept_id}”)

 

Conclusion

you get some ideas on encrypting the entire API request body in AES encoding. AES encryption is touched upon in this article.

JSR223 Pre-processor is comfortable with any of these 5 languages – Groovy, JavaScript, JRuby, Jython, and Kotlin.

Another alternative for JSR223 Pre-processor is to use BeanShell.

BeanShell is a small, free, embeddable Java source interpreter with object scripting language features written in Java. BeanShell executes standard Java syntax dynamically and extends it with common scripting conveniences such as loose types, commands, and method closures like those in Perl and JavaScript.

Please feel free to reach out to sales@qualitlabs.com for any help.