Skip to content

Create storage credentials based on instance profiles and existing roles.#869

Merged
nfx merged 31 commits intomainfrom
feature/migrate-storage-credentials-862
Feb 18, 2024
Merged

Create storage credentials based on instance profiles and existing roles.#869
nfx merged 31 commits intomainfrom
feature/migrate-storage-credentials-862

Conversation

@FastLee
Copy link
Copy Markdown
Contributor

@FastLee FastLee commented Feb 1, 2024
edited
Loading

Changes

Linked issues

relates to #862
closes #913

Resolves #..

Functionality

Added method to detect missing roles and add them to the AWS account.

Screenshare.-.2024-02-17.9_23_51.PM.mp4

Tests

  • manually tested
  • added unit tests
  • added integration tests
  • verified on staging environment (screenshot attached)

@codecov
Copy link
Copy Markdown

codecov bot commented Feb 1, 2024
edited
Loading

Codecov Report

Attention: 12 lines in your changes are missing coverage. Please review.

Comparison is base (228dd8f) 87.92% compared to head (2980285) 87.92%.

Files Patch % Lines
src/databricks/labs/ucx/assessment/aws.py 85.88% 5 Missing and 7 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #869      +/-   ##
==========================================
- Coverage   87.92%   87.92%   -0.01%     
==========================================
  Files          43       43              
  Lines        5178     5258      +80     
  Branches      928      943      +15     
==========================================
+ Hits         4553     4623      +70     
- Misses        428      432       +4     
- Partials      197      203       +6

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

nfx
nfx requested changes Feb 1, 2024
View reviewed changes
Copy link
Copy Markdown
Collaborator

@nfx nfx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please rebase and address comments

@FastLee FastLee force-pushed the feature/migrate-storage-credentials-862 branch from 2148442 to e224cbf Compare February 16, 2024 01:56
nfx
nfx reviewed Feb 16, 2024
View reviewed changes
nfx
nfx requested changes Feb 17, 2024
View reviewed changes
Copy link
Copy Markdown
Collaborator

@nfx nfx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use dictionaries and serialize them to JSON, no string replacement

@FastLee FastLee marked this pull request as ready for review February 17, 2024 17:59
@FastLee FastLee requested review from a team, nfx and zpappa February 17, 2024 17:59
@FastLee FastLee requested a review from nfx February 17, 2024 19:41
nfx
nfx requested changes Feb 17, 2024
View reviewed changes
src/databricks/labs/ucx/assessment/aws.py
aws_cmd = shutil.which("aws")
code, _, error = self._command_runner(f"{aws_cmd} {command} --output json")
if code != 0:
logger.error(error)
Copy link
Copy Markdown
Collaborator

@nfx nfx Feb 17, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't we throw the exception instead for it to bubble up to the top?

Copy link
Copy Markdown
Contributor Author

@FastLee FastLee Feb 17, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure.

@FastLee FastLee requested a review from nfx February 17, 2024 20:30
nfx
nfx reviewed Feb 17, 2024
View reviewed changes
@FastLee FastLee requested a review from nfx February 17, 2024 23:16
nfx
nfx approved these changes Feb 18, 2024
View reviewed changes
Copy link
Copy Markdown
Collaborator

@nfx nfx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a small demo to PR description and ready to merge

@FastLee FastLee enabled auto-merge February 18, 2024 11:45
@nfx nfx merged commit fc48c6f into main Feb 18, 2024
@nfx nfx deleted the feature/migrate-storage-credentials-862 branch February 18, 2024 15:18
nfx added a commit that referenced this pull request Feb 21, 2024
@nfx
Release v0.13.1
546199b 
* Added secret detection logic to Azure service principal crawler ([#950](#950)).
* Create storage credentials based on instance profiles and existing roles ([#869](#869)).
* Enforced `protected-access` pylint rule ([#956](#956)).
* Enforced `pylint` on unit and integration test code ([#953](#953)).
* Enforcing `invalid-name` pylint rule ([#957](#957)).
* Fixed AzureResourcePermissions.load to call Installation.load ([#962](#962)).
* Fixed installer script to reuse an existing UCX Cluster policy if present ([#964](#964)).
* More `pylint` tuning ([#958](#958)).
* Refactor `workspace_client_mock` to have combine fixtures stored in separate JSON files ([#955](#955)).

Dependency updates:

 * Updated databricks-sdk requirement from ~=0.19.0 to ~=0.20.0 ([#961](#961)).
@nfx nfx mentioned this pull request Feb 21, 2024
Merged
nfx added a commit that referenced this pull request Feb 21, 2024
@nfx
Release v0.13.1 (#966)
d1fdd9d 
* Added secret detection logic to Azure service principal crawler
([#950](#950)).
* Create storage credentials based on instance profiles and existing
roles ([#869](#869)).
* Enforced `protected-access` pylint rule
([#956](#956)).
* Enforced `pylint` on unit and integration test code
([#953](#953)).
* Enforcing `invalid-name` pylint rule
([#957](#957)).
* Fixed AzureResourcePermissions.load to call Installation.load
([#962](#962)).
* Fixed installer script to reuse an existing UCX Cluster policy if
present ([#964](#964)).
* More `pylint` tuning
([#958](#958)).
* Refactor `workspace_client_mock` to have combine fixtures stored in
separate JSON files
([#955](#955)).

Dependency updates:

* Updated databricks-sdk requirement from ~=0.19.0 to ~=0.20.0
([#961](#961)).
dmoore247 pushed a commit that referenced this pull request Mar 23, 2024
@FastLee @dmoore247
Create storage credentials based on instance profiles and existing ro…
00b39d1 
…les. (#869)
dmoore247 pushed a commit that referenced this pull request Mar 23, 2024
@nfx @dmoore247
Release v0.13.1 (#966)
9977a8d 
* Added secret detection logic to Azure service principal crawler
([#950](#950)).
* Create storage credentials based on instance profiles and existing
roles ([#869](#869)).
* Enforced `protected-access` pylint rule
([#956](#956)).
* Enforced `pylint` on unit and integration test code
([#953](#953)).
* Enforcing `invalid-name` pylint rule
([#957](#957)).
* Fixed AzureResourcePermissions.load to call Installation.load
([#962](#962)).
* Fixed installer script to reuse an existing UCX Cluster policy if
present ([#964](#964)).
* More `pylint` tuning
([#958](#958)).
* Refactor `workspace_client_mock` to have combine fixtures stored in
separate JSON files
([#955](#955)).

Dependency updates:

* Updated databricks-sdk requirement from ~=0.19.0 to ~=0.20.0
([#961](#961)).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nfx nfx nfx approved these changes

@zpappa zpappa Awaiting requested review from zpappa

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[FEATURE]: Create cloud principals [AWS]

2 participants

@FastLee @nfx