synced/discovery-service
1
0
Fork 0
mirror of https://github.com/siderolabs/discovery-service.git synced 2025-03-15 17:38:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
761d53a418d75438529293da808491774a5104e2
discovery-service/pkg/server/cert_test.go
Andrey Smirnov b8da986b5a fix: reduce memory allocations (logger) 
Rework the gRPC logger by using hand-rolled simple version, rework
version parsing to remove regexp matching.

The baseline (via benchmark):

```
BenchmarkViaClientSimulator-32    	    2934	    387398 ns/op	  101921 B/op	     832 allocs/op
```

The baseline + removed logging middleware:

```
BenchmarkViaClientSimulator-32    	    3543	    331166 ns/op	   73581 B/op	     543 allocs/op
```

Reworked logging middleware:

```
BenchmarkViaClientSimulator-32    	    3394	    334066 ns/op	   77985 B/op	     568 allocs/op
```

Plus reworked version parsing:

```
BenchmarkViaClientSimulator-32    	    3510	    325714 ns/op	   66215 B/op	     561 allocs/op
```

So overall, baseline to this PR:

* allocs 101921 -> 66215 B/op
* alloc ops 832 -> 561 allocs/op

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
2024-10-22 13:30:21 +04:00

98 lines
2.0 KiB
Go
Raw Blame History

// Copyright (c) 2024 Sidero Labs, Inc.
//
// Use of this software is governed by the Business Source License
// included in the LICENSE file.
package server_test
import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/tls"
"crypto/x509"
"crypto/x509/pkix"
"math/big"
"net"
"sync"
"testing"
"time"
"github.com/stretchr/testify/require"
)
var onceCert = sync.OnceValues(func() (*tls.Certificate, error) {
priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
return nil, err
}
keyUsage := x509.KeyUsageDigitalSignature
notBefore := time.Now()
notAfter := notBefore.Add(time.Hour)
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
if err != nil {
return nil, err
}
template := x509.Certificate{
SerialNumber: serialNumber,
Subject: pkix.Name{
Organization: []string{"SideroLabs Testing"},
},
NotBefore: notBefore,
NotAfter: notAfter,
KeyUsage: keyUsage,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true,
IPAddresses: []net.IP{net.IPv4(127, 0, 0, 1), net.IPv6loopback},
}
derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
if err != nil {
return nil, err
}
cert := tls.Certificate{
Certificate: [][]byte{derBytes},
PrivateKey: priv,
}
cert.Leaf, err = x509.ParseCertificate(derBytes)
if err != nil {
return nil, err
}
return &cert, nil
})
func GetServerTLSConfig(t testing.TB) *tls.Config {
t.Helper()
cert, err := onceCert()
require.NoError(t, err)
return &tls.Config{
Certificates: []tls.Certificate{*cert},
MinVersion: tls.VersionTLS12,
}
}
func GetClientTLSConfig(t testing.TB) *tls.Config {
t.Helper()
cert, err := onceCert()
require.NoError(t, err)
certPool := x509.NewCertPool()
certPool.AddCert(cert.Leaf)
return &tls.Config{
RootCAs: certPool,
MinVersion: tls.VersionTLS12,
}
}
Reference in New Issue View Git Blame Copy Permalink