-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use SetPermissions instead of UpdatePermissions when setting folder permissions based on top-level ones #1822
Conversation
bundle/permissions/workspace_root.go
Outdated
rootPath += "/" | ||
} | ||
|
||
if !strings.HasPrefix(b.Config.Workspace.ArtifactPath, rootPath) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Artifacts in /Volumes/
should get special treatment. But for this PR I'd just make sure that it doesn't fail for Volumes.
For followup considerations: Volumes rely on grants, not permissions. And they lack fine-grained permissions. Plus users often won't have permissions to change grants. But what we may be able to do is check if the grants are correct. Doing so might be the job for a "top-level grants" feature though, rather than the "top-level permissions" feature.
cc @pietern
} | ||
|
||
func setPermissions(ctx context.Context, w workspace.WorkspaceInterface, path string, permissions []workspace.WorkspaceObjectAccessControlRequest) error { | ||
obj, err := w.GetStatusByPath(ctx, path) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it guaranteed that all paths exist at this point?
If not, then this function should do a create-if-not-exists.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's guaranteed because it's done after files.Upload
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this also hold for the other paths?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@andrewnester Can you clarify this one?
E.g. does the state path or the resources path exist after files.Upload
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, all of them will be created prior, the current mutator order is
libraries.Upload(), // creates artifacts path
...
files.Upload(outputHandler), // creates files and resources path
...
deploy.StatePush(), // creates state path
permissions.ApplyWorkspaceRootPermissions(),
c45c441
to
16f02c0
Compare
Auto-merge won't kick in until the integration tests have run (enabled this past Friday). You can trigger them either manually or by adding a commit. |
Test Details: go/deco-tests/11572324073 |
New features for Databricks Asset Bundles: This release adds support for managing AI/BI dashboards as part of your bundle configuration. The `bundle generate` command is updated to support producing dashboard bundle configuration as well as dashboard payloads. You can find an example configuration and walkthrough at https://github.com/databricks/bundle-examples/tree/main/knowledge_base/dashboard_nyc_taxi Bundles: * Add support for AI/BI dashboards ([#1743](#1743)). * Added validator for folder permissions ([#1824](#1824)). * Add bundle generate variant for dashboards ([#1847](#1847)). * Use SetPermissions instead of UpdatePermissions when setting folder permissions based on top-level ones ([#1822](#1822)). Internal: * Attempt to reduce test flakiness on Windows ([#1845](#1845)). * Reuse resource resolution code for the run command ([#1858](#1858)). * [Internal] Automatically trigger integration tests on PR ([#1857](#1857)). * Add privacy notice to README ([#1841](#1841)). * [Internal] Add test instructions for external contributors ([#1863](#1863)). * Add `libs/dyn/jsonsaver` ([#1862](#1862)). Dependency updates: * Bump github.com/fatih/color from 1.17.0 to 1.18.0 ([#1861](#1861)).
**New features for Databricks Asset Bundles:** This release adds support for managing AI/BI dashboards as part of your bundle configuration. The `bundle generate` command is updated to support producing dashboard bundle configuration as well as a serialized JSON representation of the dashboard. You can find an example configuration and walkthrough at https://github.com/databricks/bundle-examples/tree/main/knowledge_base/dashboard_nyc_taxi CLI: * Add privacy notice to README ([#1841](#1841)). Bundles: * Add support for AI/BI dashboards ([#1743](#1743)). * Added validator for folder permissions ([#1824](#1824)). * Add bundle generate variant for dashboards ([#1847](#1847)). * Use SetPermissions instead of UpdatePermissions when setting folder permissions based on top-level ones ([#1822](#1822)). Internal: * Attempt to reduce test flakiness on Windows ([#1845](#1845)). * Reuse resource resolution code for the run command ([#1858](#1858)). * [Internal] Automatically trigger integration tests on PR ([#1857](#1857)). * [Internal] Add test instructions for external contributors ([#1863](#1863)). * Add `libs/dyn/jsonsaver` ([#1862](#1862)). Dependency updates: * Bump github.com/fatih/color from 1.17.0 to 1.18.0 ([#1861](#1861)). --------- Co-authored-by: Pieter Noordhuis <pieter.noordhuis@databricks.com>
Hi @andrewnester @pietern ,
It looks like it's checking for some
|
@moritzmeister Thanks for reporting. We're looking into it. |
@moritzmeister You can work around this issue by prefixing the It would look something like: workspace:
root_path: /Workspace/Shared/... We're working on a patch release as well. |
Thanks for the quick reply, will test the workaround later tonight! |
## Changes `/Workspace` prefix needs to be added to `resource_path` as well. Fixes the issue mentioned here: #1822 (comment) Fixes #1867 ## Tests Added regression test
@moritzmeister The patch release containing the fix (0.232.1) was just released, please upgrade and see if it fixes your issue |
Thanks for the quick turnaround, this seems to work. Or at least getting a different error now 🤣 but that one seems to be my fault. |
Changes
Changed to use SetPermissions() to configure the permissions which remove other permissions on deployment folders.
Tests
Added unit test