Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] _remove_service_principal_configuration_from_cluster_policy fails when enable_serverless_compute is not present in backup policy but required after enabling UC #2771

Closed
JCZuurmond opened this issue Oct 1, 2024 · 0 comments · Fixed by #2941
Closed

[BUG] _remove_service_principal_configuration_from_cluster_policy fails when enable_serverless_compute is not present in backup policy but required after enabling UC #2771

JCZuurmond opened this issue Oct 1, 2024 · 0 comments · Fixed by #2941
Assignees
@JCZuurmond

Comments

@JCZuurmond
Copy link
Member

Current behavior

_remove_service_principal_configuration_from_cluster_policy fails when enable_serverless_compute is not present in backup policy but required after enabling UC.

Expected behavior

No failure

Proposed Solution

  1. Instead of using the backup policy, we revert by removing the fields we introduce in UCX.

  2. We verify if enable_serverless_compute is present in the current policy and add it to the backup.

           > @filogzz52 : Could you run this in `--debug` mode: `databricks --debug labs ucx ...`? And share the error that this command fails on?

This is the --debug results:

DEBUG [databricks.sdk] PUT /api/2.0/sql/config/warehouses
> {
>   "data_access_config": [
>     {
>       "key": "spark.hadoop.javax.jdo.option.ConnectionPassword",
>       "value": "**REDACTED**"
>     },
>     {
>       "key": "spark.hadoop.javax.jdo.option.ConnectionURL",
>       "value": "**REDACTED**"
>     },
>     "... (78 additional elements)"
>   ],
>   "security_policy": "DATA_ACCESS_CONTROL",
>   "sql_configuration_parameters": {}
> }
< 400 Bad Request
< {
<   "error_code": "INVALID_PARAMETER_VALUE",
<   "message": "spark_conf.fs.azure.account.oauth2.client.id.[REDACTED].dfs.core.windows.net is not supp... (577 more bytes)"
< }
16:57:02 ERROR [d.l.u.azure.access] Adding uber principal to SQL warehouse Data Access Properties is failed using Python SDK with error "spark_conf.fs.azure.account.oauth2.client.id.[REDACTED].dfs.core.windows.net is not supported in data access configuration for Databricks SQL. Keys must match the following patterns – spark.databricks.hive.metastore.glueCatalog.enabled, spark.sql.hive.metastore.*, spark.sql.warehouse.dir, spark.hadoop.aws.glue.*, spark.hadoop.aws.region, spark.hadoop.datanucleus.*, spark.hadoop.fs.*, spark.hadoop.hive.*, spark.hadoop.javax.jdo.option.*, spark.hive.*, spark.sql.session.timeZone, spark.databricks.delta.catalog.update.enabled, spark.databricks.cloudfetch.override.enabled, spark.databricks.dataLineage.enabled, spark.databricks.hive.metastore.client.pool.type.". Please try applying the following configs manually in the worksapce admin UI:
spark.hadoop.javax.jdo.option.ConnectionPassword [REDACTED]
spark.hadoop.javax.jdo.option.ConnectionURL [REDACTED]
spark.sql.hive.metastore.jars maven
spark.sql.hive.metastore.version 3.1.0
spark.hadoop.javax.jdo.option.ConnectionUserName [REDACTED]
spark_conf.fs.azure.account.oauth2.client.id.[REDACTED].dfs.core.windows.net [REDACTED]
spark_conf.fs.azure.account.oauth.provider.type.[REDACTED].dfs.core.windows.net org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider
spark_conf.fs.azure.account.oauth2.client.endpoint.[REDACTED].dfs.core.windows.net https://login.microsoftonline.com/[REDACTED]/oauth2/token
spark_conf.fs.azure.account.auth.type.[REDACTED].dfs.core.windows.net OAuth
spark_conf.fs.azure.account.oauth2.client.secret.[REDACTED].dfs.core.windows.net {{secrets/ucx_2700324992101495/uber_principal_secret}}
spark_conf.fs.azure.account.oauth2.client.id.[REDACTED].dfs.core.windows.net [REDACTED]
spark_conf.fs.azure.account.oauth.provider.type.[REDACTED].dfs.core.windows.net org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider
spark_conf.fs.azure.account.oauth2.client.endpoint.[REDACTED].dfs.core.windows.net https://login.microsoftonline.com/[REDACTED]/oauth2/token
spark_conf.fs.azure.account.auth.type.[REDACTED].dfs.core.windows.net OAuth
spark_conf.fs.azure.account.oauth2.client.secret.[REDACTED].dfs.core.windows.net {{secrets/ucx_2700324992101495/uber_principal_secret}}
spark_conf.fs.azure.account.oauth2.client.id.[REDACTED].dfs.core.windows.net [REDACTED]
spark_conf.fs.azure.account.oauth.provider.type.[REDACTED].dfs.core.windows.net org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider
spark_conf.fs.azure.account.oauth2.client.endpoint.[REDACTED].dfs.core.windows.net https://login.microsoftonline.com/[REDACTED]/oauth2/token
spark_conf.fs.azure.account.auth.type.[REDACTED].dfs.core.windows.net OAuth
spark_conf.fs.azure.account.oauth2.client.secret.[REDACTED].dfs.core.windows.net {{secrets/ucx_2700324992101495/uber_principal_secret}}
spark_conf.fs.azure.account.oauth2.client.id.[REDACTED].dfs.core.windows.net [REDACTED]
spark_conf.fs.azure.account.oauth.provider.type.[REDACTED].dfs.core.windows.net org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider
spark_conf.fs.azure.account.oauth2.client.endpoint.[REDACTED].dfs.core.windows.net https://login.microsoftonline.com/[REDACTED]/oauth2/token
spark_conf.fs.azure.account.auth.type.[REDACTED].dfs.core.windows.net OAuth
spark_conf.fs.azure.account.oauth2.client.secret.[REDACTED].dfs.core.windows.net {{secrets/ucx_2700324992101495/uber_principal_secret}}
spark_conf.fs.azure.account.oauth2.client.id.[REDACTED].dfs.core.windows.net [REDACTED]
spark_conf.fs.azure.account.oauth.provider.type.[REDACTED].dfs.core.windows.net org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider
spark_conf.fs.azure.account.oauth2.client.endpoint.[REDACTED].dfs.core.windows.net https://login.microsoftonline.com/[REDACTED]/oauth2/token
spark_conf.fs.azure.account.auth.type.[REDACTED].dfs.core.windows.net OAuth
spark_conf.fs.azure.account.oauth2.client.secret.[REDACTED].dfs.core.windows.net {{secrets/ucx_2700324992101495/uber_principal_secret}}
spark_conf.fs.azure.account.oauth2.client.id.[REDACTED].dfs.core.windows.net [REDACTED]
spark_conf.fs.azure.account.oauth.provider.type.[REDACTED].dfs.core.windows.net org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider
spark_conf.fs.azure.account.oauth2.client.endpoint.[REDACTED].dfs.core.windows.net https://login.microsoftonline.com/[REDACTED]/oauth2/token
spark_conf.fs.azure.account.auth.type.[REDACTED].dfs.core.windows.net OAuth
spark_conf.fs.azure.account.oauth2.client.secret.[REDACTED].dfs.core.windows.net {{secrets/ucx_2700324992101495/uber_principal_secret}}
spark_conf.fs.azure.account.oauth2.client.id.[REDACTED].dfs.core.windows.net [REDACTED]
spark_conf.fs.azure.account.oauth.provider.type.[REDACTED].dfs.core.windows.net org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider
spark_conf.fs.azure.account.oauth2.client.endpoint.[REDACTED].dfs.core.windows.net https://login.microsoftonline.com/[REDACTED]/oauth2/token
spark_conf.fs.azure.account.auth.type.[REDACTED].dfs.core.windows.net OAuth
spark_conf.fs.azure.account.oauth2.client.secret.[REDACTED].dfs.core.windows.net {{secrets/ucx_2700324992101495/uber_principal_secret}}
spark_conf.fs.azure.account.oauth2.client.id.[REDACTED].dfs.core.windows.net [REDACTED]
spark_conf.fs.azure.account.oauth.provider.type.[REDACTED].dfs.core.windows.net org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider
spark_conf.fs.azure.account.oauth2.client.endpoint.[REDACTED].dfs.core.windows.net https://login.microsoftonline.com/[REDACTED]/oauth2/token
spark_conf.fs.azure.account.auth.type.[REDACTED].dfs.core.windows.net OAuth
spark_conf.fs.azure.account.oauth2.client.secret.[REDACTED].dfs.core.windows.net {{secrets/ucx_2700324992101495/uber_principal_secret}}
spark_conf.fs.azure.account.oauth2.client.id.[REDACTED].dfs.core.windows.net [REDACTED]
spark_conf.fs.azure.account.oauth.provider.type.[REDACTED].dfs.core.windows.net org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider
spark_conf.fs.azure.account.oauth2.client.endpoint.[REDACTED].dfs.core.windows.net https://login.microsoftonline.com/[REDACTED]/oauth2/token
spark_conf.fs.azure.account.auth.type.[REDACTED].dfs.core.windows.net OAuth
spark_conf.fs.azure.account.oauth2.client.secret.[REDACTED].dfs.core.windows.net {{secrets/ucx_2700324992101495/uber_principal_secret}}
spark_conf.fs.azure.account.oauth2.client.id.[REDACTED].dfs.core.windows.net [REDACTED]
spark_conf.fs.azure.account.oauth.provider.type.[REDACTED].dfs.core.windows.net org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider
spark_conf.fs.azure.account.oauth2.client.endpoint.[REDACTED].dfs.core.windows.net https://login.microsoftonline.com/[REDACTED]/oauth2/token
spark_conf.fs.azure.account.auth.type.[REDACTED].dfs.core.windows.net OAuth
spark_conf.fs.azure.account.oauth2.client.secret.[REDACTED].dfs.core.windows.net {{secrets/ucx_2700324992101495/uber_principal_secret}}
spark_conf.fs.azure.account.oauth2.client.id.[REDACTED].dfs.core.windows.net [REDACTED]
spark_conf.fs.azure.account.oauth.provider.type.[REDACTED].dfs.core.windows.net org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider
spark_conf.fs.azure.account.oauth2.client.endpoint.[REDACTED].dfs.core.windows.net https://login.microsoftonline.com/[REDACTED]/oauth2/token
spark_conf.fs.azure.account.auth.type.[REDACTED].dfs.core.windows.net OAuth
spark_conf.fs.azure.account.oauth2.client.secret.[REDACTED].dfs.core.windows.net {{secrets/ucx_2700324992101495/uber_principal_secret}}
spark_conf.fs.azure.account.oauth2.client.id.[REDACTED].dfs.core.windows.net [REDACTED]
spark_conf.fs.azure.account.oauth.provider.type.[REDACTED].dfs.core.windows.net org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider
spark_conf.fs.azure.account.oauth2.client.endpoint.[REDACTED].dfs.core.windows.net https://login.microsoftonline.com/[REDACTED]/oauth2/token
spark_conf.fs.azure.account.auth.type.[REDACTED].dfs.core.windows.net OAuth
spark_conf.fs.azure.account.oauth2.client.secret.[REDACTED].dfs.core.windows.net {{secrets/ucx_2700324992101495/uber_principal_secret}}
spark_conf.fs.azure.account.oauth2.client.id.[REDACTED].dfs.core.windows.net [REDACTED]
spark_conf.fs.azure.account.oauth.provider.type.[REDACTED].dfs.core.windows.net org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider
spark_conf.fs.azure.account.oauth2.client.endpoint.[REDACTED].dfs.core.windows.net https://login.microsoftonline.com/[REDACTED]/oauth2/token
spark_conf.fs.azure.account.auth.type.[REDACTED].dfs.core.windows.net OAuth
spark_conf.fs.azure.account.oauth2.client.secret.[REDACTED].dfs.core.windows.net {{secrets/ucx_2700324992101495/uber_principal_secret}}
spark_conf.fs.azure.account.oauth2.client.id.[REDACTED].dfs.core.windows.net [REDACTED]
spark_conf.fs.azure.account.oauth.provider.type.[REDACTED].dfs.core.windows.net org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider
spark_conf.fs.azure.account.oauth2.client.endpoint.[REDACTED].dfs.core.windows.net https://login.microsoftonline.com/[REDACTED]/oauth2/token
spark_conf.fs.azure.account.auth.type.[REDACTED].dfs.core.windows.net OAuth
spark_conf.fs.azure.account.oauth2.client.secret.[REDACTED].dfs.core.windows.net {{secrets/ucx_2700324992101495/uber_principal_secret}}
spark_conf.fs.azure.account.oauth2.client.id.[REDACTED].dfs.core.windows.net [REDACTED]
spark_conf.fs.azure.account.oauth.provider.type.[REDACTED].dfs.core.windows.net org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider
spark_conf.fs.azure.account.oauth2.client.endpoint.[REDACTED].dfs.core.windows.net https://login.microsoftonline.com/[REDACTED]/oauth2/token
spark_conf.fs.azure.account.auth.type.[REDACTED].dfs.core.windows.net OAuth
spark_conf.fs.azure.account.oauth2.client.secret.[REDACTED].dfs.core.windows.net {{secrets/ucx_2700324992101495/uber_principal_secret}}
16:57:02 DEBUG [d.l.blueprint.installation] Loading WorkspaceConfig from config.yml
16:57:03 DEBUG [databricks.sdk] GET /api/2.0/workspace/export?path=/Applications/ucx/config.yml&direct_download=true
< 200 OK
< [raw stream]
16:57:03 DEBUG [databricks.sdk] Ignoring pat auth, because azure-cli is preferred
16:57:03 DEBUG [databricks.sdk] Ignoring basic auth, because azure-cli is preferred
16:57:03 DEBUG [databricks.sdk] Ignoring metadata-service auth, because azure-cli is preferred
16:57:03 DEBUG [databricks.sdk] Ignoring oauth-m2m auth, because azure-cli is preferred
16:57:03 DEBUG [databricks.sdk] Ignoring azure-client-secret auth, because azure-cli is preferred
16:57:03 DEBUG [databricks.sdk] Ignoring github-oidc-azure auth, because azure-cli is preferred
16:57:03 DEBUG [databricks.sdk] Attempting to configure auth: azure-cli
16:57:06  INFO [databricks.sdk] Using Azure CLI authentication with AAD tokens
16:57:06 DEBUG [d.l.u.framework.crawlers] [hive_metastore.ucx_2700324992101495.external_locations] fetching external_locations inventory
16:57:06 DEBUG [d.l.lsql.backends] [api][fetch] SELECT * FROM `hive_metastore`.`ucx_2700324992101495`.`external_locations`
16:57:06 DEBUG [d.l.lsql.core] Executing SQL statement: SELECT * FROM `hive_metastore`.`ucx_2700324992101495`.`external_locations`
16:57:06 DEBUG [databricks.sdk] POST /api/2.0/sql/statements/
> {
>   "format": "JSON_ARRAY",
>   "statement": "SELECT * FROM `hive_metastore`.`ucx_2700324992101495`.`external_locations`",
>   "warehouse_id": "d6354f6edb594d88"
> }
< 200 OK
< {
<   "manifest": {
<     "chunks": [
<       {
<         "chunk_index": 0,
<         "row_count": 45,
<         "row_offset": 0
<       }
<     ],
<     "format": "JSON_ARRAY",
<     "schema": {
<       "column_count": 2,
<       "columns": [
<         {
<           "name": "location",
<           "position": 0,
<           "type_name": "STRING",
<           "type_text": "STRING"
<         },
<         "... (1 additional elements)"
<       ]
<     },
<     "total_chunk_count": 1,
<     "total_row_count": 45,
<     "truncated": false
<   },
<   "result": {
<     "chunk_index": 0,
<     "data_array": [
<       [
<         "abfss://[REDACTED].dfs.core.windows.net/-parquet/",
<         "... (1 additional elements)"
<       ],
<       "... (44 additional elements)"
<     ],
<     "row_count": 45,
<     "row_offset": 0
<   },
<   "statement_id": "01ef7f7f-515e-104d-a52f-ac2473425c04",
<   "status": {
<     "state": "SUCCEEDED"
<   }
< }
16:57:06 DEBUG [databricks.sdk] GET /subscriptions?api-version=2022-12-01
< 200 OK
< {
<   "count": {
<     "type": "Total",
<     "value": "**REDACTED**"
<   },
<   "value": "**REDACTED**"
< }
16:57:06  INFO [d.l.u.assessment.crawlers] Checking in subscription [REDACTED] for storage accounts
16:57:07 DEBUG [databricks.sdk] GET /subscriptions/[REDACTED]/providers/Microsoft.Storage/storageAccounts?api-version=2023-01-01
< 200 OK
< {
<   "value": "**REDACTED**"
< }
16:57:07 DEBUG [databricks.sdk] GET /subscriptions/[REDACTED]/resourceGroups/[REDACTED]/providers/Microsoft.Storage/storageAccounts/[REDACTED]/providers/Microsoft.Authorization/roleAssignments?$filter=principalId eq '[REDACTED]'&api-version=2022-04-01
< 200 OK
< {
<   "value": "**REDACTED**"
< }
16:57:08 DEBUG [databricks.sdk] GET /subscriptions/[REDACTED]/resourceGroups/[REDACTED]/providers/Microsoft.Storage/storageAccounts/[REDACTED]/providers/Microsoft.Authorization/roleAssignments?$filter=principalId eq '[REDACTED]'&api-version=2022-04-01
< 200 OK
< {
<   "value": "**REDACTED**"
< }
16:57:08 DEBUG [databricks.sdk] GET /subscriptions/[REDACTED]/resourceGroups/[REDACTED]/providers/Microsoft.Storage/storageAccounts/[REDACTED]/providers/Microsoft.Authorization/roleAssignments?$filter=principalId eq '[REDACTED]'&api-version=2022-04-01
< 200 OK
< {
<   "value": "**REDACTED**"
< }
16:57:08 DEBUG [databricks.sdk] GET /subscriptions/[REDACTED]/resourceGroups/[REDACTED]/providers/Microsoft.Storage/storageAccounts/[REDACTED]/providers/Microsoft.Authorization/roleAssignments?$filter=principalId eq '[REDACTED]'&api-version=2022-04-01
< 200 OK
< {
<   "value": "**REDACTED**"
< }
16:57:08 DEBUG [databricks.sdk] GET /subscriptions/[REDACTED]/resourceGroups/[REDACTED]/providers/Microsoft.Storage/storageAccounts/[REDACTED]/providers/Microsoft.Authorization/roleAssignments?$filter=principalId eq '[REDACTED]'&api-version=2022-04-01
< 200 OK
< {
<   "value": "**REDACTED**"
< }
16:57:08 DEBUG [databricks.sdk] GET /subscriptions/[REDACTED]/resourceGroups/[REDACTED]/providers/Microsoft.Storage/storageAccounts/[REDACTED]/providers/Microsoft.Authorization/roleAssignments?$filter=principalId eq '[REDACTED]'&api-version=2022-04-01
< 200 OK
< {
<   "value": "**REDACTED**"
< }
16:57:09 DEBUG [databricks.sdk] GET /subscriptions/[REDACTED]/resourceGroups/[REDACTED]/providers/Microsoft.Storage/storageAccounts/[REDACTED]/providers/Microsoft.Authorization/roleAssignments?$filter=principalId eq '[REDACTED]'&api-version=2022-04-01
< 200 OK
< {
<   "value": "**REDACTED**"
< }
16:57:09 DEBUG [databricks.sdk] GET /subscriptions/[REDACTED]/resourceGroups/[REDACTED]/providers/Microsoft.Storage/storageAccounts/[REDACTED]/providers/Microsoft.Authorization/roleAssignments?$filter=principalId eq '[REDACTED]'&api-version=2022-04-01
< 200 OK
< {
<   "value": "**REDACTED**"
< }
16:57:09 DEBUG [databricks.sdk] GET /subscriptions/[REDACTED]/resourceGroups/[REDACTED]/providers/Microsoft.Storage/storageAccounts/[REDACTED]/providers/Microsoft.Authorization/roleAssignments?$filter=principalId eq '[REDACTED]'&api-version=2022-04-01
< 200 OK
< {
<   "value": "**REDACTED**"
< }
16:57:09 DEBUG [databricks.sdk] GET /subscriptions/[REDACTED]/resourceGroups/[REDACTED]/providers/Microsoft.Storage/storageAccounts/[REDACTED]/providers/Microsoft.Authorization/roleAssignments?$filter=principalId eq '[REDACTED]'&api-version=2022-04-01
< 200 OK
< {
<   "value": "**REDACTED**"
< }
16:57:09 DEBUG [databricks.sdk] GET /subscriptions/[REDACTED]/resourceGroups/[REDACTED]/providers/Microsoft.Storage/storageAccounts/[REDACTED]/providers/Microsoft.Authorization/roleAssignments?$filter=principalId eq '[REDACTED]'&api-version=2022-04-01
< 200 OK
< {
<   "value": "**REDACTED**"
< }
16:57:10 DEBUG [databricks.sdk] GET /subscriptions/[REDACTED]/resourceGroups/[REDACTED]/providers/Microsoft.Storage/storageAccounts/[REDACTED]/providers/Microsoft.Authorization/roleAssignments?$filter=principalId eq '[REDACTED]'&api-version=2022-04-01
< 200 OK
< {
<   "value": "**REDACTED**"
< }
16:57:10 DEBUG [databricks.sdk] GET /subscriptions/[REDACTED]/resourceGroups/[REDACTED]/providers/Microsoft.Authorization/roleAssignments?$filter=principalId eq '[REDACTED]'&api-version=2022-04-01
< 200 OK
< {
<   "value": "**REDACTED**"
< }
16:57:10 DEBUG [databricks.sdk] GET /subscriptions/[REDACTED]/resourceGroups/[REDACTED]/providers/Microsoft.Authorization/roleAssignments?$filter=principalId eq '[REDACTED]'&api-version=2022-04-01
< 200 OK
< {
<   "value": "**REDACTED**"
< }
16:57:10 DEBUG [databricks.sdk] GET /subscriptions/[REDACTED]/resourceGroups/[REDACTED]/providers/Microsoft.Storage/storageAccounts/[REDACTED]/providers/Microsoft.Authorization/roleAssignments?$filter=principalId eq '[REDACTED]'&api-version=2022-04-01
< 200 OK
< {
<   "value": "**REDACTED**"
< }
16:57:11 DEBUG [databricks.sdk] DELETE /v1.0/applications(appId='[REDACTED]')
< 204 No Content
16:57:11 DEBUG [d.l.blueprint.installation] Loading Policy from policy-backup.json
16:57:11 DEBUG [databricks.sdk] GET /api/2.0/workspace/export?path=/Applications/ucx/policy-backup.json&direct_download=true
< 200 OK
< [raw stream]
16:57:11 DEBUG [databricks.sdk] POST /api/2.0/policies/clusters/edit
> {
>   "definition": "{\"spark_version\": {\"type\": \"fixed\", \"value\": \"15.4.x-scala2.12\"}, \"node_type_id\": {\"type\": \"fixe... (899 more bytes)",
>   "name": "Unity Catalog Migration (ucx_2700324992101495) ([REDACTED])",
>   "policy_id": "001E144F2DD6EA16"
> }
< 200 OK
< {}
16:57:11 DEBUG [d.l.blueprint.installation] Loading GetWorkspaceWarehouseConfigResponse from warehouse-config-backup.json
16:57:11 DEBUG [databricks.sdk] GET /api/2.0/workspace/export?path=/Applications/ucx/warehouse-config-backup.json&direct_download=true
< 200 OK
< [raw stream]
16:57:11 DEBUG [databricks.sdk] PUT /api/2.0/sql/config/warehouses
> {
>   "data_access_config": [
>     {
>       "key": "spark.hadoop.javax.jdo.option.ConnectionPassword",
>       "value": "**REDACTED**"
>     },
>     {
>       "key": "spark.hadoop.javax.jdo.option.ConnectionURL",
>       "value": "**REDACTED**"
>     },
>     "... (3 additional elements)"
>   ],
>   "security_policy": "DATA_ACCESS_CONTROL",
>   "sql_configuration_parameters": {}
> }
< 400 Bad Request
< {
<   "error_code": "INVALID_PARAMETER_VALUE",
<   "message": "enable_serverless_compute is required."
< }
16:57:11 ERROR [d.l.u.azure.access] Adding uber principal to SQL warehouse Data Access Properties is failed using Python SDK with error "enable_serverless_compute is required.". Please try applying the following configs manually in the workspace admin UI:
spark.hadoop.javax.jdo.option.ConnectionPassword [REDACTED]
spark.hadoop.javax.jdo.option.ConnectionURL [REDACTED]
spark.sql.hive.metastore.jars maven
spark.sql.hive.metastore.version 3.1.0
spark.hadoop.javax.jdo.option.ConnectionUserName [REDACTED]
16:57:11 ERROR [src/databricks/labs/ucx.create-uber-principal] Failed to call create-uber-principal: Traceback (most recent call last):
  File "C:\Users\cenip\.databricks\labs\ucx\state\venv\Lib\site-packages\databricks\labs\blueprint\cli.py", line 113, in _route
    cmd.fn(**kwargs)
  File "C:\Users\cenip\.databricks\labs\ucx\lib\src\databricks\labs\ucx\cli.py", line 363, in create_uber_principal
    workspace_context.azure_resource_permissions.create_uber_principal(prompts)
  File "C:\Users\cenip\.databricks\labs\ucx\lib\src\databricks\labs\ucx\azure\access.py", line 419, in create_uber_principal
    self._delete_uber_principal()  # Clean up dangling resources
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\cenip\.databricks\labs\ucx\lib\src\databricks\labs\ucx\azure\access.py", line 456, in _delete_uber_principal
    log_permission_denied(
  File "C:\Users\cenip\.databricks\labs\ucx\lib\src\databricks\labs\ucx\azure\access.py", line 428, in wrapper
    return function(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\cenip\.databricks\labs\ucx\lib\src\databricks\labs\ucx\azure\access.py", line 374, in _remove_service_principal_configuration_from_workspace_warehouse_config
    raise error
  File "C:\Users\cenip\.databricks\labs\ucx\lib\src\databricks\labs\ucx\azure\access.py", line 362, in _remove_service_principal_configuration_from_workspace_warehouse_config
    self._ws.warehouses.set_workspace_warehouse_config(
  File "C:\Users\cenip\.databricks\labs\ucx\state\venv\Lib\site-packages\databricks\sdk\service\sql.py", line 7297, in set_workspace_warehouse_config
    self._api.do('PUT', '/api/2.0/sql/config/warehouses', body=body, headers=headers)
  File "C:\Users\cenip\.databricks\labs\ucx\state\venv\Lib\site-packages\databricks\sdk\core.py", line 157, in do
    response = retryable(self._perform)(method,
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\cenip\.databricks\labs\ucx\state\venv\Lib\site-packages\databricks\sdk\retries.py", line 54, in wrapper
    raise err
  File "C:\Users\cenip\.databricks\labs\ucx\state\venv\Lib\site-packages\databricks\sdk\retries.py", line 33, in wrapper
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\cenip\.databricks\labs\ucx\state\venv\Lib\site-packages\databricks\sdk\core.py", line 247, in _perform
    raise error from None
databricks.sdk.errors.platform.InvalidParameterValue: enable_serverless_compute is required.
16:57:11  INFO completed execution pid=3452 exit_code=0

Originally posted by @filogzz52 in #2764 (comment)
@github-project-automation github-project-automation bot moved this to Triage in UCX Oct 1, 2024
@JCZuurmond JCZuurmond changed the title [DEBUG] _remove_service_principal_configuration_from_cluster_policy fails when enable_serverless_compute is not present in backup policy but required after enabling UC [BUG] _remove_service_principal_configuration_from_cluster_policy fails when enable_serverless_compute is not present in backup policy but required after enabling UC Oct 1, 2024
@nfx nfx removed the needs-triage label Oct 9, 2024
@nfx nfx removed this from UCX Oct 9, 2024
JCZuurmond added a commit that referenced this issue Oct 11, 2024
@JCZuurmond
Make safe call broader when deleting uber principal resources
069b4bb 
Resulted in a partial delete to error described in #2771
@JCZuurmond JCZuurmond self-assigned this Oct 11, 2024
@JCZuurmond JCZuurmond mentioned this issue Oct 11, 2024
Merged
4 tasks
JCZuurmond added a commit that referenced this issue Oct 14, 2024
@JCZuurmond
Make safe call broader when deleting uber principal resources
218550a 
Resulted in a partial delete to error described in #2771
@nfx nfx closed this as completed in #2941 Oct 14, 2024
@nfx nfx closed this as completed in 69a0cf8 Oct 14, 2024
nfx added a commit that referenced this issue Oct 14, 2024
@nfx
Release v0.44.0
1207cb0 
* Added `imbalanced-learn` to known list ([#2943](#2943)). A new open-source library, "imbalanced-learn," has been added to the project's known list of libraries, providing various functionalities for handling imbalanced datasets. The addition includes modules such as "imblearn", "imblearn._config", "imblearn._min_dependencies", "imblearn._version", "imblearn.base", and many others, enabling features such as over-sampling, under-sampling, combining sampling techniques, and creating ensembles. This change partially resolves issue [#1931](#1931), which may have been related to the handling of imbalanced datasets, thereby enhancing the project's ability to manage such datasets.
* Added `importlib_resources` to known list ([#2944](#2944)). In this update, we've added the `importlib_resources` package to the known list in the `known.json` file. This package offers a consistent and straightforward interface for accessing resources such as data files and directories in Python packages. It includes several modules, including `importlib_resources`, `importlib_resources._adapters`, `importlib_resources._common`, `importlib_resources._functional`, `importlib_resources._itertools`, `importlib_resources.abc`, `importlib_resources.compat`, `importlib_resources.compat.py38`, `importlib_resources.compat.py39`, `importlib_resources.future`, `importlib_resources.future.adapters`, `importlib_resources.readers`, and `importlib_resources.simple`. These modules provide various functionalities for handling resources within a Python package. By adding this package to the known list, we enable its usage and integration with the project's codebase. This change partially addresses issue [#1931](#1931), improving the management and accessibility of resources within our Python packages.
* Dependency update: ensure we install with at least version 0.9.1 of `databricks-labs-blueprint` ([#2950](#2950)). In the updated `pyproject.toml` file, the version constraint for the `databricks-labs-blueprint` dependency has been revised to range between 0.9.1 and 0.10, specifically targeting 0.9.1 or higher. This modification ensures the incorporation of a fixed upstream issue (databrickslabs/blueprint[#157](#157)), which was integrated in the 0.9.1 release. This adjustment was triggered by a preceding change ([#2920](#2920)) that standardized notebook paths, thereby addressing issue [#2882](#2882), which was dependent on this upstream correction. By embracing this upgrade, users can engage the most recent dependency version, thereby ensuring the remediation of the aforementioned issue.
* Fixed an issue with source table deleted after migration ([#2927](#2927)). In this release, we have addressed an issue where a source table was marked as migrated even after it was deleted following migration. An exception handling mechanism has been added to the `is_migrated` method to return `True` and log a warning message if the source table does not exist, indicating that it has been migrated. A new test function, `test_migration_index_deleted_source`, has also been included to verify the migration index behavior when the source table no longer exists. This function creates a source and destination table, sets the destination table's `upgraded_from` property to the source table, drops the source table, and checks if the migration index contains the source table and if an error message was recorded, indicating that the source table no longer exists. The `get_seen_tables` method remains unchanged in this diff.
* Improve robustness of `sqlglot` failure handling ([#2952](#2952)). This PR introduces changes to improve the robustness of error handling in the `sqlglot` library, specifically targeting issues with inadequate parsing quality. The `collect_table_infos` method has been updated and renamed to `collect_used_tables` to accurately gather information about tables used in a SQL expression. The `lint_expression` and `collect_tables` methods have also been updated to use the new `collect_used_tables` method for better accuracy. Additionally, methods such as `find_all`, `walk_expressions`, and the test suite for the SQL parser have been enhanced to handle potential failures and unsupported SQL syntax more gracefully, by returning empty lists or logging warning messages instead of raising errors. These changes aim to improve the reliability and robustness of the `sqlglot` library, enabling it to handle unexpected input more effectively.
* Log warnings when mounts are discovered on incorrect cluster type ([#2929](#2929)). The `migrate-tables` command in the ucx project's CLI now includes a verification step to ensure the successful completion of a prerequisite assessment workflow before execution. If this workflow has not been completed, a warning message is logged and the command is not executed. A new exception handling mechanism has been implemented for the `dbutils.fs.mounts()` method, which logs a warning and skips mount point discovery if an exception is raised. A new unit test has been added to verify that a warning is logged when attempting to discover mounts on an incompatible cluster type. The diff also includes a new method `VerifyProgressTracking` for verifying progress tracking and updates to existing test methods to include verification of successful runs and error handling before assessment. These changes improve the handling of edge cases in the mount point discovery process, add warnings for mounts on incorrect cluster types, and increase test coverage with progress tracking verification.
* `create-uber-principal` fixes and improvements ([#2941](#2941)). This change introduces fixes and improvements to the `create-uber-principal` functionality within the `databricks-sdk-py` project, specifically targeting the Azure access module. The main enhancements include addressing an issue with the Databricks warehouses API by adding the `set_workspace_warehouse_config_wrapper` function, modifying the command to request the uber principal name only when necessary, improving storage account crawl logic, and introducing new methods to manage workspace-level configurations. Error handling mechanisms have been fortified through added and modified try-except blocks. Additionally, several unit and integration tests have been implemented and verified to ensure the functionality is correct and running smoothly. These changes improve the overall robustness and versatility of the `create-uber-principal` command, directly addressing issues [#2764](#2764), [#2771](#2771), and progressing on [#2949](#2949).
@nfx nfx mentioned this issue Oct 14, 2024
Merged
nfx added a commit that referenced this issue Oct 14, 2024
@nfx
Release v0.44.0 (#2957)
9c1da79 
* Added `imbalanced-learn` to known list
([#2943](#2943)). A new
open-source library, "imbalanced-learn," has been added to the project's
known list of libraries, providing various functionalities for handling
imbalanced datasets. The addition includes modules such as "imblearn",
"imblearn._config", "imblearn._min_dependencies", "imblearn._version",
"imblearn.base", and many others, enabling features such as
over-sampling, under-sampling, combining sampling techniques, and
creating ensembles. This change partially resolves issue
[#1931](#1931), which may
have been related to the handling of imbalanced datasets, thereby
enhancing the project's ability to manage such datasets.
* Added `importlib_resources` to known list
([#2944](#2944)). In this
update, we've added the `importlib_resources` package to the known list
in the `known.json` file. This package offers a consistent and
straightforward interface for accessing resources such as data files and
directories in Python packages. It includes several modules, including
`importlib_resources`, `importlib_resources._adapters`,
`importlib_resources._common`, `importlib_resources._functional`,
`importlib_resources._itertools`, `importlib_resources.abc`,
`importlib_resources.compat`, `importlib_resources.compat.py38`,
`importlib_resources.compat.py39`, `importlib_resources.future`,
`importlib_resources.future.adapters`, `importlib_resources.readers`,
and `importlib_resources.simple`. These modules provide various
functionalities for handling resources within a Python package. By
adding this package to the known list, we enable its usage and
integration with the project's codebase. This change partially addresses
issue [#1931](#1931),
improving the management and accessibility of resources within our
Python packages.
* Dependency update: ensure we install with at least version 0.9.1 of
`databricks-labs-blueprint`
([#2950](#2950)). In the
updated `pyproject.toml` file, the version constraint for the
`databricks-labs-blueprint` dependency has been revised to range between
0.9.1 and 0.10, specifically targeting 0.9.1 or higher. This
modification ensures the incorporation of a fixed upstream issue
(databrickslabs/blueprint[#157](#157)),
which was integrated in the 0.9.1 release. This adjustment was triggered
by a preceding change
([#2920](#2920)) that
standardized notebook paths, thereby addressing issue
[#2882](#2882), which was
dependent on this upstream correction. By embracing this upgrade, users
can engage the most recent dependency version, thereby ensuring the
remediation of the aforementioned issue.
* Fixed an issue with source table deleted after migration
([#2927](#2927)). In this
release, we have addressed an issue where a source table was marked as
migrated even after it was deleted following migration. An exception
handling mechanism has been added to the `is_migrated` method to return
`True` and log a warning message if the source table does not exist,
indicating that it has been migrated. A new test function,
`test_migration_index_deleted_source`, has also been included to verify
the migration index behavior when the source table no longer exists.
This function creates a source and destination table, sets the
destination table's `upgraded_from` property to the source table, drops
the source table, and checks if the migration index contains the source
table and if an error message was recorded, indicating that the source
table no longer exists. The `get_seen_tables` method remains unchanged
in this diff.
* Improve robustness of `sqlglot` failure handling
([#2952](#2952)). This PR
introduces changes to improve the robustness of error handling in the
`sqlglot` library, specifically targeting issues with inadequate parsing
quality. The `collect_table_infos` method has been updated and renamed
to `collect_used_tables` to accurately gather information about tables
used in a SQL expression. The `lint_expression` and `collect_tables`
methods have also been updated to use the new `collect_used_tables`
method for better accuracy. Additionally, methods such as `find_all`,
`walk_expressions`, and the test suite for the SQL parser have been
enhanced to handle potential failures and unsupported SQL syntax more
gracefully, by returning empty lists or logging warning messages instead
of raising errors. These changes aim to improve the reliability and
robustness of the `sqlglot` library, enabling it to handle unexpected
input more effectively.
* Log warnings when mounts are discovered on incorrect cluster type
([#2929](#2929)). The
`migrate-tables` command in the ucx project's CLI now includes a
verification step to ensure the successful completion of a prerequisite
assessment workflow before execution. If this workflow has not been
completed, a warning message is logged and the command is not executed.
A new exception handling mechanism has been implemented for the
`dbutils.fs.mounts()` method, which logs a warning and skips mount point
discovery if an exception is raised. A new unit test has been added to
verify that a warning is logged when attempting to discover mounts on an
incompatible cluster type. The diff also includes a new method
`VerifyProgressTracking` for verifying progress tracking and updates to
existing test methods to include verification of successful runs and
error handling before assessment. These changes improve the handling of
edge cases in the mount point discovery process, add warnings for mounts
on incorrect cluster types, and increase test coverage with progress
tracking verification.
* `create-uber-principal` fixes and improvements
([#2941](#2941)). This
change introduces fixes and improvements to the `create-uber-principal`
functionality within the `databricks-sdk-py` project, specifically
targeting the Azure access module. The main enhancements include
addressing an issue with the Databricks warehouses API by adding the
`set_workspace_warehouse_config_wrapper` function, modifying the command
to request the uber principal name only when necessary, improving
storage account crawl logic, and introducing new methods to manage
workspace-level configurations. Error handling mechanisms have been
fortified through added and modified try-except blocks. Additionally,
several unit and integration tests have been implemented and verified to
ensure the functionality is correct and running smoothly. These changes
improve the overall robustness and versatility of the
`create-uber-principal` command, directly addressing issues
[#2764](#2764),
[#2771](#2771), and
progressing on
[#2949](#2949).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JCZuurmond JCZuurmond

Labels
None yet
Projects
UCX (weekly) - DO NOT USE THIS BOARD
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

create-uber-principal fixes and improvements databrickslabs/ucx
2 participants
@nfx @JCZuurmond