From daa8a0730e611bb2ad943ae09298d152b0b1cd9f Mon Sep 17 00:00:00 2001
From: Alexander Yastrebov <alexander.yastrebov@zalando.de>
Date: Sat, 9 Dec 2023 14:53:19 +0100
Subject: [PATCH] filters/auth: add tokeninfo scope check benchmark

Signed-off-by: Alexander Yastrebov <alexander.yastrebov@zalando.de>
---
 filters/auth/tokeninfo_test.go | 55 +++++++++++++++++++++++++++++++++-
 1 file changed, 54 insertions(+), 1 deletion(-)

diff --git a/filters/auth/tokeninfo_test.go b/filters/auth/tokeninfo_test.go
index 2f402c331c..7148eadb59 100644
--- a/filters/auth/tokeninfo_test.go
+++ b/filters/auth/tokeninfo_test.go
@@ -13,6 +13,7 @@ import (
 	"github.com/stretchr/testify/require"
 	"github.com/zalando/skipper/eskip"
 	"github.com/zalando/skipper/filters"
+	"github.com/zalando/skipper/filters/filtertest"
 	"github.com/zalando/skipper/proxy/proxytest"
 )
 
@@ -463,7 +464,7 @@ func TestOAuth2Tokeninfo5xx(t *testing.T) {
 	require.Equal(t, http.StatusUnauthorized, rsp.StatusCode, "auth filter failed got=%d, expected=%d, route=%s", rsp.StatusCode, http.StatusUnauthorized, r)
 }
 
-func BenchmarkOAuthTokeninfoFilter(b *testing.B) {
+func BenchmarkOAuthTokeninfoCreateFilter(b *testing.B) {
 	for i := 0; i < b.N; i++ {
 		var spec filters.Spec
 		args := []interface{}{"uid"}
@@ -475,3 +476,55 @@ func BenchmarkOAuthTokeninfoFilter(b *testing.B) {
 		}
 	}
 }
+
+func BenchmarkOAuthTokeninfoRequest(b *testing.B) {
+	b.Run("oauthTokeninfoAllScope", func(b *testing.B) {
+		spec := NewOAuthTokeninfoAllScope("https://127.0.0.1:12345/token", 3*time.Second)
+		f, err := spec.CreateFilter([]interface{}{"foobar.read", "foobar.write"})
+		require.NoError(b, err)
+
+		ctx := &filtertest.Context{
+			FStateBag: map[string]interface{}{
+				tokeninfoCacheKey: map[string]interface{}{
+					scopeKey: []interface{}{"uid", "foobar.read", "foobar.write"},
+				},
+			},
+			FResponse: &http.Response{},
+		}
+
+		f.Request(ctx)
+		require.False(b, ctx.FServed)
+
+		b.ResetTimer()
+		b.ReportAllocs()
+
+		for i := 0; i < b.N; i++ {
+			f.Request(ctx)
+		}
+	})
+
+	b.Run("oauthTokeninfoAnyScope", func(b *testing.B) {
+		spec := NewOAuthTokeninfoAnyScope("https://127.0.0.1:12345/token", 3*time.Second)
+		f, err := spec.CreateFilter([]interface{}{"foobar.read", "foobar.write"})
+		require.NoError(b, err)
+
+		ctx := &filtertest.Context{
+			FStateBag: map[string]interface{}{
+				tokeninfoCacheKey: map[string]interface{}{
+					scopeKey: []interface{}{"uid", "foobar.write", "foobar.exec"},
+				},
+			},
+			FResponse: &http.Response{},
+		}
+
+		f.Request(ctx)
+		require.False(b, ctx.FServed)
+
+		b.ResetTimer()
+		b.ReportAllocs()
+
+		for i := 0; i < b.N; i++ {
+			f.Request(ctx)
+		}
+	})
+}