Conversation
prajin-29
had a problem deploying
to
account-admin
GitHub Actions
Failure
nfx
left a comment
nfx
left a comment
There was a problem hiding this comment.
do this functionality as a CLI command. You can rely on GroupManager, but don't rely on ucx.groups table - e.g. it should be possible to run databricks labs ucx validate-groups before running the assessment workflow
| entitlements: str | None = None | ||
| external_id: str | None = None | ||
| roles: str | None = None | ||
| is_same_membership: bool | None = None |
There was a problem hiding this comment.
no, you're not allowed to add this column, as it'll be a breaking change to database, which this small feature is not justifying
There was a problem hiding this comment.
Changed the logic to incorporate it with CLI.
prajin-29
temporarily deployed
to
account-admin
GitHub Actions
Inactive
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #772 +/- ##
==========================================
+ Coverage 84.07% 84.19% +0.12%
==========================================
Files 39 39
Lines 4872 4910 +38
Branches 913 919 +6
==========================================
+ Hits 4096 4134 +38
Misses 564 564
Partials 212 212 ☔ View full report in Codecov by Sentry. |
prajin-29
changed the title
databricks labs ucx validate-groups-membership command to validate groups to see if they have same membership across acount and workspace level
prajin-29
temporarily deployed
to
account-admin
GitHub Actions
Inactive
prajin-29
had a problem deploying
to
account-admin
GitHub Actions
Failure
prajin-29
temporarily deployed
to
account-admin
GitHub Actions
Inactive
@nfx .Did this in CLI Command. Can you please validate the same. |
tests/integration/conftest.py
Outdated
|
|
||
|
|
||
| @pytest.fixture | ||
| def make_ucx_group_with_diff_members(make_random, make_group, make_acc_group, make_user): |
There was a problem hiding this comment.
Don't add a fixture if it's used only once. It makes the code convoluted and harder to maintain. Rewrite by inlining the fixture code into that single test
There was a problem hiding this comment.
Removed this fixture and rewrote it inline with test.
|
|
||
| def test_validate_group_diff_membership(): | ||
| backend = MockBackend() | ||
| wsclient = MagicMock() |
There was a problem hiding this comment.
Use "create_autospec(WorkspaceClient)"
There was a problem hiding this comment.
Used create_autospec
|
|
||
| def test_validate_group_same_membership(): | ||
| backend = MockBackend() | ||
| wsclient = MagicMock() |
There was a problem hiding this comment.
used create_autospec
william-conti
left a comment
william-conti
left a comment
There was a problem hiding this comment.
We should plan on enlarging this feature for all the workspaces in the account
| account_group_regex=account_group_regex, | ||
| ) | ||
| mismatch_groups = group_manager.validate_group_membership() | ||
| print(json.dumps(mismatch_groups)) |
There was a problem hiding this comment.
It should be better to return an error code when there's at least one entry in the mismatch_groups
There was a problem hiding this comment.
I'm not sure if CLI wrapper supports that just yet
|
|
||
|
|
||
| @ucx.command | ||
| def validate_groups_membership(w: WorkspaceClient): |
There was a problem hiding this comment.
What if I wan't to scope it for all workspaces in my account ?
There was a problem hiding this comment.
It has to be an additional command with is_account_level=True, it should call this function and pass down a workspace client for each workspace
nfx
left a comment
nfx
left a comment
There was a problem hiding this comment.
- Inline fixture that is not reused
- Make variable names consistent
- Add additional account level command
labs.yml
Outdated
| - name: validate-groups-membership | ||
| description: Validate the groups to see if the groups at account level and workspace level have different membership | ||
| table_template: |- | ||
| Workflow_Group_Name\tAccount_Group_Name |
There was a problem hiding this comment.
Use spaces for separating words, not underscores
There was a problem hiding this comment.
Replaced _ with space
labs.yml
Outdated
| description: Validate the groups to see if the groups at account level and workspace level have different membership | ||
| table_template: |- | ||
| Workflow_Group_Name\tAccount_Group_Name | ||
| {{range .}}{{.wf_group_name}}\t{{.ac_group_name}} |
There was a problem hiding this comment.
| {{range .}}{{.wf_group_name}}\t{{.ac_group_name}} | |
| {{range .}}{{.name_in_workspace}}\t{{.name_in_account}} |
Use conventional variable names
There was a problem hiding this comment.
Renamed with the conventional names
| account_group_regex=account_group_regex, | ||
| ) | ||
| mismatch_groups = group_manager.validate_group_membership() | ||
| print(json.dumps(mismatch_groups)) |
There was a problem hiding this comment.
I'm not sure if CLI wrapper supports that just yet
# Conflicts: # labs.yml # tests/unit/test_cli.py
prajin-29
had a problem deploying
to
account-admin
GitHub Actions
Failure
prajin-29
had a problem deploying
to
account-admin
GitHub Actions
Failure
prajin-29
temporarily deployed
to
account-admin
GitHub Actions
Inactive
* Added `databricks labs ucx validate-groups-membership` command to validate groups to see if they have same membership across acount and workspace level ([#772](#772)). * Added baseline for getting Azure Resource Role Assignments ([#764](#764)). * Added issue and pull request templates ([#791](#791)). * Added linked issues to PR template ([#793](#793)). * Added optional `debug_truncate_bytes` parameter to the config and extend the default log truncation limit ([#782](#782)). * Added support for crawling grants and applying Hive Metastore UDF ACLs ([#812](#812)). * Changed Python requirement from 3.10.6 to 3.10 ([#805](#805)). * Extend error handling of delta issues in crawlers and hive metastore ([#795](#795)). * Fixed `databricks labs ucx repair-run` command to execute correctly ([#801](#801)). * Fixed handling of `DELTASHARING` table format ([#802](#802)). * Fixed listing of workflows via CLI ([#811](#811)). * Fixed logger import path for DEBUG notebook ([#792](#792)). * Fixed move table command to delete table/view regardless if permissions are present, skipping corrupted tables when crawling table size and making existing tests more stable ([#777](#777)). * Fixed the issue of `databricks labs ucx installations` and `databricks labs ucx manual-workspace-info` ([#814](#814)). * Increase the unit test coverage for cli.py ([#800](#800)). * Mount Point crawler lists /Volume with four variations which is confusing ([#779](#779)). * Updated README.md to remove mention of deprecated install.sh ([#781](#781)). * Updated `bug` issue template ([#797](#797)). * Fixed writing log readme in multiprocess safe way ([#794](#794)).
* Added `databricks labs ucx validate-groups-membership` command to validate groups to see if they have same membership across acount and workspace level ([#772](#772)). * Added baseline for getting Azure Resource Role Assignments ([#764](#764)). * Added issue and pull request templates ([#791](#791)). * Added linked issues to PR template ([#793](#793)). * Added optional `debug_truncate_bytes` parameter to the config and extend the default log truncation limit ([#782](#782)). * Added support for crawling grants and applying Hive Metastore UDF ACLs ([#812](#812)). * Changed Python requirement from 3.10.6 to 3.10 ([#805](#805)). * Extend error handling of delta issues in crawlers and hive metastore ([#795](#795)). * Fixed `databricks labs ucx repair-run` command to execute correctly ([#801](#801)). * Fixed handling of `DELTASHARING` table format ([#802](#802)). * Fixed listing of workflows via CLI ([#811](#811)). * Fixed logger import path for DEBUG notebook ([#792](#792)). * Fixed move table command to delete table/view regardless if permissions are present, skipping corrupted tables when crawling table size and making existing tests more stable ([#777](#777)). * Fixed the issue of `databricks labs ucx installations` and `databricks labs ucx manual-workspace-info` ([#814](#814)). * Increase the unit test coverage for cli.py ([#800](#800)). * Mount Point crawler lists /Volume with four variations which is confusing ([#779](#779)). * Updated README.md to remove mention of deprecated install.sh ([#781](#781)). * Updated `bug` issue template ([#797](#797)). * Fixed writing log readme in multiprocess safe way ([#794](#794)).
* Added `databricks labs ucx validate-groups-membership` command to validate groups to see if they have same membership across acount and workspace level ([#772](#772)). * Added baseline for getting Azure Resource Role Assignments ([#764](#764)). * Added issue and pull request templates ([#791](#791)). * Added linked issues to PR template ([#793](#793)). * Added optional `debug_truncate_bytes` parameter to the config and extend the default log truncation limit ([#782](#782)). * Added support for crawling grants and applying Hive Metastore UDF ACLs ([#812](#812)). * Changed Python requirement from 3.10.6 to 3.10 ([#805](#805)). * Extend error handling of delta issues in crawlers and hive metastore ([#795](#795)). * Fixed `databricks labs ucx repair-run` command to execute correctly ([#801](#801)). * Fixed handling of `DELTASHARING` table format ([#802](#802)). * Fixed listing of workflows via CLI ([#811](#811)). * Fixed logger import path for DEBUG notebook ([#792](#792)). * Fixed move table command to delete table/view regardless if permissions are present, skipping corrupted tables when crawling table size and making existing tests more stable ([#777](#777)). * Fixed the issue of `databricks labs ucx installations` and `databricks labs ucx manual-workspace-info` ([#814](#814)). * Increase the unit test coverage for cli.py ([#800](#800)). * Mount Point crawler lists /Volume with four variations which is confusing ([#779](#779)). * Updated README.md to remove mention of deprecated install.sh ([#781](#781)). * Updated `bug` issue template ([#797](#797)). * Fixed writing log readme in multiprocess safe way ([#794](#794)).
3 participants
This pull request introduces several changes related to managing Databricks workspace groups. Here's a summary of the changes:
validate-groups-membershipis added to the CLI tool in the filecli.py. This command validates the groups in the workspace and account levels to see if they have different memberships. It returns a table showing the differences between the groups.GroupManageris added to the filegroups.pyto manage the groups in the workspace and account levels. This class includes a new methodvalidate_group_membershipthat compares the members of each group in the workspace and account levels and returns a list of groups that have different memberships.make_ucx_group_with_diff_membersis added to the fileconftest.pyto create a pair of groups with different members.test_group_matching_names_with_diff_usersis added to the filetest_groups.pyto test thevalidate_group_membershipmethod with a pair of groups that have different members.test_replace_workspace_groups_with_account_groupsto handle potential intermittent failures.These changes improve the group management functionality of the tool and make it more robust and reliable. The new
validate-groups-membershipcommand provides valuable information about the groups in the workspace and account levels, and the newGroupManagerclass and test cases ensure that the group management functionality works as expected.Closes #649