in google_cloud_automlops/utils/utils.py [0:0]
def get_deploy_with_precheck_min_permissions(defaults: dict) -> list:
"""Creates the list of minimum required permissions to run the deploy() step based on the user
tooling selection, determined during the generate() step. This function is called when
precheck=True, which makes several API calls to determine if the infra exists to run deploy()
and increases the required list of permissions.
Args:
defaults (dict): Contents of the Defaults yaml file (config/defaults.yaml).
Returns:
list: Minimum permissions to deploy with precheck=True.
"""
recommended_permissions = [
'serviceusage.services.get',
'resourcemanager.projects.getIamPolicy',
'storage.buckets.update',
'iam.serviceAccounts.get']
if defaults['gcp']['artifact_repo_type'] == ArtifactRepository.ARTIFACT_REGISTRY.value:
recommended_permissions.append('artifactregistry.repositories.get')
if defaults['tooling']['use_ci']:
recommended_permissions.extend(['pubsub.topics.get', 'pubsub.subscriptions.get'])
if defaults['tooling']['deployment_framework'] == Deployer.CLOUDBUILD.value:
recommended_permissions.append('cloudbuild.builds.get')
if defaults['gcp']['pipeline_job_submission_service_type'] == PipelineJobSubmitter.CLOUD_RUN.value:
recommended_permissions.append('run.services.get')
if defaults['gcp']['pipeline_job_submission_service_type'] == PipelineJobSubmitter.CLOUD_FUNCTIONS.value:
recommended_permissions.append('cloudfunctions.functions.get')
elif not defaults['tooling']['use_ci']:
recommended_permissions.extend(['cloudbuild.builds.get', 'aiplatform.pipelineJobs.create'])
return recommended_permissions