diff --git a/src/databricks/labs/ucx/cli.py b/src/databricks/labs/ucx/cli.py index 02b4fb782a..91156c26a0 100644 --- a/src/databricks/labs/ucx/cli.py +++ b/src/databricks/labs/ucx/cli.py @@ -652,7 +652,11 @@ def assign_owner_group( else: workspace_contexts = _get_workspace_contexts(w, a, run_as_collection) - owner_group = workspace_contexts[0].group_manager.pick_owner_group(prompts) + username = w.current_user.me().user_name + if not username: + logger.error("Couldn't find the username of the current user.") + return + owner_group = workspace_contexts[0].group_manager.pick_owner_group(prompts, username) if not owner_group: return for workspace_context in workspace_contexts: diff --git a/src/databricks/labs/ucx/workspace_access/groups.py b/src/databricks/labs/ucx/workspace_access/groups.py index 4c33d17f1c..230db5dcae 100644 --- a/src/databricks/labs/ucx/workspace_access/groups.py +++ b/src/databricks/labs/ucx/workspace_access/groups.py @@ -624,13 +624,13 @@ def delete_original_workspace_groups(self): # Step 3: Confirm that enumeration no longer returns the deleted groups. self._wait_for_deleted_workspace_groups(deleted_groups) - def pick_owner_group(self, prompt: Prompts) -> str | None: + def pick_owner_group(self, prompt: Prompts, username: str) -> str | None: # This method is used to select the group that will be used as the owner group. # The owner group will be assigned by default to all migrated tables/schemas - groups = self._user_account_groups(self._ws.current_user.me().user_name) + groups = self._user_account_groups(username) if not groups: logger.warning("No account groups found for the current user.") - return + return None if len(groups) == 1: return groups[0].display_name group_names = [group.display_name for group in groups] @@ -638,8 +638,13 @@ def pick_owner_group(self, prompt: Prompts) -> str | None: def _user_account_groups(self, username: str) -> list[Group]: # This method is used to find all the account groups that a user is a member of. - groups = [] - for group in self._list_account_groups("id,displayName,externalId,members"): + groups: list[Group] = [] + account_groups = self._list_account_groups("id,displayName,externalId,members") + if not account_groups: + return groups + for group in account_groups: + if not group.members: + continue for member in group.members: if member.display == username: groups.append(group) @@ -816,8 +821,9 @@ def _list_account_groups(self, scim_attributes: str) -> list[iam.Group]: continue account_groups.append(group) logger.info(f"Found {len(account_groups)} account groups") - sorted_groups: list[iam.Group] = sorted(account_groups, - key=lambda _: _.display_name) # type: ignore[arg-type,return-value] + sorted_groups: list[iam.Group] = sorted( + account_groups, key=lambda _: _.display_name if _.display_name else "" + ) # type: ignore[arg-type,return-value] return sorted_groups def _delete_workspace_group_and_wait_for_deletion(self, group_id: str, display_name: str) -> str: diff --git a/tests/integration/hive_metastore/test_catalog_schema.py b/tests/integration/hive_metastore/test_catalog_schema.py index 7d8d368ba4..4ab8e2c354 100644 --- a/tests/integration/hive_metastore/test_catalog_schema.py +++ b/tests/integration/hive_metastore/test_catalog_schema.py @@ -170,8 +170,10 @@ def test_create_catalog_schema_with_legacy_hive_metastore_privileges( def get_schema_permissions_list(full_name: str) -> PermissionsList: return ws.grants.get(SecurableType.SCHEMA, full_name) - assert (ws.schemas.get(f"{dst_catalog_name}.{dst_schema_name}").owner == - runtime_ctx.workspace_client.current_user.me().user_name) + assert ( + ws.schemas.get(f"{dst_catalog_name}.{dst_schema_name}").owner + == runtime_ctx.workspace_client.current_user.me().user_name + ) schema_grants = get_schema_permissions_list(f"{dst_catalog_name}.{dst_schema_name}") assert schema_grants.privilege_assignments is not None assert PrivilegeAssignment(table_owner.user_name, [Privilege.USE_SCHEMA]) in schema_grants.privilege_assignments