in google_cloud_automlops/utils/utils.py [0:0]
def get_provision_min_permissions(defaults: dict) -> list:
"""Returns the list of minimum required permissions to run the provision() step based on the
user tooling selection determined during the generate() step.
Args:
defaults (dict): Contents of the Defaults yaml file (config/defaults.yaml).
Returns:
list: Required permissions.
"""
required_permissions = [
'serviceusage.services.enable',
'serviceusage.services.use',
'resourcemanager.projects.setIamPolicy',
'iam.serviceAccounts.list',
'iam.serviceAccounts.create',
'iam.serviceAccounts.actAs',
'storage.buckets.get',
'storage.buckets.create']
if defaults['gcp']['artifact_repo_type'] == ArtifactRepository.ARTIFACT_REGISTRY.value:
required_permissions.extend(['artifactregistry.repositories.list', 'artifactregistry.repositories.create'])
if defaults['tooling']['use_ci']:
required_permissions.extend(['pubsub.topics.list', 'pubsub.topics.create',
'pubsub.subscriptions.list', 'pubsub.subscriptions.create'])
if defaults['tooling']['deployment_framework'] == Deployer.CLOUDBUILD.value:
required_permissions.extend(['cloudbuild.builds.list', 'cloudbuild.builds.create'])
if defaults['gcp']['schedule_pattern'] != DEFAULT_SCHEDULE_PATTERN:
required_permissions.extend(['cloudscheduler.jobs.list', 'cloudscheduler.jobs.create'])
if defaults['gcp']['pipeline_job_submission_service_type'] == PipelineJobSubmitter.CLOUD_RUN.value:
required_permissions.extend(['run.services.get', 'run.services.create'])
if defaults['gcp']['pipeline_job_submission_service_type'] == PipelineJobSubmitter.CLOUD_FUNCTIONS.value:
required_permissions.extend(['cloudfunctions.functions.get', 'cloudfunctions.functions.create'])
return required_permissions