TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 03:17:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

test(session): load tests for session api (#9212)

Browse Source 
# Which Problems Are Solved

We currently are not able to benchmark the performance of the session
api

# How the Problems Are Solved

Load tests were added to
- use sessions in oidc tokens analog
https://zitadel.com/docs/guides/integrate/login-ui/oidc-standard

# Additional Context

- Closes https://github.com/zitadel/zitadel/issues/7847
This commit is contained in:
Silvan
2025-01-29 13:08:20 +01:00
committed by GitHub
parent 679ab58fa1
commit b10428fb56
18 changed files with 409 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

111
load-test/src/oidc.ts
View File

@@ -1,9 +1,9 @@
import { JSONObject, check, fail } from 'k6';
import encoding from 'k6/encoding';
import http, { RequestBody } from 'k6/http';
import http, { RequestBody, Response } from 'k6/http';
import { Trend } from 'k6/metrics';
import url from './url';
import { Config } from './config';
import { Client, Config } from './config';
// @ts-ignore Import module
import zitadel from 'k6/x/zitadel';
@@ -79,9 +79,11 @@ export function introspect(jwt: string, token: string) {
const clientCredentialsTrend = new Trend('oidc_client_credentials_duration', true);
export function clientCredentials(clientId: string, clientSecret: string): Promise<Tokens> {
return new Promise((resolve, reject) => {
const response = http.asyncRequest('POST', configuration().token_endpoint,
const response = http.asyncRequest(
'POST',
configuration().token_endpoint,
{
grant_type: "client_credentials",
grant_type: 'client_credentials',
scope: 'openid profile urn:zitadel:iam:org:project:id:zitadel:aud',
client_id: clientId,
client_secret: clientSecret,
@@ -91,26 +93,26 @@ export function clientCredentials(clientId: string, clientSecret: string): Promi
'Content-Type': 'application/x-www-form-urlencoded',
},
},
);
);
response.then((res) => {
check(res, {
'client credentials status ok': (r) => r.status === 200,
}) || reject(`client credentials request failed (client id: ${clientId}) status: ${res.status} body: ${res.body}`);
clientCredentialsTrend.add(res.timings.duration);
const tokens = new Tokens(res.json() as JSONObject)
const tokens = new Tokens(res.json() as JSONObject);
check(tokens, {
'client credentials token ok': (t) => t.accessToken !== undefined,
}) || reject(`client credentials access token missing (client id: ${clientId}`);
resolve(tokens)
resolve(tokens);
});
});
}
export interface TokenRequest {
payload(): RequestBody;
headers(): { [name: string]: string; };
headers(): { [name: string]: string };
}
const privateKey = open('../.keys/key.pem');
@@ -126,46 +128,83 @@ export class JWTProfileRequest implements TokenRequest {
this.keyPayload = {
userId: userId,
// 1 minute
expiration: 60*1_000_000_000,
expiration: 60 * 1_000_000_000,
keyId: keyId,
};
}
payload(): RequestBody{
const assertion = zitadel.signJWTProfileAssertion(
this.keyPayload.userId,
this.keyPayload.keyId,
{
audience: [Config.host],
expiration: this.keyPayload.expiration,
key: privateKey
});
payload(): RequestBody {
const assertion = zitadel.signJWTProfileAssertion(this.keyPayload.userId, this.keyPayload.keyId, {
audience: [Config.host],
expiration: this.keyPayload.expiration,
key: privateKey,
});
return {
'grant_type': 'urn:ietf:params:oauth:grant-type:jwt-bearer',
scope: 'openid',
assertion: `${assertion}`
grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
scope: 'openid urn:zitadel:iam:org:project:id:zitadel:aud',
assertion: `${assertion}`,
};
};
public headers(): { [name: string]: string; } {
}
public headers(): { [name: string]: string } {
return {
'Content-Type': 'application/x-www-form-urlencoded'
'Content-Type': 'application/x-www-form-urlencoded',
};
};
}
}
const tokenDurationTrend = new Trend('oidc_token_duration', true);
export async function token(request: TokenRequest): Promise<Tokens> {
return http.asyncRequest('POST', configuration().token_endpoint,
request.payload(),
{
return http
.asyncRequest('POST', configuration().token_endpoint, request.payload(), {
headers: request.headers(),
},
).then((res) => {
tokenDurationTrend.add(res.timings.duration);
check(res, {
'token status ok': (r) => r.status === 200,
'access token returned': (r) => r.json('access_token')! != undefined && r.json('access_token')! != '',
})
.then((res) => {
tokenDurationTrend.add(res.timings.duration);
check(res, {
'token status ok': (r) => r.status === 200,
'access token returned': (r) => r.json('access_token')! != undefined && r.json('access_token')! != '',
});
return new Tokens(res.json() as JSONObject);
});
return new Tokens(res.json() as JSONObject);
}
const authRequestBiIDTrend = new Trend('oidc_auth_request_by_id_duration', true);
export async function authRequestByID(id: string, tokens: any): Promise<Response> {
const response = http.get(url(`/v2/oidc/auth_requests/${id}`), {
headers: {
Authorization: `Bearer ${tokens.accessToken}`,
},
});
};
check(response, {
'authorize status ok': (r) => r.status == 200 || fail(`auth request by failed: ${JSON.stringify(r)}`),
});
authRequestBiIDTrend.add(response.timings.duration);
return response;
}
const finalizeAuthRequestTrend = new Trend('oidc_auth_requst_by_id_duration', true);
export async function finalizeAuthRequest(id: string, session: any, tokens: any): Promise<Response> {
const res = await http.post(
url(`/v2/oidc/auth_requests/${id}`),
JSON.stringify({
session: {
sessionId: session.sessionId,
sessionToken: session.sessionToken,
},
}),
{
headers: {
Authorization: `Bearer ${tokens.accessToken}`,
'Content-Type': 'application/json',
// 'Accept': 'application/json',
'x-zitadel-login-client': tokens.info.client_id,
},
},
);
check(res, {
'finalize auth request status ok': (r) => r.status == 200 || fail(`finalize auth request failed: ${JSON.stringify(r)}`),
});
finalizeAuthRequestTrend.add(res.timings.duration);
return res;
}