|
84 | 84 |
|
85 | 85 | # COMMAND ---------- |
86 | 86 |
|
| 87 | +from uc_upgrade.group_migration import GroupMigration |
| 88 | + |
| 89 | +# COMMAND ---------- |
| 90 | + |
87 | 91 | # If autoGenerateList=True then groupL will be ignored and all eliglbe groups will be migrated. |
88 | 92 | autoGenerateList = False |
89 | 93 |
|
90 | | -# please provide groups here, e.g. |
| 94 | +# please provide groups here, e.g. analyst. |
| 95 | +#please provide group names and not ids |
91 | 96 | groupL = ["groupA", "groupB"] |
92 | 97 |
|
93 | 98 |
|
|
99 | 104 |
|
100 | 105 |
|
101 | 106 | # Personal Access Token. Create one in "User Settings" |
102 | | -token = "<TOKEN" |
| 107 | +token = "<TOKEN>" |
103 | 108 |
|
104 | 109 | # Should the migration Check the ACL on tables/views as well? |
105 | | -checkTableACL = False |
| 110 | +checkTableACL = True |
106 | 111 |
|
107 | 112 | # What cloud provider? Acceptable values are "AWS" or anything other value. |
108 | 113 | cloud = "AWS" |
|
111 | 116 | userName = "<UserMailID>" |
112 | 117 |
|
113 | 118 | # Number of threads to issue Databricks API requests with. If you get a lot of errors during the inventory, lower this value. |
114 | | -numThreads = 30 |
| 119 | +numThreads = 10 |
115 | 120 |
|
| 121 | +# The notebook will populate data in the WorkspaceInventory and WorkspaceInventoryTableACL(If applicable). |
| 122 | +# if the notebook is run second time, it will retrieve the data from the table if already captured. |
| 123 | +# Users have the option to do a fresh inventory in which case it will recreate the tables and start again. |
| 124 | +#default set to False |
| 125 | +freshInventory = False |
116 | 126 | # Initialize GroupMigration Class with values supplied above |
117 | 127 | gm = GroupMigration( |
118 | 128 | groupL=groupL, |
|
125 | 135 | checkTableACL=checkTableACL, |
126 | 136 | autoGenerateList=autoGenerateList, |
127 | 137 | numThreads=numThreads, |
| 138 | + freshInventory=freshInventory |
128 | 139 | ) |
129 | 140 |
|
130 | 141 | # COMMAND ---------- |
|
133 | 144 | # MAGIC #### Step 2: Perform Dry run |
134 | 145 | # MAGIC This steps performs a dry run to verify the current ACL on the supplied workspace groups and print outs the permission. |
135 | 146 | # MAGIC Please verify if all the permissions are covered |
| 147 | +# MAGIC If the inventory was run previously and stored in the table for either Workspace or Account then it will use the same and save time, else it will do a fresh inventory |
| 148 | +# MAGIC If the inventory data in the table is present for only few workspace objects , the dryRun will do the fresh inventory of objects not present in the table |
136 | 149 |
|
137 | 150 | # COMMAND ---------- |
138 | 151 |
|
139 | 152 | gm.dryRun("Workspace") |
140 | 153 |
|
141 | 154 | # COMMAND ---------- |
142 | 155 |
|
| 156 | +# MAGIC %md |
| 157 | +# MAGIC #### Adhoc Step: Selective Inventory |
| 158 | +# MAGIC This is a adhoc step for troubleshooting purpose. Once dryRun is complete and data stored in tables, if the acl of any object is changed in the workspace |
| 159 | +# MAGIC Ex new notebook permission added, User can force a fresh inventory of the selected object instead of doing a full cleanup and dryRun to save time |
| 160 | +# MAGIC Call gm.performInventory with 3 parameters: |
| 161 | +# MAGIC - mode: Workpace("workspace local group") or Account ("for workspace back up group") |
| 162 | +# MAGIC - force: setting to True will force fresh inventory capture and updates to the tables |
| 163 | +# MAGIC - objectType: select the list of object for which to do the fresh inventory, options are |
| 164 | +# MAGIC |
| 165 | +# MAGIC "Group"(will do members, group list, entitlement, roles), "Password","Cluster","ClusterPolicy","Warehouse","Dashboard","Query","Job","Folder"(Will do folders, notebook and files),"TableACL","Alert","Pool","Experiment","Model","DLT","Repo","Token","Secret" |
| 166 | + |
| 167 | +# COMMAND ---------- |
| 168 | + |
| 169 | +gm.performInventory('Workspace',force=True,objectType='Folder') |
| 170 | + |
| 171 | +# COMMAND ---------- |
| 172 | + |
143 | 173 | # MAGIC %md |
144 | 174 | # MAGIC #### Step 3: Create Back up group |
145 | 175 | # MAGIC This steps creates the back up groups, applies the ACL on the new temp group from the original workspace group. |
|
159 | 189 | # MAGIC - Verify the temp group permissions are as seen in the initial dry run |
160 | 190 | # MAGIC - check randomly if all the ACL are applied correctly |
161 | 191 | # MAGIC - there should be one temp group for every workspace group (Ex: db-temp-analysts and analysts with same ACLs) |
| 192 | +# MAGIC - Similar to dryRun("workspace"), this will also capture inventory for first run and store it in tables, subsequent times inventory will be retrived from the table to save time. |
| 193 | +# MAGIC - if inventory table contains partial workspace objects(ex cluster acl is missing), it will do fresh inventory for the missing object and update table |
162 | 194 |
|
163 | 195 | # COMMAND ---------- |
164 | 196 |
|
|
0 commit comments