BenchmarkRBACAuthorize benchmarks the rbac.Authorize method. go test -run=^$ -bench '^BenchmarkRBACAuthorize$' -benchmem -memprofile memprofile.out -cpuprofile profile.out
(b *testing.B)
| 150 | // |
| 151 | // go test -run=^$ -bench '^BenchmarkRBACAuthorize$' -benchmem -memprofile memprofile.out -cpuprofile profile.out |
| 152 | func BenchmarkRBACAuthorize(b *testing.B) { |
| 153 | benchCases, user, orgs := benchmarkUserCases() |
| 154 | users := append([]uuid.UUID{}, |
| 155 | user, |
| 156 | uuid.MustParse("4ca78b1d-f2d2-4168-9d76-cd93b51c6c1e"), |
| 157 | uuid.MustParse("0632b012-49e0-4d70-a5b3-f4398f1dcd52"), |
| 158 | uuid.MustParse("70dbaa7a-ea9c-4f68-a781-97b08af8461d"), |
| 159 | ) |
| 160 | |
| 161 | // There is no caching that occurs because a fresh context is used for each |
| 162 | // call. And the context needs 'WithCacheCtx' to work. |
| 163 | authorizer := rbac.NewStrictCachingAuthorizer(prometheus.NewRegistry()) |
| 164 | // This benchmarks all the simple cases using just user permissions. Groups |
| 165 | // are added as noise, but do not do anything. |
| 166 | for _, c := range benchCases { |
| 167 | b.Run(c.Name, func(b *testing.B) { |
| 168 | objects := benchmarkSetup(orgs, users, b.N) |
| 169 | b.ResetTimer() |
| 170 | for i := 0; i < b.N; i++ { |
| 171 | allowed := authorizer.Authorize(context.Background(), c.Actor, policy.ActionRead, objects[b.N%len(objects)]) |
| 172 | _ = allowed |
| 173 | } |
| 174 | }) |
| 175 | } |
| 176 | } |
| 177 | |
| 178 | // BenchmarkRBACAuthorizeGroups benchmarks the rbac.Authorize method and leverages |
| 179 | // groups for authorizing rather than the permissions/roles. |
nothing calls this directly
no test coverage detected