我在以下代码中调用方法 dlp.deidentify_content。KeyRing 在区域 us-east1 中制作,并且使用 HSM 生成密钥。GCP 不允许为全局密钥环生成 HSM 密钥。
# Import the client library
import google.cloud.dlp
# Instantiate a client
dlp = google.cloud.dlp_v2.DlpServiceClient()
# Convert the project id into a full resource id.
parent = dlp.project_path(project)
# The wrapped key is base64-encoded, but the library expects a binary
# string, so decode it here.
import base64
wrapped_key = base64.b64decode(wrapped_key)
# Construct FPE configuration dictionary
crypto_replace_ffx_fpe_config = {
"crypto_key": {
"kms_wrapped": {
"wrapped_key": wrapped_key,
"crypto_key_name": key_name,
}
},
"common_alphabet": alphabet,
}
# Add surrogate type
if surrogate_type:
crypto_replace_ffx_fpe_config["surrogate_info_type"] = {
"name": surrogate_type
}
# Construct inspect configuration dictionary
inspect_config = {
"info_types": [{"name": info_type} for info_type in info_types]
}
# Construct deidentify configuration dictionary
deidentify_config = {
"info_type_transformations": {
"transformations": [
{
"primitive_transformation": {
"crypto_replace_ffx_fpe_config": crypto_replace_ffx_fpe_config
}
}
]
}
}
# Convert string to item
item = {"value": string}
# Call the API
response = dlp.deidentify_content(
parent,
inspect_config=inspect_config,
deidentify_config=deidentify_config,
item=item,
#location_id="us-east1",
)
# Print results
print(response.item.value)
当我运行代码时,我得到了错误,
google.api_core.exceptions.NotFound:404 解包 KmsWrappedCryptoKey “projects/PROJ_NAME/locations/us-east1/keyRings/dlp-test3/cryptoKeys/key7”时从 Cloud KMS 收到以下错误消息:请求涉及位置 'us-east1 ' 但被发送到位置'全球'。阅读 go/storky-stubby 了解更多信息。
我无法弄清楚如何从特定区域发送请求。理想情况下,我希望将密钥环设为全局。但是,GCP 不允许 HSM 密钥用于全局密钥环,因此无法为该密钥提供 Wrapped_key。
有人可以建议如何克服错误吗?