Merge pull request #670 from securesign/tturek/benchmark-install

test: benchmark e2e install scenario
securesign · Oct 31, 2024 · d056c12 · d056c12
2 parents 065e9e4 + df1a767
commit d056c12
Show file tree

Hide file tree

Showing 11 changed files with 258 additions and 103 deletions.
diff --git a/test/e2e/benchmark/install_test.go b/test/e2e/benchmark/install_test.go
@@ -0,0 +1,179 @@
+//go:build integration
+
+package benchmark
+
+import (
+	"context"
+	"fmt"
+	"testing"
+	"time"
+
+	"github.com/onsi/ginkgo/v2"
+	"github.com/onsi/gomega"
+	"github.com/securesign/operator/api/v1alpha1"
+	"github.com/securesign/operator/internal/controller/common/utils"
+	"github.com/securesign/operator/test/e2e/support"
+	"github.com/securesign/operator/test/e2e/support/tas"
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/utils/ptr"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/log"
+)
+
+const NamespaceMask = "benchmark-install-%d-"
+
+func BenchmarkInstall(b *testing.B) {
+	gomega.RegisterTestingT(b)
+	gomega.SetDefaultEventuallyTimeout(3 * time.Minute)
+	log.SetLogger(ginkgo.GinkgoLogr)
+
+	cli, err := support.CreateClient()
+	if err != nil {
+		b.Fatalf("could not create client: %v", err)
+	}
+
+	loop := func(iteration int) {
+		var (
+			namespaceName   string
+			ctx             = context.Background()
+			err             error
+			targetImageName string
+		)
+
+		namespaceName, err = createNamespace(ctx, cli, iteration)
+		if err != nil {
+			b.Fatalf("could not create namespace: %v", err)
+		}
+		defer deleteNamespace(ctx, cli, namespaceName)
+		defer dumpNamespace(ctx, cli, b, namespaceName)
+
+		targetImageName = support.PrepareImage(context.Background())
+
+		b.StartTimer()
+		err = installTAS(ctx, cli, namespaceName)
+		b.StopTimer()
+
+		if err != nil {
+			b.Fatalf("could not install: %v", err)
+		}
+		tas.VerifyByCosign(ctx, cli, &v1alpha1.Securesign{ObjectMeta: metav1.ObjectMeta{Namespace: namespaceName, Name: "test"}}, targetImageName)
+	}
+
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		loop(i)
+	}
+}
+
+func createNamespace(ctx context.Context, cli client.Client, iteration int) (string, error) {
+	namespace := &v1.Namespace{
+		ObjectMeta: metav1.ObjectMeta{
+			GenerateName: fmt.Sprintf(NamespaceMask, iteration),
+		},
+	}
+	err := cli.Create(ctx, namespace)
+	if err != nil {
+		return "", fmt.Errorf("creating namespace: %w", err)
+	}
+	return namespace.Name, nil
+}
+
+func installTAS(ctx context.Context, cli client.Client, namespace string) error {
+	instance := &v1alpha1.Securesign{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: namespace,
+			Name:      "test",
+			Annotations: map[string]string{
+				"rhtas.redhat.com/metrics": "false",
+			},
+		},
+		Spec: v1alpha1.SecuresignSpec{
+			Rekor: v1alpha1.RekorSpec{
+				ExternalAccess: v1alpha1.ExternalAccess{
+					Enabled: true,
+				},
+				RekorSearchUI: v1alpha1.RekorSearchUI{
+					Enabled: utils.Pointer(true),
+				},
+			},
+			Fulcio: v1alpha1.FulcioSpec{
+				ExternalAccess: v1alpha1.ExternalAccess{
+					Enabled: true,
+				},
+				Config: v1alpha1.FulcioConfig{
+					OIDCIssuers: []v1alpha1.OIDCIssuer{
+						{
+							ClientID:  support.OidcClientID(),
+							IssuerURL: support.OidcIssuerUrl(),
+							Issuer:    support.OidcIssuerUrl(),
+							Type:      "email",
+						},
+					}},
+				Certificate: v1alpha1.FulcioCert{
+					OrganizationName:  "MyOrg",
+					OrganizationEmail: "my@email.org",
+					CommonName:        "fulcio",
+				},
+			},
+			Ctlog: v1alpha1.CTlogSpec{},
+			Tuf: v1alpha1.TufSpec{
+				ExternalAccess: v1alpha1.ExternalAccess{
+					Enabled: true,
+				},
+			},
+			Trillian: v1alpha1.TrillianSpec{Db: v1alpha1.TrillianDB{
+				Create: ptr.To(true),
+			}},
+			TimestampAuthority: &v1alpha1.TimestampAuthoritySpec{
+				ExternalAccess: v1alpha1.ExternalAccess{
+					Enabled: true,
+				},
+				Signer: v1alpha1.TimestampAuthoritySigner{
+					CertificateChain: v1alpha1.CertificateChain{
+						RootCA: &v1alpha1.TsaCertificateAuthority{
+							OrganizationName:  "MyOrg",
+							OrganizationEmail: "my@email.org",
+							CommonName:        "tsa.hostname",
+						},
+						IntermediateCA: []*v1alpha1.TsaCertificateAuthority{
+							{
+								OrganizationName:  "MyOrg",
+								OrganizationEmail: "my@email.org",
+								CommonName:        "tsa.hostname",
+							},
+						},
+						LeafCA: &v1alpha1.TsaCertificateAuthority{
+							OrganizationName:  "MyOrg",
+							OrganizationEmail: "my@email.org",
+							CommonName:        "tsa.hostname",
+						},
+					},
+				},
+			},
+		},
+	}
+
+	if err := cli.Create(ctx, instance); err != nil {
+		return fmt.Errorf("creating instance: %w", err)
+	}
+
+	tas.VerifyAllComponents(ctx, cli, instance, true)
+
+	return nil
+}
+
+func deleteNamespace(ctx context.Context, cli client.Client, namespace string) {
+	ns := &v1.Namespace{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: namespace,
+		},
+	}
+	_ = cli.Delete(ctx, ns)
+}
+
+func dumpNamespace(ctx context.Context, cli client.Client, b *testing.B, namespace string) {
+	if b.Failed() && support.IsCIEnvironment() {
+		support.DumpNamespace(ctx, cli, namespace)
+	}
+}
diff --git a/test/e2e/support/condition/condition.go b/test/e2e/support/condition/condition.go
@@ -0,0 +1,28 @@
+package condition
+
+import (
+	"context"
+
+	"github.com/onsi/gomega"
+	"github.com/securesign/operator/internal/apis"
+	"github.com/securesign/operator/internal/controller/common/utils/kubernetes"
+	"github.com/securesign/operator/internal/controller/constants"
+	"k8s.io/apimachinery/pkg/api/meta"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+func IsReady(f apis.ConditionsAwareObject) bool {
+	if f == nil {
+		return false
+	}
+	return meta.IsStatusConditionTrue(f.GetConditions(), constants.Ready)
+}
+
+func DeploymentIsRunning(ctx context.Context, cli client.Client, namespace, component string) func(g gomega.Gomega) (bool, error) {
+	return func(g gomega.Gomega) (bool, error) {
+		return kubernetes.DeploymentIsRunning(ctx, cli, namespace, map[string]string{
+			constants.LabelAppPartOf:    constants.AppName,
+			constants.LabelAppComponent: component,
+		})
+	}
+}
diff --git a/test/e2e/support/oidc.go b/test/e2e/support/oidc.go
@@ -3,6 +3,7 @@ package support
 import (
 	"context"
 	"encoding/json"
+	"errors"
 	"io"
 	"net/http"
 	"net/url"
@@ -53,5 +54,9 @@ func OidcToken(ctx context.Context) (string, error) {
 	if err != nil {
 		return "", err
 	}
+	if js["access_token"] == nil {
+		return "", errors.New("no access token found")
+	}
+
 	return js["access_token"].(string), nil
 }
diff --git a/test/e2e/support/tas/ctlog/ctlog.go b/test/e2e/support/tas/ctlog/ctlog.go
@@ -3,31 +3,24 @@ package ctlog
 import (
 	"context"
 
-	"github.com/securesign/operator/test/e2e/support"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
 	. "github.com/onsi/gomega"
 	"github.com/securesign/operator/api/v1alpha1"
-	"github.com/securesign/operator/internal/controller/common/utils/kubernetes"
 	"github.com/securesign/operator/internal/controller/constants"
 	"github.com/securesign/operator/internal/controller/ctlog/actions"
+	"github.com/securesign/operator/test/e2e/support"
+	"github.com/securesign/operator/test/e2e/support/condition"
 	v1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/api/meta"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 func Verify(ctx context.Context, cli client.Client, namespace string, name string) {
 	Eventually(Get(ctx, cli, namespace, name)).Should(
-		WithTransform(func(f *v1alpha1.CTlog) bool {
-			return meta.IsStatusConditionTrue(f.Status.Conditions, constants.Ready)
-		}, BeTrue()))
+		WithTransform(condition.IsReady, BeTrue()))
 
-	Eventually(func(g Gomega) (bool, error) {
-		return kubernetes.DeploymentIsRunning(ctx, cli, namespace, map[string]string{
-			constants.LabelAppComponent: actions.ComponentName,
-		})
-	}).Should(BeTrue())
+	Eventually(condition.DeploymentIsRunning(ctx, cli, namespace, actions.ComponentName)).
+		Should(BeTrue())
 }
 
 func GetServerPod(ctx context.Context, cli client.Client, ns string) func() *v1.Pod {
@@ -44,10 +37,10 @@ func GetServerPod(ctx context.Context, cli client.Client, ns string) func() *v1.
 func Get(ctx context.Context, cli client.Client, ns string, name string) func() *v1alpha1.CTlog {
 	return func() *v1alpha1.CTlog {
 		instance := &v1alpha1.CTlog{}
-		Expect(cli.Get(ctx, types.NamespacedName{
+		_ = cli.Get(ctx, types.NamespacedName{
 			Namespace: ns,
 			Name:      name,
-		}, instance)).To(Succeed())
+		}, instance)
 		return instance
 	}
 }

diff --git a/test/e2e/support/tas/fulcio/fulcio.go b/test/e2e/support/tas/fulcio/fulcio.go
@@ -5,28 +5,22 @@ import (
 
 	. "github.com/onsi/gomega"
 	"github.com/securesign/operator/api/v1alpha1"
-	"github.com/securesign/operator/internal/controller/common/utils/kubernetes"
 	"github.com/securesign/operator/internal/controller/constants"
 	"github.com/securesign/operator/internal/controller/fulcio/actions"
 	"github.com/securesign/operator/test/e2e/support"
+	"github.com/securesign/operator/test/e2e/support/condition"
 	v1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 func Verify(ctx context.Context, cli client.Client, namespace string, name string) {
 	Eventually(Get(ctx, cli, namespace, name)).Should(
-		WithTransform(func(f *v1alpha1.Fulcio) bool {
-			return meta.IsStatusConditionTrue(f.Status.Conditions, constants.Ready)
-		}, BeTrue()))
+		WithTransform(condition.IsReady, BeTrue()))
 
-	Eventually(func(g Gomega) (bool, error) {
-		return kubernetes.DeploymentIsRunning(ctx, cli, namespace, map[string]string{
-			constants.LabelAppComponent: actions.ComponentName,
-		})
-	}).Should(BeTrue())
+	Eventually(condition.DeploymentIsRunning(ctx, cli, namespace, actions.ComponentName)).
+		Should(BeTrue())
 }
 
 func GetServerPod(ctx context.Context, cli client.Client, ns string) func() *v1.Pod {

diff --git a/test/e2e/support/tas/rekor/rekor.go b/test/e2e/support/tas/rekor/rekor.go
@@ -3,39 +3,29 @@ package rekor
 import (
 	"context"
 
-	"github.com/securesign/operator/test/e2e/support"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
 	. "github.com/onsi/gomega"
 	"github.com/securesign/operator/api/v1alpha1"
-	"github.com/securesign/operator/internal/controller/common/utils/kubernetes"
 	"github.com/securesign/operator/internal/controller/constants"
 	"github.com/securesign/operator/internal/controller/rekor/actions"
+	"github.com/securesign/operator/test/e2e/support"
+	"github.com/securesign/operator/test/e2e/support/condition"
 	v1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/api/meta"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 func Verify(ctx context.Context, cli client.Client, namespace string, name string) {
 	Eventually(Get(ctx, cli, namespace, name)).Should(
-		WithTransform(func(f *v1alpha1.Rekor) bool {
-			return meta.IsStatusConditionTrue(f.Status.Conditions, constants.Ready)
-		}, BeTrue()))
+		WithTransform(condition.IsReady, BeTrue()))
 
 	// server
-	Eventually(func(g Gomega) (bool, error) {
-		return kubernetes.DeploymentIsRunning(ctx, cli, namespace, map[string]string{
-			constants.LabelAppComponent: actions.ServerComponentName,
-		})
-	}).Should(BeTrue())
+	Eventually(condition.DeploymentIsRunning(ctx, cli, namespace, actions.ServerComponentName)).
+		Should(BeTrue())
 
 	// redis
-	Eventually(func(g Gomega) (bool, error) {
-		return kubernetes.DeploymentIsRunning(ctx, cli, namespace, map[string]string{
-			constants.LabelAppComponent: actions.RedisComponentName,
-		})
-	}).Should(BeTrue())
+	Eventually(condition.DeploymentIsRunning(ctx, cli, namespace, actions.RedisComponentName)).
+		Should(BeTrue())
 }
 
 func GetServerPod(ctx context.Context, cli client.Client, ns string) func() *v1.Pod {

diff --git a/test/e2e/support/tas/rekor/search_ui.go b/test/e2e/support/tas/rekor/search_ui.go
@@ -3,18 +3,13 @@ package rekor
 import (
 	"context"
 
-	"github.com/securesign/operator/internal/controller/constants"
-
 	. "github.com/onsi/gomega"
-	"github.com/securesign/operator/internal/controller/common/utils/kubernetes"
 	"github.com/securesign/operator/internal/controller/rekor/actions"
+	"github.com/securesign/operator/test/e2e/support/condition"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 func VerifySearchUI(ctx context.Context, cli client.Client, namespace string) {
-	Eventually(func(g Gomega) (bool, error) {
-		return kubernetes.DeploymentIsRunning(ctx, cli, namespace, map[string]string{
-			constants.LabelAppComponent: actions.UIComponentName,
-		})
-	}).Should(BeTrue())
+	Eventually(condition.DeploymentIsRunning(ctx, cli, namespace, actions.UIComponentName)).
+		Should(BeTrue())
 }