From 300e518eedc576364ec582dbecef5536c0c4057a Mon Sep 17 00:00:00 2001 From: George Arama <50641385+gearama@users.noreply.github.com> Date: Fri, 23 Feb 2024 13:03:12 -0800 Subject: [PATCH] Identity perf tests part 1 (#5373) * mroe quotes * dssf * pipeline first take * 2 out of 3 * clangs * newline --- .../azure-identity/perf-resources.json | 175 ++++++++++++++++++ sdk/identity/azure-identity/perf-tests.yml | 22 +++ sdk/identity/azure-identity/perf.yml | 38 ++++ .../test/environment_credential_test.hpp | 7 +- .../identity/test/secret_credential_test.hpp | 16 +- 5 files changed, 247 insertions(+), 11 deletions(-) create mode 100644 sdk/identity/azure-identity/perf-resources.json create mode 100644 sdk/identity/azure-identity/perf-tests.yml create mode 100644 sdk/identity/azure-identity/perf.yml diff --git a/sdk/identity/azure-identity/perf-resources.json b/sdk/identity/azure-identity/perf-resources.json new file mode 100644 index 000000000..ee05cc59f --- /dev/null +++ b/sdk/identity/azure-identity/perf-resources.json @@ -0,0 +1,175 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "baseName": { + "defaultValue": "[resourceGroup().name]", + "type": "String", + "metadata": { + "description": "The base resource name." + } + }, + "tenantId": { + "defaultValue": "72f988bf-86f1-41af-91ab-2d7cd011db47", + "type": "String", + "metadata": { + "description": "The tenant ID to which the application and resources belong." + } + }, + "testApplicationId": { + "type": "String", + "metadata": { + "description": "The application client ID used to run tests." + } + }, + "testApplicationSecret": { + "type": "String", + "metadata": { + "description": "The application client secret used to run tests." + } + }, + "testApplicationOid": { + "defaultValue": "b3653439-8136-4cd5-aac3-2a9460871ca6", + "type": "String", + "metadata": { + "description": "The client OID to grant access to test resources." + } + }, + "location": { + "defaultValue": "[resourceGroup().location]", + "type": "String", + "metadata": { + "description": "The location of the resource. By default, this is the same as the resource group." + } + }, + "enableSoftDelete": { + "defaultValue": true, + "type": "Bool", + "metadata": { + "description": "Whether to enable soft delete for the Key Vault. The default is true." + } + }, + "keyVaultDomainSuffix": { + "defaultValue": ".vault.azure.net", + "type": "String", + "metadata": { + "description": "Domain suffix for sovereign clouds, requires the preceding '.'. The default uses the public Azure Cloud (.vault.azure.net)" + } + }, + "keyVaultSku": { + "defaultValue": "premium", + "type": "String", + "metadata": { + "description": "Key Vault SKU to deploy. The default is 'premium'" + } + } + }, + "variables": { + "azureKeyVaultUrl": "[format('https://{0}{1}/', parameters('baseName'), parameters('keyVaultDomainSuffix'))]", + "networkAcls": { + "bypass": "AzureServices", + "defaultAction": "Allow", + "virtualNetworkRules": [], + "ipRules": [] + } + }, + "resources": [ + { + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2021-11-01-preview", + "name": "[parameters('baseName')]", + "location": "[parameters('location')]", + "properties": { + "sku": { + "family": "A", + "name": "[parameters('keyVaultSku')]" + }, + "tenantId": "[parameters('tenantId')]", + "accessPolicies": [ + { + "tenantId": "[parameters('tenantId')]", + "objectId": "[parameters('testApplicationOid')]", + "permissions": { + "keys": [ + "wrapKey", + "decrypt", + "list", + "purge", + "recover", + "restore", + "getrotationpolicy", + "sign", + "release", + "encrypt", + "rotate", + "import", + "create", + "verify", + "setrotationpolicy", + "backup", + "update", + "get", + "unwrapKey", + "delete" + ], + "secrets": [ + "Get", + "List", + "Set", + "Delete", + "Recover", + "Backup", + "Restore", + "Purge" + ], + "certificates": [ + "Get", + "List", + "Update", + "Create", + "Import", + "Delete", + "Recover", + "Backup", + "Restore", + "ManageContacts", + "ManageIssuers", + "GetIssuers", + "ListIssuers", + "SetIssuers", + "DeleteIssuers", + "Purge" + ] + } + } + ], + "enabledForDeployment": false, + "enabledForDiskEncryption": false, + "enabledForTemplateDeployment": false, + "enableSoftDelete": "[parameters('enableSoftDelete')]" + } + } + ], + "outputs": { + "AZURE_KEYVAULT_URL": { + "type": "String", + "value": "[variables('azureKeyVaultUrl')]" + }, + "AZURE_TENANT_ID": { + "type": "String", + "value": "[parameters('tenantId')]" + }, + "AZURE_CLIENT_ID": { + "type": "String", + "value": "[parameters('testApplicationId')]" + }, + "AZURE_CLIENT_SECRET": { + "type": "String", + "value": "[parameters('testApplicationSecret')]" + }, + "CLIENT_OBJECTID": { + "type": "String", + "value": "[parameters('testApplicationOid')]" + } + } +} diff --git a/sdk/identity/azure-identity/perf-tests.yml b/sdk/identity/azure-identity/perf-tests.yml new file mode 100644 index 000000000..d198944d4 --- /dev/null +++ b/sdk/identity/azure-identity/perf-tests.yml @@ -0,0 +1,22 @@ +Service: identity + +Project: azure-identity-perf + +PrimaryPackage: azure-identity-cpp + +PackageVersions: +- azure-identity-cpp: 1.6.0 +- azure-identity-cpp: source + +Tests: +- Test: EnvironmentCredential + Class: EnvironmentCredential + Arguments: + - --cache 0 + - --test-proxies http://127.0.0.1:5000 + +- Test: SecretCredential + Class: SecretCredential + Arguments: + - --cache 0 + - --test-proxies http://127.0.0.1:5000 diff --git a/sdk/identity/azure-identity/perf.yml b/sdk/identity/azure-identity/perf.yml new file mode 100644 index 000000000..0805e9375 --- /dev/null +++ b/sdk/identity/azure-identity/perf.yml @@ -0,0 +1,38 @@ +parameters: +- name: PackageVersions + displayName: PackageVersions (regex of package versions to run) + type: string + default: '1|source' +- name: Tests + displayName: Tests (regex of tests to run) + type: string + default: '.*' +- name: Arguments + displayName: Arguments (regex of arguments to run) + type: string + default: '.*' +- name: Iterations + displayName: Iterations (times to run each test) + type: number + default: '5' +- name: Profile + type: boolean + default: false +- name: AdditionalArguments + displayName: AdditionalArguments (passed to PerfAutomation) + type: string + default: ' ' + +extends: + template: /eng/pipelines/templates/jobs/perf.yml + parameters: + ServiceDirectory: identity/azure-identity + PackageVersions: ${{ parameters.PackageVersions }} + Tests: ${{ parameters.Tests }} + Arguments: ${{ parameters.Arguments }} + Iterations: ${{ parameters.Iterations }} + AdditionalArguments: ${{ parameters.AdditionalArguments }} + Profile: ${{ parameters.Profile }} + EnvVars: + # This is set in the InstallLanguageSteps + VCPKG_BINARY_SOURCES_SECRET: $(VCPKG_BINARY_SOURCES_SECRET) diff --git a/sdk/identity/azure-identity/test/perf/inc/azure/identity/test/environment_credential_test.hpp b/sdk/identity/azure-identity/test/perf/inc/azure/identity/test/environment_credential_test.hpp index c69b4048f..8a443de8a 100644 --- a/sdk/identity/azure-identity/test/perf/inc/azure/identity/test/environment_credential_test.hpp +++ b/sdk/identity/azure-identity/test/perf/inc/azure/identity/test/environment_credential_test.hpp @@ -9,6 +9,7 @@ #pragma once +#include #include #include @@ -34,7 +35,8 @@ namespace Azure { namespace Identity { namespace Test { */ void Setup() override { - m_tokenRequestContext.Scopes.push_back(m_options.GetMandatoryOption("Scope")); + m_tokenRequestContext.Scopes.push_back( + m_options.GetOptionOrDefault("Scope", "https://attest.azure.net/.default")); if (!m_options.GetOptionOrDefault("Cache", false)) { // having this set ignores the credentials cache and forces a new token to be requested @@ -70,8 +72,7 @@ namespace Azure { namespace Identity { namespace Test { { return { {"Cache", {"--cache"}, "Use credential cache.", 1, false}, - {"Scope", {"--scope"}, "One scope to request access to.", 1, true}, - }; + {"Scope", {"--scope"}, "One scope to request access to.", 1, false}}; } /** diff --git a/sdk/identity/azure-identity/test/perf/inc/azure/identity/test/secret_credential_test.hpp b/sdk/identity/azure-identity/test/perf/inc/azure/identity/test/secret_credential_test.hpp index d00cd0b52..16afb2e21 100644 --- a/sdk/identity/azure-identity/test/perf/inc/azure/identity/test/secret_credential_test.hpp +++ b/sdk/identity/azure-identity/test/perf/inc/azure/identity/test/secret_credential_test.hpp @@ -9,6 +9,7 @@ #pragma once +#include #include #include @@ -37,10 +38,12 @@ namespace Azure { namespace Identity { namespace Test { */ void Setup() override { - m_tenantId = m_options.GetMandatoryOption("TenantId"); - m_clientId = m_options.GetMandatoryOption("ClientId"); - m_secret = m_options.GetMandatoryOption("Secret"); - m_tokenRequestContext.Scopes.push_back(m_options.GetMandatoryOption("Scope")); + m_tenantId = Azure::Core::_internal::Environment::GetVariable("AZURE_TENANT_ID"); + m_clientId = Azure::Core::_internal::Environment::GetVariable("AZURE_CLIENT_ID"); + m_secret = Azure::Core::_internal::Environment::GetVariable("AZURE_CLIENT_SECRET"); + + m_tokenRequestContext.Scopes.push_back( + m_options.GetOptionOrDefault("Scope", "https://attest.azure.net/.default")); if (!m_options.GetOptionOrDefault("Cache", false)) { // having this set ignores the credentials cache and forces a new token to be requested @@ -79,10 +82,7 @@ namespace Azure { namespace Identity { namespace Test { { return { {"Cache", {"--cache"}, "Use credential cache.", 1, false}, - {"ClientId", {"--clientId"}, "The client Id for the authentication.", 1, true}, - {"Scope", {"--scope"}, "One scope to request access to.", 1, true}, - {"Secret", {"--secret"}, "The secret for authentication.", 1, true, true}, - {"TenantId", {"--tenantId"}, "The tenant Id for the authentication.", 1, true}}; + {"Scope", {"--scope"}, "The secret for authentication.", 1, false}}; } /**