Warm tip: This article is reproduced from serverfault.com, please click
google-cloud-data-fusion google-cloud-dlp google-cloud-platform

Using GCP DLP with DataFusion, unable to find template

发布于 2021-03-22 20:20:14
I have created a DLP Identification template named DLPTest in Project X.
My Datafusion resources are hosted in Project Y.
Issue is when I use the Redact plugin in Datafusion, and provide the template ID or path in the form -
projects/X/locations/{LOCATION}/inspectTemplates/DLPTest or
projects/X/inspectTemplates/DLPTest
All permissions have been provided to datafusion SA, compute engine SA, DLP Service Account. Datafusion fails to find the template, as it keeps searching for template in Project Y.
> Error logs - > Caused by:com.google.api.gax.rpc.InvalidArgumentException: io.grpc.StatusRuntimeException: INVALID_ARGUMENT: Invalid path:
Datafusion is expecting template in location projects/Y/inspectTemplates/projects/DLPTest
How do I enable DF to look for template in the correct location in separate project? Thanks.
Questioner
RaptorX
Viewed
0
分享
Ricco D 2021-03-23 11:09:43

When you want Project Y (where your data fusion is in) to use resources from Project X (where the DLP is in) is to add the data fusion and compute engine service accounts of Project Y to Project X.

Notes:

  • Data Fusion service account: service-xxxxxxx@gcp-sa-datafusion.iam.gserviceaccount.com
  • Default compute engine service account: xxxxx-compute@developer.gserviceaccount.com

Project Y:

  1. Go to IAM & Admin -> IAM
  2. Click View by: "Members"
  3. Tick checkbox "Include Google-provided role grants"
  4. Look for service-(project number of Project Y)@gcp-sa-datafusion.iam.gserviceaccount.com and (project number of Project Y)-compute@developer.gserviceaccount.com
  5. Add role "DLP Administrator" for service-(project number of Project Y)@gcp-sa-datafusion.iam.gserviceaccount.com

Project X:

  1. Go to IAM & Admin -> IAM
  2. Click Add
  3. Under New Members, put service-(project number of Project Y)@gcp-sa-datafusion.iam.gserviceaccount.com
  4. Grant role of "DLP Admininistrator"
  5. Repeat step 2 to step 4 but this time put in (project number of Project Y)-compute@developer.gserviceaccount.com

Now that you are able to set the permissions, Go back to Project Y and update your Redact to point to Project X.

  1. Go to Data Fusion -> Studio
  2. Click Redact-> Properties
  3. Put the template ID you created in Project X, in my sample it is "test_template" enter image description here
  4. Under Project ID, put the Project ID of Project X enter image description here
  5. Run your Data Fusion pipeline
Jordanna Chord 2021-03-23 15:43:16

They didn't say they got a permission error, they got an error from data fusion. Datafusion is expecting template in location projects/Y/inspectTemplates/projects/DLPTest. This sounds like a bug, I'll check in with them on it.

Ricco D 2021-03-24 00:19:56

@JordannaChord Yes it is not a permission error, I just posted the steps if ever they somewhat missed this. Also if "Project ID" is set to auto-detect it will be pointed to Project Y by default, changing the value to Project X should point to location projects/X/inspectTemplates/projects/DLPTest.

RaptorX 2021-03-24 16:27:44

As mentioned by Ricco, it was more to do with the project permission and setup. Steps provided solved the issue. Additionally DLP needs enabled for project hosting datafusion, i.e. Project Y as well. I did have issues with regional DLP template(though all resources in same region), but global DLP template worked fine.

热门帖子

1
这大约是独立开发的顶流了吧, v 友们怎么看
2
V 友们 今年刚需 需要买车 预算 20 出头 极氪 007 可以入吗
3
黑群和白群的差异,如何选择?
4
急收点发票(电脑、笔记本、硬盘、nas 、 iPad 、服务器、交通、鼠标、键盘)
5
自研摄影 App 胶片拾光,五一限时促销: 1 元购买终身会员
6
现在找工作怎么这么难
7
请问三星 S24 港版、美版,大家一般在哪儿购买?有没有渠道,介绍一下。
8
收一台 apple watch s7or s8 不锈钢(银钢)45mm,预算 2k 左右
9
私自把 Sim 卡数据写入 Esim,会被喝茶吗?
10
存款大概有 1.5%的利息差,我们能怎么做。。

热门github

1
A multi-platform library for OpenGL, OpenGL ES, Vulkan, window and input
2
Dev tool that writes scalable apps from scratch while the developer oversees the implementation
3
shadcn/ui, but for Svelte. ✨
4
The Python Risk Identification Tool for generative AI (PyRIT) is an open access automation framework to empower security professionals and machine learning engineers to proactively find risks in their generative AI systems.
5
Performance-portable, length-agnostic SIMD with runtime dispatch
6
ZK Credo
7
OpenCodeInterpreter: Integrating Code Generation with Execution and Refinement
8
Joplin - the secure note taking and to-do app with synchronisation capabilities for Windows, macOS, Linux, Android and iOS.
9
Mamba is a new state space model architecture showing promising performance on information-dense data such as language modeling, where previous subquadratic models fall short of Transformers. It is based on the line of progress on structured state space models, with an efficient hardware-aware design and implementation in the spirit of FlashAttention.
10
This repository contains System Design resources which are useful while preparing for interviews and learning Distributed Systems
11
Curso para aprender el lenguaje de programación Python desde cero y para principiantes. 75 clases, 37 horas en vídeo, código, proyectos y grupo de chat. Fundamentos, frontend, backend, testing, IA...
12
🎓 Path to a free self-taught education in Computer Science!
13
1️⃣🐝🏎️ The One Billion Row Challenge -- A fun exploration of how quickly 1B rows from a text file can be aggregated with Java
14
A collective list of free APIs
15
📚 Freely available programming books