Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Entitlements are not applied to account groups #488

Closed
mwojtyczka opened this issue Oct 23, 2023 · 1 comment
Closed

Entitlements are not applied to account groups #488

mwojtyczka opened this issue Oct 23, 2023 · 1 comment
Assignees
@renardeinside
Labels
migrate/groups Corresponds to Migrate Groups Step of go/uc/upgrade

Comments

@mwojtyczka
Copy link
Contributor

mwojtyczka commented Oct 23, 2023
edited
Loading

Entitlements are correctly applied to the backup groups but not account groups.
@github-project-automation github-project-automation bot moved this to Triage in UCX Oct 23, 2023
@mwojtyczka mwojtyczka added the bug label Oct 23, 2023
@pohlposition pohlposition added the migrate/groups Corresponds to Migrate Groups Step of go/uc/upgrade label Oct 29, 2023
@renardeinside renardeinside self-assigned this Oct 30, 2023
@william-conti william-conti removed their assignment Oct 30, 2023
@renardeinside renardeinside moved this from Triage to Design in UCX Oct 30, 2023
@renardeinside renardeinside mentioned this issue Oct 30, 2023
Merged
nfx pushed a commit that referenced this issue Nov 3, 2023
@renardeinside @william-conti
Fixed the entitlements application for account-level groups (#529)
d16a6ee 
Addresses the issues in #488 .

**Problem Statement**

- Setup:
    - We have a ws and acc group.
    - Ws group has an entitlement
- Crawler:
- During the inventorization, the entitlement is saved into the
inventory without any issues into a Permissions object with
`object_type="entitlements"` and `object_id="workspace_group_id"`
- Appy to backups:
    - Backup group is created
    - Entitlements are applied to the backup group
- Replace:
    - Simply replaces the groups
- Apply to acc groups (separate task)
- **Migration state** becomes lost and there is no link between the
workspace group id and the acc group id anymore.
- Since there is no linkage in the migration state, the
`is_item_relevant` method returns `None`, therefore it won’t apply the
proper group entitlements.


**Design**

Together with @william-conti we've decided that the `migration_state`
object needs to be persisted across the `replace` and `apply_to_account`
tasks to properly save the state and avoid losing the logical
association between ws and acc groups.

---------

Co-authored-by: William Conti <william.conti@databricks.com>
FastLee pushed a commit that referenced this issue Nov 8, 2023
@renardeinside @william-conti @FastLee
Fixed the entitlements application for account-level groups (#529)
248f49b 
Addresses the issues in #488 .

**Problem Statement**

- Setup:
    - We have a ws and acc group.
    - Ws group has an entitlement
- Crawler:
- During the inventorization, the entitlement is saved into the
inventory without any issues into a Permissions object with
`object_type="entitlements"` and `object_id="workspace_group_id"`
- Appy to backups:
    - Backup group is created
    - Entitlements are applied to the backup group
- Replace:
    - Simply replaces the groups
- Apply to acc groups (separate task)
- **Migration state** becomes lost and there is no link between the
workspace group id and the acc group id anymore.
- Since there is no linkage in the migration state, the
`is_item_relevant` method returns `None`, therefore it won’t apply the
proper group entitlements.


**Design**

Together with @william-conti we've decided that the `migration_state`
object needs to be persisted across the `replace` and `apply_to_account`
tasks to properly save the state and avoid losing the logical
association between ws and acc groups.

---------

Co-authored-by: William Conti <william.conti@databricks.com>
@nfx
Copy link
Collaborator

nfx commented Nov 18, 2023

Fixed in v0.6.0

@nfx nfx closed this as completed Nov 18, 2023
@github-project-automation github-project-automation bot moved this from Design to Archive in UCX Nov 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@renardeinside renardeinside

Labels
migrate/groups Corresponds to Migrate Groups Step of go/uc/upgrade
Projects
UCX
Archived in project
Milestone
No milestone
Development

No branches or pull requests
5 participants
@nfx @renardeinside @pohlposition @mwojtyczka @william-conti