in google_cloud_automlops/utils/utils.py [0:0]
def get_provision_recommended_roles(defaults: dict) -> list:
"""Creates the list of recommended roles to run the provision() step based on the user tooling
selection determined during the generate() step. These roles have the minimum permissions
required for provision.
Args:
defaults (dict): Contents of the Defaults yaml file (config/defaults.yaml).
Returns:
list: Recommended provision roles.
"""
recommended_roles = [
'roles/serviceusage.serviceUsageAdmin',
'roles/resourcemanager.projectIamAdmin',
'roles/iam.serviceAccountAdmin',
'roles/iam.serviceAccountUser',
'roles/storage.admin']
if defaults['gcp']['artifact_repo_type'] == ArtifactRepository.ARTIFACT_REGISTRY.value:
recommended_roles.append('roles/artifactregistry.admin')
if defaults['tooling']['use_ci']:
recommended_roles.append('roles/pubsub.editor')
if defaults['tooling']['deployment_framework'] == Deployer.CLOUDBUILD.value:
recommended_roles.append('roles/cloudbuild.builds.editor')
if defaults['gcp']['schedule_pattern'] != DEFAULT_SCHEDULE_PATTERN:
recommended_roles.append('roles/cloudscheduler.admin')
if defaults['gcp']['pipeline_job_submission_service_type'] == PipelineJobSubmitter.CLOUD_RUN.value:
recommended_roles.append('roles/run.admin')
if defaults['gcp']['pipeline_job_submission_service_type'] == PipelineJobSubmitter.CLOUD_FUNCTIONS.value:
recommended_roles.append('roles/cloudfunctions.admin')
return recommended_roles