From c4ab5aa41a3161f2b772057c7a214e654f9dd55c Mon Sep 17 00:00:00 2001
From: Rita Zhang <rita.z.zhang@gmail.com>
Date: Mon, 13 Nov 2023 09:22:24 -0800
Subject: [PATCH] add false matchCondition benchmark

Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>

Kubernetes-commit: 7c5dfceff8a4de3387b48e941d098a3957de2870
---
 .../pkg/authorizer/webhook/webhook_v1_test.go | 51 ++++++++++++++++++-
 1 file changed, 49 insertions(+), 2 deletions(-)

diff --git a/plugin/pkg/authorizer/webhook/webhook_v1_test.go b/plugin/pkg/authorizer/webhook/webhook_v1_test.go
index f86c85642..e57dd0509 100644
--- a/plugin/pkg/authorizer/webhook/webhook_v1_test.go
+++ b/plugin/pkg/authorizer/webhook/webhook_v1_test.go
@@ -814,6 +814,19 @@ func BenchmarkWithOneCELExpressions(b *testing.B) {
 		benchmarkWebhookAuthorize(b, expressions, true)
 	})
 }
+func BenchmarkWithOneCELExpressionsFalse(b *testing.B) {
+	expressions := []apiserver.WebhookMatchCondition{
+		{
+			Expression: "request.user == 'alice2'",
+		},
+	}
+	b.Run("compile", func(b *testing.B) {
+		benchmarkNewWebhookAuthorizer(b, expressions, true)
+	})
+	b.Run("authorize", func(b *testing.B) {
+		benchmarkWebhookAuthorize(b, expressions, true)
+	})
+}
 func BenchmarkWithTwoCELExpressions(b *testing.B) {
 	expressions := []apiserver.WebhookMatchCondition{
 		{
@@ -830,13 +843,13 @@ func BenchmarkWithTwoCELExpressions(b *testing.B) {
 		benchmarkWebhookAuthorize(b, expressions, true)
 	})
 }
-func BenchmarkWithTwoComplexCELExpressions(b *testing.B) {
+func BenchmarkWithTwoCELExpressionsFalse(b *testing.B) {
 	expressions := []apiserver.WebhookMatchCondition{
 		{
 			Expression: "request.user == 'alice'",
 		},
 		{
-			Expression: "has(request.resourceAttributes) && request.resourceAttributes.namespace == 'kittensandponies'",
+			Expression: "request.uid == '2'",
 		},
 	}
 	b.Run("compile", func(b *testing.B) {
@@ -880,6 +893,40 @@ func BenchmarkWithManyCELExpressions(b *testing.B) {
 		benchmarkWebhookAuthorize(b, expressions, true)
 	})
 }
+func BenchmarkWithManyCELExpressionsFalse(b *testing.B) {
+	expressions := []apiserver.WebhookMatchCondition{
+		{
+			Expression: "request.user == 'alice'",
+		},
+		{
+			Expression: "request.uid == '1'",
+		},
+		{
+			Expression: "('group1' in request.groups)",
+		},
+		{
+			Expression: "('key1' in request.extra)",
+		},
+		{
+			Expression: "!('key2' in request.extra)",
+		},
+		{
+			Expression: "('a' in request.extra['key1'])",
+		},
+		{
+			Expression: "!('z' in request.extra['key1'])",
+		},
+		{
+			Expression: "has(request.resourceAttributes) && request.resourceAttributes.namespace == 'kittensandponies1'",
+		},
+	}
+	b.Run("compile", func(b *testing.B) {
+		benchmarkNewWebhookAuthorizer(b, expressions, true)
+	})
+	b.Run("authorize", func(b *testing.B) {
+		benchmarkWebhookAuthorize(b, expressions, true)
+	})
+}
 
 func benchmarkNewWebhookAuthorizer(b *testing.B, expressions []apiserver.WebhookMatchCondition, featureEnabled bool) {
 	service := new(mockV1Service)