Improve performance of supervisor_oidcclientsecret_test.go
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
This commit is contained in:
parent
0f613d1823
commit
6c65fd910e
@ -911,20 +911,26 @@ func TestCreateOIDCClientSecretRequest_Parallel(t *testing.T) {
|
|||||||
)
|
)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
t.Cleanup(func() {
|
t.Cleanup(func() {
|
||||||
|
cleanupCtx, cleanupCtxCancel := context.WithTimeout(context.Background(), 3*time.Minute)
|
||||||
|
defer cleanupCtxCancel()
|
||||||
deleteErr := supervisorClient.ConfigV1alpha1().
|
deleteErr := supervisorClient.ConfigV1alpha1().
|
||||||
OIDCClients(env.SupervisorNamespace).Delete(ctx, oidcClient.Name, metav1.DeleteOptions{})
|
OIDCClients(env.SupervisorNamespace).Delete(cleanupCtx, oidcClient.Name, metav1.DeleteOptions{})
|
||||||
require.NoError(t, deleteErr)
|
require.NoError(t, deleteErr)
|
||||||
testlib.RequireEventually(t, func(requireEventually *require.Assertions) {
|
testlib.RequireEventually(t, func(requireEventually *require.Assertions) {
|
||||||
_, err := kubeClient.CoreV1().Secrets(oidcClient.Namespace).
|
_, err := kubeClient.CoreV1().Secrets(oidcClient.Namespace).
|
||||||
Get(ctx, oidcclientsecretstorage.New(nil).GetName(oidcClient.UID), metav1.GetOptions{})
|
Get(cleanupCtx, oidcclientsecretstorage.New(nil).GetName(oidcClient.UID), metav1.GetOptions{})
|
||||||
requireEventually.Error(err, "deleting OIDCClient should result in deleting storage secrets")
|
requireEventually.Error(err, "deleting OIDCClient should result in deleting storage secrets")
|
||||||
requireEventually.True(k8serrors.IsNotFound(err),
|
requireEventually.True(k8serrors.IsNotFound(err),
|
||||||
"deleting OIDCClient should result in deleting storage secrets")
|
"deleting OIDCClient should result in deleting storage secrets")
|
||||||
}, 2*time.Minute, 250*time.Millisecond)
|
}, 2*time.Minute, 250*time.Millisecond)
|
||||||
})
|
})
|
||||||
|
|
||||||
|
type memoKey struct {
|
||||||
|
storedSecretHash, plaintextPassword string
|
||||||
|
}
|
||||||
cacheOfGeneratedSecrets := []string{}
|
cacheOfGeneratedSecrets := []string{}
|
||||||
hasSecretBeenGenerated := false
|
hasSecretBeenGenerated := false
|
||||||
|
memoizedBcryptHashes := map[memoKey]bool{}
|
||||||
for n, ttt := range tt.clientSecretRequests(oidcClient.Name) {
|
for n, ttt := range tt.clientSecretRequests(oidcClient.Name) {
|
||||||
clientSecretRequestResponse, err := supervisorClient.ClientsecretV1alpha1().
|
clientSecretRequestResponse, err := supervisorClient.ClientsecretV1alpha1().
|
||||||
OIDCClientSecretRequests(env.SupervisorNamespace).Create(ctx, ttt.secretRequest, metav1.CreateOptions{})
|
OIDCClientSecretRequests(env.SupervisorNamespace).Create(ctx, ttt.secretRequest, metav1.CreateOptions{})
|
||||||
@ -995,8 +1001,15 @@ func TestCreateOIDCClientSecretRequest_Parallel(t *testing.T) {
|
|||||||
require.Len(t, storedClientSecret.SecretHashes, ttt.wantSecretCount)
|
require.Len(t, storedClientSecret.SecretHashes, ttt.wantSecretCount)
|
||||||
|
|
||||||
for i, storedSecretHash := range storedClientSecret.SecretHashes {
|
for i, storedSecretHash := range storedClientSecret.SecretHashes {
|
||||||
require.NoErrorf(t, bcrypt.CompareHashAndPassword([]byte(storedSecretHash), []byte(cacheOfGeneratedSecrets[i])),
|
plaintextSecret := cacheOfGeneratedSecrets[i]
|
||||||
"hash %q at index %d is not the hash of secret %q at (%s)", storedSecretHash, i, cacheOfGeneratedSecrets[i])
|
// Calling bcrypt.CompareHashAndPassword is very expensive. If this loop has already called
|
||||||
|
// bcrypt.CompareHashAndPassword with the exact same inputs, then don't call it again.
|
||||||
|
mKey := memoKey{storedSecretHash: storedSecretHash, plaintextPassword: plaintextSecret}
|
||||||
|
if !memoizedBcryptHashes[mKey] {
|
||||||
|
require.NoErrorf(t, bcrypt.CompareHashAndPassword([]byte(storedSecretHash), []byte(plaintextSecret)),
|
||||||
|
"hash %q at index %d is not the hash of secret %q at (%s)", storedSecretHash, i, plaintextSecret)
|
||||||
|
memoizedBcryptHashes[mKey] = true // remember that we already successfully confirmed these params to CompareHashAndPassword
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
Loading…
Reference in New Issue
Block a user