Perf: batch Graph requests in guest and privileged-role tests#1318
Open
alflokken wants to merge 6 commits into
Open
Perf: batch Graph requests in guest and privileged-role tests#1318alflokken wants to merge 6 commits into
alflokken wants to merge 6 commits into
Conversation
…o-content Refreshed demo content
Rolling up changes for next release
Contributor
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
This PR optimizes several PowerShell assessment tests by replacing per-item Microsoft Graph calls with batched Graph requests to reduce request volume and improve run time.
Changes:
- Switch guest sponsor lookups to
Invoke-ZtGraphBatchRequest(bulk expand sponsors). - Refactor app/SP owner lookups into a shared helper (
Get-GuestResourceOwner) and batch owner queries. - Batch retrieval of PIM activation notification rules and compute compliance after collecting results.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| src/powershell/tests/Test-Assessment.21877.ps1 | Batch guest sponsor retrieval and aggregate results in a single pass. |
| src/powershell/tests/Test-Assessment.21868.ps1 | Batch application/service principal owner retrieval via new helper function. |
| src/powershell/tests/Test-Assessment.21818.ps1 | Batch role management rule retrieval and determine failure after consolidating rules. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Replace per-item Graph calls (N+1) with batched Invoke-ZtGraphBatchRequest in three assessment tests:
Why
These tests issued one Graph request per user or role, which dominated runtime in larger tenants. Batching (~20 requests per round-trip) significantly reduces execution time without requiring additional permissions.
Behavior change (21818 only)
Implements the existing
TODO, the check now evaluates all roles instead of stopping at the first failure.Pass/fail behavior is unchanged, but failure reports now include all non-compliant roles. The note stating that the check stopped at the first failing role was removed.
Tests 21868 and 21877 are pure performance changes and produce identical results.