Health Check (Azure#43339)

* change workloads based on feedback

* add staging yml file

* add staging yml file

* change health checks to use health probe

* remove unnecessary return type of database accounts method

* remove unused imports

* add more tests and fix tests

* fix pylint, changelog, and test

* fix tests

* fix tests

* fix tests

* move to use only one thread pool executor

* fix tests

* Apply suggestion from @Copilot

Co-authored-by: Copilot <[email protected]>

* Apply suggestion from @Copilot

Co-authored-by: Copilot <[email protected]>

* Apply suggestion from @Copilot

Co-authored-by: Copilot <[email protected]>

* Update sdk/cosmos/azure-cosmos/tests/test_health_check.py

Co-authored-by: Copilot <[email protected]>

* Update sdk/cosmos/azure-cosmos/tests/test_retry_policy_async.py

Co-authored-by: Copilot <[email protected]>

* react to design meeting

* remove configurability for database account calls

* fix pylint

* fix tests

* fix tests

* fix tests

* fix tests

* fix tests

* fix tests

* fix tests

* fix test

* increase retry factor and max retry after, updated documentation

* react to comments

* fix test pipeline issue and upgrade to pypy311

---------

Co-authored-by: Copilot <[email protected]>

Author: tvaron3

sdk/cosmos/azure-cosmos/CHANGELOG.md

@@ -10,6 +10,7 @@
 * Fixed bug where customer provided excluded region was not always being honored during certain transient failures. See [PR 43602](https://github.com/Azure/azure-sdk-for-python/pull/43602)
 
 #### Other Changes
+* Further optimized health checks for sync and async clients. See [PR 43339](https://github.com/Azure/azure-sdk-for-python/pull/43339)
 * Enhanced logging to ensure when a region is marked unavailable we have the proper context. See [PR 43602](https://github.com/Azure/azure-sdk-for-python/pull/43602)
 
 ### 4.14.0 (2025-10-13)

sdk/cosmos/azure-cosmos/azure/cosmos/_constants.py

@@ -40,7 +40,6 @@ class _Constants:
     Name: Literal["name"] = "name"
     DatabaseAccountEndpoint: Literal["databaseAccountEndpoint"] = "databaseAccountEndpoint"
     DefaultEndpointsRefreshTime: int = 5 * 60 * 1000 # milliseconds
-    UnavailableEndpointDBATimeouts: int = 1 # seconds
 
     # ServiceDocument Resource
     EnableMultipleWritableLocations: Literal["enableMultipleWriteLocations"] = "enableMultipleWriteLocations"
@@ -61,11 +60,11 @@ class _Constants:
     INFERENCE_SERVICE_DEFAULT_SCOPE = "https://dbinference.azure.com/.default"
     SEMANTIC_RERANKER_INFERENCE_ENDPOINT: str = "AZURE_COSMOS_SEMANTIC_RERANKER_INFERENCE_ENDPOINT"
 
-    # Database Account Retry Policy constants
+    # Health Check Retry Policy constants
     AZURE_COSMOS_HEALTH_CHECK_MAX_RETRIES: str = "AZURE_COSMOS_HEALTH_CHECK_MAX_RETRIES"
     AZURE_COSMOS_HEALTH_CHECK_MAX_RETRIES_DEFAULT: int = 3
     AZURE_COSMOS_HEALTH_CHECK_RETRY_AFTER_MS: str = "AZURE_COSMOS_HEALTH_CHECK_RETRY_AFTER_MS"
-    AZURE_COSMOS_HEALTH_CHECK_RETRY_AFTER_MS_DEFAULT: int = 100
+    AZURE_COSMOS_HEALTH_CHECK_RETRY_AFTER_MS_DEFAULT: int = 500
 
     # Only applicable when circuit breaker is enabled -------------------------
     CONSECUTIVE_ERROR_COUNT_TOLERATED_FOR_READ: str = "AZURE_COSMOS_CONSECUTIVE_ERROR_COUNT_TOLERATED_FOR_READ"

sdk/cosmos/azure-cosmos/azure/cosmos/_cosmos_client_connection.py

@@ -248,7 +248,7 @@ def __init__( # pylint: disable=too-many-statements
         # Routing map provider
         self._routing_map_provider = routing_map_provider.SmartRoutingMapProvider(self)
 
-        database_account, _ = self._global_endpoint_manager._GetDatabaseAccount(**kwargs)
+        database_account = self._global_endpoint_manager._GetDatabaseAccount(**kwargs)
         self._global_endpoint_manager.force_refresh_on_startup(database_account)
 
         # Use database_account if no consistency passed in to verify consistency level to be used
@@ -2691,22 +2691,21 @@ def GetDatabaseAccount(
             response_hook(last_response_headers, result)
         return database_account
 
-    def _GetDatabaseAccountCheck(
+    def health_check(
             self,
             url_connection: Optional[str] = None,
             **kwargs: Any
     ):
-        """Gets database account info.
+        """ Send a request to check the health of region.
 
-        :param str url_connection: the endpoint used to get the database account
-        :return: The Database Account.
-        :rtype: documents.DatabaseAccount
+        :param str url_connection: the endpoint for the region being checked
         """
         if url_connection is None:
             url_connection = self.url_connection
 
         headers = base.GetHeaders(self, self.default_headers, "get", "", "", "",
-                                  documents._OperationType.Read,{}, client_id=self.client_id)
+                                  documents._OperationType.Read, {},
+                                  client_id=self.client_id)
         request_params = RequestObject(http_constants.ResourceType.DatabaseAccount,
                                        documents._OperationType.Read,
                                        headers,

sdk/cosmos/azure-cosmos/azure/cosmos/_global_endpoint_manager.py

@@ -22,9 +22,11 @@
 """Internal class for global endpoint manager implementation in the Azure Cosmos
 database service.
 """
-
+import logging
+import os
 import threading
-from typing import Tuple
+from concurrent.futures import ThreadPoolExecutor, as_completed
+from typing import Callable, Any
 
 from azure.core.exceptions import AzureError
 
@@ -37,7 +39,7 @@
 
 
 # pylint: disable=protected-access
-
+logger = logging.getLogger("azure.cosmos._GlobalEndpointManager")
 
 class _GlobalEndpointManager(object): # pylint: disable=too-many-instance-attributes
     """
@@ -58,6 +60,9 @@ def __init__(self, client):
         self.refresh_lock = threading.RLock()
         self.last_refresh_time = 0
         self._database_account_cache = None
+        self.startup = True
+        self._refresh_thread = None
+        self.executor = ThreadPoolExecutor(max_workers=os.cpu_count())
 
     def get_refresh_time_interval_in_ms_stub(self):
         return constants._Constants.DefaultEndpointsRefreshTime
@@ -120,31 +125,58 @@ def refresh_endpoint_list(self, database_account, **kwargs):
                     raise e
 
     def _refresh_endpoint_list_private(self, database_account=None, **kwargs):
-        if database_account:
+        # 1. If explicit database_account provided and not during startup, just update cache (no health check now)
+        # 2. Else if refresh criteria met:
+        #    a. If not startup -> spawn background thread to do full database account + health checks
+        #    b. If startup -> get database account synchronously, then spawn background health checks,
+        #    then mark startup False
+        if database_account and not self.startup:
             self.location_cache.perform_on_database_account_read(database_account)
             self.refresh_needed = False
             self.last_refresh_time = current_time_millis()
         else:
             if self.location_cache.should_refresh_endpoints() or self.refresh_needed:
                 self.refresh_needed = False
                 self.last_refresh_time = current_time_millis()
-                # this will perform getDatabaseAccount calls to check endpoint health
-                self._endpoints_health_check(**kwargs)
-
-    def _GetDatabaseAccount(self, **kwargs) -> Tuple[DatabaseAccount, str]:
+                if not self.startup:
+                    # background full refresh (database account + health checks)
+                    self._start_background_refresh(self._refresh_database_account_and_health, kwargs)
+                else:
+                    self.location_cache.perform_on_database_account_read(database_account)
+                    self._start_background_refresh(self._endpoints_health_check, kwargs)
+                    self.startup = False
+
+    def _start_background_refresh(self, target: Callable[..., None], kwargs: dict[str, Any]):
+        """Starts a daemon thread to run the given target if one is not already active.
+        :param Callable target: The function to run in the background thread.
+        :param dict kwargs: The keyword arguments to pass to the target function.
+        """
+        if not (self._refresh_thread and self._refresh_thread.is_alive()):
+            def runner():
+                try:
+                    target(**kwargs)
+                except Exception as exception: #pylint: disable=broad-exception-caught
+                    # background failures should not crash main thread
+                    # Intentionally swallow to avoid affecting foreground; logging could be added.
+                    logger.error("Health check task failed: %s", exception, exc_info=True)
+            t = threading.Thread(target=runner, name="cosmos-endpoint-refresh", daemon=True)
+            self._refresh_thread = t
+            t.start()
+
+    def _GetDatabaseAccount(self, **kwargs) -> DatabaseAccount:
         """Gets the database account.
 
         First tries by using the default endpoint, and if that doesn't work,
         use the endpoints for the preferred locations in the order they are
         specified, to get the database account.
         :returns: A `DatabaseAccount` instance representing the Cosmos DB Database Account
         and the endpoint that was used for the request.
-        :rtype: tuple of (~azure.cosmos.DatabaseAccount, str)
+        :rtype: ~azure.cosmos.DatabaseAccount
         """
         try:
             database_account = self._GetDatabaseAccountStub(self.DefaultEndpoint, **kwargs)
             self._database_account_cache = database_account
-            return database_account, self.DefaultEndpoint
+            return database_account
         # If for any reason(non-globaldb related), we are not able to get the database
         # account from the above call to GetDatabaseAccount, we would try to get this
         # information from any of the preferred locations that the user might have
@@ -157,52 +189,34 @@ def _GetDatabaseAccount(self, **kwargs) -> Tuple[DatabaseAccount, str]:
                 try:
                     database_account = self._GetDatabaseAccountStub(locational_endpoint, **kwargs)
                     self._database_account_cache = database_account
-                    self.location_cache.mark_endpoint_available(locational_endpoint)
-                    return database_account, locational_endpoint
+                    return database_account
                 except (exceptions.CosmosHttpResponseError, AzureError):
                     self._mark_endpoint_unavailable(locational_endpoint, "_GetDatabaseAccount")
             raise
 
     def _endpoints_health_check(self, **kwargs):
-        """Gets the database account for each endpoint.
-
-        Validating if the endpoint is healthy else marking it as unavailable.
-        """
-        database_account, attempted_endpoint = self._GetDatabaseAccount(**kwargs)
-        self.location_cache.perform_on_database_account_read(database_account)
-        # get all the regional routing contexts to check
+        """Performs concurrent health checks for each endpoint (background-safe)."""
         endpoints = self.location_cache.endpoints_to_health_check()
-        success_count = 0
-        for endpoint in endpoints:
-            if endpoint != attempted_endpoint:
-                if success_count >= 4:
-                    break
-                # save current dba timeouts
-                previous_dba_read_timeout = self.client.connection_policy.DBAReadTimeout
-                previous_dba_connection_timeout = self.client.connection_policy.DBAConnectionTimeout
-                try:
-                    if (endpoint in
-                            self.location_cache.location_unavailability_info_by_endpoint):
-                        # if the endpoint is unavailable, we need to lower the timeouts to be more aggressive in the
-                        # health check. This helps reduce the time the health check is blocking all requests.
-                        self.client.connection_policy._override_dba_timeouts(constants._Constants
-                                                                             .UnavailableEndpointDBATimeouts,
-                                                                             constants._Constants
-                                                                             .UnavailableEndpointDBATimeouts)
-                        self.client._GetDatabaseAccountCheck(endpoint, **kwargs)
-                    else:
-                        self.client._GetDatabaseAccountCheck(endpoint, **kwargs)
-                    success_count += 1
-                    self.location_cache.mark_endpoint_available(endpoint)
-                except (exceptions.CosmosHttpResponseError, AzureError):
-                    self._mark_endpoint_unavailable(endpoint, "_endpoints_health_check")
 
-                finally:
-                    # after the health check for that endpoint setting the timeouts back to their original values
-                    self.client.connection_policy._override_dba_timeouts(previous_dba_read_timeout,
-                                                                         previous_dba_connection_timeout)
+        def _health_check(endpoint: str):
+            try:
+                self.client.health_check(endpoint, **kwargs)
+                self.location_cache.mark_endpoint_available(endpoint)
+            except (exceptions.CosmosHttpResponseError, AzureError):
+                self._mark_endpoint_unavailable(endpoint, "_endpoints_health_check")
+
+        futures = [self.executor.submit(_health_check, ep) for ep in endpoints]
+        for f in as_completed(futures):
+            # propagate unexpected exceptions (should be none besides those swallowed in health check)
+            _ = f.result()
+        # After all probes, update cache once
         self.location_cache.update_location_cache()
 
+    def _refresh_database_account_and_health(self, **kwargs):
+        database_account = self._GetDatabaseAccount(**kwargs)
+        self.location_cache.perform_on_database_account_read(database_account)
+        self._endpoints_health_check(**kwargs)
+
     def _GetDatabaseAccountStub(self, endpoint, **kwargs):
         """Stub for getting database account from the client.
         This can be used for mocking purposes as well.
@@ -211,21 +225,4 @@ def _GetDatabaseAccountStub(self, endpoint, **kwargs):
         :returns: A `DatabaseAccount` instance representing the Cosmos DB Database Account.
         :rtype: ~azure.cosmos.DatabaseAccount
         """
-        if endpoint in self.location_cache.location_unavailability_info_by_endpoint:
-            previous_dba_read_timeout = self.client.connection_policy.DBAReadTimeout
-            previous_dba_connection_timeout = self.client.connection_policy.DBAConnectionTimeout
-            try:
-                # if the endpoint is unavailable, we need to lower the timeouts to be more aggressive in the
-                # health check. This helps reduce the time the health check is blocking all requests.
-                self.client.connection_policy._override_dba_timeouts(constants._Constants
-                                                                     .UnavailableEndpointDBATimeouts,
-                                                                     constants._Constants
-                                                                     .UnavailableEndpointDBATimeouts)
-                database_account = self.client.GetDatabaseAccount(endpoint, **kwargs)
-            finally:
-                # after the health check for that endpoint setting the timeouts back to their original values
-                self.client.connection_policy._override_dba_timeouts(previous_dba_read_timeout,
-                                                                     previous_dba_connection_timeout)
-        else:
-            database_account = self.client.GetDatabaseAccount(endpoint, **kwargs)
-        return database_account
+        return self.client.GetDatabaseAccount(endpoint, **kwargs)

sdk/cosmos/azure-cosmos/azure/cosmos/_database_account_retry_policy.py renamed to sdk/cosmos/azure-cosmos/azure/cosmos/_health_check_retry_policy.py

@@ -19,24 +19,17 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 # SOFTWARE.
 
-"""Internal class for database account retry policy implementation in the
+"""Internal class for health check retry policy implementation in the
 Azure Cosmos database service.
 """
 import os
-from azure.core.exceptions import ServiceRequestError, ServiceResponseError
 from azure.cosmos import _constants
 
 
-class DatabaseAccountRetryPolicy(object):
-    """Implements retry logic for database account reads in Azure Cosmos DB."""
+class HealthCheckRetryPolicy(object):
+    """Implements retry logic for health checks in Azure Cosmos DB."""
 
-    # List of HTTP status codes considered transient errors for retry logic.
-    transient_status_codes = [502, 503, 504]
-
-    # Tuple of exception types considered transient errors for retry logic.
-    transient_exceptions = (ServiceRequestError, ServiceResponseError)
-
-    def __init__(self, connection_policy):
+    def __init__(self, connection_policy, *args):
         self.retry_count = 0
         self.retry_after_in_milliseconds = int(os.getenv(
             _constants._Constants.AZURE_COSMOS_HEALTH_CHECK_RETRY_AFTER_MS,
@@ -47,8 +40,12 @@ def __init__(self, connection_policy):
             str(_constants._Constants.AZURE_COSMOS_HEALTH_CHECK_MAX_RETRIES_DEFAULT)
         ))
         self.connection_policy = connection_policy
+        self.retry_factor = 2
+        self.max_retry_after_in_milliseconds = 1000 * 60 * 3  # 3 minutes
+        self.initial_connection_timeout = 5
+        self.request = args[0] if args else None
 
-    def ShouldRetry(self, exception):
+    def ShouldRetry(self, exception):# pylint: disable=unused-argument
         """
         Determines if the given exception is transient and if a retry should be attempted.
 
@@ -57,19 +54,20 @@ def ShouldRetry(self, exception):
         :return: True if the exception is transient and retry attempts to remain, False otherwise.
         :rtype: bool
         """
-
-        is_transient = False
-
-        # Check for transient HTTP status codes
-        status_code = getattr(exception, "status_code", None)
-        if status_code in self.transient_status_codes:
-            is_transient = True
-
-        # Check for transient exception types
-        if isinstance(exception, self.transient_exceptions):
-            is_transient = True
-
-        if is_transient and self.retry_count < self.max_retry_attempt_count:
+        if self.retry_count > 0:
+            self.retry_after_in_milliseconds = min(self.retry_after_in_milliseconds +
+                                                   self.retry_factor ** self.retry_count,
+                                                   self.max_retry_after_in_milliseconds)
+        if self.request:
+            # increase read timeout for each retry
+            if self.request.read_timeout_override:
+                self.request.read_timeout_override = min(self.request.read_timeout_override ** 2,
+                                                         self.connection_policy.ReadTimeout)
+            else:
+                self.request.read_timeout_override = self.initial_connection_timeout
+
+
+        if self.retry_count < self.max_retry_attempt_count:
             self.retry_count += 1
             return True
 

sdk/cosmos/azure-cosmos/azure/cosmos/_request_object.py

@@ -46,6 +46,7 @@ def __init__(
         self.excluded_locations: Optional[list[str]] = None
         self.excluded_locations_circuit_breaker: list[str] = []
         self.healthy_tentative_location: Optional[str] = None
+        self.read_timeout_override: Optional[int] = None
         self.pk_val = pk_val
         self.retry_write: int = 0