Use CREATE_FOREIGN_CATALOG instead of CREATE_FOREIGN_SECURABLE with HMS federation enablement commands (#3309)

closes #3308

Author: FastLee

pyproject.toml

@@ -44,7 +44,7 @@ classifiers = [
     "Topic :: Utilities",
 ]
 
-dependencies = ["databricks-sdk>=0.38,<0.39",
+dependencies = ["databricks-sdk>=0.39",
                 "databricks-labs-lsql>=0.14.0,<0.15",
                 "databricks-labs-blueprint>=0.9.1,<0.10",
                 "PyYAML>=6.0.0,<7.0.0",

src/databricks/labs/ucx/hive_metastore/federation.py

@@ -8,9 +8,9 @@
     ConnectionType,
     ConnectionInfo,
     SecurableType,
-    Privilege,
     PermissionsChange,
     CatalogInfo,
+    Privilege,
 )
 
 from databricks.labs.ucx.account.workspaces import WorkspaceInfo
@@ -101,8 +101,8 @@ def _get_authorized_paths(self) -> str:
 
     def _add_missing_permissions_if_needed(self, location_name: str, current_user: str):
         grants = self._location_grants(location_name)
-        if Privilege.CREATE_FOREIGN_CATALOG not in grants[current_user]:
-            change = PermissionsChange(principal=current_user, add=[Privilege.CREATE_FOREIGN_CATALOG])
+        if Privilege.CREATE_FOREIGN_SECURABLE not in grants[current_user]:
+            change = PermissionsChange(principal=current_user, add=[Privilege.CREATE_FOREIGN_SECURABLE])
             self._workspace_client.grants.update(SecurableType.EXTERNAL_LOCATION, location_name, changes=[change])
 
     def _location_grants(self, location_name: str) -> dict[str, set[Privilege]]:

tests/unit/hive_metastore/test_federation.py

@@ -9,7 +9,6 @@
     ExternalLocationInfo,
     PermissionsList,
     PrivilegeAssignment,
-    Privilege,
     SecurableType,
     PermissionsChange,
     ConnectionInfo,
@@ -19,7 +18,11 @@
 from databricks.labs.ucx.account.workspaces import WorkspaceInfo
 from databricks.labs.ucx.config import WorkspaceConfig
 from databricks.labs.ucx.hive_metastore import ExternalLocations
-from databricks.labs.ucx.hive_metastore.federation import HiveMetastoreFederation, HiveMetastoreFederationEnabler
+from databricks.labs.ucx.hive_metastore.federation import (
+    HiveMetastoreFederation,
+    HiveMetastoreFederationEnabler,
+    Privilege,
+)
 from databricks.labs.ucx.hive_metastore.locations import ExternalLocation
 
 
@@ -62,13 +65,13 @@ def test_create_federated_catalog():
         call.update(
             SecurableType.EXTERNAL_LOCATION,
             'b',
-            changes=[PermissionsChange(principal='serge', add=[Privilege.CREATE_FOREIGN_CATALOG])],
+            changes=[PermissionsChange(principal='serge', add=[Privilege.CREATE_FOREIGN_SECURABLE])],
         ),
         call.get(SecurableType.EXTERNAL_LOCATION, 'e'),
         call.update(
             SecurableType.EXTERNAL_LOCATION,
             'e',
-            changes=[PermissionsChange(principal='serge', add=[Privilege.CREATE_FOREIGN_CATALOG])],
+            changes=[PermissionsChange(principal='serge', add=[Privilege.CREATE_FOREIGN_SECURABLE])],
         ),
     ]
     assert calls == workspace_client.grants.method_calls