in google_cloud_automlops/utils/utils.py [0:0]
def get_deploy_with_precheck_recommended_roles(defaults: dict) -> list:
"""Returns the list of recommended roles to run the deploy() step based on the user tooling
selection determined during the generate() step. This function is called when precheck=True,
which makes several API calls to determine if the infra exists to run deploy() and increases the
required list of permissions.
Args:
defaults (dict): Contents of the Defaults yaml file (config/defaults.yaml).
Returns:
list: Recommended roles to deploy with precheck=True.
"""
recommended_roles = [
'roles/serviceusage.serviceUsageViewer',
'roles/iam.roleViewer',
'roles/storage.admin',
'roles/iam.serviceAccountUser']
if defaults['gcp']['artifact_repo_type'] == ArtifactRepository.ARTIFACT_REGISTRY.value:
recommended_roles.append('roles/artifactregistry.reader')
if defaults['tooling']['use_ci']:
recommended_roles.append('roles/pubsub.viewer')
if defaults['tooling']['deployment_framework'] == Deployer.CLOUDBUILD.value:
recommended_roles.append('roles/cloudbuild.builds.editor')
if defaults['gcp']['pipeline_job_submission_service_type'] == PipelineJobSubmitter.CLOUD_RUN.value:
recommended_roles.append('roles/run.viewer')
if defaults['gcp']['pipeline_job_submission_service_type'] == PipelineJobSubmitter.CLOUD_FUNCTIONS.value:
recommended_roles.append('roles/cloudfunctions.viewer')
elif not defaults['tooling']['use_ci']:
recommended_roles.extend(['roles/cloudbuild.builds.editor', 'roles/aiplatform.user'])
return recommended_roles