This repo contains load tests you can run against any FusionAuth instance.
You will need a working FusionAuth instance. If you want to run load tests, you have probably already figured this part out.
- Go to
https://[your.fusionauth.url]/admin/api-key. - Click the green + button to create a new API Key.
- On the Add API Key screen, don't modify or input any values, just click the Save icon.
- You should now see your API key. Click on the Key name to reveal the key.
Run the setup.sh script to create the FusionAuth Application required for the load tests.
All parameters are optional and will default to values used by FusionAuth's internal development team. If you're not on our development team (and maybe even if you are, if you're not running FusionAuth locally, or not using default values) you'll have to pass in at least --url and --key:
./setup.sh --url https://[your.fusionauth.url] --key [your-api-key]
Default tenant Id is different from what the script expects, you may get a 400 response code when running the script. In this case, get the Id from your Default tenant and pass that in with the --tenant flag.
If the script was successful, you should see a new FusionAuthLoadTesting Application in your FusionAuth instance's Admin portal.
The setup script will configure two common tests for you, User-Registrations and User-Logins. If you want to run other tests, you'll need to modify them with your authentication data.
Check the test JSON files in src/main/resources. Update each JSON file you want to use with your URL, api key, and tenant Id value as needed.
You may also wish to adjust the load test run by modifying the loopCount and workerCount values.
To test user registrations with less CPU load, you can change the factor value in User-Registrations. The default of 24000 is meant to mimic an actual user registration. You can turn that down as low as 1 to allow for faster registrations with less CPU load. This can be useful if you need to hit the database hard without being constrained by CPU.
If you want to run the load tests against a specific Tenant, Application, or User, you can modify the JSON files in src/main/resources to include the tenantId, applicationId values. This is the legacy configuration in User-Registrations.json and User-Logins.json.
If you want to run load tests against a set of users divided amongst applications and tenants, then don't set a specific applicationId and tenantId. Instead, setting the applicationCount and tenantCount values will allow you to create a set of users that are divided amongst the specified number of applications and tenants following these steps:
- Run
Create-Tenants.jsonto create the desired number of tenants. - Run
Create-Applications.jsonwithtenantCountset to create the desired number of applications distributed across the tenants. - Run
User-Registrations-MultiTenant.jsonwithapplicationCountandtenantCountset to create the desired number of users distributed across the applications and tenants.
The names of tenants, applications, and users will be of the formats: tenant_{n}, application_{n}, and load_user_[n]@fusionauth.io, where [n] is a decimal number starting from 1.
The UUIDs are hexadecimal and follow a 1-based index modulus pattern so we can deterministically determine which tenantId and applicationId to provide. An example set of users with 10 tenants, 1000 applications, and 10,000 users would produce entries like this:
| User Email | Application Id | Tenant Id |
|---|---|---|
| [email protected] | 00000000-0000-0001-0000-00000001 | 00000000-0000-0000-0000-00000001 |
| [email protected] | 00000000-0000-0001-0000-00000002 | 00000000-0000-0000-0000-00000002 |
| [email protected] | 00000000-0000-0001-0000-00000003 | 00000000-0000-0000-0000-00000003 |
| ... | ||
| [email protected] | 00000000-0000-0001-0000-00000009 | 00000000-0000-0000-0000-00000009 |
| [email protected] | 00000000-0000-0001-0000-0000000a | 00000000-0000-0000-0000-0000000a |
| [email protected] | 00000000-0000-0001-0000-0000000b | 00000000-0000-0000-0000-00000001 |
| ... | ||
| [email protected] | 00000000-0000-0001-0000-00000063 | 00000000-0000-0000-0000-00000009 |
| [email protected] | 00000000-0000-0001-0000-00000064 | 00000000-0000-0000-0000-0000000a |
| ... | ||
| [email protected] | 00000000-0000-0001-0000-000003e8 | 00000000-0000-0000-0000-0000000a |
| [email protected] | 00000000-0000-0001-0000-00000001 | 00000000-0000-0000-0000-00000001 |
| ... |
The User-Logins-MultiTenant.json configuration will test the login endpoint with these users.
The setup script will build the tests for you. However, if you've made changes and need to rebuild, run sb int.
You can also start from scratch and wipe the build directory with sb clean.
See Installing Savant below if you do not have Savant installed.
Before you can log users in, you need to create users.
To create users, run the User-Registrations test:
cd build/dist
# optionally run ./set-url-host.sh <new_host> to change the host in the JSON files
./load-test.sh User-Registrations.json
Now that you have users, you can run the User-Logins test:
cd build/dist
./load-test.sh User-Logins.json
The load test spins up individual Worker threads as specified in the configuration file. Each Worker synchronously makes repeated API requests. If your request latency is high (e.g., running a remote instance), this can limit your maximum potential throughput. Increasing the number of worker threads alleviates this (unless you hit local system limitations).
For example, if the request latency is 250 ms and you have 10 worker threads, you'll have a max throughput of 40 requests per second. Increasing the number of worker threads to 100 increases the max throughput to 400 requests per second.
If your load test created a Tenant, delete the Tenant it created.
If your load test only created an Application under the Default Tenant, delete the FusionAuthLoadTesting Application to delete the users created by this load test.
Feel free to review how the test harness is configured using the JSON DSL. You can add more workers, and worker directives if you like. If you make something cool, feel free to submit a PR.
If you want to dig into the code further, the FusionAuthWorkerFactory is what takes a directive from the Foreman and builds a worker to satisfy the directive.
This project uses the Savant build tool.
To install Savant, follow these instructions:
mkdir ~/savant
cd ~/savant
wget http://savant.inversoft.org/org/savantbuild/savant-core/2.0.0/savant-2.0.0.tar.gz
tar xvfz savant-2.0.0.tar.gz
ln -s ./savant-2.0.0 current
export PATH=$PATH:~/savant/current/bin/