Test unreachable JWKS URIs#1099
Conversation
Signed-off-by: Juan Cruz Viotti <jv@jviotti.com>
🤖 Augment PR SummarySummary: This PR extends the auth-path enterprise E2E suite to cover JWT policies whose OIDC discovery/JWKS endpoints are unreachable. Changes:
Technical Notes: The new scenario exercises the server’s fail-closed behavior when issuer discovery cannot be performed. 🤖 Was this summary useful? React with 👍 or 👎 |
| "type": "jwt", | ||
| "name": "unreachable", | ||
| "paths": [ "/unreachable" ], | ||
| "issuer": "https://unreachable.example.invalid", |
There was a problem hiding this comment.
This issuer is intentionally unreachable, but it will still trigger a real OIDC discovery HTTP fetch on the first request to /unreachable (and discovery failures aren’t cached), so this can add up to the full JWKS fetcher timeout per request and potentially slow/flake the e2e run.
Severity: low
🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.
There was a problem hiding this comment.
Benchmark Index (community)
Details
| Benchmark suite | Current: 4d0651b | Previous: 0d9e3be | Ratio |
|---|---|---|---|
Add one schema (0 existing) |
435 ms |
361 ms |
1.20 |
Add one schema (100 existing) |
32 ms |
23 ms |
1.39 |
Add one schema (1000 existing) |
92 ms |
71 ms |
1.30 |
Add one schema (10000 existing) |
826 ms |
592 ms |
1.40 |
Update one schema (1 existing) |
25 ms |
17 ms |
1.47 |
Update one schema (101 existing) |
32 ms |
26 ms |
1.23 |
Update one schema (1001 existing) |
93 ms |
73 ms |
1.27 |
Update one schema (10001 existing) |
802 ms |
605 ms |
1.33 |
Cached rebuild (1 existing) |
8 ms |
4 ms |
2 |
Cached rebuild (101 existing) |
10 ms |
6 ms |
1.67 |
Cached rebuild (1001 existing) |
33 ms |
19 ms |
1.74 |
Cached rebuild (10001 existing) |
299 ms |
168 ms |
1.78 |
Index 100 schemas |
699 ms |
630 ms |
1.11 |
Index 1000 schemas |
1661 ms |
1369 ms |
1.21 |
Index 10000 schemas |
13946 ms |
12029 ms |
1.16 |
Index 10000 schemas (custom meta-schema) |
16827 ms |
14432 ms |
1.17 |
Index 10000 schemas ($ref fan-out) |
17434 ms |
14404 ms |
1.21 |
This comment was automatically generated by workflow using github-action-benchmark.
There was a problem hiding this comment.
Benchmark Index (enterprise)
Details
| Benchmark suite | Current: 4d0651b | Previous: 0d9e3be | Ratio |
|---|---|---|---|
Add one schema (0 existing) |
527 ms |
534 ms |
0.99 |
Add one schema (100 existing) |
106 ms |
105 ms |
1.01 |
Add one schema (1000 existing) |
159 ms |
156 ms |
1.02 |
Add one schema (10000 existing) |
743 ms |
760 ms |
0.98 |
Update one schema (1 existing) |
98 ms |
98 ms |
1 |
Update one schema (101 existing) |
103 ms |
102 ms |
1.01 |
Update one schema (1001 existing) |
157 ms |
155 ms |
1.01 |
Update one schema (10001 existing) |
745 ms |
788 ms |
0.95 |
Cached rebuild (1 existing) |
8 ms |
8 ms |
1 |
Cached rebuild (101 existing) |
10 ms |
10 ms |
1 |
Cached rebuild (1001 existing) |
31 ms |
31 ms |
1 |
Cached rebuild (10001 existing) |
256 ms |
264 ms |
0.97 |
Index 100 schemas |
640 ms |
780 ms |
0.82 |
Index 1000 schemas |
1759 ms |
1740 ms |
1.01 |
Index 10000 schemas |
14337 ms |
14938 ms |
0.96 |
Index 10000 schemas (custom meta-schema) |
17358 ms |
17206 ms |
1.01 |
Index 10000 schemas ($ref fan-out) |
17723 ms |
17331 ms |
1.02 |
This comment was automatically generated by workflow using github-action-benchmark.
Signed-off-by: Juan Cruz Viotti jv@jviotti.com