cloud
matching.cloud
Functions for performing matching in the cloud.
Functions
Name | Description |
---|---|
create_impersonation_credentials | Create credentials from an identity pool for impersonating a party. |
download_embedder | Download and initiate the embedder from those on GCP. |
download_party_assets | Download the encrypted data and DEK for a party from GCP. |
prepare_party_assets | Download and decrypt the assets for a party from GCP. |
upload_party_results | Encrypt and upload a party’s results to GCP. |
create_impersonation_credentials
matching.cloud.create_impersonation_credentials(party, operator)
Create credentials from an identity pool for impersonating a party.
Parameters
Name | Type | Description | Default |
---|---|---|---|
party |
str | Name of the party to impersonate. | required |
operator |
str | Name of the workload operator. | required |
Returns
Type | Description |
---|---|
google.google.auth.google.auth.identity_pool.google.auth.identity_pool.Credentials | Credentials created using the party attestation verifier. |
download_embedder
matching.cloud.download_embedder(parties, operator)
Download and initiate the embedder from those on GCP.
Parameters
Name | Type | Description | Default |
---|---|---|---|
parties |
list[str] | List of data-owning party names. | required |
operator |
str | Name of the workload operator. | required |
Returns
Type | Description |
---|---|
pprl.embedder.embedder.Embedder | Reformed embedder instance. |
download_party_assets
matching.cloud.download_party_assets(store, party)
Download the encrypted data and DEK for a party from GCP.
Parameters
Name | Type | Description | Default |
---|---|---|---|
store |
google.google.cloud.google.cloud.storage.google.cloud.storage.Client | GCP storage client using identity pool credentials. | required |
party |
str | Name of the party. | required |
Returns
Type | Description |
---|---|
bytes | Encrypted data frame for linkage. |
bytes | Encrypted data encryption key (used to encrypt the data). |
prepare_party_assets
matching.cloud.prepare_party_assets(party, operator, location, version)
Download and decrypt the assets for a party from GCP.
To enable these steps, we must first impersonate the party service account via the workload identity pool we created during project set-up.
Parameters
Name | Type | Description | Default |
---|---|---|---|
party |
str | Name of the party. | required |
operator |
str | Name of the workload operator. | required |
location |
str | Location of the party’s workload identity pool and keyring on GCP. | required |
version |
int | str | Key version to retrieve for party asymmetric key encryption key. | required |
Returns
Type | Description |
---|---|
pandas.pandas.DataFrame | Decrypted data frame for linkage. |
bytes | Decrypted data encryption key. |
upload_party_results
matching.cloud.upload_party_results(output, dek, party, operator)
Encrypt and upload a party’s results to GCP.
Like prepare_party_assets
, we must first impersonate the party service account to access their storage bucket.
Parameters
Name | Type | Description | Default |
---|---|---|---|
output |
pandas.pandas.DataFrame | Party’s output from the matching. | required |
dek |
bytes | Data encryption key. | required |
party |
str | Name of the party whose results are being processed. | required |
operator |
str | Name of the workload operator. | required |