Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

trying to use a new enrolled reporting origin, failed due to PRIVACY_BUDGET_AUTHORIZATION_ERROR #75

Open
TomerGoldstein opened this issue Sep 22, 2024 · 1 comment
Open

trying to use a new enrolled reporting origin, failed due to PRIVACY_BUDGET_AUTHORIZATION_ERROR #75

TomerGoldstein opened this issue Sep 22, 2024 · 1 comment

Comments

@TomerGoldstein
Copy link

TomerGoldstein commented Sep 22, 2024
edited
Loading

Hey!
current state:
reporting origin = "x"
aggregation service version = 2.7.0

we dont have any issues in this situation, we send reports with reporting origin "x" and "attribution_report_to" :"x" to our aggregation service and get all the decoded aggregated results

new state:

  • we enrolled a new reporting origin = "y"
  • aggregation service version = 2.7.0 same version + same exact deployed service + same coordinators

we are sending reports with reporting origin "y" and attribution_report_to "y" to the same exact service with the same deployment params exactly and we get the following error:

"result_info": {
        "return_code": "PRIVACY_BUDGET_AUTHORIZATION_ERROR",
        "return_message": "com.google.aggregate.adtech.worker.exceptions.AggregationJobProcessException: Aggregation service is not authorized to call privacy budget service. This could happen if the createJob API job_paramaters.attribution_report_to does not match the one registered at enrollment. Please verify and contact support if needed. \n com.google.aggregate.adtech.worker.aggregation.concurrent.ConcurrentAggregationProcessor.consumePrivacyBudgetUnits(ConcurrentAggregationProcessor.java:446) \n com.google.aggregate.adtech.worker.aggregation.concurrent.ConcurrentAggregationProcessor.process(ConcurrentAggregationProcessor.java:326) \n com.google.aggregate.adtech.worker.WorkerPullWorkService.run(WorkerPullWorkService.java:143)\nThe root cause is: com.google.scp.operator.cpio.distributedprivacybudgetclient.TransactionEngine$TransactionEngineException: PRIVACY_BUDGET_CLIENT_UNAUTHORIZED \n com.google.scp.operator.cpio.distributedprivacybudgetclient.TransactionEngineImpl.createTransactionEngineException(TransactionEngineImpl.java:213) \n com.google.scp.operator.cpio.distributedprivacybudgetclient.TransactionEngineImpl.proceedToNextPhase(TransactionEngineImpl.java:68) \n com.google.scp.operator.cpio.distributedprivacybudgetclient.TransactionEngineImpl.executeDistributedPhase(TransactionEngineImpl.java:206)",

we where under the impression that if we enroll a new domain / reporting origin the aggregation service should know how to decode it without getting new deployment params such as the aws coordinators, are we mistaken? did we miss something?

what should we do to solve this issue?
thanks!
@TomerGoldstein TomerGoldstein changed the title trying to use a new enrilled reporting origin failed due to PRIVACY_BUDGET_AUTHORIZATION_ERROR trying to use a new enrolled reporting origin, failed due to PRIVACY_BUDGET_AUTHORIZATION_ERROR Sep 22, 2024
@nlrussell
Copy link
Collaborator

Hi @TomerGoldstein, can you please email [email protected] with your reporting origins so I can double-check their onboarding status?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nlrussell @TomerGoldstein