Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix/dlpagent #1868

Merged
merged 6 commits into from
Nov 20, 2023
Merged

Fix/dlpagent #1868

merged 6 commits into from
Nov 20, 2023

Conversation

ddaluka
Copy link
Contributor

@ddaluka ddaluka commented Nov 17, 2023

When DLP API service is enabled for a project, we also need its service agent to be available for further IAM roles assignment.

dlp.googleapis.com API supports the identity creation using gcloud beta services identity create --service dlp.googleapis.com

Checklist

I applicable, I acknowledge that I have:

  • Read the contributing guide
  • Ran terraform fmt on all modified files
  • Regenerated the relevant README.md files using tools/tfdoc.py
  • Made sure all relevant tests pass

wiktorn
wiktorn requested changes Nov 17, 2023
View reviewed changes
Copy link
Collaborator

@wiktorn wiktorn left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you need to have DLP service agent force-created, add to service-agents.yaml:

jit: true

For DLP. Also, bare in mind, that services force-created may miss their role, in this case it will be roles/dlp.serviceAgent, so this is not a perfect solution.

@ddaluka
Copy link
Contributor Author

ddaluka commented Nov 17, 2023

If you need to have DLP service agent force-created, add to service-agents.yaml:

jit: true

For DLP. Also, bare in mind, that services force-created may miss their role, in this case it will be roles/dlp.serviceAgent, so this is not a perfect solution.

Thanks, I have removed the explicit identity creation block and have set jit as true . I guess , we can assign the service agent role if required once agent is available.

@wiktorn
Copy link
Collaborator

wiktorn commented Nov 17, 2023

Thanks, I have removed the explicit identity creation block and have set jit as true . I guess , we can assign the service agent role if required once agent is available.

Yes, we have this documented here

Can you add DLP there too? Thanks.

@ddaluka ddaluka requested a review from wiktorn November 20, 2023 11:19
@wiktorn
Copy link
Collaborator

wiktorn commented Nov 20, 2023

@ddaluka There was still one blueprint tests that were failing due to this change, will you be able to fix that, or shall I help you with that?

@ddaluka
Copy link
Contributor Author

ddaluka commented Nov 20, 2023

@ddaluka There was still one blueprint tests that were failing due to this change, will you be able to fix that, or shall I help you with that?

Thanks. I have fixed the issue

@wiktorn wiktorn merged commit 543ea6e into GoogleCloudPlatform:master Nov 20, 2023
@wiktorn
Copy link
Collaborator

wiktorn commented Nov 20, 2023

Thank you for fixing those ❤️

@wiktorn wiktorn mentioned this pull request Nov 20, 2023
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wiktorn wiktorn wiktorn approved these changes

Assignees
No one assigned
Labels
on:modules
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ddaluka @wiktorn