Expand benchmarks (#136)

Author: giarc3

benchmarks/README.md

@@ -4,45 +4,53 @@ This directory contains a benchmark suite for the Java version of the Tenant Sec
 To build and run the benchmark, just execute the following commands in this directory:
 
 To show single threaded latency of a roundtrip (encrypt/decrypt):
+
 ```
 mvn clean install
-java -Xms1024m -Xmx1024m -jar target/benchmarks.jar -f0 -wi 1
+java -Xms1024m -Xmx1024m -jar target/benchmarks.jar -f 0 -wi 1
 ```
 
-A variation that will show throughput using key leasing:
+A variation that will show throughput instead:
+
 ```
 mvn clean install
-TENANT_ID=tenant-gcp-l java -Xms1024m -Xmx1024m -jar target/benchmarks.jar -f 0 -wi 1 -bm thrpt -tu s
+java -Xms1024m -Xmx1024m -jar target/benchmarks.jar -f 0 -wi 1 -bm thrpt -tu s
 ```
 
 You have to benchmark an actual version of the TSC, though this can be a `SNAPSHOT` version published locally.
 Update the `pom.xml` to whatever version you'd like to test.
 
-
 ## Tenant Security Proxy
 
 In order to run the benchmarks, the TSC needs to connect to a _Tenant Security Proxy (TSP)_.
 This service is provided as a Docker container, so it is easy to run the proxy on any computer that has Docker
 installed. IronCore Labs hosts the Docker container on a publicly accessible container registry, so you can pull
 the image from there and run it locally.
 
-The TSP has a companion Docker container, the _Tenant Security Logdriver_ (LD) that runs alongside it in your environment. It is also hosted on the same publicly accessible container registry.
-
-
 In addition to the Docker containers, you need a configuration file that specifies how the TSP should communicate
 with the IronCore Labs Configuration Broker and Data Control Platform, which work together to enable the end-to-end
 encryption that keeps all of the tenant KMS configuration information secure. To simplify the process of running
 these examples, we have created a demo vendor and tenants that you can use for the examples; all the necessary
 configuration information is included in the [demo-tsp.conf](demo-tsp.conf) file in this directory.
+
 **NOTE:** Normally, the file containing the configuration would be generated by the vendor and loaded into a
 Kubernetes secret or similar mechanism for securely loading the configuration into the docker container. We
 have included this configuration in the repository as a convenience. Also note that these accounts are all
 created in IronCore's staging infrastructure.
 
-The following `docker-compose` command will get a TSP+LD running on your computer with the provided configuration:
+Production TSPs will often be accompanied by one or more
+[Tenant Security Logdriver](https://ironcorelabs.com/docs/saas-shield/tenant-security-logdriver/overview/) instances.
+Because the purpose of this benchmark is to demonstrate the capabilities of the Tenant Security _Client_, we have chosen to not include
+Logdriver in it. If you wish to modify the Docker Compose file to include Logdriver, be sure to consult its
+[Deployment](https://ironcorelabs.com/docs/saas-shield/tenant-security-logdriver/deployment/) page to learn how to properly configure it
+based on the resources you have available.
+
+The following `docker compose` command will get a TSP running on your computer with the provided configuration:
+
 ```
-docker-compose -f docker-compose.yml up
+docker compose up
 ```
+
 This starts the TSP locally listening on port 32804. The benchmark expects to connect to the TSP at that address.
 
 To connect with and use the TSP, you need to supply a couple more configuration values:
@@ -66,7 +74,7 @@ There are six tenants defined; their IDs are the following:
 
 The last three are similar to the first three, but they have _key leasing_ enabled.
 
-By default, the benchmark will use the `tenant-gcp` tenant. If you would like to experiment with a different tenant, just do:
+By default, the benchmark will use the `tenant-gcp-l` tenant. If you would like to experiment with a different tenant, just do:
 
 ```bash
 export TENANT_ID=<select tenant ID>
@@ -78,6 +86,6 @@ before running the benchmark.
 
 Since TSC-java is a library that interacts with a back-end service (TSP), the benchmark results are not always straightforward to interpret. Most API calls in the TSC make a round-trip to the TSP, and the TSP also does some computation. If testing on a single machine, it is good to monitor the CPU/RAM usage of the TSP processes in addition to the Java benchmark process to make sure you aren't resource constrained.
 
-In general, operation latency is a function of latency to the TSP + latency to the tenant's KMS (if key-leasing is disabled). 
+In general, operation latency is a function of latency to the TSP + latency to the tenant's KMS (if key-leasing is disabled).
 
-The TSP's tenant logging mechanism has some tunable limits. By default, a TSP should be able to sustain 500 ops/sec/tenant, with the ability to burst higher for a limited time. The benchmark is using a single tenant, and (depending on your machine and benchmark config) can easily be executing a few thousand ops/sec. If you run a benchmark long enough you will overwhelm the TSP. In a real application, you would scale-out the TSP at this point. See [the TSP documentation](https://ironcorelabs.com/docs/saas-shield/tenant-security-proxy/overview/) for more details.
+The TSP's tenant logging mechanism has some tunable limits. By default, a TSP should be able to sustain 500 ops/sec/tenant, with the ability to burst higher for a limited time. The benchmark is using a single tenant, and (depending on your machine and benchmark config) can easily be executing a few thousand ops/sec. If you run a benchmark long enough you will overwhelm the TSP. In a real application, you would scale-out the TSP at this point. See [the TSP documentation](https://ironcorelabs.com/docs/saas-shield/tenant-security-proxy/deployment/) for more details.

benchmarks/demo-tsp.conf

@@ -5,4 +5,5 @@ SERVICE_SIGNING_PRIVATE_KEY=9lAJ3a1Cb4xTL9jD/qdt53pBSG6m9ZNWWFs2WsMN2Mpp+huxRRRM
 SERVICE_SEGMENT_ID=698
 API_KEY=0WUaXesNgbTAuLwn
 IRONCORE_ENV=stage
-RUST_LOG=info
+RUST_LOG=warn
+TSP_ENABLE_LOGDRIVER_INTEGRATION=false

benchmarks/docker-compose.yml

@@ -1,4 +1,3 @@
-version: "3.3"
 services:
   tenant-security-proxy:
     env_file:
@@ -7,17 +6,3 @@ services:
       - 32804:7777
       - 32805:9000
     image: gcr.io/ironcore-images/tenant-security-proxy:4
-    links:
-      - tenant-security-logdriver
-  tenant-security-logdriver:
-    environment:
-      - LOGDRIVER_EVENT_PRODUCER_URL=tcp://tenant-security-proxy:5555
-    env_file:
-      - ./demo-tsp.conf
-    ports:
-      - 32806:9001
-    image: gcr.io/ironcore-images/tenant-security-logdriver:4
-    volumes:
-      - type: bind
-        source: /tmp
-        target: /logdriver

benchmarks/pom.xml

@@ -1,124 +1,88 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-    <modelVersion>4.0.0</modelVersion>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
 
-    <groupId>com.ironcorelabs</groupId>
-    <artifactId>benchmarks</artifactId>
-    <version>1.0</version>
-    <packaging>jar</packaging>
+  <groupId>com.ironcorelabs</groupId>
+  <artifactId>benchmarks</artifactId>
+  <version>1.0</version>
+  <packaging>jar</packaging>
 
-    <name>Tenant Security Proxy Benchmarks</name>
+  <name>Tenant Security Proxy Benchmarks</name>
 
-    <dependencies>
-        <dependency>
-            <groupId>org.openjdk.jmh</groupId>
-            <artifactId>jmh-core</artifactId>
-            <version>${jmh.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.openjdk.jmh</groupId>
-            <artifactId>jmh-generator-annprocess</artifactId>
-            <version>${jmh.version}</version>
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>com.ironcorelabs</groupId>
-            <artifactId>tenant-security-java</artifactId>
-            <version>4.0.0</version>
-        </dependency>
-    </dependencies>
+  <dependencies>
+    <dependency>
+      <groupId>org.openjdk.jmh</groupId>
+      <artifactId>jmh-core</artifactId>
+      <version>${jmh.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.openjdk.jmh</groupId>
+      <artifactId>jmh-generator-annprocess</artifactId>
+      <version>${jmh.version}</version>
+      <scope>provided</scope>
+    </dependency>
+    <dependency>
+      <groupId>com.ironcorelabs</groupId>
+      <artifactId>tenant-security-java</artifactId>
+      <version>7.2.0</version>
+    </dependency>
+  </dependencies>
 
-    <properties>
-        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <jmh.version>1.23</jmh.version>
-        <javac.target>1.8</javac.target>
-        <uberjar.name>benchmarks</uberjar.name>
-    </properties>
+  <properties>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    <jmh.version>1.37</jmh.version>
+    <javac.target>17</javac.target>
+    <uberjar.name>benchmarks</uberjar.name>
+  </properties>
 
-    <build>
-        <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.8.0</version>
-                <configuration>
-                    <compilerVersion>${javac.target}</compilerVersion>
-                    <source>${javac.target}</source>
-                    <target>${javac.target}</target>
-                </configuration>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-shade-plugin</artifactId>
-                <version>3.2.1</version>
-                <executions>
-                    <execution>
-                        <phase>package</phase>
-                        <goals>
-                            <goal>shade</goal>
-                        </goals>
-                        <configuration>
-                            <finalName>${uberjar.name}</finalName>
-                            <transformers>
-                                <transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
-                                    <mainClass>org.openjdk.jmh.Main</mainClass>
-                                </transformer>
-                                <transformer implementation="org.apache.maven.plugins.shade.resource.ServicesResourceTransformer" />
-                            </transformers>
-                            <filters>
-                                <filter>
-                                    <artifact>*:*</artifact>
-                                    <excludes>
-                                        <exclude>META-INF/*.SF</exclude>
-                                        <exclude>META-INF/*.DSA</exclude>
-                                        <exclude>META-INF/*.RSA</exclude>
-                                    </excludes>
-                                </filter>
-                            </filters>
-                        </configuration>
-                    </execution>
-                </executions>
-            </plugin>
-        </plugins>
-        <pluginManagement>
-            <plugins>
-                <plugin>
-                    <artifactId>maven-clean-plugin</artifactId>
-                    <version>2.5</version>
-                </plugin>
-                <plugin>
-                    <artifactId>maven-deploy-plugin</artifactId>
-                    <version>2.8.1</version>
-                </plugin>
-                <plugin>
-                    <artifactId>maven-install-plugin</artifactId>
-                    <version>2.5.1</version>
-                </plugin>
-                <plugin>
-                    <artifactId>maven-jar-plugin</artifactId>
-                    <version>2.4</version>
-                </plugin>
-                <plugin>
-                    <artifactId>maven-javadoc-plugin</artifactId>
-                    <version>2.9.1</version>
-                </plugin>
-                <plugin>
-                    <artifactId>maven-resources-plugin</artifactId>
-                    <version>2.6</version>
-                </plugin>
-                <plugin>
-                    <artifactId>maven-site-plugin</artifactId>
-                    <version>3.3</version>
-                </plugin>
-                <plugin>
-                    <artifactId>maven-source-plugin</artifactId>
-                    <version>2.2.1</version>
-                </plugin>
-                <plugin>
-                    <artifactId>maven-surefire-plugin</artifactId>
-                    <version>2.17</version>
-                </plugin>
-            </plugins>
-        </pluginManagement>
-    </build>
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-compiler-plugin</artifactId>
+        <version>3.13.0</version>
+        <configuration>
+          <compilerVersion>${javac.target}</compilerVersion>
+          <source>${javac.target}</source>
+          <target>${javac.target}</target>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-shade-plugin</artifactId>
+        <version>3.5.2</version>
+        <executions>
+          <execution>
+            <phase>package</phase>
+            <goals>
+              <goal>shade</goal>
+            </goals>
+            <configuration>
+              <finalName>${uberjar.name}</finalName>
+              <transformers>
+                <transformer
+                  implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
+                  <mainClass>org.openjdk.jmh.Main</mainClass>
+                </transformer>
+                <transformer
+                  implementation="org.apache.maven.plugins.shade.resource.ServicesResourceTransformer" />
+              </transformers>
+              <filters>
+                <filter>
+                  <artifact>*:*</artifact>
+                  <excludes>
+                    <exclude>META-INF/*.SF</exclude>
+                    <exclude>META-INF/*.DSA</exclude>
+                    <exclude>META-INF/*.RSA</exclude>
+                  </excludes>
+                </filter>
+              </filters>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
 
 </project>