Merge pull request #1579 from vmware-tanzu/improve_perf_oidcclientsecret_test

Improve performance of supervisor_oidcclientsecret_test.go
2023-07-14 08:26:56 -07:00 · 2023-07-14 08:26:56 -07:00 · 8648cdf8e4
commit 8648cdf8e4
parent 7e5ce4b4f3 6c65fd910e
1 changed files with 17 additions and 4 deletions
--- a/test/integration/supervisor_oidcclientsecret_test.go
+++ b/test/integration/supervisor_oidcclientsecret_test.go
@ -911,20 +911,26 @@ func TestCreateOIDCClientSecretRequest_Parallel(t *testing.T) {
 			)
 			require.NoError(t, err)
 			t.Cleanup(func() {
+				cleanupCtx, cleanupCtxCancel := context.WithTimeout(context.Background(), 3*time.Minute)
+				defer cleanupCtxCancel()
 				deleteErr := supervisorClient.ConfigV1alpha1().
-					OIDCClients(env.SupervisorNamespace).Delete(ctx, oidcClient.Name, metav1.DeleteOptions{})
+					OIDCClients(env.SupervisorNamespace).Delete(cleanupCtx, oidcClient.Name, metav1.DeleteOptions{})
 				require.NoError(t, deleteErr)
 				testlib.RequireEventually(t, func(requireEventually *require.Assertions) {
 					_, err := kubeClient.CoreV1().Secrets(oidcClient.Namespace).
-						Get(ctx, oidcclientsecretstorage.New(nil).GetName(oidcClient.UID), metav1.GetOptions{})
+						Get(cleanupCtx, oidcclientsecretstorage.New(nil).GetName(oidcClient.UID), metav1.GetOptions{})
 					requireEventually.Error(err, "deleting OIDCClient should result in deleting storage secrets")
 					requireEventually.True(k8serrors.IsNotFound(err),
 						"deleting OIDCClient should result in deleting storage secrets")
 				}, 2*time.Minute, 250*time.Millisecond)
 			})

+			type memoKey struct {
+				storedSecretHash, plaintextPassword string
+			}
 			cacheOfGeneratedSecrets := []string{}
 			hasSecretBeenGenerated := false
+			memoizedBcryptHashes := map[memoKey]bool{}
 			for n, ttt := range tt.clientSecretRequests(oidcClient.Name) {
 				clientSecretRequestResponse, err := supervisorClient.ClientsecretV1alpha1().
 					OIDCClientSecretRequests(env.SupervisorNamespace).Create(ctx, ttt.secretRequest, metav1.CreateOptions{})
@ -995,8 +1001,15 @@ func TestCreateOIDCClientSecretRequest_Parallel(t *testing.T) {
 				require.Len(t, storedClientSecret.SecretHashes, ttt.wantSecretCount)

 				for i, storedSecretHash := range storedClientSecret.SecretHashes {
-					require.NoErrorf(t, bcrypt.CompareHashAndPassword([]byte(storedSecretHash), []byte(cacheOfGeneratedSecrets[i])),
-						"hash %q at index %d is not the hash of secret %q at (%s)", storedSecretHash, i, cacheOfGeneratedSecrets[i])
+					plaintextSecret := cacheOfGeneratedSecrets[i]
+					// Calling bcrypt.CompareHashAndPassword is very expensive. If this loop has already called
+					// bcrypt.CompareHashAndPassword with the exact same inputs, then don't call it again.
+					mKey := memoKey{storedSecretHash: storedSecretHash, plaintextPassword: plaintextSecret}
+					if !memoizedBcryptHashes[mKey] {
+						require.NoErrorf(t, bcrypt.CompareHashAndPassword([]byte(storedSecretHash), []byte(plaintextSecret)),
+							"hash %q at index %d is not the hash of secret %q at (%s)", storedSecretHash, i, plaintextSecret)
+						memoizedBcryptHashes[mKey] = true // remember that we already successfully confirmed these params to CompareHashAndPassword
+					}
 				}
 			}
 		})