[Experimental] Add support for permission migration API #1080
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #1080 +/- ##
==========================================
+ Coverage 89.67% 89.72% +0.05%
==========================================
Files 61 61
Lines 7166 7221 +55
Branches 1290 1296 +6
==========================================
+ Hits 6426 6479 +53
- Misses 477 478 +1
- Partials 263 264 +1 ☔ View full report in Codecov by Sentry. |
|
Context: we have some workspaces 3M permission tasks and it takes 70-75hours with the current RPS. 24-32hrs downtime phase is tolerable. |
nfx
requested changes
Mar 25, 2024
| def migrate_permission(workspace_id, workspace_group_name, account_group_name): | ||
| self._ws.permission_migration.migrate_permissions(workspace_id, workspace_group_name, account_group_name) | ||
|
|
||
| applier_tasks: list[Callable[..., None]] = [] |
There was a problem hiding this comment.
this should be sequential, based on the design doc and we just need to check the amount of migrated/remaining records.
nkvuong
force-pushed
the
feature/permission_migration_api
branch
from
bffac2b
to
a1630cc
Compare
nkvuong
changed the title
|
❌ 128/132 passed, 2 flaky, 4 failed, 20 skipped, 1h30m8s total ❌ test_migrate_external_table: databricks.labs.blueprint.parallel.ManyError: Detected 1 failures: BadRequest: PERMISSION_DENIED: Failed to get credentials: Storage Credential TEST_STORAGE_CREDENTIAL is not configured correctly. Please contact the owner or your account admin to update the configuration. (12.838s)❌ test_table_migration_job_cluster_override: databricks.sdk.errors.platform.Unknown: (java.lang.SecurityException) PERMISSION_DENIED: Failed to get credentials: Storage Credential TEST_STORAGE_CREDENTIAL is not configured correctly. Please contact the owner or your account admin to update the configuration. (3m2.657s)❌ test_running_real_assessment_job: databricks.labs.blueprint.parallel.ManyError: Detected 10 failures: Unknown: assess_CLOUD_ENV_service_principals: run failed with error message (7m43.343s)❌ test_partitioned_tables: databricks.labs.blueprint.parallel.ManyError: Detected 9 failures: Unknown: assess_CLOUD_ENV_service_principals: run failed with error message (8m2.431s)Flaky tests:
Running from acceptance #1806 |
nfx
requested changes
Mar 25, 2024
| ) | ||
| if response.permissions_migrated is None: | ||
| break | ||
| if response.permissions_migrated < batch_size: |
There was a problem hiding this comment.
Suggested change
| if response.permissions_migrated < batch_size: | |
| if response.permissions_migrated == 0: |
perhaps this is better? also do some logging.
src/databricks/labs/ucx/runtime.py
Outdated
| @@ -376,7 +376,10 @@ def apply_permissions_to_account_groups( | |||
| num_threads=cfg.num_threads, | |||
| workspace_start_path=cfg.workspace_start_path, | |||
| ) | |||
| permission_manager.apply_group_permissions(migration_state) | |||
| if cfg.use_permission_migration_api: | |||
| permission_manager.apply_group_permissions_private_preview_api(migration_state) | |||
There was a problem hiding this comment.
how sure are you that API supports all permission backends we need?
nkvuong
force-pushed
the
feature/permission_migration_api
branch
from
71a7b08
to
24e51a4
Compare
nkvuong
force-pushed
the
feature/permission_migration_api
branch
from
c2ccf73
to
592d8fb
Compare
nfx
requested changes
Mar 26, 2024
src/databricks/labs/ucx/runtime.py
Outdated
| grants_crawler = GrantsCrawler(tables_crawler, udfs_crawler) | ||
| tacl_support = TableAclSupport(grants_crawler, sql_backend) | ||
| permission_manager = PermissionManager(ws, sql_backend, cfg.inventory_database, [tacl_support]) | ||
| permission_manager.apply_group_permissions_experimental(migration_state) |
There was a problem hiding this comment.
can we do apply_group_permissions_experimental in a separate task, so that it's in parallel to TACL apply?
src/databricks/labs/ucx/runtime.py
Outdated
| Fourth phase of the workspace-local group migration process. It does the following: | ||
| - Assigns the full set of permissions of the original group to the account-level one | ||
|
|
||
| It covers local workspace-local permissions for all entities: Legacy Table ACLs, Entitlements, |
There was a problem hiding this comment.
Suggested change
| It covers local workspace-local permissions for all entities: Legacy Table ACLs, Entitlements, | |
| It covers local workspace-local permissions for all entities: Entitlements, |
Comment on lines
191
to
194
| except RuntimeError as e: | ||
| errors.append(e) | ||
| break | ||
| return errors |
There was a problem hiding this comment.
Suggested change
| except RuntimeError as e: | |
| errors.append(e) | |
| break | |
| return errors |
- why do we need to return a list of errors, if it has at most one item?
- won't it be simple to bubble-up the platform error instead?
Comment on lines
159
to
164
| errors: list[Exception] = [] | ||
| for migrated_group in migration_state.groups: | ||
| errors.extend(self._migrate_group_permissions_paginated(migrated_group)) | ||
| if len(errors) > 0: | ||
| logger.error(f"Detected {len(errors)} errors while applying permissions") | ||
| raise ManyError(errors) |
There was a problem hiding this comment.
Suggested change
| errors: list[Exception] = [] | |
| for migrated_group in migration_state.groups: | |
| errors.extend(self._migrate_group_permissions_paginated(migrated_group)) | |
| if len(errors) > 0: | |
| logger.error(f"Detected {len(errors)} errors while applying permissions") | |
| raise ManyError(errors) | |
| items = 0 | |
| for migrated_group in migration_state.groups: | |
| items += self._migrate_group_permissions_paginated(migrated_group) | |
| logger.info(f"Migrated {items} items") |
immediate failure in a resumable job is always better. we can add @retried on the call if needed.
| batch_size = 1000 | ||
| errors: list[Exception] = [] | ||
| logger.info( | ||
| f"Migrating permission from workspace group {migrated_group.name_in_workspace} " |
There was a problem hiding this comment.
Suggested change
| f"Migrating permission from workspace group {migrated_group.name_in_workspace} " | |
| f"Migrating permissions from workspace group {migrated_group.name_in_workspace} " |
| NB_OF_TEST_WS_OBJECTS = 1000 | ||
|
|
||
|
|
||
| def test_apply_group_permissions_experimental_performance( |
There was a problem hiding this comment.
can we make sure we launch it only from debugger or from local or something like that? what env variable only exists on our laptops?
| import logging | ||
|
|
||
| # pylint: disable-next=unused-wildcard-import,wildcard-import | ||
| from tests.integration.conftest import * # noqa: F403 |
| @@ -0,0 +1,9 @@ | |||
| import logging | |||
|
|
|||
| # pylint: disable-next=unused-wildcard-import,wildcard-import | |||
There was a problem hiding this comment.
we need to import multiple fixtures from integration tests & mixins, explicitly listing them out is very verbose
tests/unit/test_runtime.py
Outdated
| ws = create_autospec(WorkspaceClient) | ||
| ws.get_workspace_id.return_value = "12345678" | ||
| ws.permission_migration.migrate_permissions.side_effect = RuntimeError("internal error") | ||
| with pytest.raises(RuntimeError): |
| @@ -144,6 +148,51 @@ def apply_group_permissions(self, migration_state: MigrationState) -> bool: | |||
| logger.info("Permissions were applied") | |||
| return True | |||
|
|
|||
| def apply_group_permissions_experimental(self, migration_state: MigrationState) -> bool: | |||
There was a problem hiding this comment.
Suggested change
| def apply_group_permissions_experimental(self, migration_state: MigrationState) -> bool: | |
| def apply_group_permissions_experimental(self, permission_migration: PermissionMigrationAPI, migration migration_state: MigrationState) -> bool: |
this would reduce the diff size and remove the need to change so many tests. unlike the current change in constructor, which is not strictly necessary then.
There was a problem hiding this comment.
we still need self._ws.get_workspace_id(), so would it make sense to change this to
def apply_group_permissions_experimental(self, ws: WorkspaceClient,
migration_state: MigrationState) -> bool:
nkvuong
force-pushed
the
feature/permission_migration_api
branch
from
785affc
to
1893b15
Compare
# Conflicts: # tests/unit/test_runtime.py
nfx
approved these changes
Mar 27, 2024
| ws_group = make_group() | ||
| acc_group = make_acc_group() | ||
| acc.workspace_assignment.update(ws.get_workspace_id(), acc_group.id, [iam.WorkspacePermission.USER]) | ||
| # need to return both, as acc_group.id is not in MigratedGroup dataclass |
There was a problem hiding this comment.
Suggested change
| # need to return both, as acc_group.id is not in MigratedGroup dataclass |
leftover comment
|
|
||
| @staticmethod | ||
| def _migrate_group_permissions_paginated(ws: WorkspaceClient, migrated_group: MigratedGroup): | ||
|
|
Comment on lines
+108
to
+123
| while True: | ||
| response = ws.permission_migration.migrate_permissions( | ||
| ws.get_workspace_id(), | ||
| migrated_group.name_in_workspace, | ||
| migrated_group.name_in_account, | ||
| size=batch_size, | ||
| ) | ||
| # response shouldn't be empty | ||
| if response.permissions_migrated is None: | ||
| break | ||
| # no more permissions to migrate | ||
| if response.permissions_migrated == 0: | ||
| logger.info("No more permission to migrated.") | ||
| break | ||
| logger.info(f"Migrated {response.permissions_migrated} permissions.") | ||
| return 1 |
There was a problem hiding this comment.
Suggested change
| while True: | |
| response = ws.permission_migration.migrate_permissions( | |
| ws.get_workspace_id(), | |
| migrated_group.name_in_workspace, | |
| migrated_group.name_in_account, | |
| size=batch_size, | |
| ) | |
| # response shouldn't be empty | |
| if response.permissions_migrated is None: | |
| break | |
| # no more permissions to migrate | |
| if response.permissions_migrated == 0: | |
| logger.info("No more permission to migrated.") | |
| break | |
| logger.info(f"Migrated {response.permissions_migrated} permissions.") | |
| return 1 | |
| permissions_migrated = 0 | |
| while True: | |
| response = ws.permission_migration.migrate_permissions( | |
| ws.get_workspace_id(), | |
| migrated_group.name_in_workspace, | |
| migrated_group.name_in_account, | |
| size=batch_size, | |
| ) | |
| if not response.permissions_migrated: | |
| logger.info("No more permission to migrated.") | |
| return permissions_migrated | |
| permissions_migrated += response.permissions_migrated | |
| logger.info(f"Migrated {response.permissions_migrated} permissions to {migrated_group.name_in_account} account group") | |
| return permissions_migrated |
nit: what about this?
Comment on lines
+34
to
+39
| make_migrated_group, | ||
| make_instance_pool, | ||
| make_instance_pool_permissions, | ||
| is_experimental: bool, | ||
| ): | ||
| migrated_group = make_migrated_group() |
There was a problem hiding this comment.
Suggested change
| make_migrated_group, | |
| make_instance_pool, | |
| make_instance_pool_permissions, | |
| is_experimental: bool, | |
| ): | |
| migrated_group = make_migrated_group() | |
| migrated_group, | |
| make_instance_pool, | |
| make_instance_pool_permissions, | |
| is_experimental: bool, | |
| ): |
nit: what if we switch from fixture factory (make_*) to just a fixture?
| env_or_skip, | ||
| ): | ||
| # Making sure this test can only be launched from local | ||
| env_or_skip("PWD") |
There was a problem hiding this comment.
Suggested change
| env_or_skip("PWD") | |
| env_or_skip("IDE_PROJECT_ROOTS") |
isn't $PWD too common?
|
please address comments in the follow-up PRs |
nkvuong
added a commit
that referenced
this pull request
Mar 27, 2024
2 tasks
nfx
pushed a commit
that referenced
this pull request
Mar 27, 2024
## Changes Applied remaining feedback for #1080 ### Linked issues <!-- DOC: Link issue with a keyword: close, closes, closed, fix, fixes, fixed, resolve, resolves, resolved. See https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword --> Follow up for #1080 ### Tests <!-- How is this tested? Please see the checklist below and also describe any other relevant tests --> - [x] manually tested - [ ] verified on staging environment (screenshot attached)
Merged
nfx
added a commit
that referenced
this pull request
Mar 28, 2024
* Added ACL migration to `migrate-tables` workflow ([#1135](#1135)). * Added AVRO to supported format to be upgraded by SYNC ([#1134](#1134)). In this release, the `hive_metastore` package's `tables.py` file has been updated to add AVRO as a supported format for the SYNC upgrade functionality. This change includes AVRO in the list of supported table formats in the `is_format_supported_for_sync` method, which checks if the table format is not `None` and if the format's uppercase value is one of the supported formats. The addition of AVRO enables it to be upgraded using the SYNC functionality. Moreover, a new format called BINARYFILE has been introduced, which is not supported for SYNC upgrade. This release is part of the implementation of issue [#1134](#1134), improving the compatibility of the SYNC upgrade functionality with various data formats. * Added `is_partitioned` column ([#1130](#1130)). A new column, `is_partitioned`, has been added to the `ucx.tables` table in the assessment module, indicating whether the table is partitioned or not with values `Yes` or "No". This change addresses issue [#871](#871) and has been manually tested. The commit also includes updated documentation for the modified table. No new methods, CLI commands, workflows, or tests (unit, integration) have been introduced as part of this change. * Added assessment of interactive cluster usage compared to UC compute limitations ([#1123](#1123)). * Added external location validation when creating catalogs with `create-catalogs-schemas` command ([#1110](#1110)). * Added flag to Job to identify Job submitted by jar ([#1088](#1088)). The open-source library has been updated with several new features aimed at enhancing user functionality and convenience. These updates include the addition of a new sorting algorithm, which provides users with an efficient and customizable method for organizing data. Additionally, a new caching mechanism has been implemented, improving the library's performance and reducing the amount of time required to access frequently used data. Furthermore, the library now supports multi-threading, enabling users to perform multiple operations simultaneously and increase overall productivity. Lastly, a new error handling system has been developed, providing users with more informative and actionable feedback when unexpected issues arise. These changes are a significant step forward in improving the library's performance, functionality, and usability for all users. * Bump databricks-sdk from 0.22.0 to 0.23.0 ([#1121](#1121)). In this version update, `databricks-sdk` is upgraded from 0.22.0 to 0.23.0, introducing significant changes to the handling of AWS and Azure identities. The `AwsIamRole` class is replaced with `AwsIamRoleRequest` in the `databricks.sdk.service.catalog` module, affecting the creation of AWS storage credentials using IAM roles. The `create` function in `src/databricks/labs/ucx/aws/credentials.py` is updated to accommodate this modification. Additionally, the `AwsIamRole` argument in the `create` function of `fixtures.py` in the `databricks/labs/ucx/mixins` directory is replaced with `AwsIamRoleRequest`. The tests in `tests/integration/aws/test_access.py` are also updated to utilize `AwsIamRoleRequest`, and `StorageCredentialInfo` in `tests/unit/azure/test_credentials.py` now uses `AwsIamRoleResponse` instead of `AwsIamRole`. The new classes, `AwsIamRoleRequest` and `AwsIamRoleResponse`, likely include new features or bug fixes for AWS IAM roles. These changes require software engineers to thoroughly assess their codebase and adjust any relevant functions accordingly. * Deploy static views needed by [#1123](#1123) interactive dashboard ([#1139](#1139)). In this update, we have added two new views, `misc_patterns_vw` and `code_patterns_vw`, to the `install.py` script in the `databricks/labs/ucx` directory. These views were originally intended to be deployed with a previous update ([#1123](#1123)) but were inadvertently overlooked. The addition of these views addresses issues with queries in the `interactive` dashboard. The `deploy_schema` function has been updated with two new lines, `deployer.deploy_view("misc_patterns", "queries/views/misc_patterns.sql")` and `deployer.deploy_view("code_patterns", "queries/views/code_patterns.sql")`, to deploy the new views using their respective SQL files from the `queries/views` directory. No other modifications have been made to the file. * Fixed Table ACL migration logic ([#1149](#1149)). The open-source library has been updated with several new features, providing enhanced functionality for software engineers. A new utility class has been added to simplify the process of working with collections, offering methods to filter, map, and reduce elements in a performant manner. Additionally, a new configuration system has been implemented, allowing users to easily customize library behavior through a simple JSON format. Finally, we have added support for asynchronous processing, enabling efficient handling of I/O-bound tasks and improving overall application performance. These features have been thoroughly tested and are ready for use in your projects. * Fixed `AssertionError: assert '14.3.x-scala2.12' == '15.0.x-scala2.12'` from nightly integration tests ([#1120](#1120)). In this release, the open-source library has been updated with several new features to enhance functionality and provide more options to users. The library now supports multi-threading, allowing for more efficient processing of large datasets. Additionally, a new algorithm for data compression has been implemented, resulting in reduced memory usage and faster data transfer. The library API has also been expanded, with new methods for sorting and filtering data, as well as improved error handling. These changes aim to provide a more robust and performant library, making it an even more valuable tool for software engineers. * Increase code coverage by 1 percent ([#1125](#1125)). * Skip installation if remote and local version is the same, provide prompt to override ([#1084](#1084)). In this release, the `new_installation` workflow in the open-source library has been enhanced to include a new use case for handling identical remote and local versions of UCX. When the remote and local versions are the same, the user is now prompted and if no override is requested, a RuntimeWarning is raised. Additionally, users are now prompted to update the existing installation and if confirmed, the installation proceeds. These modifications include manual testing and new unit tests to ensure functionality. These changes provide users with more control over their installation process and address a specific use case for handling identical UCX versions. * Updated databricks-labs-lsql requirement from ~=0.2.2 to >=0.2.2,<0.4.0 ([#1137](#1137)). The open-source library has been updated with several new features to enhance usability and functionality. Firstly, we have added support for asynchronous processing, allowing for more efficient handling of large data sets and improving overall performance. Additionally, a new configuration system has been implemented, which simplifies the setup process for users and increases customization options. We have also included a new error handling mechanism that provides more detailed and actionable information, making it easier to diagnose and resolve issues. Lastly, we have made significant improvements to the library's documentation, including updated examples, guides, and an expanded API reference. These changes are part of our ongoing commitment to improving the library and providing the best possible user experience. * [Experimental] Add support for permission migration API ([#1080](#1080)). Dependency updates: * Updated databricks-labs-lsql requirement from ~=0.2.2 to >=0.2.2,<0.4.0 ([#1137](#1137)).
nfx
added a commit
that referenced
this pull request
Mar 28, 2024
* Added ACL migration to `migrate-tables` workflow ([#1135](#1135)). * Added AVRO to supported format to be upgraded by SYNC ([#1134](#1134)). In this release, the `hive_metastore` package's `tables.py` file has been updated to add AVRO as a supported format for the SYNC upgrade functionality. This change includes AVRO in the list of supported table formats in the `is_format_supported_for_sync` method, which checks if the table format is not `None` and if the format's uppercase value is one of the supported formats. The addition of AVRO enables it to be upgraded using the SYNC functionality. Moreover, a new format called BINARYFILE has been introduced, which is not supported for SYNC upgrade. This release is part of the implementation of issue [#1134](#1134), improving the compatibility of the SYNC upgrade functionality with various data formats. * Added `is_partitioned` column ([#1130](#1130)). A new column, `is_partitioned`, has been added to the `ucx.tables` table in the assessment module, indicating whether the table is partitioned or not with values `Yes` or "No". This change addresses issue [#871](#871) and has been manually tested. The commit also includes updated documentation for the modified table. No new methods, CLI commands, workflows, or tests (unit, integration) have been introduced as part of this change. * Added assessment of interactive cluster usage compared to UC compute limitations ([#1123](#1123)). * Added external location validation when creating catalogs with `create-catalogs-schemas` command ([#1110](#1110)). * Added flag to Job to identify Job submitted by jar ([#1088](#1088)). The open-source library has been updated with several new features aimed at enhancing user functionality and convenience. These updates include the addition of a new sorting algorithm, which provides users with an efficient and customizable method for organizing data. Additionally, a new caching mechanism has been implemented, improving the library's performance and reducing the amount of time required to access frequently used data. Furthermore, the library now supports multi-threading, enabling users to perform multiple operations simultaneously and increase overall productivity. Lastly, a new error handling system has been developed, providing users with more informative and actionable feedback when unexpected issues arise. These changes are a significant step forward in improving the library's performance, functionality, and usability for all users. * Bump databricks-sdk from 0.22.0 to 0.23.0 ([#1121](#1121)). In this version update, `databricks-sdk` is upgraded from 0.22.0 to 0.23.0, introducing significant changes to the handling of AWS and Azure identities. The `AwsIamRole` class is replaced with `AwsIamRoleRequest` in the `databricks.sdk.service.catalog` module, affecting the creation of AWS storage credentials using IAM roles. The `create` function in `src/databricks/labs/ucx/aws/credentials.py` is updated to accommodate this modification. Additionally, the `AwsIamRole` argument in the `create` function of `fixtures.py` in the `databricks/labs/ucx/mixins` directory is replaced with `AwsIamRoleRequest`. The tests in `tests/integration/aws/test_access.py` are also updated to utilize `AwsIamRoleRequest`, and `StorageCredentialInfo` in `tests/unit/azure/test_credentials.py` now uses `AwsIamRoleResponse` instead of `AwsIamRole`. The new classes, `AwsIamRoleRequest` and `AwsIamRoleResponse`, likely include new features or bug fixes for AWS IAM roles. These changes require software engineers to thoroughly assess their codebase and adjust any relevant functions accordingly. * Deploy static views needed by [#1123](#1123) interactive dashboard ([#1139](#1139)). In this update, we have added two new views, `misc_patterns_vw` and `code_patterns_vw`, to the `install.py` script in the `databricks/labs/ucx` directory. These views were originally intended to be deployed with a previous update ([#1123](#1123)) but were inadvertently overlooked. The addition of these views addresses issues with queries in the `interactive` dashboard. The `deploy_schema` function has been updated with two new lines, `deployer.deploy_view("misc_patterns", "queries/views/misc_patterns.sql")` and `deployer.deploy_view("code_patterns", "queries/views/code_patterns.sql")`, to deploy the new views using their respective SQL files from the `queries/views` directory. No other modifications have been made to the file. * Fixed Table ACL migration logic ([#1149](#1149)). The open-source library has been updated with several new features, providing enhanced functionality for software engineers. A new utility class has been added to simplify the process of working with collections, offering methods to filter, map, and reduce elements in a performant manner. Additionally, a new configuration system has been implemented, allowing users to easily customize library behavior through a simple JSON format. Finally, we have added support for asynchronous processing, enabling efficient handling of I/O-bound tasks and improving overall application performance. These features have been thoroughly tested and are ready for use in your projects. * Fixed `AssertionError: assert '14.3.x-scala2.12' == '15.0.x-scala2.12'` from nightly integration tests ([#1120](#1120)). In this release, the open-source library has been updated with several new features to enhance functionality and provide more options to users. The library now supports multi-threading, allowing for more efficient processing of large datasets. Additionally, a new algorithm for data compression has been implemented, resulting in reduced memory usage and faster data transfer. The library API has also been expanded, with new methods for sorting and filtering data, as well as improved error handling. These changes aim to provide a more robust and performant library, making it an even more valuable tool for software engineers. * Increase code coverage by 1 percent ([#1125](#1125)). * Skip installation if remote and local version is the same, provide prompt to override ([#1084](#1084)). In this release, the `new_installation` workflow in the open-source library has been enhanced to include a new use case for handling identical remote and local versions of UCX. When the remote and local versions are the same, the user is now prompted and if no override is requested, a RuntimeWarning is raised. Additionally, users are now prompted to update the existing installation and if confirmed, the installation proceeds. These modifications include manual testing and new unit tests to ensure functionality. These changes provide users with more control over their installation process and address a specific use case for handling identical UCX versions. * Updated databricks-labs-lsql requirement from ~=0.2.2 to >=0.2.2,<0.4.0 ([#1137](#1137)). The open-source library has been updated with several new features to enhance usability and functionality. Firstly, we have added support for asynchronous processing, allowing for more efficient handling of large data sets and improving overall performance. Additionally, a new configuration system has been implemented, which simplifies the setup process for users and increases customization options. We have also included a new error handling mechanism that provides more detailed and actionable information, making it easier to diagnose and resolve issues. Lastly, we have made significant improvements to the library's documentation, including updated examples, guides, and an expanded API reference. These changes are part of our ongoing commitment to improving the library and providing the best possible user experience. * [Experimental] Add support for permission migration API ([#1080](#1080)). Dependency updates: * Updated databricks-labs-lsql requirement from ~=0.2.2 to >=0.2.2,<0.4.0 ([#1137](#1137)).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes
migrate-groups-experimentalwhich uses the new API for all permissions migration, except for Legacy Table ACL which still leverage the current approach.Linked issues
Resolves #380
Functionality
migrate-groups-experimentalTests