Added databricks labs ucx validate-groups-membership command to validate groups to see if they have same membership across acount and workspace level
#772
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nfx
requested changes
Jan 11, 2024
| @@ -38,6 +38,7 @@ class MigratedGroup: | |||
| entitlements: str | None = None | |||
| external_id: str | None = None | |||
| roles: str | None = None | |||
| is_same_membership: bool | None = None | |||
There was a problem hiding this comment.
no, you're not allowed to add this column, as it'll be a breaking change to database, which this small feature is not justifying
There was a problem hiding this comment.
Changed the logic to incorporate it with CLI.
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #772 +/- ##
==========================================
+ Coverage 84.07% 84.19% +0.12%
==========================================
Files 39 39
Lines 4872 4910 +38
Branches 913 919 +6
==========================================
+ Hits 4096 4134 +38
Misses 564 564
Partials 212 212 ☔ View full report in Codecov by Sentry. |
databricks labs ucx validate-groups-membership command to validate groups to see if they have same membership across acount and workspace level
@nfx .Did this in CLI Command. Can you please validate the same. |
nfx
requested changes
Jan 17, 2024
tests/integration/conftest.py
Outdated
| @@ -105,6 +105,26 @@ def inner(workspace_group_name=None, account_group_name=None): | |||
| return inner | |||
|
|
|||
|
|
|||
| @pytest.fixture | |||
| def make_ucx_group_with_diff_members(make_random, make_group, make_acc_group, make_user): | |||
There was a problem hiding this comment.
Don't add a fixture if it's used only once. It makes the code convoluted and harder to maintain. Rewrite by inlining the fixture code into that single test
There was a problem hiding this comment.
Removed this fixture and rewrote it inline with test.
|
|
||
| def test_validate_group_diff_membership(): | ||
| backend = MockBackend() | ||
| wsclient = MagicMock() |
There was a problem hiding this comment.
Use "create_autospec(WorkspaceClient)"
There was a problem hiding this comment.
Used create_autospec
|
|
||
| def test_validate_group_same_membership(): | ||
| backend = MockBackend() | ||
| wsclient = MagicMock() |
There was a problem hiding this comment.
used create_autospec
william-conti
suggested changes
Jan 18, 2024
| account_group_regex=account_group_regex, | ||
| ) | ||
| mismatch_groups = group_manager.validate_group_membership() | ||
| print(json.dumps(mismatch_groups)) |
There was a problem hiding this comment.
It should be better to return an error code when there's at least one entry in the mismatch_groups
There was a problem hiding this comment.
I'm not sure if CLI wrapper supports that just yet
| @@ -138,6 +139,37 @@ def repair_run(w: WorkspaceClient, step): | |||
| installer.repair_run(step) | |||
|
|
|||
|
|
|||
| @ucx.command | |||
| def validate_groups_membership(w: WorkspaceClient): | |||
There was a problem hiding this comment.
What if I wan't to scope it for all workspaces in my account ?
There was a problem hiding this comment.
It has to be an additional command with is_account_level=True, it should call this function and pass down a workspace client for each workspace
nfx
requested changes
Jan 18, 2024
labs.yml
Outdated
| - name: validate-groups-membership | ||
| description: Validate the groups to see if the groups at account level and workspace level have different membership | ||
| table_template: |- | ||
| Workflow_Group_Name\tAccount_Group_Name |
There was a problem hiding this comment.
Use spaces for separating words, not underscores
There was a problem hiding this comment.
Replaced _ with space
labs.yml
Outdated
| description: Validate the groups to see if the groups at account level and workspace level have different membership | ||
| table_template: |- | ||
| Workflow_Group_Name\tAccount_Group_Name | ||
| {{range .}}{{.wf_group_name}}\t{{.ac_group_name}} |
There was a problem hiding this comment.
Suggested change
| {{range .}}{{.wf_group_name}}\t{{.ac_group_name}} | |
| {{range .}}{{.name_in_workspace}}\t{{.name_in_account}} |
Use conventional variable names
There was a problem hiding this comment.
Renamed with the conventional names
| account_group_regex=account_group_regex, | ||
| ) | ||
| mismatch_groups = group_manager.validate_group_membership() | ||
| print(json.dumps(mismatch_groups)) |
There was a problem hiding this comment.
I'm not sure if CLI wrapper supports that just yet
# Conflicts: # labs.yml # tests/unit/test_cli.py
nfx
approved these changes
Jan 19, 2024
nfx
added a commit
that referenced
this pull request
Jan 19, 2024
* Added `databricks labs ucx validate-groups-membership` command to validate groups to see if they have same membership across acount and workspace level ([#772](#772)). * Added baseline for getting Azure Resource Role Assignments ([#764](#764)). * Added issue and pull request templates ([#791](#791)). * Added linked issues to PR template ([#793](#793)). * Added optional `debug_truncate_bytes` parameter to the config and extend the default log truncation limit ([#782](#782)). * Added support for crawling grants and applying Hive Metastore UDF ACLs ([#812](#812)). * Changed Python requirement from 3.10.6 to 3.10 ([#805](#805)). * Extend error handling of delta issues in crawlers and hive metastore ([#795](#795)). * Fixed `databricks labs ucx repair-run` command to execute correctly ([#801](#801)). * Fixed handling of `DELTASHARING` table format ([#802](#802)). * Fixed listing of workflows via CLI ([#811](#811)). * Fixed logger import path for DEBUG notebook ([#792](#792)). * Fixed move table command to delete table/view regardless if permissions are present, skipping corrupted tables when crawling table size and making existing tests more stable ([#777](#777)). * Fixed the issue of `databricks labs ucx installations` and `databricks labs ucx manual-workspace-info` ([#814](#814)). * Increase the unit test coverage for cli.py ([#800](#800)). * Mount Point crawler lists /Volume with four variations which is confusing ([#779](#779)). * Updated README.md to remove mention of deprecated install.sh ([#781](#781)). * Updated `bug` issue template ([#797](#797)). * Fixed writing log readme in multiprocess safe way ([#794](#794)).
Merged
nfx
added a commit
that referenced
this pull request
Jan 19, 2024
* Added `databricks labs ucx validate-groups-membership` command to validate groups to see if they have same membership across acount and workspace level ([#772](#772)). * Added baseline for getting Azure Resource Role Assignments ([#764](#764)). * Added issue and pull request templates ([#791](#791)). * Added linked issues to PR template ([#793](#793)). * Added optional `debug_truncate_bytes` parameter to the config and extend the default log truncation limit ([#782](#782)). * Added support for crawling grants and applying Hive Metastore UDF ACLs ([#812](#812)). * Changed Python requirement from 3.10.6 to 3.10 ([#805](#805)). * Extend error handling of delta issues in crawlers and hive metastore ([#795](#795)). * Fixed `databricks labs ucx repair-run` command to execute correctly ([#801](#801)). * Fixed handling of `DELTASHARING` table format ([#802](#802)). * Fixed listing of workflows via CLI ([#811](#811)). * Fixed logger import path for DEBUG notebook ([#792](#792)). * Fixed move table command to delete table/view regardless if permissions are present, skipping corrupted tables when crawling table size and making existing tests more stable ([#777](#777)). * Fixed the issue of `databricks labs ucx installations` and `databricks labs ucx manual-workspace-info` ([#814](#814)). * Increase the unit test coverage for cli.py ([#800](#800)). * Mount Point crawler lists /Volume with four variations which is confusing ([#779](#779)). * Updated README.md to remove mention of deprecated install.sh ([#781](#781)). * Updated `bug` issue template ([#797](#797)). * Fixed writing log readme in multiprocess safe way ([#794](#794)).
dmoore247
pushed a commit
that referenced
this pull request
Mar 23, 2024
* Added `databricks labs ucx validate-groups-membership` command to validate groups to see if they have same membership across acount and workspace level ([#772](#772)). * Added baseline for getting Azure Resource Role Assignments ([#764](#764)). * Added issue and pull request templates ([#791](#791)). * Added linked issues to PR template ([#793](#793)). * Added optional `debug_truncate_bytes` parameter to the config and extend the default log truncation limit ([#782](#782)). * Added support for crawling grants and applying Hive Metastore UDF ACLs ([#812](#812)). * Changed Python requirement from 3.10.6 to 3.10 ([#805](#805)). * Extend error handling of delta issues in crawlers and hive metastore ([#795](#795)). * Fixed `databricks labs ucx repair-run` command to execute correctly ([#801](#801)). * Fixed handling of `DELTASHARING` table format ([#802](#802)). * Fixed listing of workflows via CLI ([#811](#811)). * Fixed logger import path for DEBUG notebook ([#792](#792)). * Fixed move table command to delete table/view regardless if permissions are present, skipping corrupted tables when crawling table size and making existing tests more stable ([#777](#777)). * Fixed the issue of `databricks labs ucx installations` and `databricks labs ucx manual-workspace-info` ([#814](#814)). * Increase the unit test coverage for cli.py ([#800](#800)). * Mount Point crawler lists /Volume with four variations which is confusing ([#779](#779)). * Updated README.md to remove mention of deprecated install.sh ([#781](#781)). * Updated `bug` issue template ([#797](#797)). * Fixed writing log readme in multiprocess safe way ([#794](#794)).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request introduces several changes related to managing Databricks workspace groups. Here's a summary of the changes:
validate-groups-membershipis added to the CLI tool in the filecli.py. This command validates the groups in the workspace and account levels to see if they have different memberships. It returns a table showing the differences between the groups.GroupManageris added to the filegroups.pyto manage the groups in the workspace and account levels. This class includes a new methodvalidate_group_membershipthat compares the members of each group in the workspace and account levels and returns a list of groups that have different memberships.make_ucx_group_with_diff_membersis added to the fileconftest.pyto create a pair of groups with different members.test_group_matching_names_with_diff_usersis added to the filetest_groups.pyto test thevalidate_group_membershipmethod with a pair of groups that have different members.test_replace_workspace_groups_with_account_groupsto handle potential intermittent failures.These changes improve the group management functionality of the tool and make it more robust and reliable. The new
validate-groups-membershipcommand provides valuable information about the groups in the workspace and account levels, and the newGroupManagerclass and test cases ensure that the group management functionality works as expected.Closes #649