(b *testing.B)
| 56 | } |
| 57 | |
| 58 | func BenchmarkRBACModelSizes(b *testing.B) { |
| 59 | cases := []struct { |
| 60 | name string |
| 61 | roles int |
| 62 | resources int |
| 63 | users int |
| 64 | }{ |
| 65 | {name: "small", roles: 100, resources: 10, users: 1000}, |
| 66 | {name: "medium", roles: 1000, resources: 100, users: 10000}, |
| 67 | {name: "large", roles: 10000, resources: 1000, users: 100000}, |
| 68 | } |
| 69 | for _, c := range cases { |
| 70 | c := c |
| 71 | |
| 72 | e, err := NewEnforcer("examples/rbac_model.conf") |
| 73 | if err != nil { |
| 74 | b.Fatal(err) |
| 75 | } |
| 76 | |
| 77 | pPolicies := make([][]string, c.roles) |
| 78 | for i := range pPolicies { |
| 79 | pPolicies[i] = []string{ |
| 80 | fmt.Sprintf("group-has-a-very-long-name-%d", i), |
| 81 | fmt.Sprintf("data-has-a-very-long-name-%d", i%c.resources), |
| 82 | "read", |
| 83 | } |
| 84 | } |
| 85 | if _, err := e.AddPolicies(pPolicies); err != nil { |
| 86 | b.Fatal(err) |
| 87 | } |
| 88 | |
| 89 | gPolicies := make([][]string, c.users) |
| 90 | for i := range gPolicies { |
| 91 | gPolicies[i] = []string{ |
| 92 | fmt.Sprintf("user-has-a-very-long-name-%d", i), |
| 93 | fmt.Sprintf("group-has-a-very-long-name-%d", i%c.roles), |
| 94 | } |
| 95 | } |
| 96 | if _, err := e.AddGroupingPolicies(gPolicies); err != nil { |
| 97 | b.Fatal(err) |
| 98 | } |
| 99 | |
| 100 | // Set up enforcements, alternating between things a user can access |
| 101 | // and things they cannot. Use 17 tests so that we get a variety of users |
| 102 | // and roles rather than always landing on a multiple of 2/10/whatever. |
| 103 | enforcements := make([][]interface{}, 17) |
| 104 | for i := range enforcements { |
| 105 | userNum := (c.users / len(enforcements)) * i |
| 106 | roleNum := userNum % c.roles |
| 107 | resourceNum := roleNum % c.resources |
| 108 | if i%2 == 0 { |
| 109 | resourceNum += 1 |
| 110 | resourceNum %= c.resources |
| 111 | } |
| 112 | enforcements[i] = []interface{}{ |
| 113 | fmt.Sprintf("user-has-a-very-long-name-%d", userNum), |
| 114 | fmt.Sprintf("data-has-a-very-long-name-%d", resourceNum), |
| 115 | "read", |
nothing calls this directly
no test coverage detected
searching dependent graphs…