Skip to content

Add comprehensive k6 load testing suite and OpenIddict password grant support#65

Merged
antosubash merged 14 commits intomainfrom
claude/add-k6-load-testing-LfGjL
Apr 3, 2026
Merged

Add comprehensive k6 load testing suite and OpenIddict password grant support#65
antosubash merged 14 commits intomainfrom
claude/add-k6-load-testing-LfGjL

Conversation

@antosubash
Copy link
Copy Markdown
Owner

@antosubash antosubash commented Apr 3, 2026

Summary

This PR adds a comprehensive k6 load testing framework for performance testing across all API modules, along with enabling OpenIddict password grant flow for development environments to support automated testing.

Key Changes

Load Testing Infrastructure (k6)

  • Test Library & Configuration (tests/k6/lib/)

    • config.js: Centralized configuration with environment variable overrides for base URL, credentials, and load profiles (smoke, load, stress)
    • auth.js: OAuth2 password grant authentication helper with token management
    • helpers.js: Utility functions for random data generation, response validation, and custom metrics tracking

  • Scenario Tests (tests/k6/scenarios/)

    • health.js: Basic health check endpoints (smoke test)
    • auth.js: Authentication flow testing
    • products.js, orders.js, pages.js: CRUD operations for core modules
    • page-lifecycle.js: Full page lifecycle including publish, unpublish, trash, restore, and permanent delete
    • settings.js: System and user settings management
    • users.js: User management CRUD operations
    • audit-logs.js: Audit log querying, filtering, and export functionality
    • file-storage.js: File upload/download operations
    • marketplace.js: Anonymous marketplace search and browsing
    • background-jobs.js: Background job and recurring job listing
    • feature-flags.js: Feature flag management and checking
    • tenants.js: Multi-tenant management operations
    • mixed.js: Realistic mixed traffic simulation with weighted random action selection
    • hotspots.js: Comprehensive endpoint latency analysis with custom reporting to identify performance bottlenecks

  • Makefile Integration

    • Added 20+ k6 test targets for running individual scenarios and full test suites
    • Support for configurable load profiles via K6_PROFILE environment variable

OpenIddict Configuration

  • Password Grant Flow: Enabled in development environment to support k6 load testing authentication
    • Modified OpenIddictModule.cs to conditionally allow password grant flow
    • Updated OpenIddictSeedService.cs to register password grant client
    • Added AllowPasswordGrant configuration flag in appsettings.Development.json

Project Configuration

  • Updated .gitignore to exclude k6 test results directory

Implementation Details

  • Hotspot Detection: The hotspots.js scenario includes per-endpoint latency tracking with custom reporting that flags endpoints exceeding 500ms p95 latency as hotspots
  • Realistic Load Patterns: The mixed.js scenario uses weighted random selection to simulate realistic user behavior (read-heavy traffic patterns)
  • Comprehensive Coverage: Tests cover all major API modules including health checks, authentication, CRUD operations, page lifecycle, settings, users, audit logs, file storage, marketplace, background jobs, feature flags, and multi-tenant operations
  • Configurable Thresholds: Each scenario defines appropriate p95 latency thresholds based on operation complexity
  • Development-Only Features: Password grant flow is only enabled in development to support automated testing without compromising production security

https://claude.ai/code/session_01RZaoqjwRTskgZbsfX5iHjT

claude added 9 commits March 28, 2026 23:26
@claude
Add k6 load testing infrastructure with OAuth2 password grant support
c60d259 
Introduces k6 load testing scenarios for all major API modules (products,
orders, pages, auth, health) plus a mixed traffic simulation. Adds password
grant flow to OpenIddict (opt-in via config, enabled in Development) so k6
can authenticate without browser-based PKCE.

https://claude.ai/code/session_01RZaoqjwRTskgZbsfX5iHjT
@claude
Fix k6 test scenarios: TLS, status codes, and request payloads
80616c7 
- Add insecureSkipTLSVerify for development self-signed certs
- Fix delete endpoint expected status codes (204 No Content)
- Fix order creation to use real userId and productId (validated by API)
- Replace /connect/userinfo with /api/users/me in auth test

All 6 scenarios now pass at 100% check rate.

https://claude.ai/code/session_01RZaoqjwRTskgZbsfX5iHjT
@claude
Merge remote-tracking branch 'origin/main' into claude/add-k6-load-te…
d327575 
…sting-LfGjL
@claude
Add Marketplace module to k6 load tests after merging main
c32ed6d 
- Add dedicated marketplace.js scenario testing search (with query,
  category filters) and package detail endpoints (anonymous, no auth)
- Add browse-marketplace action to mixed traffic simulation
- Add make k6-marketplace target
- Uses correct MarketplaceCategory enum values (All, Auth, Storage, etc.)

https://claude.ai/code/session_01RZaoqjwRTskgZbsfX5iHjT
@claude
Add comprehensive k6 load tests with hotspot detection
d9d81ff 
Add 6 new k6 test scenarios for full API coverage:
- settings.js: Settings CRUD, definitions, user settings, menu management
- users.js: User CRUD lifecycle (create, get, update, delete)
- audit-logs.js: Query logs, stats with date range, CSV/JSON export
- file-storage.js: File upload/download, folder listing, metadata
- page-lifecycle.js: Full page lifecycle (create→publish→trash→restore→delete), tags, templates
- hotspots.js: Hits all 31 endpoints with per-endpoint Trend metrics, sorted p95 latency report

The hotspot scenario produces a ranked report flagging endpoints over 500ms (HOTSPOT)
or 200ms (SLOW), output to both stdout and tests/k6/results/hotspot-report.txt.

https://claude.ai/code/session_01RZaoqjwRTskgZbsfX5iHjT
@claude
Merge remote-tracking branch 'origin/main' into claude/add-k6-load-te…
4a6b7cc 
…sting-LfGjL
@claude
Add k6 load tests for BackgroundJobs, FeatureFlags, and Tenants modules
66db9da 
New test scenarios after merging latest main:
- background-jobs.js: List jobs (with filters), get by ID, list recurring jobs
- feature-flags.js: List flags, check flag, toggle, create/delete overrides
- tenants.js: Full CRUD lifecycle with hosts, status changes, and feature overrides

Updated hotspots.js with 9 new endpoint metrics (list-jobs, list-recurring,
list-flags, check-flag, list-tenants, create/get/delete-tenant, get-tenant-features).

All tests verified passing with 100% checks and 0% http failures.

https://claude.ai/code/session_01RZaoqjwRTskgZbsfX5iHjT
@claude
Fix tenant slug field name in hotspots.js
b5592ce 
https://claude.ai/code/session_01RZaoqjwRTskgZbsfX5iHjT
@claude
Add make load alias to run all k6 load test scenarios
7d3281c 
https://claude.ai/code/session_01RZaoqjwRTskgZbsfX5iHjT
@antosubash antosubash marked this pull request as draft April 3, 2026 12:38
@cloudflare-workers-and-pages
Copy link
Copy Markdown

cloudflare-workers-and-pages Bot commented Apr 3, 2026
edited
Loading

Deploying simplemodule-website with  Cloudflare Pages  Cloudflare Pages

Latest commit: e453288
Status: ✅  Deploy successful!
Preview URL: https://8837256d.simplemodule-website.pages.dev
Branch Preview URL: https://claude-add-k6-load-testing-l.simplemodule-website.pages.dev

View logs

claude and others added 4 commits April 3, 2026 12:41
@claude
Convert k6 load tests from JavaScript to TypeScript
631c6e6 
- Add tests/k6 as npm workspace with @types/k6 for type safety
- Convert all 16 scenarios and 3 lib files from .js to .ts
- Add proper type annotations: AuthResult, SetupData, interfaces
- Add k6-summary.d.ts for the remote k6 summary module
- Use k6 experimental_enhanced compatibility mode for TS support
- All files pass biome lint and tsc --noEmit type checking

https://claude.ai/code/session_01RZaoqjwRTskgZbsfX5iHjT
@antosubash
Merge branch 'main' into claude/add-k6-load-testing-LfGjL
348d60f
@claude
Add /ci Claude command to run full CI pipeline locally
d692b05 
Mirrors the GitHub Actions CI workflow (lint, build, test, e2e) so
developers can catch issues before creating a pull request.
@claude
Include e2e smoke tests as a required step in /ci command
e453288
@antosubash antosubash marked this pull request as ready for review April 3, 2026 14:16
@antosubash antosubash merged commit 0e526bb into main Apr 3, 2026
4 checks passed
@antosubash antosubash deleted the claude/add-k6-load-testing-LfGjL branch April 3, 2026 14:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@antosubash @claude