-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add startup integration bench test
- Loading branch information
1 parent
d5e7385
commit 241b393
Showing
2 changed files
with
194 additions
and
1,993 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,194 @@ | ||
package main | ||
|
||
import ( | ||
"encoding/json" | ||
"fmt" | ||
"net/http" | ||
"os" | ||
"strings" | ||
"testing" | ||
|
||
"github.com/caarlos0/env/v11" | ||
"github.com/rond-authz/rond/core" | ||
"github.com/rond-authz/rond/internal/config" | ||
"github.com/rond-authz/rond/internal/testutils" | ||
"github.com/rond-authz/rond/openapi" | ||
"github.com/sirupsen/logrus/hooks/test" | ||
"github.com/stretchr/testify/require" | ||
"gopkg.in/h2non/gock.v1" | ||
) | ||
|
||
func BenchmarkStartup(b *testing.B) { | ||
b.StopTimer() | ||
|
||
tmpdir, err := os.MkdirTemp("", "console-") | ||
require.NoError(b, err) | ||
oasFileName, policiesFileName := generateAndSaveConfig(b, tmpdir, 100) | ||
b.Logf("Files generated in %s", tmpdir) | ||
defer func() { | ||
b.Logf("Removing tmpdir %s", tmpdir) | ||
os.RemoveAll(tmpdir) | ||
}() | ||
|
||
log, _ := test.NewNullLogger() | ||
mongoHost := os.Getenv("MONGO_HOST_CI") | ||
if mongoHost == "" { | ||
mongoHost = testutils.LocalhostMongoDB | ||
b.Logf("Connection to localhost MongoDB, on CI env this is a problem!") | ||
} | ||
randomizedDBNamePart := testutils.GetRandomName(10) | ||
mongoDBName := fmt.Sprintf("test-%s", randomizedDBNamePart) | ||
|
||
defer gock.Off() | ||
defer gock.DisableNetworkingFilters() | ||
defer gock.DisableNetworking() | ||
gock.EnableNetworking() | ||
gock.NetworkingFilter(func(r *http.Request) bool { | ||
if r.URL.Path == "/documentation/json" && r.URL.Host == "localhost:3040" { | ||
return false | ||
} | ||
return true | ||
}) | ||
|
||
gock.New("http://localhost:3040"). | ||
Persist(). | ||
Get("/documentation/json"). | ||
Reply(200). | ||
File(oasFileName) | ||
|
||
envs, err := env.ParseAsWithOptions[config.EnvironmentVariables](env.Options{ | ||
Environment: map[string]string{ | ||
"TARGET_SERVICE_HOST": "localhost:3040", | ||
"TARGET_SERVICE_OAS_PATH": "/documentation/json", | ||
"OPA_MODULES_DIRECTORY": policiesFileName, | ||
"LOG_LEVEL": "fatal", | ||
"MONGODB_URL": fmt.Sprintf("mongodb://%s/%s", mongoHost, mongoDBName), | ||
"BINDINGS_COLLECTION_NAME": "bindings", | ||
"ROLES_COLLECTION_NAME": "roles", | ||
}, | ||
}) | ||
require.NoError(b, err) | ||
|
||
for n := 0; n < b.N; n++ { | ||
b.StartTimer() | ||
data, err := setupService(envs, log) | ||
require.True(b, <-data.sdkBootState.IsReadyChan()) | ||
b.StopTimer() | ||
|
||
data.close() | ||
require.NoError(b, err) | ||
} | ||
} | ||
|
||
func generateAndSaveConfig(t require.TestingT, tmpdir string, numberOfPaths int) (string, string) { | ||
oas := openapi.OpenAPISpec{ | ||
Paths: make(map[string]openapi.PathVerbs), | ||
} | ||
policies := []string{"package policies"} | ||
|
||
for i := 0; i < numberOfPaths; i++ { | ||
randomName := testutils.GetRandomName(10) | ||
filterPolicy := generateFilterPolicy(randomName) | ||
allowPolicy := generateAllowPolicy(randomName) | ||
projPolicy := generateProjectionPolicy(randomName) | ||
builtinPolicy := generateCustomBuiltinPolicy(randomName) | ||
|
||
policies = append(policies, filterPolicy, allowPolicy, projPolicy, builtinPolicy) | ||
|
||
pathName := fmt.Sprintf("/path-%d-%s", i, randomName) | ||
|
||
oas.Paths[pathName] = openapi.PathVerbs{ | ||
http.MethodGet: openapi.VerbConfig{ | ||
PermissionV2: &core.RondConfig{ | ||
RequestFlow: core.RequestFlow{ | ||
PolicyName: fmt.Sprintf("filter_%s", randomName), | ||
GenerateQuery: true, | ||
}, | ||
ResponseFlow: core.ResponseFlow{ | ||
PolicyName: fmt.Sprintf("proj_%s", randomName), | ||
}, | ||
Options: core.PermissionOptions{ | ||
IgnoreTrailingSlash: true, | ||
}, | ||
}, | ||
}, | ||
http.MethodPost: openapi.VerbConfig{ | ||
PermissionV2: &core.RondConfig{ | ||
RequestFlow: core.RequestFlow{ | ||
PolicyName: fmt.Sprintf("allow_%s", randomName), | ||
}, | ||
Options: core.PermissionOptions{ | ||
IgnoreTrailingSlash: true, | ||
}, | ||
}, | ||
}, | ||
http.MethodDelete: openapi.VerbConfig{ | ||
PermissionV2: &core.RondConfig{ | ||
RequestFlow: core.RequestFlow{ | ||
PolicyName: fmt.Sprintf("builtin_%s", randomName), | ||
}, | ||
Options: core.PermissionOptions{ | ||
IgnoreTrailingSlash: true, | ||
}, | ||
}, | ||
}, | ||
} | ||
} | ||
|
||
oasContent, err := json.Marshal(oas) | ||
require.NoError(t, err) | ||
|
||
oasFileName := fmt.Sprintf("%s/oas.json", tmpdir) | ||
err = os.WriteFile(oasFileName, oasContent, 0644) | ||
require.NoError(t, err) | ||
|
||
policyFileName := fmt.Sprintf("%s/policies.rego", tmpdir) | ||
policiesContent := []byte(strings.Join(policies, "\n")) | ||
err = os.WriteFile(policyFileName, policiesContent, 0644) | ||
require.NoError(t, err) | ||
|
||
return oasFileName, policyFileName | ||
} | ||
|
||
func generateFilterPolicy(name string) string { | ||
return fmt.Sprintf(`filter_%s { | ||
filter := data.resources[_] | ||
filter.key == 42 | ||
}`, name) | ||
} | ||
|
||
func generateProjectionPolicy(name string) string { | ||
return fmt.Sprintf(`proj_%s [projects] { | ||
projects := [projects_with_envs_filtered | | ||
project := input.response.body[_] | ||
projects_with_envs_filtered := project | ||
] | ||
}`, name) | ||
} | ||
|
||
func generateAllowPolicy(name string) string { | ||
return fmt.Sprintf(`allow_%s { | ||
true | ||
}`, name) | ||
} | ||
|
||
func generateCustomBuiltinPolicy(name string) string { | ||
return fmt.Sprintf(`builtin_%s { | ||
get_header("type", input.headers) == "single" | ||
projectId := input.request.pathParams.projectId | ||
project := find_one("projects", {"projectId": projectId}) | ||
true | ||
project.tenantId == "some-tenant" | ||
} { | ||
get_header("type", input.headers) == "multiple" | ||
projectId := input.request.pathParams.projectId | ||
projects := find_many("projects", {"$or": [{"projectId": projectId}, {"projectId": "some-project2"}]}) | ||
count(projects) == 2 | ||
projects[0].tenantId == "some-tenant" | ||
projects[1].tenantId == "some-tenant2" | ||
} | ||
`, name) | ||
} |
Oops, something went wrong.