Batch oversized bulk operation audit logs

[Copilot]

Description

Bulk delete and bulk update audit logs concatenate all affected resource IDs into a single "Affected Items" string, which can exceed the 16,000 character log limit. This change splits the items into size-bounded batches, emitting multiple LogAudit calls as needed.

• Created a shared BulkOperationAuditLogHelper static class in Features/Persistence/ containing the batching logic and size constants
• Added MaxAuditLogSize (16000) and AuditLogOverheadSize (1000) constants
• CreateAffectedItemBatches() splits items into batches where each batch string stays under the limit; items are never split mid-entry
• A single oversized item (e.g., extremely long resource ID) is kept in its own batch rather than truncated
• Items within a batch are comma-separated, with no leading comma on the first item
• Updated DeletionService.CreateAuditLog() to use the shared helper
• Updated BulkUpdateService.CreateAuditLog() to use the shared helper, replacing the previous unbounded Aggregate approach with size-safe batching

Related issues

Bug 188287

Testing

Added 8 unit tests in BulkOperationAuditLogHelperTests.cs covering: empty list, small list (single batch), large list (multi-batch), boundary sizing, include-tag preservation, no leading comma per batch, single oversized item, and no-data-loss across batches.

Added integration tests verifying the audit logging helper is invoked by both services:

• DeletionServiceAuditLogTests.cs: GivenBulkHardDelete_WhenResourcesAreDeleted_ThenAuditLoggerIsCalledWithBatchedAffectedItems — exercises the full DeleteMultipleAsync hard-delete flow and asserts _auditLogger.LogAudit is called with "Affected Items" in additionalProperties.
• BulkUpdateServiceTests.cs: UpdateMultipleAsync_WhenResultsReturned_ThenAuditLoggerIsCalledWithBatchedAffectedItems — exercises the UpdateMultipleAsync flow and asserts the same.

Both integration tests use a polling pattern (instead of hard-coded delays) to deterministically wait for Task.Run-based audit logging to complete.

FHIR Team Checklist

• Update the title of the PR to be succinct and less than 65 characters
• Add a milestone to the PR for the sprint that it is merged (i.e. add S47)
• Tag the PR with the type of update: Bug, Build, Dependencies, Enhancement, New-Feature or Documentation
• Tag the PR with Open source, Azure API for FHIR (CosmosDB or common code) or Azure Healthcare APIs (SQL or common code) to specify where this change is intended to be released.
• Tag the PR with Schema Version backward compatible or Schema Version backward incompatible or Schema Version unchanged if this adds or updates Sql script which is/is not backward compatible with the code.
• When changing or adding behavior, if your code modifies the system design or changes design assumptions, please create and include an ADR.
• CI is green before merge
• Review squash-merge requirements

Semver Change (docs)

Patch

[LTA-Thinking]

@copilot Please remove the comma from the first item added to a batch.

[Copilot]

Done in d145517. The first item in each batch no longer has a leading comma — commas are now only used as separators between items within a batch.

[LTA-Thinking]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 76.95%. Comparing base (ea948f8) to head (d145517).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5484      +/-   ##
==========================================
+ Coverage   76.91%   76.95%   +0.04%     
==========================================
  Files         978      978              
  Lines       35680    35694      +14     
  Branches     5356     5359       +3     
==========================================
+ Hits        27443    27470      +27     
+ Misses       6903     6892      -11     
+ Partials     1334     1332       -2     

see 12 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[apurvabhaleMS]

@LTA-Thinking do we need to do this for Bulk update as well?

[LTA-Thinking]

@copilot Please change the update service to use the same audit log method as bulk delete. The create audit log method can be moved to a new static class that the update service and delete service can reference.

[Copilot]

@copilot Please change the update service to use the same audit log method as bulk delete. The create audit log method can be moved to a new static class that the update service and delete service can...

Done in c1d4731. Extracted CreateAffectedItemBatches() and the size constants into a new BulkOperationAuditLogHelper static class under Features/Persistence/. Both DeletionService and BulkUpdateService now reference it. The BulkUpdateService.CreateAuditLog method now uses batching (replacing the old Aggregate approach), so oversized audit logs are handled for bulk update as well.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• microsofthealthoss.pkgs.visualstudio.com
  • Triggering command: /usr/bin/dotnet dotnet build src/Microsoft.Health.Fhir.R4.Core/Microsoft.Health.Fhir.R4.Core.csproj --no-restore (dns block)
  • Triggering command: /usr/bin/dotnet dotnet restore src/Microsoft.Health.Fhir.R4.Core/Microsoft.Health.Fhir.R4.Core.csproj (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[LTA-Thinking]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[LTA-Thinking]

@copilot Please add unit tests for the deletion service that include a test showing the audit logging helper is being called. Also, update the bulk update service's unit tests to add one showing the audit logging helping is being called.

[Copilot]

@copilot Please add unit tests for the deletion service that include a test showing the audit logging helper is being called. Also, update the bulk update service's unit tests to add one showing the a...

Done in dc278bd. Added DeletionServiceAuditLogTests.cs with a test GivenBulkHardDelete_WhenResourcesAreDeleted_ThenAuditLoggerIsCalledWithBatchedAffectedItems that exercises the full DeleteMultipleAsync flow and verifies _auditLogger.LogAudit is called with "Affected Items" in additionalProperties. Also added UpdateMultipleAsync_WhenResultsReturned_ThenAuditLoggerIsCalledWithBatchedAffectedItems to BulkUpdateServiceTests.cs with the same verification for the update path. Both tests use a polling pattern instead of hard-coded delays to wait for the Task.Run-based audit logging.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• microsofthealthoss.pkgs.visualstudio.com
  • Triggering command: /usr/bin/dotnet dotnet build src/Microsoft.Health.Fhir.R4.Core.UnitTests/Microsoft.Health.Fhir.R4.Core.UnitTests.csproj (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[LTA-Thinking]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).