Merge pull request #580 from AzureAD/benchmark

Guarding against perf regression for acquire_token_for_client()

Author: rayluo

.github/workflows/python-package.yml

@@ -42,15 +42,40 @@ jobs:
         python -m pip install --upgrade pip
         python -m pip install flake8 pytest
         if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
+    - name: Test with pytest
+      run: pytest --benchmark-skip
     - name: Lint with flake8
       run: |
         # stop the build if there are Python syntax errors or undefined names
         #flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
         # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
         #flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
-    - name: Test with pytest
+
+  cb:
+    # Benchmark only after the correctness has been tested by CI,
+    # and then run benchmark only once (sampling with only one Python version).
+    needs: ci
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python 3.9
+      uses: actions/setup-python@v2
+      with:
+        python-version: 3.9
+    - name: Install dependencies
       run: |
-        pytest
+        python -m pip install --upgrade pip
+        if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
+    - name: Run benchmark
+      run: pytest --benchmark-only --benchmark-json benchmark.json --log-cli-level INFO tests/test_benchmark.py
+    - name: Render benchmark result
+      uses: benchmark-action/github-action-benchmark@v1
+      with:
+        tool: 'pytest'
+        output-file-path: benchmark.json
+        fail-on-alert: true
+    - name: Publish Gibhub Pages
+      run: git push origin gh-pages
 
   cd:
     needs: ci

README.md

@@ -1,8 +1,8 @@
 # Microsoft Authentication Library (MSAL) for Python
 
-| `dev` branch | Reference Docs | # of Downloads per different platforms | # of Downloads per recent MSAL versions |
-|---------------|---------------|----------------------------------------|-----------------------------------------|
- [![Build status](https://github.com/AzureAD/microsoft-authentication-library-for-python/actions/workflows/python-package.yml/badge.svg?branch=dev)](https://github.com/AzureAD/microsoft-authentication-library-for-python/actions) | [![Documentation Status](https://readthedocs.org/projects/msal-python/badge/?version=latest)](https://msal-python.readthedocs.io/en/latest/?badge=latest) | [![Downloads](https://pepy.tech/badge/msal)](https://pypistats.org/packages/msal) | [![Download monthly](https://pepy.tech/badge/msal/month)](https://pepy.tech/project/msal)
+| `dev` branch | Reference Docs | # of Downloads per different platforms | # of Downloads per recent MSAL versions | Benchmark Diagram |
+|:------------:|:--------------:|:--------------------------------------:|:---------------------------------------:|:-----------------:|
+ [![Build status](https://github.com/AzureAD/microsoft-authentication-library-for-python/actions/workflows/python-package.yml/badge.svg?branch=dev)](https://github.com/AzureAD/microsoft-authentication-library-for-python/actions) | [![Documentation Status](https://readthedocs.org/projects/msal-python/badge/?version=latest)](https://msal-python.readthedocs.io/en/latest/?badge=latest) | [![Downloads](https://static.pepy.tech/badge/msal)](https://pypistats.org/packages/msal) | [![Download monthly](https://static.pepy.tech/badge/msal/month)](https://pepy.tech/project/msal) | [📉](https://azuread.github.io/microsoft-authentication-library-for-python/dev/bench/)
 
 The Microsoft Authentication Library for Python enables applications to integrate with the [Microsoft identity platform](https://aka.ms/aaddevv2). It allows you to sign in users or apps with Microsoft identities ([Azure AD](https://azure.microsoft.com/services/active-directory/), [Microsoft Accounts](https://account.microsoft.com) and [Azure AD B2C](https://azure.microsoft.com/services/active-directory-b2c/) accounts) and obtain tokens to call Microsoft APIs such as [Microsoft Graph](https://graph.microsoft.io/) or your own APIs registered with the Microsoft identity platform. It is built using industry standard OAuth2 and OpenID Connect protocols
 

requirements.txt

@@ -1,2 +1,3 @@
 .
 python-dotenv
+pytest-benchmark

tests/simulator.py

@@ -0,0 +1,69 @@
+"""Simulator(s) that can be used to create MSAL instance
+whose token cache is in a certain state, and remains unchanged.
+This generic simulator(s) becomes the test subject for different benchmark tools.
+
+For example, you can install pyperf and then run:
+
+    pyperf timeit -s "from tests.simulator import ClientCredentialGrantSimulator as T; t=T(tokens_per_tenant=1, cache_hit=True)" "t.run()"
+"""
+import json
+import logging
+import random
+from unittest.mock import patch
+
+import msal
+from tests.http_client import MinimalResponse
+
+
+logger = logging.getLogger(__name__)
+
+
+def _count_access_tokens(app):
+    return len(app.token_cache._cache[app.token_cache.CredentialType.ACCESS_TOKEN])
+
+
+class ClientCredentialGrantSimulator(object):
+
+    def __init__(self, number_of_tenants=1, tokens_per_tenant=1, cache_hit=False):
+        logger.info(
+            "number_of_tenants=%d, tokens_per_tenant=%d, cache_hit=%s",
+            number_of_tenants, tokens_per_tenant, cache_hit)
+        with patch.object(msal.authority, "tenant_discovery", return_value={
+            "authorization_endpoint": "https://contoso.com/placeholder",
+            "token_endpoint": "https://contoso.com/placeholder",
+        }) as _:  # Otherwise it would fail on OIDC discovery
+            self.apps = [  # In MSAL Python, each CCA binds to one tenant only
+                msal.ConfidentialClientApplication(
+                    "client_id", client_credential="foo",
+                    authority="https://login.microsoftonline.com/tenant_%s" % t,
+                ) for t in range(number_of_tenants)
+            ]
+        for app in self.apps:
+            for i in range(tokens_per_tenant):  # Populate token cache
+                self.run(app=app, scope="scope_{}".format(i))
+            assert tokens_per_tenant == _count_access_tokens(app), (
+                "Token cache did not populate correctly: {}".format(json.dumps(
+                app.token_cache._cache, indent=4)))
+
+            if cache_hit:
+                self.run(app=app)["access_token"]  # Populate 1 token to be hit
+                expected_tokens = tokens_per_tenant + 1
+            else:
+                expected_tokens = tokens_per_tenant
+            app.token_cache.modify = lambda *args, **kwargs: None  # Cache becomes read-only
+            self.run(app=app)["access_token"]
+            assert expected_tokens == _count_access_tokens(app), "Cache shall not grow"
+
+    def run(self, app=None, scope=None):
+        # This implementation shall be as concise as possible
+        app = app or random.choice(self.apps)
+        #return app.acquire_token_for_client([scope or "scope"], post=_fake)
+        return app.acquire_token_for_client(
+            [scope or "scope"],
+            post=lambda url, **kwargs: MinimalResponse(  # Using an inline lambda is as fast as a standalone function
+                status_code=200, text='''{
+                "access_token": "AT for %s",
+                "token_type": "bearer"
+                }''' % kwargs["data"]["scope"],
+            ))
+

tests/test_benchmark.py

@@ -0,0 +1,20 @@
+from tests.simulator import ClientCredentialGrantSimulator as CcaTester
+
+# Here come benchmark test cases, powered by pytest-benchmark
+# Func names will become diag names.
+def test_cca_1_tenant_with_10_tokens_per_tenant_and_cache_hit(benchmark):
+    tester = CcaTester(tokens_per_tenant=10, cache_hit=True)
+    benchmark(tester.run)
+
+def test_cca_many_tenants_with_10_tokens_per_tenant_and_cache_hit(benchmark):
+    tester = CcaTester(number_of_tenants=1000, tokens_per_tenant=10, cache_hit=True)
+    benchmark(tester.run)
+
+def test_cca_1_tenant_with_10_tokens_per_tenant_and_cache_miss(benchmark):
+    tester = CcaTester(tokens_per_tenant=10, cache_hit=False)
+    benchmark(tester.run)
+
+def test_cca_many_tenants_with_10_tokens_per_tenant_and_cache_miss(benchmark):
+    tester = CcaTester(number_of_tenants=1000, tokens_per_tenant=10, cache_hit=False)
+    benchmark(tester.run)
+