feat(performance): Refactoring and tracing

[dagfinno]

Added more users to testdata, from 70 to 2799.
Output 50 slowest requests
Improve tracing

Description

Related Issue(s)

• Make performance tests for create dialog and simple search #1326

Verification

• Your code builds clean without any errors or warnings
• Manual testing done (required)
• Relevant automated test added (if you find this hard, leave it and we'll help out)

Documentation

• Documentation is updated (either in docs-directory, Altinnpedia or a separate linked PR in altinn-studio-docs., if applicable)

Summary by CodeRabbit

• New Features

  • Enhanced performance testing scripts with tracing capabilities for various functions, including dialog creation and search operations.
  • Introduced environment-based configurations for single-user and multi-user modes.

• Bug Fixes

  • Improved error handling for scenarios with missing end users or service owners.

• Documentation

  • Updated comments and function signatures for clarity and maintainability.

[coderabbitai]

Caution

Review failed

The pull request is closed.

📝 Walkthrough

📝 Walkthrough

Walkthrough

The pull request introduces modifications to several K6 performance test scripts and workflow configurations. Key changes include the addition of tracing capabilities through new parameters and constants, such as traceCalls and isSingleUserMode. The workflow for K6 performance testing has been updated to output results to a CSV file and process it for HTTP request duration data. Various functions across different test scripts have been updated to utilize these new parameters, enhancing the flexibility and configurability of the performance tests.

Changes

File Path	Change Summary
.github/workflows/workflow-run-k6-performance.yml	Added output specification --out csv=./results.csv for K6 command; introduced command to process CSV output for HTTP request duration.
tests/k6/tests/enduser/performance/enduser-search.js	Added constants isSingleUserMode and traceCalls; updated enduserSearch function calls to include traceCalls parameter based on user mode.
tests/k6/tests/graphql/performance/graphql-search.js	Added constants isSingleUserMode and traceCalls; updated graphqlSearch function calls to include traceCalls parameter based on user mode.
tests/k6/tests/performancetest_common/createDialog.js	Updated createDialog and createAndRemoveDialog functions to accept traceCalls parameter for conditional tracing information.
tests/k6/tests/performancetest_common/simpleSearch.js	Introduced log function; updated enduserSearch, graphqlSearch, and serviceownerSearch to accept traceCalls parameter for tracing functionality.
tests/k6/tests/serviceowner/performance/create-dialog.js	Added constants isSingleUserMode and traceCalls; updated createDialog function calls to include traceCalls parameter.
tests/k6/tests/serviceowner/performance/create-remove-dialog.js	Added constants isSingleUserMode and traceCalls; updated createAndRemoveDialog function calls to include traceCalls parameter.
tests/k6/tests/serviceowner/performance/purge-dialogs.js	Introduced traceCalls constant; updated tracing logic in getDialogs and purgeDialogs functions to include traceparent in requests.
tests/k6/tests/serviceowner/performance/serviceowner-search.js	Renamed endUsersWithTokens to endUsers; added isSingleUserMode and traceCalls constants; updated search logic to utilize new constants.

Possibly related PRs

• fix: avoid crash if testdata file is empty #1403: Enhances error handling in performance tests, aligning with the main PR's focus on K6 performance testing.
• feat(performance): Performance/create serviceowner search #1413: Introduces performance testing for service owner searches, directly relating to the main PR's focus on K6 performance tests.
• feat(performance): create a k6 purge script to run after creating dialogs #1435: Adds a purge script for dialogs, aligning with the main PR's focus on performance testing and cleanup processes.
• feat(performance): Expands search for serviceowners, improved tracing and logging #1439: Expands search functionality for service owners and improves tracing and logging, relating to the main PR's focus on performance testing.

Suggested reviewers

• arealmaas

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (17)

tests/k6/tests/enduser/performance/enduser-search.js (1)

5-6: Consider adding input validation for environment variables

The environment variable parsing is functional but could be more robust. Consider adding explicit validation and documentation.

+// Environment configuration
+// __ENV.isSingleUserMode: 'true' | 'false' - Controls whether to test with single or multiple users
+// __ENV.traceCalls: 'true' | 'false' - Controls whether to enable tracing for performance analysis
+
-const isSingleUserMode = (__ENV.isSingleUserMode ?? 'false') === 'true';
-const traceCalls = (__ENV.traceCalls ?? 'false') === 'true';
+const isSingleUserMode = validateBooleanEnv('isSingleUserMode');
+const traceCalls = validateBooleanEnv('traceCalls');
+
+function validateBooleanEnv(name) {
+    const value = __ENV[name] ?? 'false';
+    if (value !== 'true' && value !== 'false') {
+        throw new Error(`Invalid value for ${name}. Expected 'true' or 'false', got '${value}'`);
+    }
+    return value === 'true';
+}

tests/k6/tests/serviceowner/performance/create-dialog.js (2)

15-16: Add JSDoc comments to document the new configuration flags.

While the implementation is correct, these configuration flags would benefit from documentation explaining their purpose and impact on the test execution.

Consider adding JSDoc comments and slightly refactoring:

+/**
+ * Determines if the test should run in single user mode.
+ * When true, only tests with the first service owner and end user.
+ * @type {boolean}
+ */
 const isSingleUserMode = (__ENV.isSingleUserMode ?? 'false') === 'true';
+
+/**
+ * Enables tracing of API calls during test execution.
+ * When true, includes additional tracing parameters in requests.
+ * @type {boolean}
+ */
 const traceCalls = (__ENV.traceCalls ?? 'false') === 'true';

---

30-33: Consider parallel execution and discuss test characteristics change.

The current changes have two implications:

1. Using a single serviceOwner for all iterations is more efficient but differs from the previous random selection behavior. This changes the test characteristics and might not reflect real-world usage patterns as accurately.
2. Sequential execution might not stress test the system sufficiently for performance testing.

Consider these improvements:

1. Add a comment explaining the reasoning behind removing randomization
2. Consider using K6's parallel execution features for better performance testing:

// Example using batch requests
const BATCH_SIZE = 10;
let serviceOwner = randomItem(serviceOwners);
for (let i = 0; i < endUsers.length; i += BATCH_SIZE) {
    let batch = endUsers.slice(i, i + BATCH_SIZE);
    batch.forEach(endUser => {
        createDialog(serviceOwner, endUser, traceCalls);
    });
}

tests/k6/tests/serviceowner/performance/create-remove-dialog.js (2)

10-11: Consider improving environment variable handling.

The current implementation could be made more robust:

1. Environment variable names should be prefixed (e.g., K6_IS_SINGLE_USER_MODE) to avoid conflicts
2. Boolean conversion could be more explicit

Consider this alternative implementation:

-const isSingleUserMode = (__ENV.isSingleUserMode ?? 'false') === 'true';
-const traceCalls = (__ENV.traceCalls ?? 'false') === 'true';
+const isSingleUserMode = Boolean(__ENV.K6_IS_SINGLE_USER_MODE ?? false);
+const traceCalls = Boolean(__ENV.K6_TRACE_CALLS ?? false);

---

Line range hint 1-7: Update file documentation to include tracing details.

The file header comments should be updated to document:

1. The new environment variables and their purpose
2. How tracing affects the test execution
3. Where to find the trace output

Consider adding this to the header comment:

 /** 
  * Performance test for creating and removing a dialog
  * Run: k6 run tests/k6/tests/serviceowner/performance/create-remove-dialog.js --vus 1 --iterations 1
+ * 
+ * Environment variables:
+ * - K6_IS_SINGLE_USER_MODE: When 'true', runs test with single user/service owner pair
+ * - K6_TRACE_CALLS: When 'true', enables detailed tracing of HTTP calls
  */

tests/k6/tests/graphql/performance/graphql-search.js (1)

10-11: Consider using a more robust string comparison for boolean environment variables

The current implementation only checks for 'true'. Consider using a more comprehensive check that handles various truthy values and is case-insensitive.

-const isSingleUserMode = (__ENV.isSingleUserMode ?? 'false') === 'true';    
-const traceCalls = (__ENV.traceCalls ?? 'false') === 'true';
+const isSingleUserMode = (/^true$/i).test(__ENV.isSingleUserMode ?? 'false');
+const traceCalls = (/^true$/i).test(__ENV.traceCalls ?? 'false');

tests/k6/tests/serviceowner/performance/serviceowner-search.js (1)

39-42: Consider performance optimization for multi-user mode.

The current implementation processes all end users for a random service owner, which could lead to excessive test duration with large datasets. Consider:

1. Adding a configurable batch size to limit the number of users processed
2. Implementing random sampling of end users instead of processing all

 else {
     let serviceOwner = randomItem(serviceOwners);
-    for (let i = 0; i < endUsers.length; i++) {
-        serviceownerSearch(serviceOwner, endUsers[i], tag_name, traceCalls);
+    // Get batch size from env var or default to 10
+    const batchSize = parseInt(__ENV.testBatchSize ?? '10');
+    // Take random sample of users up to batchSize
+    const selectedUsers = endUsers
+        .sort(() => Math.random() - 0.5)
+        .slice(0, batchSize);
+    for (const user of selectedUsers) {
+        serviceownerSearch(serviceOwner, user, tag_name, traceCalls);
     }
 }

.github/workflows/workflow-run-k6-performance.yml (2)

49-50: LGTM! Consider enhancing the output handling.

The addition of CSV output alongside cloud output is a good approach for local analysis. However, consider saving the results file as an artifact for future reference.

Add these steps after the K6 run:

    - name: Upload test results
      uses: actions/upload-artifact@v3
      with:
        name: k6-results
        path: results.csv
        retention-days: 14

---

51-51: Fix trailing whitespace.

There is a trailing whitespace at the end of the line.

Apply this diff:

-        grep http_req_duration ./results.csv | sort --field-separator=',' --key=3 -nr | head -10 
+        grep http_req_duration ./results.csv | sort --field-separator=',' --key=3 -nr | head -10

🧰 Tools

🪛 yamllint

[error] 51-51: trailing spaces

(trailing-spaces)

tests/k6/tests/performancetest_common/createDialog.js (3)

16-18: Update JSDoc to include the new traceCalls parameter

The function signature has been updated, but the JSDoc comments don't reflect the new traceCalls parameter. This should be documented for better maintainability.

 /**
  * Creates a dialog.
  * 
  * @param {Object} serviceOwner - The service owner object.
  * @param {Object} endUser - The end user object.
+ * @param {boolean} traceCalls - Whether to include tracing information in the request.
  */

---

44-55: Extract common parameter initialization logic

The parameter initialization logic is duplicated between createDialog and createAndRemoveDialog. Consider extracting this into a shared helper function.

+function initializeRequestParams(serviceOwner, endUser, traceCalls, traceparent) {
+    const params = {
+        headers: {
+            Authorization: "Bearer " + serviceOwner.token,
+            traceparent: traceparent
+        },
+        tags: { name: 'create dialog' }
+    };
+    if (traceCalls) {
+        params.tags.traceparent = traceparent;
+        params.tags.enduser = endUser.ssn;
+    }
+    return params;
+}

Also, update the JSDoc comments here to include the new parameter.

---

60-60: Remove redundant tag name assignment

The tag name 'create dialog' is already set during parameter initialization. This line appears to be redundant.

-      paramsWithToken.tags.name = 'create dialog';

tests/k6/tests/serviceowner/performance/purge-dialogs.js (3)

18-18: Consider a more robust environment variable parsing

While the current implementation works, consider making it more explicit and robust.

-const traceCalls = (__ENV.traceCalls ?? 'false') === 'true';
+const traceCalls = ['true', '1', 'yes'].includes((__ENV.traceCalls ?? 'false').toLowerCase());

---

Line range hint 45-60: Consider implementing batch processing for large result sets

The current implementation collects all dialog IDs in memory before processing. For large result sets, this could lead to memory issues.

Consider processing dialogs in batches:

const BATCH_SIZE = 1000;
let dialogIdsBatch = [];

// Process in batches
if (dialogIdsBatch.length >= BATCH_SIZE) {
    await processBatch(dialogIdsBatch);
    dialogIdsBatch = [];
}

---

Line range hint 134-141: Enhance error handling and logging

The error handling could be more informative and structured.

 let r = purgeSO('dialogs/' + dialogIdsToPurge[i], paramsWithToken);
-if (r.status != 204) {
-    console.error("Failed to purge dialog with id: " + dialogIdsToPurge[i]);
-    console.log(r);
-}
-else {
-    console.log("Purged dialog with id: " + dialogIdsToPurge[i]);
-    dialogIdsToPurge.splice(i, 1);
-}
+if (r.status !== 204) {
+    console.error(`Failed to purge dialog ${dialogIdsToPurge[i]}:`, {
+        status: r.status,
+        traceparent: paramsWithToken.headers.traceparent,
+        response: r.body
+    });
+    continue;
+}
+console.log(`Successfully purged dialog ${dialogIdsToPurge[i]}`, {
+    traceparent: paramsWithToken.headers.traceparent
+});
+dialogIdsToPurge.splice(i, 1);

tests/k6/tests/performancetest_common/simpleSearch.js (2)

Line range hint 156-184: Improve function documentation

The function implementation is good, but the documentation needs improvement:

• Parameter types and descriptions are missing
• Return value is not documented

Add JSDoc documentation:

/**
 * Performs a serviceowner search.
- * @param {P} serviceowner 
- * @param {*} enduser
- * @param {*} tag_name 
+ * @param {Object} serviceowner - The service owner object containing token and resource
+ * @param {Object} enduser - The end user object containing SSN
+ * @param {string} tag_name - The name to use for request tagging
+ * @param {boolean} traceCalls - Whether to enable tracing
+ * @param {boolean} [doSubqueries=true] - Whether to perform sub-queries
+ * @returns {Object} The response object from the search request
 */

---

Line range hint 44-184: Consider centralizing tracing logic

The tracing implementation is duplicated across search functions. Consider extracting the common tracing logic into a helper function to improve maintainability and reduce duplication.

Example implementation:

function addTracing(params, traceCalls, identifier) {
    const traceparent = uuidv4();
    const paramsWithTracing = {
        ...params,
        headers: {
            ...params.headers,
            traceparent
        }
    };
    
    if (traceCalls) {
        paramsWithTracing.tags = {
            ...params.tags,
            traceparent,
            ...(identifier && { identifier })
        };
    }
    
    return paramsWithTracing;
}

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between d21256d and 5524b71.

⛔ Files ignored due to path filters (1)

• tests/k6/tests/performancetest_data/endusers-yt01.csv is excluded by !**/*.csv

📒 Files selected for processing (9)

• .github/workflows/workflow-run-k6-performance.yml (1 hunks)
• tests/k6/tests/enduser/performance/enduser-search.js (2 hunks)
• tests/k6/tests/graphql/performance/graphql-search.js (2 hunks)
• tests/k6/tests/performancetest_common/createDialog.js (2 hunks)
• tests/k6/tests/performancetest_common/simpleSearch.js (7 hunks)
• tests/k6/tests/serviceowner/performance/create-dialog.js (1 hunks)
• tests/k6/tests/serviceowner/performance/create-remove-dialog.js (2 hunks)
• tests/k6/tests/serviceowner/performance/purge-dialogs.js (4 hunks)
• tests/k6/tests/serviceowner/performance/serviceowner-search.js (2 hunks)

🧰 Additional context used

🪛 yamllint

.github/workflows/workflow-run-k6-performance.yml

[error] 51-51: trailing spaces

(trailing-spaces)

🔇 Additional comments (19)

tests/k6/tests/enduser/performance/enduser-search.js (2)

31-33: LGTM! Comprehensive testing of all users

The implementation now systematically tests all users when not in single-user mode, which provides better coverage. The addition of the traceCalls parameter aligns with the PR objective of enhancing output capabilities.

---

28-28: Verify the impact of using a fixed user instead of random selection

The change from random to fixed user selection in single-user mode might affect test coverage. Consider whether this aligns with your testing strategy.

✅ Verification successful

Fixed user selection in single-user mode is acceptable

The change from random to fixed user selection in single-user mode is acceptable because:

• The main test file (enduser-search.js) now includes a loop mode that tests all users, providing better coverage than random selection
• Random selection is still preserved in scenario tests (create-dialog-and-search.js) where randomization is more relevant for simulating real-world usage patterns
• Single-user mode appears to be primarily used for debugging/tracing purposes, where consistent reproduction with the same user is beneficial

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if random selection was important in other test files
rg -l "randomItem.*endUsersWithTokens" tests/k6/

Length of output: 115

---

Script:

#!/bin/bash
# Check the usage context of randomItem in the found file
rg -B 2 -A 2 "randomItem.*endUsersWithTokens" tests/k6/tests/scenarios/performance/create-dialog-and-search.js

# Check if there are other random selection patterns in enduser-search.js
rg -B 2 -A 2 "random|Math\.floor.*endUsersWithTokens" tests/k6/tests/enduser/performance/enduser-search.js

# Look for the enduserSearch function implementation
ast-grep --pattern 'function enduserSearch($_) { $$$ }'

Length of output: 538

tests/k6/tests/serviceowner/performance/create-dialog.js (1)

25-25: LGTM! Good code organization.

The empty line improves readability by clearly separating error handling from business logic.

tests/k6/tests/serviceowner/performance/create-remove-dialog.js (2)

33-36: Consider test coverage implications of the changes.

The multi-user mode changes raise some concerns:

1. Using a single random service owner for all iterations instead of randomizing per iteration reduces test coverage
2. Sequential iteration through end users instead of random selection might not represent real-world patterns as effectively

Would you like me to propose an alternative implementation that maintains better test coverage while still supporting tracing?

---

30-30: Verify createAndRemoveDialog function signature.

The function is being called with a new traceCalls parameter. Let's verify this change is implemented in the imported function.

✅ Verification successful

Function signature change is correctly implemented

The createAndRemoveDialog function in tests/k6/tests/performancetest_common/createDialog.js correctly accepts and handles the traceCalls parameter. The implementation properly uses this parameter to conditionally add tracing information to the request tags.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if createAndRemoveDialog function accepts traceCalls parameter
ast-grep --pattern 'function createAndRemoveDialog($_serviceOwner, $_endUser, $_traceCalls)' tests/k6/performancetest_common/createDialog.js

Length of output: 237

---

Script:

#!/bin/bash
# First, let's find the correct file containing createAndRemoveDialog
fd createDialog.js

# Then search for createAndRemoveDialog function definition in all js files
ast-grep --pattern 'function createAndRemoveDialog($_serviceOwner, $_endUser, $_)' 

Length of output: 159

---

Script:

#!/bin/bash
# Let's check the content of the file to find the function definition
cat tests/k6/tests/performancetest_common/createDialog.js

# Also search for any direct references to createAndRemoveDialog
rg "createAndRemoveDialog" -A 2

Length of output: 3653

tests/k6/tests/graphql/performance/graphql-search.js (2)

33-33: Document the implications of single user mode testing

Using a single user for performance testing might not accurately represent real-world scenarios and could affect the validity of performance metrics.

Consider adding a comment explaining:

• When to use single user mode vs multi-user mode
• The impact on performance metrics
• Recommended scenarios for each mode

---

36-38: 🛠️ Refactor suggestion

Consider randomization in multi-user mode

Sequential iteration through users might create an artificial pattern that doesn't represent real-world usage. The previous implementation using randomItem() might have provided more realistic load patterns.

-        for (let i = 0; i < endUsers.length; i++) {
-            graphqlSearch(endUsers[i], traceCalls);
-        }
+        // Shuffle users array to prevent sequential access patterns
+        const shuffledUsers = [...endUsers].sort(() => Math.random() - 0.5);
+        for (const user of shuffledUsers) {
+            graphqlSearch(user, traceCalls);
+        }

tests/k6/tests/serviceowner/performance/serviceowner-search.js (3)

7-8: LGTM! Well-implemented environment variables.

Good implementation of environment variables with:

• Proper use of nullish coalescing for defaults
• Clear boolean conversion
• Consistent naming convention

---

28-33: LGTM! Robust input validation.

Good implementation of null checks with clear error messages for both endUsers and serviceOwners.

---

4-4: Verify the impact of renamed import.

The import has changed from endUsersWithTokens to endUsers. This could be a breaking change if other parts of the codebase still expect the old structure.

tests/k6/tests/performancetest_common/createDialog.js (2)

Line range hint 16-73: Implementation aligns well with PR objectives

The changes successfully implement conditional tracing for performance monitoring while maintaining backward compatibility. The implementation is clean and should have minimal performance impact since tracing is optional.

✅ Verification successful

Let me gather more information about the performance thresholds and test configurations.

---

Let me check how the tracing functionality is used in other performance tests to ensure consistency.

---

Based on the gathered information, I can now provide the final response:

Optional tracing implementation verified with minimal performance impact

The implementation has been verified to be sound because:

• The tracing is properly implemented as an optional feature through the traceCalls parameter
• Performance test infrastructure is in place with appropriate thresholds and monitoring via k6
• The changes maintain backward compatibility as tracing is only added when explicitly enabled
• The implementation follows the existing performance testing patterns in the codebase

The lack of explicit traceCalls usage in other tests suggests this is a new feature being gradually introduced, which is a good approach for monitoring the impact.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Verify the impact on performance test execution times
rg -l "createDialog.*traceCalls" | xargs rg "performance|duration|timing" -A 3

Length of output: 1865

---

Script:

#!/bin/bash
# Check the default thresholds and performance configurations
ast-grep --pattern 'export function getDefaultThresholds($_) {
  $$$
}'

# Also check for any existing performance metrics or timing configurations
rg "http_req_duration|threshold" tests/k6/tests/performancetest_common/ -A 3

Length of output: 1386

---

Script:

#!/bin/bash
# Check usage of traceCalls parameter across performance tests
rg "createDialog.*traceCalls.*true|createDialog.*traceCalls.*false" tests/k6/tests/ -B 2 -A 2

# Check if there are any existing performance metrics collection
rg "tags.*name.*duration|metrics.*duration" tests/k6/tests/ -A 3

Length of output: 162

---

24-29: Review PII exposure in tracing tags

The end user's SSN is being included in the tracing tags. Consider whether exposing this PII in tracing/monitoring data aligns with privacy requirements. If possible, use a non-identifying unique identifier instead.

✅ Verification successful

Let me gather more information about the usage of SSN in the codebase, particularly in performance testing context.

---

Let me check the actual test data files and other usage contexts to understand if this is test data or real PII.

---

SSN usage in tracing tags is acceptable for test environment

The SSN values being used are synthetic test data from CSV files (e.g., 14886498226, 10865299538) specifically created for performance testing environments (yt01, staging). These are not real Norwegian SSNs, and the code is only used in test scenarios. The tracing implementation is consistent across test files and serves a valid testing purpose.

• Test data files (endusers-staging.csv, endusers-yt01.csv) contain synthetic SSNs
• Usage is limited to performance test environments
• Tracing with SSN helps correlate test user actions across the system

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for other instances of SSN exposure in tracing
rg -l "enduser.*ssn.*tags" 

Length of output: 1865

---

Script:

#!/bin/bash
# Check for SSN usage in performance test files
rg -l "ssn" tests/k6/

# Check the content of readTestdata.js to understand how endUsers are structured
cat tests/k6/tests/performancetest_common/readTestdata.js

Length of output: 2583

---

Script:

#!/bin/bash
# Check the content of test data files for SSN format/content
head -n 5 tests/k6/tests/performancetest_data/endusers-*.csv

# Check how SSN is used in other performance test files
rg "ssn" tests/k6/tests/performancetest_common/ -A 2 -B 2

Length of output: 4950

tests/k6/tests/serviceowner/performance/purge-dialogs.js (2)

32-33: LGTM: Well-structured tracing implementation

The tracing implementation with unique traceparent and proper tagging will help in request tracking and debugging.

Also applies to: 40-44

---

113-119: LGTM: Consistent tracing implementation

The tracing implementation maintains consistency with the getDialogs function and properly tracks each purge operation.

Also applies to: 129-133

tests/k6/tests/performancetest_common/simpleSearch.js (5)

Line range hint 44-64: LGTM: Well-structured tracing implementation

The tracing implementation follows good practices:

• Unique traceparent using UUID
• Conditional tag addition
• Clean integration with existing functionality

---

73-74: LGTM: Clear parameter documentation

The added documentation for path and getFunction parameters is clear and descriptive.

---

91-92: LGTM: Clear parameter documentation

The added documentation for endpoint and getFunction parameters is clear and descriptive.

---

115-115: LGTM: Clear parameter documentation

The added documentation for getFunction parameter is clear and descriptive.

---

131-149: LGTM: Well-structured tracing implementation with good request identification

The changes follow good practices:

• Consistent implementation with enduserSearch
• Added User-Agent header for request identification
• Clean tracing integration

[sonarcloud]

Quality Gate passed

Issues
7 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud