test: add integration test with concurrent request load (#402)

fredmaggiowski · web-flow · commit ad9bfa263d07 · 2024-11-05T21:36:32.000+01:00
* test: add integration test with concurrent request load

* refactor: typo and imports

* fix: better test checks
diff --git a/go.mod b/go.mod
@@ -1,6 +1,8 @@
 module github.com/rond-authz/rond
 
-go 1.21
+go 1.22
+
+toolchain go1.23.2
 
 require (
 	github.com/davidebianchi/gswagger v0.10.0
@@ -30,6 +32,7 @@ require (
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/davidebianchi/go-jsonclient v1.5.0 // indirect
+	github.com/fredmaggiowski/gowq v0.5.0 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/ghodss/yaml v1.0.0 // indirect
 	github.com/go-ini/ini v1.67.0 // indirect
diff --git a/go.sum b/go.sum
@@ -85,6 +85,8 @@ github.com/foxcpp/go-mockdns v1.1.0 h1:jI0rD8M0wuYAxL7r/ynTrCQQq0BVqfB99Vgk7Dlme
 github.com/foxcpp/go-mockdns v1.1.0/go.mod h1:IhLeSFGed3mJIAXPH2aiRQB+kqz7oqu8ld2qVbOu7Wk=
 github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
 github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
+github.com/fredmaggiowski/gowq v0.5.0 h1:cUVA/u9pNr6qrGh8GQPHunZyRZNiTFStOKLwofABVCY=
+github.com/fredmaggiowski/gowq v0.5.0/go.mod h1:yutQQ5WPK33bokWzB6jlkRoGRo5zw2zX+aML1TvNnTg=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
 github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
diff --git a/integration_test.go b/integration_test.go
@@ -1,18 +1,23 @@
 package main
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
+	"io"
 	"net/http"
+	"net/http/httptest"
 	"os"
 	"strings"
 	"testing"
 
-	"github.com/caarlos0/env/v11"
 	"github.com/rond-authz/rond/core"
 	"github.com/rond-authz/rond/internal/config"
 	"github.com/rond-authz/rond/internal/testutils"
 	"github.com/rond-authz/rond/openapi"
+
+	"github.com/caarlos0/env/v11"
+	"github.com/fredmaggiowski/gowq"
 	"github.com/sirupsen/logrus/hooks/test"
 	"github.com/stretchr/testify/require"
 	"gopkg.in/h2non/gock.v1"
@@ -80,8 +85,187 @@ func BenchmarkStartup(b *testing.B) {
 	}
 }
 
+func TestStartupAndLoadWithConcurrentRequests(t *testing.T) {
+	log, _ := test.NewNullLogger()
+
+	tmpdir, err := os.MkdirTemp("", "rond-startup-test-")
+	require.NoError(t, err)
+
+	policies := []string{`package policies`}
+	policies = append(policies, `allow_get {
+	verb := input.request.method
+	verb == "GET"
+}`)
+	policies = append(policies, `allow_post {
+	verb := input.request.method
+	verb == "POST"
+}`)
+	policies = append(policies, generateFilterPolicy("something")) // filter_something
+	policies = append(policies, generateProjectionPolicy("data"))  // proj_data
+
+	oas := &openapi.OpenAPISpec{
+		Paths: map[string]openapi.PathVerbs{
+			"/allow-get": {
+				http.MethodGet: {
+					PermissionV2: &core.RondConfig{
+						RequestFlow: core.RequestFlow{PolicyName: "allow_get"},
+					},
+				},
+				http.MethodPost: {
+					PermissionV2: &core.RondConfig{
+						RequestFlow: core.RequestFlow{PolicyName: "allow_get"},
+					},
+				},
+			},
+			"/filter-something": {
+				http.MethodGet: {
+					PermissionV2: &core.RondConfig{
+						RequestFlow: core.RequestFlow{PolicyName: "filter_something", GenerateQuery: true},
+					},
+				},
+			},
+			"/project-data": {
+				http.MethodPost: {
+					PermissionV2: &core.RondConfig{
+						RequestFlow:  core.RequestFlow{PolicyName: "allow_post"},
+						ResponseFlow: core.ResponseFlow{PolicyName: "proj_data"},
+					},
+				},
+			},
+		},
+	}
+	oasFileName := writeOAS(t, tmpdir, oas)
+	policiesFileName := writePolicies(t, tmpdir, policies)
+
+	defer gock.Off()
+	defer gock.DisableNetworkingFilters()
+	defer gock.DisableNetworking()
+
+	gock.EnableNetworking()
+	gock.NetworkingFilter(func(r *http.Request) bool {
+		if r.URL.Host == "localhost:3050" {
+			return false
+		}
+		if r.URL.Path == "/documentation/json" && r.URL.Host == "localhost:3050" {
+			return false
+		}
+		return true
+	})
+
+	gock.New("http://localhost:3050").
+		Persist().
+		Get("/documentation/json").
+		Reply(200).
+		File(oasFileName)
+
+	gock.New("http://localhost:3050/").
+		Persist().
+		Get("/allow-get").
+		Reply(200)
+	gock.New("http://localhost:3050/").
+		Persist().
+		Get("/filter-something").
+		MatchHeader("acl_rows", `{"$or":[{"$and":[{"key":{"$eq":42}}]}]}`).
+		Reply(200)
+	gock.New("http://localhost:3050/").
+		Persist().
+		Post("/project-data").
+		Reply(200).
+		JSON([]struct {
+			Key string `json:"key"`
+		}{
+			{"k1"},
+			{"k2"},
+		})
+
+	mongoHost := os.Getenv("MONGO_HOST_CI")
+	if mongoHost == "" {
+		mongoHost = testutils.LocalhostMongoDB
+		t.Logf("Connection to localhost MongoDB, on CI env this is a problem!")
+	}
+	randomizedDBNamePart := testutils.GetRandomName(10)
+	mongoDBName := fmt.Sprintf("test-%s", randomizedDBNamePart)
+	envs, err := env.ParseAsWithOptions[config.EnvironmentVariables](env.Options{
+		Environment: map[string]string{
+			"TARGET_SERVICE_HOST":      "localhost:3050",
+			"TARGET_SERVICE_OAS_PATH":  "/documentation/json",
+			"OPA_MODULES_DIRECTORY":    policiesFileName,
+			"LOG_LEVEL":                "fatal",
+			"MONGODB_URL":              fmt.Sprintf("mongodb://%s/%s", mongoHost, mongoDBName),
+			"BINDINGS_COLLECTION_NAME": "bindings",
+			"ROLES_COLLECTION_NAME":    "roles",
+		},
+	})
+	require.NoError(t, err)
+
+	app, err := setupService(envs, log)
+	require.NoError(t, err)
+	require.True(t, <-app.sdkBootState.IsReadyChan())
+	defer app.close()
+
+	// everything is up and running, now start bombarding the webserver
+	type RequestConf struct {
+		Verb           string
+		Path           string
+		ExpectedStatus int
+		ExpectedBody   string
+	}
+	dictionary := []RequestConf{
+		{Verb: http.MethodGet, Path: "/allow-get", ExpectedStatus: http.StatusOK},
+		{Verb: http.MethodPost, Path: "/allow-get", ExpectedStatus: http.StatusForbidden},
+		{Verb: http.MethodGet, Path: "/filter-something", ExpectedStatus: http.StatusOK},
+		{Verb: http.MethodPost, Path: "/filter-something", ExpectedStatus: http.StatusNotFound},
+		{Verb: http.MethodPost, Path: "/project-data", ExpectedBody: `["k1","k2"]`, ExpectedStatus: http.StatusOK},
+		{Verb: http.MethodGet, Path: "/project-data", ExpectedStatus: http.StatusNotFound},
+	}
+
+	queue := gowq.New[RequestConf](100)
+
+	i := 0
+	for i < 100_000 {
+		d := dictionary[i%len(dictionary)]
+		i++
+		queue.Push(func(ctx context.Context) (RequestConf, error) {
+			w := httptest.NewRecorder()
+
+			req := httptest.NewRequest(d.Verb, d.Path, nil)
+			app.router.ServeHTTP(w, req)
+			require.Equal(t, d.ExpectedStatus, w.Result().StatusCode)
+
+			if d.ExpectedBody != "" {
+				data, err := io.ReadAll(w.Body)
+				require.NoError(t, err)
+				require.Equal(t, d.ExpectedBody, string(data))
+			}
+
+			return d, nil
+		})
+	}
+
+	_, errors := queue.RunAll(context.TODO())
+	require.Len(t, errors, 0)
+}
+
+func writeOAS(t require.TestingT, tmpdir string, oas *openapi.OpenAPISpec) string {
+	oasContent, err := json.Marshal(oas)
+	require.NoError(t, err)
+
+	oasFileName := fmt.Sprintf("%s/oas.json", tmpdir)
+	err = os.WriteFile(oasFileName, oasContent, 0644)
+	require.NoError(t, err)
+	return oasFileName
+}
+
+func writePolicies(t require.TestingT, tmpdir string, policies []string) string {
+	policyFileName := fmt.Sprintf("%s/policies.rego", tmpdir)
+	policiesContent := []byte(strings.Join(policies, "\n"))
+	err := os.WriteFile(policyFileName, policiesContent, 0644)
+	require.NoError(t, err)
+	return policyFileName
+}
+
 func generateAndSaveConfig(t require.TestingT, tmpdir string, numberOfPaths int) (string, string) {
-	oas := openapi.OpenAPISpec{
+	oas := &openapi.OpenAPISpec{
 		Paths: make(map[string]openapi.PathVerbs),
 	}
 	policies := []string{"package policies"}
@@ -135,17 +319,8 @@ func generateAndSaveConfig(t require.TestingT, tmpdir string, numberOfPaths int)
 		}
 	}
 
-	oasContent, err := json.Marshal(oas)
-	require.NoError(t, err)
-
-	oasFileName := fmt.Sprintf("%s/oas.json", tmpdir)
-	err = os.WriteFile(oasFileName, oasContent, 0644)
-	require.NoError(t, err)
-
-	policyFileName := fmt.Sprintf("%s/policies.rego", tmpdir)
-	policiesContent := []byte(strings.Join(policies, "\n"))
-	err = os.WriteFile(policyFileName, policiesContent, 0644)
-	require.NoError(t, err)
+	oasFileName := writeOAS(t, tmpdir, oas)
+	policyFileName := writePolicies(t, tmpdir, policies)
 
 	return oasFileName, policyFileName
 }
@@ -159,11 +334,11 @@ func generateFilterPolicy(name string) string {
 
 func generateProjectionPolicy(name string) string {
 	return fmt.Sprintf(`proj_%s [projects] {
-    projects := [projects_with_envs_filtered |
+    projects := [kept |
         project := input.response.body[_]
-        projects_with_envs_filtered := project
+		kept := project.key
     ]
-	}`, name)
+}`, name)
 }
 
 func generateAllowPolicy(name string) string {

-Original file line number
+Diff line change
@@ @@ -1,6 +1,8 @@ @@
 module github.com/rond-authz/rond
 -go 1.21
 +go 1.22
++
 +toolchain go1.23.2
 require (
 	github.com/davidebianchi/gswagger v0.10.0
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/davidebianchi/go-jsonclient v1.5.0 // indirect
 +	github.com/fredmaggiowski/gowq v0.5.0 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/ghodss/yaml v1.0.0 // indirect
 	github.com/go-ini/ini v1.67.0 // indirect