Tag: Development

Posted on

Testing High Performance AWS SQS batch sending

The class, from our OSS Maven standards project, is a well-structured unit test suite that demonstrates testing patterns for AWS SQS batch messaging functionality. As a senior Java developer, you’ll appreciate the sophisticated test design patterns and AWS integration testing techniques employed in this test class.

See the test code here on GitHub: SqsPumpTest.java

For more information on our open source SQSPump, see our article here.

Test Architecture Overview

The test class follows modern Java testing best practices using JUnit 5, Mockito, and AssertJ. It’s designed to test the component, which is a utility for efficiently sending multiple messages to AWS SQS queues in batches using SqsPump. The code for SqsPump is available GitHub: SqsPump.java

Key Testing Components

Test Setup:

  • Uses for clean dependency injection @ExtendWith(MockitoExtension.class)
  • Mocks the to isolate the unit under test SqsClient
  • Mockito verify the exact parameters passed to AWS SDK calls ArgumentCaptor
  • Configures a controlled batch size of 10 messages for predictable testing

Core Dependencies:

  • The main class being tested SqsPump
  • A wrapped AWS SQS client with JSON serialization capabilities SqsSender
  • Jackson : Configured with boot-like settings for JSON processing ObjectMapper

Test Scenarios Explained

1. Batch Size Boundary Testing

The test suite includes three critical batch tests that demonstrate the pump’s ability to handle different message volumes:

  • Exact batch size (10 messages): Verifies optimal batching behavior
  • Large volume (100 messages): Tests multiple batch processing
  • Irregular size (33 messages): Ensures proper handling of partial final batches

These tests use the performBatchTest() method, which:

  1. Sends N objects to the pump TestMessage
  2. Triggers a flush operation
  3. Verifies the exact number of batch calls to SQS
  4. Validates that messages are properly batched and serialized

2. FIFO Queue Support

The test demonstrates support for FIFO (First-In-First-Out) queues, which require: shouldSendAFifoMessage()

  • Message Deduplication ID: Prevents duplicate processing
  • Message Group ID: Ensures ordering within message groups

This test verifies that FIFO-specific headers are correctly mapped to AWS SQS batch request parameters.

3. Edge Case Handling

The test ensures the pump optimizes for empty batches by not making unnecessary AWS API calls – a crucial performance consideration. shouldNotPumpZeroMessages()

Testing Patterns Worth Noting

1. Argument Capturing Pattern

@Captor
private ArgumentCaptor<SendMessageBatchRequest> requestCaptor;

This pattern allows precise verification of complex objects passed to mocked dependencies without exposing internal implementation details.

2. Batch Calculation Logic

The expectedBatchSends() method demonstrates a clean mathematical approach to calculating expected batch counts:

private int expectedBatchSends(int sendSize) {
    return sendSize / pumpMaxBatchSize + (sendSize % pumpMaxBatchSize > 0 ? 1 : 0);
}

3. Message Attribute Validation

The test includes comprehensive validation of SQS message attributes, ensuring proper content-type headers, timestamps, and content length metadata are set correctly.

AWS SDK Integration Insights

The test reveals several important aspects of AWS SQS batch processing:

  • Batch Request Structure: Each batch contains multiple objects SendMessageBatchRequestEntry
  • Message Serialization: JSON serialization with proper content-type headers
  • Attribute Metadata: Automatic inclusion of timestamps and content length
  • ID Management: Sequential ID assignment for batch entries

Key Testing Techniques for Senior Developers

  1. Mock Strategy: Only the AWS client is mocked, allowing real business logic to execute
  2. Data-Driven Testing: Multiple test cases with different batch sizes validate edge cases
  3. Comprehensive Assertions: Both structural (batch count) and content (message bodies) validation
  4. Performance Considerations: Zero-message optimization testing prevents unnecessary API calls

Conclusion

This test suite exemplifies professional-grade testing for cloud-native Java applications. It demonstrates how to effectively test complex batch processing logic while maintaining clear test isolation and comprehensive coverage. The patterns used here are directly applicable to testing other AWS service integrations and batch processing scenarios in enterprise Java applications.

The test validates FIFO queue support, message attributes, and batch boundary conditions showing the maturity expected in production AWS integrations, making this an excellent reference for similar testing challenges.

Posted on

Debugging Maven Projects with Conflicting JAR Versions

Maven dependency conflicts are one of the most frustrating issues developers encounter when building Java applications. When multiple versions of the same library exist in your classpath, it can lead to runtime errors, unexpected behavior, and difficult-to-debug issues. This article provides a comprehensive guide to identifying, understanding, and resolving JAR version conflicts in Maven projects.

Understanding Dependency Conflicts

What Are Dependency Conflicts?

Dependency conflicts occur when your project’s dependency tree contains multiple versions of the same artifact (same groupId and artifactId but different versions). Maven’s dependency resolution mechanism will choose one version based on its rules, but this choice might not be compatible with all parts of your application.

Common Symptoms

  • ClassNotFoundException or NoClassDefFoundError at runtime
  • NoSuchMethodError or AbstractMethodError
  • IncompatibleClassChangeError
  • Unexpected behavior in libraries that worked in isolation
  • Different behavior between development and production environments

Identifying Conflicts

1. Using Maven Dependency Plugin

The most effective way to identify conflicts is using Maven’s built-in dependency plugin:

mvn dependency:tree

This command shows your complete dependency tree. Look for multiple versions of the same artifact:

[INFO] +- com.fasterxml.jackson.core:jackson-core:jar:2.13.0:compile
[INFO] +- com.fasterxml.jackson.core:jackson-databind:jar:2.13.0:compile
[INFO] |  \- com.fasterxml.jackson.core:jackson-core:jar:2.12.0:compile (omitted for conflict with 2.13.0)

2. Analyzing Conflicts with Verbose Output

For more detailed conflict analysis:

mvn dependency:tree -Dverbose

This shows which dependencies are omitted due to conflicts and why Maven chose specific versions.

3. Using the Dependency Analyze Goal

mvn dependency:analyze

This command identifies:

  • Used undeclared dependencies
  • Unused declared dependencies
  • Potential conflicts

4. IDE-Based Analysis

Most modern IDEs provide visual dependency analysis:

  • IntelliJ IDEA: Right-click on pom.xml → Analyze Dependencies
  • Eclipse: Project Properties → Java Build Path → Libraries → Maven Dependencies

Understanding Maven’s Resolution Strategy

Maven uses these rules to resolve conflicts:

  1. Nearest Definition: Dependencies closer to the root in the dependency tree win
  2. First Declaration: If dependencies are at the same depth, the first one declared wins
  3. Version Range: Explicit version ranges override transitive dependencies

Resolution Strategies

1. Explicit Dependency Declaration

The most straightforward approach is to explicitly declare the version you want:

<dependencies>    
  <dependency>
    <groupId>com.fasterxml.jackson.core</groupId>
    <artifactId>jackson-core</artifactId>
    <version>2.13.0</version>
  </dependency>
</dependencies>

2. Dependency Management Section

Use the <dependencyManagement> section to centrally manage versions:

<dependencyManagement>    
  <dependencies>        
    <dependency>
      <groupId>com.fasterxml.jackson.core</groupId>
      <artifactId>jackson-core</artifactId> 
      <version>2.13.0</version>   
    </dependency>
  </dependencies>
</dependencyManagement>

3. Excluding Transitive Dependencies

Exclude problematic transitive dependencies:

<dependency>    
  <groupId>org.springframework</groupId>  
  <artifactId>spring-web</artifactId>   
  <version>5.3.0</version>  
  <exclusions>
     <exclusion>     
        <groupId>com.fasterxml.jackson.core</groupId>       
        <artifactId>jackson-core</artifactId>  
        </exclusion>  
     </exclusions>
</dependency>

4. Using Maven Enforcer Plugin

Prevent conflicts by failing the build when they occur:

<plugin>    
  <groupId>org.apache.maven.plugins</groupId> 
  <artifactId>maven-enforcer-plugin</artifactId>
  <version>3.0.0</version> 
  <executions>       
    <execution>
       <id>enforce-no-duplicate-dependencies</id>        
       <goals>            
         <goal>enforce</goal>       
       </goals>  
       <configuration>       
          <rules>                
            <dependencyConvergence/>        
            <requireNoRepositories/>           
          </rules>  
       </configuration>   
     </execution>
   </executions>
</plugin>

Advanced Debugging Techniques

1. Creating a Dependency Report

Generate detailed dependency reports:

mvn project-info-reports:dependencies

This creates an HTML report showing all dependencies and their relationships.

2. Using Maven’s Debug Output

Run Maven with debug output to see detailed resolution information:

mvn -X dependency:tree

3. Checking Effective POM

View the effective POM to see resolved dependencies:

mvn help:effective-pom

Best Practices

1. Use Bill of Materials (BOM)

Import BOMs for consistent dependency versions:

<dependencyManagement>  
  <dependencies>       
    <dependency>       
      <groupId>org.springframework.boot</groupId>    
      <artifactId>spring-boot-dependencies</artifactId>      
      <version>2.7.0</version>     
      <type>pom</type>      
      <scope>import</scope>      
    </dependency>    
  </dependencies>
</dependencyManagement>

2. Regular Dependency Updates

Keep dependencies up to date and use tools like:

  • mvn versions:display-dependency-updates
  • mvn versions:use-latest-releases

3. Minimize Direct Dependencies

Reduce the number of direct dependencies to minimize conflict opportunities.

4. Use Dependency Scopes Appropriately

  • compile: Default scope
  • provided: Available at compile time but not packaged
  • runtime: Not needed for compilation but required at runtime
  • test: Only available during testing

Preventing Future Conflicts

1. Establish Dependency Governance

  • Create a team-wide dependency management strategy
  • Use parent POMs for version consistency
  • Regular dependency audits

2. Automated Conflict Detection

Integrate conflict detection into your CI/CD pipeline:

<plugin>    <groupId>org.apache.maven.plugins</groupId>    <artifactId>maven-dependency-plugin</artifactId>    <executions>        <execution>            <goals>                <goal>analyze-only</goal>            </goals>            <configuration>                <failOnWarning>true</failOnWarning>            </configuration>        </execution>    </executions></plugin>

3. Version Range Strategy

Be cautious with version ranges. Prefer specific versions for stability:

<!-- Avoid --><version>[1.0,2.0)</version>
<!-- Prefer --><version>1.5.2</version>

Common Conflict Scenarios

Spring Framework Conflicts

Spring projects often have complex dependency trees. Use Spring Boot’s dependency management or Spring Framework BOM.

Logging Framework Conflicts

Multiple logging frameworks (Log4j, Logback, Commons Logging) often conflict. Use SLF4J as a facade and bridge other frameworks.

Jackson Library Conflicts

Jackson modules must use compatible versions. Manage them centrally in dependencyManagement.

Conclusion

Debugging Maven dependency conflicts requires a systematic approach:

  1. Identify conflicts using Maven tools
  2. Understand Maven’s resolution strategy
  3. Apply appropriate resolution techniques
  4. Prevent future conflicts with good practices

The key is to be proactive rather than reactive. Establish good dependency management practices early in your project lifecycle, and use automated tools to catch conflicts before they reach production.

Remember that dependency conflicts are often symptoms of deeper architectural issues. Sometimes the best solution is to refactor your application to reduce complex dependency chains rather than working around conflicts with exclusions and forced versions.

By following these practices and using the tools outlined in this article, you’ll be well-equipped to handle even the most complex dependency conflict scenarios in your Maven projects.

Posted on

AWS unit testing with LocalStack, Docker and Java

Traditionally unit testing is performed with a class being injected with mocks for its dependencies, so testing is focused just on the behaviours of the class under consideration.

Figure 1: Unit Test class responsibilities

While this is effective for “simple” dependent APIs that may only have a few behaviours, for complex resources such as databases, web service APIs such as DynamoDB, etc it can make sense to unit test using a “fast” implementation of the real resource. By “fast” here we mean quick to setup and tear down so that we can concentrate our effort on the behaviours of the class being tested.

Modern development is tied closely to cloud native APIs such as AWS. We can use a “fast” stub of AWS service with LocalStack deployed on docker. This gives us in memory, localhost based AWS services for most of the available APIs.

Figure 2: LocalStack Unit Test for AWS resources

How to do this using Java and Maven

Using our oss-maven-standards build system we have enabled optional Docker style unit testing using Surefire under Maven. An example layout with docker compose configuration, etc can be seen in the java-lambda-poc module.

Use the any of our parent POMs as your maven archetype.

Set your pom.xml’s parent to one of our archetypes to get docker support. For example, when building a java lambda:

<parent>
    <groupId>com.limemojito.oss.standards</groupId>
    <artifactId>java-lambda-development</artifactId>
    <version>15.2.7</version>
    <relativePath/>
</parent>

Enable docker for unit test mode

This is done in the properties section of the pom.xml

<properties>
   ...
   <!-- Test docker unit test... -->
   <docker.unit.test>true</docker.unit.test>
   ...
</properties>

For Spring Boot testing, set active profile to “integration-test”

We are using our S3Support test utilities to build a set of S3 resources around our unit test. These automatically configure LocalStack when the configuration is imported as below.

@ActiveProfiles("integration-test")
@SpringBootTest(classes = S3SupportConfig.class)
public class S3DockerUnitTest {

    @Autowired
    private S3Support s3;

Write your unit test

Now we can write a unit test that is backed by LocalStack’s S3 implementation in docker when the test runs:

    @Test
    public void shouldDoThingsWithS3AsAUnitTest() {
        s3.putData(s3Uri, "text/plain", "hello world".getBytes(UTF_8));
        assertThat(s3.keyExists(s3Uri)).withFailMessage("Key %s is missing", s3Uri)
                                       .isTrue();
    }

Full Source Example

https://github.com/LimeMojito/oss-maven-standards/tree/master/development-test/jar-lambda-poc

Posted on

Version Dependency Updates Automated in Maven

Version housekeeping of libraries and 3rd party code is a requirement in maintaining a strong resistance to security vulnerabilities in your product. We use maven as our build tool standard, and the Maven Versions Plugin from MojoHaus to update versions on an automated basis.

For the maven build, there are three sorts of dependencies that we automate:

  1. Maven plugins – the building blocks that our build uses.
  2. Explicit dependencies – the libraries that our application uses
  3. Property based dependencies – these usually relate to a set of individual dependencies that use the same version, or for build reasons the version is a reference to a maven property value.

Note that the versions plugin is limited with updating plugin dependencies. It can only produce a report of available version updates – the plugin version must be manually updated in the pom.xml.

Version update process

Versioning Maven project plugins

Run mvn versions:display-plugin-updates and a report will be generated showing version updates available and which module pom.xml needs to be updated.

Versioning Maven project dependencies

Run the commands below to update both explicit and property based <version>w.x.y.z</version> elements in all modules pom.xml. It is suggested that this is run on code that is checked into a version control system so you can see the changes easily.

mvn versions:update-parent -DgenerateBackupPoms=false 
mvn versions:update-properties -DgenerateBackupPoms=false 
mvn versions:use-latest-releases -DgenerateBackupPoms=false

Semi Automated versions script to combine both steps

Note this this script does an interactive report on plugins that may have updates available.

#!/bin/bash
mvn versions:display-plugin-updates | more 
mvn versions:update-parent -DgenerateBackupPoms=false           
mvn versions:update-properties -DgenerateBackupPoms=false 
mvn versions:use-latest-releases -DgenerateBackupPoms=false

Configuring the versions plugin to stop false updates

Sadly due to the age of some of the java libraries, there are “poor” versioning choices in some of the older java libraries. You can configure the versions plugin to not consider certain versions as part of its update or not decision making. This can be useful to exclude alpha, beta, release candidate (rc) style naming, etc.

See a full implementation as part of our oss-maven-standards pom.xml on GitHub which excludes some common naming issues that we have found in our development. Feel free to use our open standards for your own projects too!

<plugin>
    <groupId>org.codehaus.mojo</groupId>
    <artifactId>versions-maven-plugin</artifactId>
    <configuration>
        <ruleSet>
            <ignoreVersion>
                <type>regex</type>
                <!-- Ignore alpha and beta -->
                <version>.+-(alpha|beta).+</version>
            </ignoreVersion>
            …

Posted on

Deploying Java Lambda with Localstack

We deploy and debug our Java Lambda on development machines using Localstack to emulate and Amazon Web Services (AWS) account. This article walks through the architecture, deployment using our open source java framework to local stack and enabling a debug mode for remote debugging using any Java integrated development environment (IDE).

These capabilities live in our test-utilities module, LambdaSupport.java.

Localstack development architecture

Our build framework uses Docker to deploy a Localstack image, then we use AWS Api calls to deploy a zip of our lambda java classes to the Localstack lambda engine. Due to the size of the zip files, we need to deploy the lambda using a S3 url. We use Localstack’s S3 implementation to emulate the process.

When the lambda is deployed, the Localstack Lambda engine will pull the AWS Lambda Runtime image from public ECR and then perform the deployment steps. Using the Localstack endpoint for lambda we now have a full environment where we can perform a lambda.invoke to test the deployed function.

Figure 1: Development architecture using Localstack for lambda deployment

Viewing lambda logs

With the appropriate Localstack configuration we can view lambda logs for both startup and run of the lambda. Note these logs appear in the docker logs for the AWS Lambda Runtime Container. This container spins up when the lambda is deployed.

The easiest method we use to see the logs is to:

  1. Run the Junit test in debug, with a breakpoint after the lambda invoke.
  2. When the breakpoint is hit, use docker ps and docker logs to see the output of the Lambda Runtime.
  3. In IntelliJ Ultimate, you can see the containers deployed via the Services pane after connecting to your docker daemon.

Using the architecture in debug mode

We can use this architecture to remote debug the deployed lambda. Our LambdaSupport class includes configuration on deploy to enable debug mode as per the Localstack documentation https://docs.localstack.cloud/user-guide/lambda-tools/debugging/. With our support class you simply switch from java() to javaDebug() and the deploy will configure the runtime for debug mode (port 5050 by default).

In your docker-compose.yml, set the environment variable LAMBDA_DOCKER_FLAGS=-p 127.0.0.1:5050:5050 -e LS_LOG=debug.

This enables port passthrough for the java debugger from localhost to port 5050 of the container (assuming that is where the JVM debugging is configured for).

Do not commit this code as it will BLOCK test threads until a debugger is connected (port 5050 by default).

Figure 2: Localstack Java Lambda debug architecture

References:

Code examples

See https://github.com/LimeMojito/oss-maven-standards/blob/master/development-test/jar-lambda-poc/src/test/java/ApplicationIT.java for a full example.

Adding test-utilities to your maven project

These are included by default if you use our jar-lambda-development parent POM.

See our post about using our build system for maven.

Otherwise you can manually add the support as below (version omitted),

<dependency>
    <groupId>com.limemojito.oss.test</groupId>
    <artifactId>test-utilities</artifactId>
    <scope>test</scope>
</dependency>
<dependency>
    <!-- Access for LambdaSupport -->
    <groupId>software.amazon.awssdk</groupId>
    <artifactId>lambda</artifactId>
    <scope>test</scope>
</dependency>
<dependency>
    <!-- Access for LambdaSupport -->
    <groupId>software.amazon.awssdk</groupId>
    <artifactId>s3</artifactId>
    <scope>test</scope>
</dependency>

Loading the lambda as a static variable in a unit test.

We recommend a static initialised once a junit setup function due to the time to deploy the lambda.

The LambdaSupport.java method performs deployment of the supplied module zip to Localstack S3, then invokes the AWS Lambda API to confirm that the lambda has started cleanly (state == Active).

private static Lambda LAMBDA;
...
// environment variables for the lambda configuration
final Map<String, String> environment = Map.of(
                    "SPRING_PROFILES_ACTIVE", "integration-test"
                    "SPRING_CLOUD_FUNCTION_DEFINITION","get"
            );
// using the lambda zip that was built in module ../jar-lambda-poc
LAMBDA = lambdaSupport.java("../jar-lambda-poc",
                            LimeAwsLambdaConfiguration.LAMBDA_HANDLER,
                            environment);

Invoking the lambda for black box testing

This example is using a static variable for the Lambda, JUnit 5 and assert4J. An AWS API Gateway event JSON is loaded and invoked to the deployed lambda. The result is asserted.

Full example is in our oss-maven-standards repository as in integration test (IT, run by failsafe).

@Test
public void shouldCallTransactionPostOkApiGatewayEvent() {
    final APIGatewayV2HTTPEvent event = json.loadLambdaEvent("/events/postApiEvent.json",
                                                             APIGatewayV2HTTPEvent.class);

    final APIGatewayV2HTTPResponse response = lambdaSupport.invokeLambdaEvent(LAMBDA,
                                                                              event,
                                                                              APIGatewayV2HTTPResponse.class);

    assertThat(response.getStatusCode()).isEqualTo(200);
    String output = json.parse(response.getBody(), String.class);
    assertThat(output).isEqualTo("world");
}

Localstack lambda deployment debug example

We alter the setup to use the deprecated javaDebug function. Do not commit this code as it will BLOCK test threads until a debugger is connected (port 5050 by default).

For a clean setup in Intelij that waits for the lambda to start in debug mode, see the excellent article on Localstack https://docs.localstack.cloud/user-guide/lambda-tools/debugging/ “Configuring IntelliJ IDEA for remote JVM debugging”.

// using the lambda zip that was built in module ../jar-lambda-poc
LAMBDA = lambdaSupport.javaDebug("../jar-lambda-poc",
                                 LimeAwsLambdaConfiguration.LAMBDA_HANDLER,
                                 environment);
Posted on

Bending Maven with Ant

Need to bend Maven to your will wthout writing a maven plugin? Some hackery with Ant and Ant-Contrib‘s if task can solve many problems.

Lime Mojito’s approach to avoiding multiple build script technologies

We use maven at Lime Mojito for most of our builds due to the wealth of maven plugins available and “hardened” plugins that are suited to our “fail fast” approach to our builds. Checkstyle, Enforcer, Jacoco Coverage are a few of the very useful plugins we use. However, sometimes you need some custom build script and doing that in maven without using exec and a shell script can be tricky.

For more details see our post on Maintainable Builds with Maven to see how we keep our “application level” pom files so small.

We try and avoid having logic “spread” amongst different implementation technologies, and reduce cognitive load when maintining software by having the logic in one place. Usually this is a parent POM from a service’s perspective, but we try to avoid the “helper script” pattem as much as possible. We also strive to reduce the number of technologies in play so that maintaining services doesn’t require learning 47 different techologies to simply deploy a cloud service.

So how can you program Maven?

Not easily. Maven is “declarative” – you are meant to declare how the plugins are executed in order inside maven’s pom.xml for a source module. If you want to include control statements, conditionals, etc like a programming language maven is not the technology to do this in.

However, there is a maven plugin, ant-run, which allows us to embed Ant tasks and their “evil” logic companion, Ant Contrib, into our maven build.

Ant in Maven! Why would you do this?

Because maven is essentially an XML file. Ant instructions are also XML and embedding in the maven POM maintain a flow while editing. Property replacement between maven and ant is almost seamless, and this gives a good maintenance experience.

And yes, the drawback is that xml can become quite verbose. If our xml gets too big we consider it a “code smell” that we may need to write a proper maven plugin.

See our post on maintainable maven for tips on how we keep our service pom files so small.

Setting up the AntRun Maven plugin to use Ant Contrib.

We have this in our base pom.xml – see our Github Repository.

We configure the maven plugin, but add a dependency for the ant-contrib library. That library is older, and has a poor dependency with ant in it’s POM so we exclude the ant jar as below. Once enabled, we can add any ant-contrib task using the XML namespace antlib:net.sf.antcontrib.

For a quick tutorial on XML and namespaces, see W3 Schools here.

<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-antrun-plugin</artifactId>
    <version>3.1.0</version>
    <!--
      This allows us to use things like if in ant tasks.  We use ant to add some control flow to
      maven builds.

      <configuration>
          <target xmlns:ac="antlib:net.sf.antcontrib">
              <ac:if>
                  ...
  -->
    <dependencies>
        <dependency>
            <groupId>ant-contrib</groupId>
            <artifactId>ant-contrib</artifactId>
            <version>1.0b3</version>
            <exclusions>
                <exclusion>
                    <groupId>ant</groupId>
                    <artifactId>ant</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
    </dependencies>
</plugin>

Example one – Calculation to set a property in the pom.xml

Here we configure the ant plugin’s execution to calculate a property to be set in the maven POM.xml. This allows later tasks, and even other maven plugins, to use the set property to alter their execution. We use skip configurations a lot to separate our “full” builds from “fast builds” where a fast build might skip most checks and just produce a deliverable for manual debugging. This plugin’s execution runs in the Maven process-resources phase – before you write executions a solid understanding of the Maven Lifecycle is required.

Because the file links back to our parent pom, we do not need to repeat version, ant-contrib setup, etc. This example does not need ant-contrib.

The main trick is that we set exportAntProperties on the plugin execution so that properties we set in ant are set in the maven project object model. The Maven property <test.compose.location> is set in the <properties> section of the POM. It is replaced in the ant script before it is executed by ant seamlessly by the maven-antrun-plugin.

Note that the XML inside the <target> tag is Ant XML. We are using the condition task and an available task to see if a file exists. If it does then we set the property docker.compose.skip to true.

This example is in our java-development/pom.xml which is the base POM for all our various base POMs for jars, spring boot, Java AWS Lambdas, etc.

<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-antrun-plugin</artifactId>
    <executions>
        <execution>
            <id>identify-docker-compose</id>
            <phase>process-resources</phase>
            <goals>
                <goal>run</goal>
            </goals>
            <configuration>
                <exportAntProperties>true</exportAntProperties>
                <target>
                    <condition property="docker.compose.skip" else="false">
                        <or>
                            <equals arg1="${lime.fast-build}" arg2="true" />
                            <not>
                                <available file="${test.compose.location}" />
                            </not>
                        </or>
                    </condition>
                    <!--suppress UnresolvedMavenProperty -->
                    <echo level="info" message="docker.compose.skip is ${docker.compose.skip}" />
                </target>
            </configuration>
        </execution>
        ...

Example 2 – If we are not skipping, wait for Docker Compose up before integration test start

We use another plugin to manage docker compose before our integration test phase using failsafe for our Java integration tests. This older plugin was before docker had healthcheck support in compose files – we recommend this compose healthcheck approach in modern development. Our configuration of this plugin uses docker.compose.skip property to skip execution if set to true.

However we can specify a port in our Maven pom.xml and the build will wait until that port responds 200 on http://localhost. As ant-run is before the failsafe plugin in our declaration, its execution happens before the failsafe test run.

Note that the XML inside the <target> tag is Ant XML. The <ac:if> is using the namespace defined in the <target> element that tells ant to use the ant-contrib jar for the task. We are using the ant-contrib if task to only perform a waitFor if the docker.compose.skip property is set to false. This was performed earlier in the lifecucle by the example above.

This example is in our java-development/pom.xml which is the base POM for all our various base POMs for jars, spring boot, Java AWS Lambdas, etc.

<execution>
    <id>wait-for-docker</id>
    <phase>integration-test</phase>
    <goals>
        <goal>run</goal>
    </goals>
    <configuration>
        <target xmlns:ac="antlib:net.sf.antcontrib">
            <ac:if>
                <!--suppress UnresolvedMavenProperty -->
                <equals arg1="${docker.compose.skip}" arg2="false" />
                <then>
                    <echo level="info" message="Waiting for Docker on port ${docker.compose.port}" />
                    <waitfor maxWait="2" maxWaitUnit="minute">
                        <http url="http://localhost:${docker.compose.port}" />
                    </waitfor>
                </then>
            </ac:if>
        </target>
    </configuration>
</execution>

Conclusion

This aproach of ant hackery can produce small pieces of functionality in a maven build that can smooth the use of other plugins. Modern Ant has some support for if in a task dependency manner, but the older contrib tasks add a procedural approach that make the build cleaner in our opinion.

Why not Gradle? We have a lot of code in maven, and most of our projects fall into out standard deliverables of jars, Spring Boot jars or AWS Java Lambdas that are all easy to build in Maven. Our use of Java AWS CDK also uses maven so it ties nicely together from a limiting the number of technologies perspective. Given our service poms are so small due to our Maintainable Maven approach the benefits of Gradle seem small.

References

Mavenhttps://maven.apache.org
Maven AntRun Pluginhttps://maven.apache.org/plugins/maven-antrun-plugin/
Anthttps://ant.apache.org/manual/index.html
Ant Contrib taskshttps://ant-contrib.sourceforge.net/tasks/tasks/index.html
GitHub OSS standardshttps://github.com/LimeMojito/oss-maven-standards
Posted on

AWS Development: LocalStack or an AWS Account per Developer

To test a highly AWS integrated solution, such as deployments on AWS Lambda, you can test deployments on an AWS “stub”, such as LocalStack or an AWS account per developer (or even per solution). Shared AWS account models are flawed for development as the environment can not be effectively shared with multiple developers without adding a lot of deployment complexity such as naming conventions.

What are the pros and cons of choosing a stub such as LocalStack versus an account management policy such as an AWS account per developer?

When is LocalStack a good approach?

LocalStack allows a configuration of AWS endpoints to point to a local service running stub AWS endpoints. These services implement most of the AWS API allowing a developer to check that their cloud implementations have basic functionality before deploying to a real AWS Account. LocalStack runs on a developer’s machine standalone or as a Docker container.

For example, you can deploy a Lambda implementation that uses SQS, S3, SNS, etc and test that connectivity works including subscriptions and file writes on LocalStack.

As LocalStack mimics the AWS API, it can be used with AWS-CLI, AWS SDKs, Cloudformation, CDK, etc.

LocalStack (at 28th July 2024) does not implement IAM security rules so a developer’s deployment code will not be tested for the enforcement of IAM policies.

Some endpoints (such as S3) require configuration so that the AWS API responds with URLs that can be used by the application correctly.

Using a “fresh” environment for development pipelines can be simulated by running a “fresh” LocalStack container. For example you can do a System Test environment by using a new container, provisioning and then running system testing.

If you have a highly managed and siloed corporate deployment environment, it may be easier, quicker and more pragmatic to configure LocalStack for your development team then attempt to have multiple accounts provisioned and managed by multiple specialist teams.

When is an AWS Account per developer a good approach?

An AWS account per developer can remove a lot of complexity in the build process. Rather than managing the stub endpoints and configuration, developers can be forced to deploy with security rules such as IAM roles and consider costing of services as part of the development process.

However this requires a high level of account provisioning and policy automation. Accounts need to be monitored for cost control and features such as account destruction and cost saving shutdowns need to be implemented. Security scans for policy issues, etc can be implemented across accounts and policies for AWS technology usage can be controlled using AWS Organisations.

An account per developer opens a small step to account per environment which allows the provisioning of say System Test environments on an ad hoc basis. AWS best practices for security also suggest account per service to limit blast radius and maintain separate controls for critical services such as payment processing.

If the organisation already has centralised account policy management and a strong provisioning team(s), this may be an effective approach to reduce the complexity in development while allowing modern automated pipeline practices.

Conclusion

ApproachProsCons
LocalStackCan be deployed on a developer’s machine.

Does not require using managed environments in a corporate setting.

Can be used with AWS-SDKs, AWS-CLI, Cloudformation, SAM, CDK for deployments

Development environments are separated without naming conventions in shared accounts, etc.

Fresh LocalStacks can be used to mimic environments for various development pipeline stages.

Development environment control within the development team.		Requires application configuration to use LocalStack.

Does not test security policies before deployment.

May have incomplete behaviours compared to production. Note that the most common use cases are functionally covered.

Developers are not forced to be aware of cost issues in implementations.

Developers may implement solutions and then find policy issues when deploying to real AWS accounts.
AWS Account per DeveloperRemoves stubbing and configuration effort other than setting AWS Account Id.

Development environments are separated without naming conventions in shared accounts, etc.

Forces implementations of IAM policies to be checked in development cycle.

Opens account per environment as an option for various development pipeline stages.

Developers need to be more aware of costs when designing.

Development environment control within the development team, with policies from the provisioning team.		Requires automated AWS account creation.

Requires shared AWS Organisation policy enforcement.

Requires ongoing monitoring and management of the account usage.

Requires cost monitoring if heavyweight deployments such as EC2, ECS, EKS, etc are used.
LocalStack or an AWS Account per developer: Summary

References

Posted on

Maintainable builds – with Maven!

Maven is known to be a verbose, opinionated framework for building applications, primarily for a Java Stack. In this article we discuss Lime Mojito’s view on maven, and how we use it to produce maintainable, repeatable builds using modern features such as automated testing, AWS stubbing (LocalStack) and deployment. We have OSS standards you can use in your own maven builds at https://bitbucket.org/limemojito/oss-maven-standards/src/master/ and POM’s on maven central.

Before we look at our standards, we set the context of what drives our build design by looking at our technology choices. We’ll cover why our developer builds are setup this way, but not how our Agile Continuous Integration works in this post.

Lime Mojito’s Technology Choices

Lime Mojito uses a Java based technology stack with Spring, provisioned on AWS. We use AWS CDK (Java) for provisioning and our lone exception is for web based user interfaces (UI), where we use Typescript and React with Material UI and AWS Amplify.

Our build system is developer machine first focused, using Maven as the main build system for all components other than the UI.

Build Charter

  • The build enforces our development standards to reduce the code review load.
  • The build must have a simple developer interface – mvn clean install.
  • If the clean install passes – we can move to source Pull Request (PR).
    • PR is important, as when a PR is merged we may automatically deploy to production.
  • Creating a new project or module must not require a lot of configuration (“xml hell”).
  • A module must not depend on another running Lime Mojito module for testing.
  • Any stub resources for testing must be a docker image.
  • Stubs will be managed by the build process for integration test phase.
  • The build will handle style and code metric checks (CheckStyle, Maven Enforcer, etc) so that we do not waste time in PR reviews.
  • For open source, we will post to Maven Central on a Release Build.

Open Source Standards For Our Maven Builds

Our very “top” level of build standards is open source and available for others to use or be inspired by:

Bitbucket: https://bitbucket.org/limemojito/oss-maven-standards/src/master/

The base POM files are also available on the Maven Central Repository if you want to use our approach in your own builds.

https://repo.maven.apache.org/maven2/com/limemojito/oss/standards/

Maven Example pom.xml for building a JAR library

This example will do all the below with only 6 lines of extra XML in your maven pom.xml file:

  • enforce your dependencies are a single java version
  • resolve dependencies via the Bill of Materials Library that we use too smooth out our Spring + Spring Boot + Spring Cloud + Spring Function + AWS SDK(s) dependency web.
  • Enable Lombok for easier java development with less boilerplate
  • Configure code signing
  • Configure maven repository deployment locations (I suggest overriding these for your own deployments!)
  • Configure CheckStyle for code style checking against our standards at http://standards.limemojito.com/oss-checkstyle.xml
  • Configure optional support for docker images loading before integration-test phase
  • Configure Project Lombok for Java Development with less boilerplate at compile time.
  • Configure logging support with SLF4J
  • Build a jar with completed MANIFEST.MF information including version numbers.
  • Build javadoc and source jars on a release build
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>my.dns.reversed.project</groupId>
    <artifactId>my-library</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <packaging>jar</packaging>

    <parent>
        <groupId>com.limemojito.oss.standards</groupId>
        <artifactId>jar-development</artifactId>
        <version>13.0.4</version>
        <relativePath/>
    </parent>
</project>

When you add dependencies, common ones that are in or resolved via our library pom.xml do not need version numbers as they are managed by our modern Bill of Materials (BOM) style dependency setup.

Example using the AWS SNS sdk as part of the jar:

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>my.dns.reversed.project</groupId>
    <artifactId>my-library</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <packaging>jar</packaging>

    <parent>
        <groupId>com.limemojito.oss.standards</groupId>
        <artifactId>jar-development</artifactId>
        <version>13.0.4</version>
        <relativePath/>
    </parent>

    <dependencies>
        <dependency>
            <groupId>software.amazon.awssdk</groupId>
            <artifactId>sns</artifactId>
        </dependency>
    </dependencies>
</project>

Our Open Source Standards library supports the following module types (archetypes) out of the box:

TypeDescription
java-developmentBase POM used to configure deployment locations, checkstyle, enforcer, docker, plugin versions, profiles, etc. Designed to be extended for different archetypes (JAR, WAR, etc.).
jar-developmentBuild a jar file with test and docker support
jar-lamda-developmentBuild a Spring Boot Cloud Function jar suitable for lambda use (java 17 Runtime) with AWS dependencies added by default. Jar is shaded for simple upload.
spring-boot-developmentSpring boot jar constructed with the base spring-boot-starter and lime mojito aws-utilities for local stack support.
Available Module Development Types

We hope that you might find these standards interesting to try out.