-
Notifications
You must be signed in to change notification settings - Fork 199
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve AAD provider performance by directly invoking Graph APIs for Cmdlets with slow load times #1094
base: main
Are you sure you want to change the base?
Conversation
Items Left to Complete
|
14da017
to
d18303b
Compare
bee8d47
to
2c19060
Compare
For reviewers: How to test the performance improvementThe performance improvement when running AAD is mostly noticeable when the tool executes for the first time in a newly spawned Powershell window. This is because the slowness that we observed in the Microsoft.Graph.Beta.Identity.Governance dll was during its load into memory, which occurs only the first time you call one of its Cmdlets in a new Powershell window. Use this code to take a time measurement (tailor the parameter values to your environment):
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the changes. One remaining area around buildilng the Uri and dispatching to the different environments.
PowerShell/ScubaGear/Testing/Unit/PowerShell/Providers/AADProvider/Invoke-GraphDirectly.ps1
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My two cents: this is faster. I ran AAD once on this branch and once on main: 108 seconds on this branch and 178 on main, so over a minute faster. And manual inspection of the two reports showed no difference in the output, as expected.
One minor piece of feedback beyond what has already been commented on: a lot of the new code does not use PascalCase, per our style guide. Not a big deal but would be nice to have for consistency.
Here are the run durations I recorded: Of special note: many times when I ran the tests on either branch, The conclusion: for some reason, running in Tenant 2 conferred a minor performance advantage. In gcchigh it was about 60% faster on average. |
Make sure that when you run the timing, each timing has to be done in a fresh PS window because it is the loading of the dependency DLL which accounts for the time we think we are saving with our new code. The DLL loading only occurs when you first Invoke-Scuba the first time in a new window. |
…-MgGraphRequest calls
8cf39d6
to
e178ce6
Compare
🗣 Description
This code enhancement of the AAD provider improves the performance of calls to Powershell cmdlets that are part of the Microsoft.Graph.Beta.Identity.Governance module. The enhancement replaces calls to those cmdlets with direct calls to the respective MS Graph REST APIs. The reason this works to cut down the execution time is that we found that the loading of the Identity.Governance module into memory when ScubaGear first runs in a fresh Powershell instance, is commonly a slow activity, in some cases taking over a minute just to load. By calling MS Graph APIs directly we bypass the penalty associated with loading the module into memory. Based on limited testing running in a virtual machine this enhancement resulted in a 42% reduction in execution time against our E5 tenant and a 35% reduction against our G5 tenant.
closes #816
💭 Motivation and context
The AAD provider takes considerably longer to run compared to the other providers and in general runs slowly sometimes taking several minutes to complete. This creates delays for our development team who frequently run the code and have to perform testing and it slows down the automated processes that execute the code as well. Although we haven't received requests from end users to improve the performance, a positive side benefit is that their experience will improve when using the tool as well.
🧪 Testing
These code changes were tested against the E5, G5, G3 and GCC High tenants.
✅ Pre-approval checklist
✅ Pre-merge checklist
PR passed smoke test check.
Feature branch has been rebased against changes from parent branch, as needed
Use
Rebase branch
button below or use this reference to rebase from the command line.Resolved all merge conflicts on branch
Notified merge coordinator that PR is ready for merge via comment mention
✅ Post-merge checklist