authorize: additional tracing, add benchmark for encryptor (#2059)

2025-08-06 10:21:05 +02:00 · 2021-04-05 12:55:16 -06:00 · 2021-04-05 12:55:16 -06:00 · 8a2af8029b
commit 8a2af8029b
parent f4c4fe314a
2 changed files with 33 additions and 0 deletions
--- a/authorize/log.go
+++ b/authorize/log.go
@ -11,6 +11,7 @@ import (
 	"github.com/pomerium/pomerium/authorize/evaluator"
 	"github.com/pomerium/pomerium/internal/log"
 	"github.com/pomerium/pomerium/internal/telemetry/requestid"
 	"github.com/pomerium/pomerium/internal/telemetry/trace"
 	"github.com/pomerium/pomerium/pkg/grpc/audit"
 	"github.com/pomerium/pomerium/pkg/grpc/user"
 )
@ -20,6 +21,9 @@ func (a *Authorize) logAuthorizeCheck(
 	in *envoy_service_auth_v3.CheckRequest, out *envoy_service_auth_v3.CheckResponse,
 	reply *evaluator.Result, u *user.User,
 ) {
 	ctx, span := trace.StartSpan(ctx, "authorize.grpc.LogAuthorizeCheck")
 	defer span.End()
 	hdrs := getCheckRequestHeaders(in)
 	hattrs := in.GetAttributes().GetRequest().GetHttp()
 	evt := log.Info().Str("service", "authorize")
@ -49,6 +53,9 @@ func (a *Authorize) logAuthorizeCheck(
 	evt.Msg("authorize check")
 	if enc := a.state.Load().auditEncryptor; enc != nil {
 		ctx, span := trace.StartSpan(ctx, "authorize.grpc.AuditAuthorizeCheck")
 		defer span.End()
 		record := &audit.Record{
 			Request:  in,
 			Response: out,
--- a/pkg/protoutil/crypt_test.go
+++ b/pkg/protoutil/crypt_test.go
@ -1,6 +1,7 @@
 package protoutil
 import (
 	"fmt"
 	"testing"
 	"time"
@ -8,6 +9,7 @@ import (
 	"github.com/stretchr/testify/require"
 	"google.golang.org/protobuf/encoding/protojson"
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/types/known/structpb"
 	"google.golang.org/protobuf/types/known/wrapperspb"
 	"github.com/pomerium/pomerium/pkg/cryptutil"
@ -73,3 +75,27 @@ func assertProtoEqual(t *testing.T, x, y proto.Message) {
 	ybs, _ := protojson.Marshal(y)
 	assert.True(t, proto.Equal(x, y), "%s != %s", xbs, ybs)
 }
 func BenchmarkEncrypt(b *testing.B) {
 	m := map[string]interface{}{}
 	for i := 0; i < 10; i++ {
 		mm := map[string]interface{}{}
 		for j := 0; j < 10; j++ {
 			mm[fmt.Sprintf("key%d", j)] = fmt.Sprintf("value%d", j)
 		}
 		m[fmt.Sprintf("key%d", i)] = mm
 	}
 	obj, err := structpb.NewStruct(m)
 	require.NoError(b, err)
 	kek, err := cryptutil.GenerateKeyEncryptionKey()
 	require.NoError(b, err)
 	enc := NewEncryptor(kek.Public())
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
 		_, err := enc.Encrypt(obj)
 		require.NoError(b, err)
 	}
 }