trustify loadtest

A set of simple goose load tests against the web and rest endpoints.

quickstart

1. Ensure trustify is running.

2. Set environment variables for OIDC authentication:

   export ISSUER_URL = "http://localhost:8090/realms/trustify"
   export CLIENT_ID = "testing-user"
   export CLIENT_SECRET = "****************"

   If you're using the devmode auth settings, you can use:

   export ISSUER_URL = "http://localhost:8090/realms/trustify"
   export CLIENT_ID = "testing-user"
   export CLIENT_SECRET = "R8A6KFeyxJsMDBhjfHbpZTIF0GWt43HP"

   Or prefix calls with:

   env ISSUER_URL="http://localhost:8090/realms/trustify" CLIENT_ID="testing-user" CLIENT_SECRET="R8A6KFeyxJsMDBhjfHbpZTIF0GWt43HP"

   To change wait times between http invokes set the following env vars:

   export WAIT_TIME_FROM = 1
   export WAIT_TIME_TO =  2

   Alternately, for no wait times between http invokes set these env vars to 0.

3. To load trustify endpoints with 3 concurrent users.

   cargo run --release --bin loadtest -- --host http://localhost:8080 -u 3

   To stop load test hit [ctl-C], which should generate aggregate statistics.

   To load trustify endpoints against 10 concurrent users, generating an html report.

   cargo run --release -- --host http://localhost:8080  --report-file=report.html --no-reset-metrics -u 10

4. More goose run-time options here

Using an existing database dump

You can either create a database dump using the following command in the trustify repository:

cargo run --bin xtask generate-dump

Or, download one from the S3 bucket. e.g.: https://trustify-dumps.s3.eu-west-1.amazonaws.com/20250314T010452Z/dump.sql.gz

Then, add the dump to the compose startup trustify/etc/deploy/compose/compose.yaml (in the trustify repository):

    volumes:
      - /dump_path_here/dump.sql.gz:/docker-entrypoint-initdb.d/dump.sql.gz:Z

Start Postgres like you normally would do:

podman-compose -f etc/deploy/compose/compose.yaml up

Scenario files

Some tests require a single document, like an SBOM. This information can be provided using a "scenario" file, using the environment variable SCENARIO_FILE. All fields are mandatory, though it is possible to disable tests by providing a null, value:

{
  "disable_me": null,
}

If the scenario file is not being provided, the scale tests will try to auto-evaluate candidate documents. However, this is not reproducible, and should only be used for local testing.

It is possible to generate the content for a scenario file by setting the environment variable GENERATE_SCENARIO=true:

env GENERATE_SCENARIO=true DATABASE_URL=postgresql://postgres:trustify@localhost:5432/trustify cargo run --release 

Request timeouts

To prevent calls from failing due to timeouts, it is possible to use REQUEST_TIMEOUT with a humantime format (1s, 1m = "60 seconds"). The default is 5m.

Memory profiling with heaptrack

• Install heaptrack

sudo dnf install heaptrack

• Use a database dump

• Change trustify/Cargo.toml

  • Add the following:

[profile.release]
debug = true

• Clean and build with --release

cargo clean ; cargo build --release

• Open a terminal and start trustify with heaptrack and graphql feature

cd target/release/
TRUSTD_WITH_GRAPHQL=true heaptrack ./trustd api --db-password eggs --devmode --auth-disabled

• Run loadtest

• Stop loadtest and trustify, and heaptrack will show the results