From 1bb65192d4b60f6bdf931bbc983c3b3a1b8f6d55 Mon Sep 17 00:00:00 2001 From: George Arama <50641385+gearama@users.noreply.github.com> Date: Wed, 21 Feb 2024 12:05:43 -0800 Subject: [PATCH] Identity perf tests (#5329) * mroe quotes * dssf * azure identity tests * comments * comments --- eng/CredScanSuppression.json | 4 + .../azure-identity/test/perf/CMakeLists.txt | 2 + .../client_certificate_credential_test.hpp | 105 ++++++++++++++++++ .../test/environment_credential_test.hpp | 93 ++++++++++++++++ .../identity/test/externals/perf.combo.pem | 53 +++++++++ .../identity/test/secret_credential_test.hpp | 1 + .../perf/src/azure_identity_perf_test.cpp | 4 + 7 files changed, 262 insertions(+) create mode 100644 sdk/identity/azure-identity/test/perf/inc/azure/identity/test/client_certificate_credential_test.hpp create mode 100644 sdk/identity/azure-identity/test/perf/inc/azure/identity/test/environment_credential_test.hpp create mode 100644 sdk/identity/azure-identity/test/perf/inc/azure/identity/test/externals/perf.combo.pem diff --git a/eng/CredScanSuppression.json b/eng/CredScanSuppression.json index f63b2d529..4e837ce88 100644 --- a/eng/CredScanSuppression.json +++ b/eng/CredScanSuppression.json @@ -8,6 +8,10 @@ { "file": [ "sdk/attestation/azure-security-attestation/test/ut/crypto_test_collateral.cpp" ], "_justification": "File contains a PEM encoded RSA private key used by test code." + }, + { + "file": [ "sdk/identity/azure-identity/test/perf/inc/azure/identity/test/externals/perf.combo.pem" ], + "_justification": "File contains a PEM encoded RSA private key used by perf test code." } ] } diff --git a/sdk/identity/azure-identity/test/perf/CMakeLists.txt b/sdk/identity/azure-identity/test/perf/CMakeLists.txt index 93eb0bff8..830fbd550 100644 --- a/sdk/identity/azure-identity/test/perf/CMakeLists.txt +++ b/sdk/identity/azure-identity/test/perf/CMakeLists.txt @@ -9,6 +9,8 @@ set(CMAKE_CXX_STANDARD_REQUIRED True) set( AZURE_IDENTITY_PERF_TEST_HEADER + inc/azure/identity/test/client_certificate_credential_test.hpp + inc/azure/identity/test/environment_credential_test.hpp inc/azure/identity/test/secret_credential_test.hpp ) diff --git a/sdk/identity/azure-identity/test/perf/inc/azure/identity/test/client_certificate_credential_test.hpp b/sdk/identity/azure-identity/test/perf/inc/azure/identity/test/client_certificate_credential_test.hpp new file mode 100644 index 000000000..5cc7d5011 --- /dev/null +++ b/sdk/identity/azure-identity/test/perf/inc/azure/identity/test/client_certificate_credential_test.hpp @@ -0,0 +1,105 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + +/** + * @file + * @brief Test the overhead of authenticating with client certificate credential. + * + */ + +#pragma once + +#include +#include + +#include +#include +#include + +namespace Azure { namespace Identity { namespace Test { + + /** + * @brief A test to measure the authentication token performance. + * + */ + class ClientCertificateCredentialTest : public Azure::Perf::PerfTest { + private: + std::string m_tenantId; + std::string m_clientId; + std::string m_certPath; + Core::Credentials::TokenRequestContext m_tokenRequestContext; + std::unique_ptr m_credential; + + public: + /** + * @brief Setup the test. + * + */ + void Setup() override + { + m_tenantId = m_options.GetMandatoryOption("TenantId"); + m_clientId = m_options.GetMandatoryOption("ClientId"); + m_certPath = m_options.GetMandatoryOption("CertPath"); + m_tokenRequestContext.Scopes.push_back(m_options.GetMandatoryOption("Scope")); + if (!m_options.GetOptionOrDefault("Cache", false)) + { + // having this set ignores the credentials cache and forces a new token to be requested + m_tokenRequestContext.MinimumExpiration = std::chrono::hours(1000000); + } + m_credential = std::make_unique( + m_tenantId, + m_clientId, + m_certPath, + InitClientOptions()); + } + + /** + * @brief Construct a new ClientCertificateCredentialTest test. + * + * @param options The test options. + */ + ClientCertificateCredentialTest(Azure::Perf::TestOptions options) : PerfTest(options) {} + + /** + * @brief Define the test + * + * @param context The cancellation token. + */ + void Run(Azure::Core::Context const& context) override + { + auto t = m_credential->GetToken(m_tokenRequestContext, context); + } + + /** + * @brief Define the test options for the test. + * + * @return The list of test options. + */ + std::vector GetTestOptions() override + { + return { + {"Cache", {"--cache"}, "Use credential cache.", 1, false}, + {"CertPath", {"--certpath"}, "The certificate path for authentication.", 1, true, true}, + {"ClientId", {"--clientId"}, "The client Id for the authentication.", 1, true}, + {"Scope", {"--scope"}, "One scope to request access to.", 1, true}, + {"TenantId", {"--tenantId"}, "The tenant Id for the authentication.", 1, true}}; + } + + /** + * @brief Get the static Test Metadata for the test. + * + * @return Azure::Perf::TestMetadata describing the test. + */ + static Azure::Perf::TestMetadata GetTestMetadata() + { + return { + "ClientCertificateCredential", + "Get a token using a client certificate credential.", + [](Azure::Perf::TestOptions options) { + return std::make_unique( + options); + }}; + } + }; + +}}} // namespace Azure::Identity::Test diff --git a/sdk/identity/azure-identity/test/perf/inc/azure/identity/test/environment_credential_test.hpp b/sdk/identity/azure-identity/test/perf/inc/azure/identity/test/environment_credential_test.hpp new file mode 100644 index 000000000..c69b4048f --- /dev/null +++ b/sdk/identity/azure-identity/test/perf/inc/azure/identity/test/environment_credential_test.hpp @@ -0,0 +1,93 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + +/** + * @file + * @brief Test the overhead of authenticating with secret credential. + * + */ + +#pragma once + +#include +#include + +#include +#include +#include + +namespace Azure { namespace Identity { namespace Test { + + /** + * @brief A test to measure the authentication token performance. + * + */ + class EnvironmentCredentialTest : public Azure::Perf::PerfTest { + private: + Core::Credentials::TokenRequestContext m_tokenRequestContext; + std::unique_ptr m_credential; + + public: + /** + * @brief Setup the test + * + */ + void Setup() override + { + m_tokenRequestContext.Scopes.push_back(m_options.GetMandatoryOption("Scope")); + if (!m_options.GetOptionOrDefault("Cache", false)) + { + // having this set ignores the credentials cache and forces a new token to be requested + m_tokenRequestContext.MinimumExpiration = std::chrono::hours(1000000); + } + m_credential = std::make_unique( + InitClientOptions()); + } + + /** + * @brief Construct a new EnvironmentCredentialTest test. + * + * @param options The test options. + */ + EnvironmentCredentialTest(Azure::Perf::TestOptions options) : PerfTest(options) {} + + /** + * @brief Define the test + * + * @param context The cancellation token. + */ + void Run(Azure::Core::Context const& context) override + { + auto t = m_credential->GetToken(m_tokenRequestContext, context); + } + + /** + * @brief Define the test options for the test. + * + * @return The list of test options. + */ + std::vector GetTestOptions() override + { + return { + {"Cache", {"--cache"}, "Use credential cache.", 1, false}, + {"Scope", {"--scope"}, "One scope to request access to.", 1, true}, + }; + } + + /** + * @brief Get the static Test Metadata for the test. + * + * @return Azure::Perf::TestMetadata describing the test. + */ + static Azure::Perf::TestMetadata GetTestMetadata() + { + return { + "EnvironmentCredential", + "Get a token using a secret client token credential.", + [](Azure::Perf::TestOptions options) { + return std::make_unique(options); + }}; + } + }; + +}}} // namespace Azure::Identity::Test diff --git a/sdk/identity/azure-identity/test/perf/inc/azure/identity/test/externals/perf.combo.pem b/sdk/identity/azure-identity/test/perf/inc/azure/identity/test/externals/perf.combo.pem new file mode 100644 index 000000000..26dd97f00 --- /dev/null +++ b/sdk/identity/azure-identity/test/perf/inc/azure/identity/test/externals/perf.combo.pem @@ -0,0 +1,53 @@ +Bag Attributes + localKeyID: 01 00 00 00 + 1.3.6.1.4.1.311.17.3.71: 44 00 45 00 53 00 4B 00 54 00 4F 00 50 00 2D 00 48 00 33 00 35 00 4B 00 51 00 51 00 42 00 00 00 +subject=CN = perfCert + +issuer=CN = perfCert + +-----BEGIN CERTIFICATE----- +MIIDADCCAeigAwIBAgIQIugayGqZbqRIT+zbzllIFzANBgkqhkiG9w0BAQsFADAT +MREwDwYDVQQDDAhwZXJmQ2VydDAeFw0yNDAyMDYyMDI5NThaFw0yNTAyMDYyMDQ5 +NThaMBMxETAPBgNVBAMMCHBlcmZDZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAzhB18NgNbNF47en23b2JQUJhjSMwMmH7ygpiw01PXpuDHgrzawpA +0UP+oH7KpzLHlUsvrYTiZ5z2ayFXMe6zrvO/T6xC8vSAEszQh9V4+D/k1qJ05MNx +za6o60bNSEOEUs9P1QT50xE9w7rYtz8U85W1Ldr+B3We7ZLLNg4mR2A67kphMtc/ +i7XaVyIaQJX89xPJ6O3q//o45epCOk7xxvuXOCycjCGT945PJUjp7xk4ElAQjLuK +4CQPL/m0BFy0oOmuXMZYFKCDOnEwXY3fzUJG/4FqMb209toQHL7vXwS2VRMQMqsf +O+i0SLmlcGtNtqbBqtXAyeo9Wh1jfWWFpQIDAQABo1AwTjAOBgNVHQ8BAf8EBAMC +BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMB0GA1UdDgQWBBQColZ3 +n9faLGaHx4kp3o4q/5T8yTANBgkqhkiG9w0BAQsFAAOCAQEAU8NYx8oeGrrreCCK +jLjEKyic1FimMTyCrrVMR/Qrh8KeMn6/RBoM7iWJJ16HqKViIOsDWME3DFJbW5fW +yFB0t20VIvCuaY43wllvSUh+1y6G8HB6W4HDr875Jdh+HpZQKghxaigSgACLC+aa +lPdoccaDSpnDW5VxuElsaVztO8ayBPUoWYsbabvPS6bd5eCMR7nS5AywJhmpb+40 +Bm+UiGeS1CPZVPXwCw4wiXsPcWjnwr7xWu7V60/ScECkuEydJSTBO9HAbn0PlnaG +XI37CLYQsKq1UkapXJ2EmPhnI+DWhhTpC+dH8Jb70etF5bhrkQVkUsk/YxTK9AXw +tm0eKQ== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAzhB18NgNbNF47en23b2JQUJhjSMwMmH7ygpiw01PXpuDHgrz +awpA0UP+oH7KpzLHlUsvrYTiZ5z2ayFXMe6zrvO/T6xC8vSAEszQh9V4+D/k1qJ0 +5MNxza6o60bNSEOEUs9P1QT50xE9w7rYtz8U85W1Ldr+B3We7ZLLNg4mR2A67kph +Mtc/i7XaVyIaQJX89xPJ6O3q//o45epCOk7xxvuXOCycjCGT945PJUjp7xk4ElAQ +jLuK4CQPL/m0BFy0oOmuXMZYFKCDOnEwXY3fzUJG/4FqMb209toQHL7vXwS2VRMQ +MqsfO+i0SLmlcGtNtqbBqtXAyeo9Wh1jfWWFpQIDAQABAoIBAENbIhIdrRW6ytqJ +tYX5pFnOhvCJZgGyAYmjJ3FLXfxAvPUfAz4j1dgRb7Oqfjd048QrFWSUoSTZK7sM +5OGPcvBnAEvctO2ReiOrCya7YpVS3UxDQg5czGA9DT4KoKNUXnZrCV9KBxc09Yl7 +E8eiOQj+EIDyqkJp8g8aAo6ixWRiu/me2z3O2WGHSzlH+zYvw+MO+dktQUh7kQKf +JCYm0d9taR/bzOetb1tEomhOF1PnyJao2en2UgR0vzyujrWXYgk3WiNH0qUbie4J +h+r14bl4XvTAly8PkqbacXmbuVLFU+BTyoobTspfTwrRepJ5civ6KUHIkvhUlZYj +fYA8wukCgYEA5eY8vShQVi5rW/7YOrorMyBpJ1hkN/k8GSPEphIxUGBDckzrNLiv +Qy7Qujr5VxQdd/SD9ypCHLlbBQG8cK7k6S7Vr+3bDGc/Nw8wTz2F3qIxUleN418h +lTkAI6vTUzafnN9wHSQI3UuDr1o73CtDGm1hs9IdGEiXO0qo9T8lygcCgYEA5XV8 +BxPY4GvKZqDohRU8X1nrLgwLF44/0Ks5cDY6vb6WMtyeAvKPpzl0yL6dTZFCroUs +oIh/W56EvD9Uq0asHiJ/B11UJhIGCEvQBWBl7Q02kfsPLjQFGWECDIPiFh3xSwJ8 +srGjXsReT2eQ3cDqGUPpedSWqZgC5N54L/YW9/MCgYEApD+XyXTR4KCNZ05tYZe8 +YWyYc9m80BiqjTN2vUdmIAyGY1T8/c+st4zs5wBXP5VJcHgrCB0S2r66fps87Cyn +sskZNfXzd6sUCNw7IYHM8MBkCHYxEu7WaWwt405RTrRJ2KPxz3/9LU1UKaWH+saV +zH21Pemxi7XhBiVTDNQuxWUCgYAFsWaEXm+xEbuR1EgwlRhMXVTCbbYQvYzDxpvE +NvQ6JPJhDKw28oGx6nEFUgVhGUuIPPGgggJ26XXtnbyiCzzV+pEgQ6aE00mnBwqA +N6YPvZYvBQWZZd0Chi+g09zWI6QK8mLZpCKjhUe5vJ4RgmnMeqzeQvIB/y2DNCnT +Ns3XFQKBgHSBQhloKjqDJ9hsLpvaVd7hNvYkuZXFj6C1xj1tWeAoNv5hPJQMQgzw +XMCIIwynr8FkL42HSwYG42LZ7d7powGhPf8k7gAyniVcgQelomUE799/OhUEQ0RX +9E7TF4ErVzijnvxYwI+2ed+54JB3XJnphDn99GrOJSi3c4qlEFvx +-----END RSA PRIVATE KEY----- diff --git a/sdk/identity/azure-identity/test/perf/inc/azure/identity/test/secret_credential_test.hpp b/sdk/identity/azure-identity/test/perf/inc/azure/identity/test/secret_credential_test.hpp index 581b03220..d00cd0b52 100644 --- a/sdk/identity/azure-identity/test/perf/inc/azure/identity/test/secret_credential_test.hpp +++ b/sdk/identity/azure-identity/test/perf/inc/azure/identity/test/secret_credential_test.hpp @@ -43,6 +43,7 @@ namespace Azure { namespace Identity { namespace Test { m_tokenRequestContext.Scopes.push_back(m_options.GetMandatoryOption("Scope")); if (!m_options.GetOptionOrDefault("Cache", false)) { + // having this set ignores the credentials cache and forces a new token to be requested m_tokenRequestContext.MinimumExpiration = std::chrono::hours(1000000); } m_credential = std::make_unique( diff --git a/sdk/identity/azure-identity/test/perf/src/azure_identity_perf_test.cpp b/sdk/identity/azure-identity/test/perf/src/azure_identity_perf_test.cpp index d308945d6..d6809dc3f 100644 --- a/sdk/identity/azure-identity/test/perf/src/azure_identity_perf_test.cpp +++ b/sdk/identity/azure-identity/test/perf/src/azure_identity_perf_test.cpp @@ -1,6 +1,8 @@ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. +#include "azure/identity/test/client_certificate_credential_test.hpp" +#include "azure/identity/test/environment_credential_test.hpp" #include "azure/identity/test/secret_credential_test.hpp" #include @@ -10,6 +12,8 @@ int main(int argc, char** argv) // Create the test list std::vector tests{ + Azure::Identity::Test::ClientCertificateCredentialTest::GetTestMetadata(), + Azure::Identity::Test::EnvironmentCredentialTest::GetTestMetadata(), Azure::Identity::Test::SecretCredentialTest::GetTestMetadata()}; Azure::Perf::Program::Run(Azure::Core::Context::ApplicationContext, tests, argc, argv);