mirror of
https://github.com/pomerium/pomerium.git
synced 2025-08-06 10:21:05 +02:00
authorize: additional tracing, add benchmark for encryptor (#2059)
This commit is contained in:
Caleb Doxsey
GitHub
parent
f4c4fe314a
commit
8a2af8029b
2 changed files with 33 additions and 0 deletions
|
|
@ -11,6 +11,7 @@ import (
|
|||
"github.com/pomerium/pomerium/authorize/evaluator"
|
||||
"github.com/pomerium/pomerium/internal/log"
|
||||
"github.com/pomerium/pomerium/internal/telemetry/requestid"
|
||||
"github.com/pomerium/pomerium/internal/telemetry/trace"
|
||||
"github.com/pomerium/pomerium/pkg/grpc/audit"
|
||||
"github.com/pomerium/pomerium/pkg/grpc/user"
|
||||
)
|
||||
|
|
@ -20,6 +21,9 @@ func (a *Authorize) logAuthorizeCheck(
|
|||
in *envoy_service_auth_v3.CheckRequest, out *envoy_service_auth_v3.CheckResponse,
|
||||
reply *evaluator.Result, u *user.User,
|
||||
) {
|
||||
ctx, span := trace.StartSpan(ctx, "authorize.grpc.LogAuthorizeCheck")
|
||||
defer span.End()
|
||||
|
||||
hdrs := getCheckRequestHeaders(in)
|
||||
hattrs := in.GetAttributes().GetRequest().GetHttp()
|
||||
evt := log.Info().Str("service", "authorize")
|
||||
|
|
@ -49,6 +53,9 @@ func (a *Authorize) logAuthorizeCheck(
|
|||
evt.Msg("authorize check")
|
||||
|
||||
if enc := a.state.Load().auditEncryptor; enc != nil {
|
||||
ctx, span := trace.StartSpan(ctx, "authorize.grpc.AuditAuthorizeCheck")
|
||||
defer span.End()
|
||||
|
||||
record := &audit.Record{
|
||||
Request: in,
|
||||
Response: out,
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package protoutil
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
|
|
@ -8,6 +9,7 @@ import (
|
|||
"github.com/stretchr/testify/require"
|
||||
"google.golang.org/protobuf/encoding/protojson"
|
||||
"google.golang.org/protobuf/proto"
|
||||
"google.golang.org/protobuf/types/known/structpb"
|
||||
"google.golang.org/protobuf/types/known/wrapperspb"
|
||||
|
||||
"github.com/pomerium/pomerium/pkg/cryptutil"
|
||||
|
|
@ -73,3 +75,27 @@ func assertProtoEqual(t *testing.T, x, y proto.Message) {
|
|||
ybs, _ := protojson.Marshal(y)
|
||||
assert.True(t, proto.Equal(x, y), "%s != %s", xbs, ybs)
|
||||
}
|
||||
|
||||
func BenchmarkEncrypt(b *testing.B) {
|
||||
m := map[string]interface{}{}
|
||||
for i := 0; i < 10; i++ {
|
||||
mm := map[string]interface{}{}
|
||||
for j := 0; j < 10; j++ {
|
||||
mm[fmt.Sprintf("key%d", j)] = fmt.Sprintf("value%d", j)
|
||||
}
|
||||
m[fmt.Sprintf("key%d", i)] = mm
|
||||
}
|
||||
|
||||
obj, err := structpb.NewStruct(m)
|
||||
require.NoError(b, err)
|
||||
|
||||
kek, err := cryptutil.GenerateKeyEncryptionKey()
|
||||
require.NoError(b, err)
|
||||
enc := NewEncryptor(kek.Public())
|
||||
|
||||
b.ResetTimer()
|
||||
for i := 0; i < b.N; i++ {
|
||||
_, err := enc.Encrypt(obj)
|
||||
require.NoError(b, err)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue