Automated testing and Behaviour Driven Design

 One of my roles in my paid employment is monitoring, testing and automation. I have a stack of PowerShell scripts I use for this, as well as a couple of C# programs that use Selenium.

I was surfing the Internet this week (AKA professional development) when I chanced on an article about SpecFlow.  SpecFlow is an open-source tool that helps you write and execute automated tests using the Gherkin language. If this wasn't the entrance to a deep rabbit-hole I haven't seen one!

[Cue White Rabbit by Jefferson Airplane Jefferson Airplane -White Rabbit- (youtube.com)]

OK, what is Gherkin? Gherkin is a domain-specific language for writing use cases for a software system in plain language. It promotes behaviour driven development and allows developers, managers and business officials involved in the process to clearly understand the requirements of the project and the life cycle. Gherkin’s text also acts as documentation and a skeleton of the automated tests.

OK, what is behaviour driven development? Behaviour-driven development (BDD) involves naming software tests using business domain language that describes the behaviour of the code.

So now we know that SpecFlowis a C# library that facilitates BDD. How does it work?

You install the SpecFlow package into your IDE and add a folder called Features. In this folder create a file called <Your Feature>.feature. I was writing tests for my website, admoss.info, so I named my file admoss.feature .

Inside the file I wrote:

Feature: admoss.info website
    Scenario: Check if site exists
        Given I have loaded the site
        Then I check the title
        
   
    Scenario: I press the Resume button
        Given I have loaded the site
        When I click the Resume button
        Then The Resume page is displayed
 
     Scenario: I quit the Web Driver
         Given I shutdown the Webdriver

With the SpecFlow plugin installed in my IDE I then.... went further down the rabbit-hole.

[Cue White Rabbit by Jefferson Airplane Jefferson Airplane -White Rabbit- (youtube.com)] again.

It seems SpecFlow has not been updated since 2023. The company that created it was acquired by another company. This halted development. I use JetBrains Rider as an IDE and the SpecFlow plugin won't work with Rider versions after 2023.

The open-source community responded to the situation by forking SpecFlow as Reqnroll. Reqnroll is an open-source Cucumber-style BDD test automation framework for .NET. It has been created as a reboot of the SpecFlow project.

(This rabbit hole is deep. Suffice to say Cucumber is the Unix world's version of BDD)

Reqnroll started as a clone of SpecFlow so all the on-line tutorials and documentation still apply. I deleted the SpecFlow package from my IDE and installed Reqnroll in its place.

With the SpecFlow Reqnroll plugin installed in my IDE I then.... found the Given, When and Then statements in my .requirements file were underlined as needing attention. It indicated the steps they describe have not been added to the tests yet. Easy fix. In Rider if you click in the line, say, Given I have loaded the site, an icon appears for Context Actions. Choose Create Step and select the file you want the step added to. I chose Steps/admoss_steps.cs. This added:

[Given(@"I have loaded the site")]
public void GivenIHaveLoadedTheSite()
{
    _edgeDriver.Url = "https://show.admoss.info";
    _edgeDriver.Navigate();
}

to the .cs file. That is all there is to it! Well, not really. I had to fill in the template with the C# that actually does things:

    _edgeDriver.Url = "https://show.admoss.info";
    _edgeDriver.Navigate();

I repeated the above for the line Then I check the title

[Then(@"I check the title")]
public void WhenILookAtTheTitle()
{
    try
    {
        Assert.AreEqual("David Moss", _edgeDriver.Title);
        _edgeDriver.Quit();
    }
    catch (Exception e)
    {
        Console.WriteLine(e);
    }
    _edgeDriver.Quit();
}

How easy was that!


I went from a requirements file, that could have been written in Gherkin by the most tech-illiterate business user, to a C# unit test smoothly and easily. 

What is more, the steps we defined and coded are re-usable.
Notice that Given I have loaded the site step is used two of the scenarios. I only had to fill in the C# code once. I can re-use that step in as many scenarios as I want.

I have only scratched the surface of Behaviour Driven Design with SpecFlow ReqnRoll in this blog post. Once I am more familiar with it, I will become a BDD evangelist at work.

I suppose I should end with something about why it is called Behaviour Driven Design.

The idea is that a business user writes the behaviours expected by the system in Gherkin.
The programmer then adds the steps captured in the requirements file to the steps file.

At this stage all the tests will fail. That's OK. Not only have real tests not been written yet, but the system being tested hasn't either! But the tests will run.

As features are added to the system, the programmer adds real C# code to test them to the steps file. Now some tests will (hopefully) pass. The tests for unimplemented features will continue to fail.

Testing now becomes a measure of progress in the development project.
If a test fails it drives effort to either implement the feature as described by the business or fix the bug that is causing it to fail. The development process is driven by the desired behaviour of the system.

Finally, the test results end up in cryptic .trx files. (test results in xml)
There are utilities available that will translate these .trx files to HTML. Some of these utilities are pretty basic, others include nifty graphics showing progress. I used a basic one called trxlog2html.

Selenium 4 Magic

 I have been revisiting the Selenium package to automate testing web applications. Things have changed dramatically since I last used it several years ago.

I was at home using my MacBook Pro with an Intel processor and tried to find a suitable webdriver for Microsoft Edge. The nuget package looked ok but it would not install when I downloaded it. It complained it could not run chmod on one of its files. I wrestled with it for over an hour until I stumbled across the most amazing thing:

It seems Selenium now has a built-in driver manager. It operates like magic. If you instantiate a web driver without actually having installed it:

IWebDriver driver = new EdgeDriver();

this built in driver manager automatically determines the version of the browser you have installed, then locates, downloads, and installs the appropriate webdriver for you!

 This magic comes for free with Selenium 4 or newer.

Zero Trust

 Transitioning from Password-Based Security to a Zero Trust Framework

(this article was generated by Edge Chat Assistant)

In the evolving landscape of cybersecurity, the shift from traditional password-based security to a Zero Trust framework is becoming increasingly imperative. Zero Trust is a security model that operates on the principle that no user or device should be trusted by default, even if they are within the network perimeter. This approach requires continuous verification of all access requests, regardless of their origin.

The move towards a Zero Trust model involves several key steps:

1. **Establish Strong Identity Verification**: Implement multi-factor authentication (MFA) to ensure that users are who they claim to be. This could involve a combination of something the user knows (like a password or PIN), something the user has (like a smartphone or token), and something the user is (like a fingerprint or facial recognition).

2. **Leverage Single Sign-On (SSO)**: SSO can simplify the user experience by reducing the number of login prompts while maintaining security. It allows users to access multiple applications with one set of credentials, which are verified for each session.

3. **Implement Least Privilege Access**: Ensure that users have access only to the resources they need to perform their job functions. This minimizes the risk of unauthorized access to sensitive data.

4. **Continuous Monitoring and Validation**: Regularly monitor and validate the security posture of devices and users. This includes checking for updates, patches, and compliance with security policies.

5. **Educate and Train Employees**: A cultural shift is necessary for the successful adoption of Zero Trust. Training employees on the importance of cybersecurity and the role they play in maintaining it is crucial.

6. **Passwordless Authentication**: The ultimate goal of Zero Trust is to eliminate the use of passwords altogether, as they are often the weakest link in security. Technologies like biometric authentication, push notifications, and digital certificates can replace traditional passwords.

The transition to a passwordless environment is not just a technical change but also a cultural one. It requires overcoming resistance to change and adapting to new authentication methods. By strategically deploying Zero Trust components such as SSO, MFA, and device trust, organizations can create a more secure and seamless user experience.

For businesses, moving away from passwords to a Zero Trust architecture not only enhances security but also streamlines the authentication process, reducing the burden on IT departments and end-users alike. As we embrace the future of cybersecurity, the advantages of a passwordless approach in a Zero Trust world become increasingly clear.

Rust - the programming language

My latest adventure in computer languages is Rust.

Rust is billed as the "most loved" computer language. Those who use Rust are certainly passionate about it. Jealous too. I found most of the tutorials on the major Rust frameworks have bugs that require fixing for the examples to run. Fixing them requires a level of familiarity you can only gain with experience. Without the tutorials, and lacking the experience to fix them, newbies are effectively locked out.

Subtle systemic bias

Postal vote applications for the 2023 referendum opened yesterday, 11 September. The earliest a postal vote applied for today (12 Sep) can be delivered is 01 October. For those who are booked on overseas trips (like me) that leaves only 1 or 2 days to apply to a postal vote if it is to arrive before I leave. (edit: it was not possible to have a postal vote delivered on time despite applying within minutes of availability. I was disenfranchised)