Nothing
R/setup_buildemail.R
In googleCloudRunner: R Scripts in the Google Cloud via Cloud Run, Cloud Build and Cloud Scheduler
Defines functions
cr_setup_role_lookup
cr_setup_service
Documented in
cr_setup_role_lookup
cr_setup_service
#' Give a service account the right permissions for googleCloudRunner operations
#'
#' @param account_email The service account email e.g. \code{accountId@projectid.iam.gserviceaccount.com} or {12345678@cloudbuild.gserviceaccount.com}
#' @param json the project clientId JSON
#' @param email the email of an Owner/Editor for the project
#' @param roles the roles to grant access - default is all googleCloudRunner functions
#'
#' @export
#' @importFrom googleAuthR gar_set_client gar_auth gar_service_grant_roles
#' @importFrom assertthat assert_that is.string
#' @family setup functions
cr_setup_service <- function(account_email,
roles = cr_setup_role_lookup("local"),
json = Sys.getenv("GAR_CLIENT_JSON"),
email = Sys.getenv("GARGLE_EMAIL")) {
# to prevent #94
assert_that(is.string(account_email))
the_roles <- paste(roles, collapse = " ")
account_email <- trimws(account_email)
projectId <- gar_set_client(json,
scopes = "https://www.googleapis.com/auth/cloud-platform"
)
if (email == "") {
email <- NULL
}
cli::cli_alert_info("Adding {account_email} for project {projectId} with roles: {the_roles}")
gar_auth(email = email)
if ("roles/cloudscheduler.serviceAgent" %in% roles) {
# needs special project
projectId <- "gcp-sa-cloudscheduler"
}
gar_service_grant_roles(account_email,
roles = roles,
projectId = projectId
)
cli::cli_alert_success("Configured {account_email} with roles: {the_roles}")
the_roles
}
#' @param type the role
#' @export
#' @rdname cr_setup_service
cr_setup_role_lookup <- function(type = c(
"local",
"cloudrun",
"bigquery",
"secrets",
"cloudbuild",
"cloudstorage",
"schedule_agent",
"run_agent",
"compute"
)) {
type <- match.arg(type)
switch(type,
local = c(
"roles/cloudbuild.builds.builder",
"roles/secretmanager.secretAccessor",
"roles/cloudscheduler.admin",
"roles/iam.serviceAccountUser",
"roles/run.admin",
"roles/storage.admin",
"roles/serviceusage.serviceUsageConsumer",
"roles/pubsub.admin",
"roles/viewer"
),
cloudrun = c(
"roles/run.admin",
"roles/iam.serviceAccountUser",
"roles/serverless.serviceAgent"
),
bigquery = "roles/bigquery.admin",
secrets = "roles/secretmanager.secretAccessor",
cloudbuild = c(
"roles/cloudbuild.builds.builder",
"roles/iam.serviceAccountAdmin",
"roles/serviceusage.serviceUsageConsumer"
),
cloudstorage = c("roles/storage.admin", "roles/viewer"),
schedule_agent = "roles/cloudscheduler.serviceAgent",
run_agent = "roles/serverless.serviceAgent",
compute = "roles/compute.admin"
)
}
Try the googleCloudRunner package in your browser
Any scripts or data that you put into this service are public.
googleCloudRunner documentation built on March 18, 2022, 8 p.m.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Defines functions cr_setup_role_lookup cr_setup_service
Documented in cr_setup_role_lookup cr_setup_service
#' Give a service account the right permissions for googleCloudRunner operations
#'
#' @param account_email The service account email e.g. \code{accountId@projectid.iam.gserviceaccount.com} or {12345678@cloudbuild.gserviceaccount.com}
#' @param json the project clientId JSON
#' @param email the email of an Owner/Editor for the project
#' @param roles the roles to grant access - default is all googleCloudRunner functions
#'
#' @export
#' @importFrom googleAuthR gar_set_client gar_auth gar_service_grant_roles
#' @importFrom assertthat assert_that is.string
#' @family setup functions
cr_setup_service <- function(account_email,
roles = cr_setup_role_lookup("local"),
json = Sys.getenv("GAR_CLIENT_JSON"),
email = Sys.getenv("GARGLE_EMAIL")) {
# to prevent #94
assert_that(is.string(account_email))
the_roles <- paste(roles, collapse = " ")
account_email <- trimws(account_email)
projectId <- gar_set_client(json,
scopes = "https://www.googleapis.com/auth/cloud-platform"
)
if (email == "") {
email <- NULL
}
cli::cli_alert_info("Adding {account_email} for project {projectId} with roles: {the_roles}")
gar_auth(email = email)
if ("roles/cloudscheduler.serviceAgent" %in% roles) {
# needs special project
projectId <- "gcp-sa-cloudscheduler"
}
gar_service_grant_roles(account_email,
roles = roles,
projectId = projectId
)
cli::cli_alert_success("Configured {account_email} with roles: {the_roles}")
the_roles
}
#' @param type the role
#' @export
#' @rdname cr_setup_service
cr_setup_role_lookup <- function(type = c(
"local",
"cloudrun",
"bigquery",
"secrets",
"cloudbuild",
"cloudstorage",
"schedule_agent",
"run_agent",
"compute"
)) {
type <- match.arg(type)
switch(type,
local = c(
"roles/cloudbuild.builds.builder",
"roles/secretmanager.secretAccessor",
"roles/cloudscheduler.admin",
"roles/iam.serviceAccountUser",
"roles/run.admin",
"roles/storage.admin",
"roles/serviceusage.serviceUsageConsumer",
"roles/pubsub.admin",
"roles/viewer"
),
cloudrun = c(
"roles/run.admin",
"roles/iam.serviceAccountUser",
"roles/serverless.serviceAgent"
),
bigquery = "roles/bigquery.admin",
secrets = "roles/secretmanager.secretAccessor",
cloudbuild = c(
"roles/cloudbuild.builds.builder",
"roles/iam.serviceAccountAdmin",
"roles/serviceusage.serviceUsageConsumer"
),
cloudstorage = c("roles/storage.admin", "roles/viewer"),
schedule_agent = "roles/cloudscheduler.serviceAgent",
run_agent = "roles/serverless.serviceAgent",
compute = "roles/compute.admin"
)
}
Try the googleCloudRunner package in your browser
Any scripts or data that you put into this service are public.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Embedding an R snippet on your website
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.