[FEAT] Performance testing framework (#85)

* TASK: Move old admin script to archived directory

* BUG: [example] Fix recent docker example
- Specify non-root user credentials
- Build trust0-tools image (if needed)

* BUG: [cli][gw] Also check for --script-file long arg

* FEAT: Add performance testing framework

* TASK: [cmn][cli][gw] Update Rust dependencies

README.md

@@ -18,13 +18,12 @@
 
 Trust0 is a [Zero Trust](https://en.wikipedia.org/wiki/Zero_trust_security_model) security framework, whose implementation is fashioned as a [Software Defined Perimeter](https://en.wikipedia.org/wiki/Software-defined_perimeter) service gateway. The gateway ensures that users may only access services, which were authorized for their account.
 
-This is prerelease code, use with care.
+This is pre-release code, use with care.
 
 ### To-Do
 
 * Add Windows UDP support. Tested: macOS - Big Sur (TCP/UDP); Linux Fedora 39 (TCP/UDP, Windows 11 (TCP)
 * Brainstorm solution for device posture trust assessment and rules processor for security enforcement
-* Build (more) testing: integration, performance, ...
 * Strategize non-name resolution (DNS/hosts file/...) approach to handle client hostname verification for TLS-type service connections
 * Consider gateway-to-gateway service proxy routing (reasons of proximity, security, ...)
 * Consider gateway load-balancing, via client redirect (reasons of load, rollout deployment, ...)
@@ -45,7 +44,7 @@ Refer to the following for more information:
 
 ### Contributions
 
-We welcome and appreciate questions, bug issues, ideas and the like. However, code contributions are currently closed until after the first non-alpha/beta release.
+We welcome and appreciate questions, bug issues, ideas and the like. However, code contributions are currently closed until after the first release.
 
 ### License
 

crates/client/src/config.rs

@@ -102,7 +102,10 @@ impl AppConfig {
         // Populate environment w/given config file (if provided)
         let mut config_file = env::var_os("CONFIG_FILE");
         if config_file.is_none() {
-            if (env::args_os().len() >= 3) && env::args_os().nth(1).unwrap().eq("-f") {
+            if (env::args_os().len() >= 3)
+                && (env::args_os().nth(1).unwrap().eq("-f")
+                    || env::args_os().nth(1).unwrap().eq("--config-file"))
+            {
                 config_file = env::args_os().nth(2);
             } else if AppInstallFile::ClientConfig.pathspec().exists() {
                 config_file = Some(AppInstallFile::ClientConfig.pathspec().into_os_string());

crates/gateway/src/config.rs

@@ -450,7 +450,8 @@ impl AppConfig {
         let mut config_file = env::var_os("CONFIG_FILE");
         if config_file.is_none()
             && (env::args_os().len() >= 3)
-            && env::args_os().nth(1).unwrap().eq("-f")
+            && (env::args_os().nth(1).unwrap().eq("-f")
+                || env::args_os().nth(1).unwrap().eq("--config-file"))
         {
             config_file = env::args_os().nth(2);
         }

docs/Utilities.md

@@ -182,7 +182,7 @@ Password:
 
 The common crate has a PKI manager tool (`trust0-pki-manager`), which can be used to create valid Trust0 root CA PKI certificate/key resources.
 
-Additionally, you may use the legacy [Trust0 Admin - Root CA PKI Creator](../resources/README.md#create-root-ca-pki-resources) tool, which uses `openssl` to create the resources (or bring your own Trust0-compliant PKI files).
+Additionally, you may use the legacy [Trust0 Admin - Root CA PKI Creator](../resources/archived/README.md#create-root-ca-pki-resources) tool, which uses `openssl` to create the resources (or bring your own Trust0-compliant PKI files).
 
 Here is the usage description:
 
@@ -259,7 +259,7 @@ Here is a simple invocation of this tool:
 
 The common crate has a PKI manager tool (`trust0-pki-manager`), which can be used to create valid Trust0 gateway PKI certificate/key resources.
 
-Additionally, you may use the legacy [Trust0 Admin - Gateway PKI Creator](../resources/README.md#create-gateway-pki-resources) tool, which uses `openssl` to create the resources (or bring your own Trust0-compliant PKI files).
+Additionally, you may use the legacy [Trust0 Admin - Gateway PKI Creator](../resources/archived/README.md#create-gateway-pki-resources) tool, which uses `openssl` to create the resources (or bring your own Trust0-compliant PKI files).
 
 Here is the usage description:
 
@@ -349,7 +349,7 @@ Here is a simple invocation of this tool (CA certificate and key must be accessi
 
 The common crate has a PKI manager tool (`trust0-pki-manager`), which can be used to create valid Trust0 client PKI certificate/key resources.
 
-Additionally, you may use the legacy [Trust0 Admin - Client PKI Creator](../resources/README.md#create-client-pki-resources) tool, which uses `openssl` to create the resources (or bring your own Trust0-compliant PKI files).
+Additionally, you may use the legacy [Trust0 Admin - Client PKI Creator](../resources/archived/README.md#create-client-pki-resources) tool, which uses `openssl` to create the resources (or bring your own Trust0-compliant PKI files).
 
 Here is the usage description:
 

example/Makefile

@@ -8,6 +8,8 @@ EXAMPLE_CONFIG_FILE=${EXAMPLE_BUILD_DIR}/example.conf
 PROJECT_DIR=${EXAMPLE_DIR}/..
 PROJECT_RESOURCES_DIR=${PROJECT_DIR}/resources
 PROJECT_BINARIES_BUILD_DIR=${PROJECT_DIR}/target/debug
+UID=1000
+GID=1000
 
 CARGO_CMD=cargo
 DOCKER_CMD=docker
@@ -112,8 +114,8 @@ TRUST0_CLIENT__BIND_HOST=127.0.0.1
 
 # Params - Docker-related
 
-TRUST0_CLIENT__DOCKER_CMD=${DOCKER_CMD} run --name trust0-client-example -it --rm --network host -v ${EXAMPLE_BUILD_DIR}:${EXAMPLE_BUILD_DIR} trust0-client:latest
-TRUST0_GATEWAY__DOCKER_CMD=${DOCKER_CMD} run --name trust0-gateway-example -it --rm --network host -v ${EXAMPLE_BUILD_DIR}:${EXAMPLE_BUILD_DIR} trust0-gateway:latest
+TRUST0_CLIENT__DOCKER_CMD=${DOCKER_CMD} run --name trust0-client-example -u ${UID}:${GID} -it --rm --network host -v ${EXAMPLE_BUILD_DIR}:${EXAMPLE_BUILD_DIR} trust0-client:latest
+TRUST0_GATEWAY__DOCKER_CMD=${DOCKER_CMD} run --name trust0-gateway-example -u ${UID}:${GID} -it --rm --network host -v ${EXAMPLE_BUILD_DIR}:${EXAMPLE_BUILD_DIR} trust0-gateway:latest
 
 # Params - CRL
 
@@ -122,7 +124,7 @@ CRLSUPPORT__PKI_REVOKE_CLIENT_FILE=${EXAMPLE_BUILD_DIR}/revoked-${TRUST0_CLIENT_
 
 # Targets
 
-.PHONY: default clean-all trust0-common root-ca-pki generate-root-ca-pki-resources gateway-server-pki generate-gateway-pki-resources client-pki generate-client-pki-resources trust0-gateway trust0-gateway-image trust0-client trust0-client-image run-trust0-gateway run-trust0-client run-trust0-gateway-nodeps run-trust0-gateway-image-nodeps run-trust0-client-nodeps run-trust0-client-image-nodeps setup-crl-files
+.PHONY: default clean-all trust0-common trust0-tools-image root-ca-pki generate-root-ca-pki-resources gateway-server-pki generate-gateway-pki-resources client-pki generate-client-pki-resources trust0-gateway trust0-gateway-image trust0-client trust0-client-image run-trust0-gateway run-trust0-client run-trust0-gateway-nodeps run-trust0-gateway-image-nodeps run-trust0-client-nodeps run-trust0-client-image-nodeps setup-crl-files
 
 default:
 
@@ -156,6 +158,11 @@ else
   include ${EXAMPLE_DIR}/pki-provider-trust0.mk
 endif
 
+# Targets - Tools
+
+trust0-tools-image:
+	${DOCKER_COMPOSE_CMD} -f ${PROJECT_RESOURCES_DIR}/docker/docker-compose-build.yml build trust0-tools
+
 # Targets - ROOT CA
 
 root-ca-pki: generate-root-ca-pki-resources

example/pki-provider-docker-trust0.mk

@@ -1,4 +1,4 @@
-TRUST0_PKI_MANAGER__DOCKER_CMD=${DOCKER_CMD} run --rm -v ${EXAMPLE_BUILD_DIR}:${EXAMPLE_BUILD_DIR} trust0-tools:latest /app/trust0-pki-manager
+TRUST0_PKI_MANAGER__DOCKER_CMD=${DOCKER_CMD} run -u ${UID}:${GID} --rm -v ${EXAMPLE_BUILD_DIR}:${EXAMPLE_BUILD_DIR} trust0-tools:latest /app/trust0-pki-manager
 
 # Params - CRL
 

example/run-chat-tcp-docker-example.sh

@@ -8,9 +8,10 @@ EXAMPLE_DIR=$(dirname "$0")
 
 source "${EXAMPLE_DIR}"/run-configure.sh
 
-GMAKE_CMD="${GMAKE_CMD} PKI_PROVIDER=docker-trust0"
+GMAKE_CMD="${GMAKE_CMD} UID=${UID} GID=${UID} PKI_PROVIDER=docker-trust0"
 
 ${GMAKE_CMD} clean-all
+${GMAKE_CMD} trust0-tools-image
 ${GMAKE_CMD} trust0-gateway-image
 ${GMAKE_CMD} trust0-client-image
 ${GMAKE_CMD} root-ca-pki

resources/README.md → resources/archived/README.md

@@ -15,7 +15,7 @@
 
 The `trust0-admin.sh` script can be used to create valid Trust0 root CA PKI certificate/key resources using `openssl`.
 
-Additionally, you may use the [Trust0 PKI Manager - Create Root CA PKI Resources](../docs/Utilities.md#create-root-ca-pki-resources) to create PKI resources using native Rust libraries.
+Additionally, you may use the [Trust0 PKI Manager - Create Root CA PKI Resources](../../docs/Utilities.md#create-root-ca-pki-resources) to create PKI resources using native Rust libraries.
 
 Or feel free to bring your own resources.
 
@@ -87,7 +87,7 @@ Here is a simple invocation of this tool:
 
 The `trust0-admin.sh` script can be used to create valid Trust0 gateway PKI certificate/key resources using `openssl`.
 
-Additionally, you may use the [Trust0 PKI Manager - Create Gateway PKI Resources](../docs/Utilities.md#create-gateway-pki-resources) to create PKI resources using native Rust libraries.
+Additionally, you may use the [Trust0 PKI Manager - Create Gateway PKI Resources](../../docs/Utilities.md#create-gateway-pki-resources) to create PKI resources using native Rust libraries.
 
 Or feel free to bring your own resources.
 
@@ -172,7 +172,7 @@ Here is a simple invocation of this tool (CA certificate and key must be accessi
 
 The `trust0-admin.sh` script can be used to create valid Trust0 client PKI certificate/key resources using `openssl`.
 
-Additionally, you may use the [Trust0 PKI Manager - Create Client PKI Resources](../docs/Utilities.md#create-client-pki-resources) to create PKI resources using native Rust libraries.
+Additionally, you may use the [Trust0 PKI Manager - Create Client PKI Resources](../../docs/Utilities.md#create-client-pki-resources) to create PKI resources using native Rust libraries.
 
 Or feel free to bring your own resources.