chore: add data warehouse example roles

Author: ayushmjain

metadata.yaml

@@ -382,6 +382,19 @@ spec:
       - level: Project
         roles:
           - roles/bigquery.admin
+          - roles/aiplatform.admin
+          - roles/cloudfunctions.admin
+          - roles/dataform.admin
+          - roles/datalineage.viewer
+          - roles/iam.serviceAccountAdmin
+          - roles/iam.serviceAccountTokenCreator
+          - roles/iam.serviceAccountUser
+          - roles/logging.configWriter
+          - roles/resourcemanager.projectIamAdmin
+          - roles/run.invoker
+          - roles/serviceusage.serviceUsageAdmin
+          - roles/storage.admin
+          - roles/workflows.admin
     services:
       - cloudkms.googleapis.com
       - cloudresourcemanager.googleapis.com

modules/authorization/metadata.yaml

@@ -94,6 +94,19 @@ spec:
       - level: Project
         roles:
           - roles/bigquery.admin
+          - roles/aiplatform.admin
+          - roles/cloudfunctions.admin
+          - roles/dataform.admin
+          - roles/datalineage.viewer
+          - roles/iam.serviceAccountAdmin
+          - roles/iam.serviceAccountTokenCreator
+          - roles/iam.serviceAccountUser
+          - roles/logging.configWriter
+          - roles/resourcemanager.projectIamAdmin
+          - roles/run.invoker
+          - roles/serviceusage.serviceUsageAdmin
+          - roles/storage.admin
+          - roles/workflows.admin
     services:
       - cloudkms.googleapis.com
       - cloudresourcemanager.googleapis.com

modules/data_warehouse/metadata.yaml

@@ -136,6 +136,19 @@ spec:
       - level: Project
         roles:
           - roles/bigquery.admin
+          - roles/aiplatform.admin
+          - roles/cloudfunctions.admin
+          - roles/dataform.admin
+          - roles/datalineage.viewer
+          - roles/iam.serviceAccountAdmin
+          - roles/iam.serviceAccountTokenCreator
+          - roles/iam.serviceAccountUser
+          - roles/logging.configWriter
+          - roles/resourcemanager.projectIamAdmin
+          - roles/run.invoker
+          - roles/serviceusage.serviceUsageAdmin
+          - roles/storage.admin
+          - roles/workflows.admin
     services:
       - cloudkms.googleapis.com
       - cloudresourcemanager.googleapis.com

modules/scheduled_queries/metadata.yaml

@@ -60,6 +60,19 @@ spec:
       - level: Project
         roles:
           - roles/bigquery.admin
+          - roles/aiplatform.admin
+          - roles/cloudfunctions.admin
+          - roles/dataform.admin
+          - roles/datalineage.viewer
+          - roles/iam.serviceAccountAdmin
+          - roles/iam.serviceAccountTokenCreator
+          - roles/iam.serviceAccountUser
+          - roles/logging.configWriter
+          - roles/resourcemanager.projectIamAdmin
+          - roles/run.invoker
+          - roles/serviceusage.serviceUsageAdmin
+          - roles/storage.admin
+          - roles/workflows.admin
     services:
       - cloudkms.googleapis.com
       - cloudresourcemanager.googleapis.com

modules/udf/metadata.yaml

@@ -64,6 +64,19 @@ spec:
       - level: Project
         roles:
           - roles/bigquery.admin
+          - roles/aiplatform.admin
+          - roles/cloudfunctions.admin
+          - roles/dataform.admin
+          - roles/datalineage.viewer
+          - roles/iam.serviceAccountAdmin
+          - roles/iam.serviceAccountTokenCreator
+          - roles/iam.serviceAccountUser
+          - roles/logging.configWriter
+          - roles/resourcemanager.projectIamAdmin
+          - roles/run.invoker
+          - roles/serviceusage.serviceUsageAdmin
+          - roles/storage.admin
+          - roles/workflows.admin
     services:
       - cloudkms.googleapis.com
       - cloudresourcemanager.googleapis.com

test/setup/iam.tf

@@ -16,7 +16,20 @@
 
 locals {
   int_required_roles = [
-    "roles/bigquery.admin"
+    "roles/bigquery.admin",
+    "roles/aiplatform.admin",
+    "roles/cloudfunctions.admin",
+    "roles/dataform.admin",
+    "roles/datalineage.viewer",
+    "roles/iam.serviceAccountAdmin",
+    "roles/iam.serviceAccountTokenCreator",
+    "roles/iam.serviceAccountUser",
+    "roles/logging.configWriter",
+    "roles/resourcemanager.projectIamAdmin",
+    "roles/run.invoker",
+    "roles/serviceusage.serviceUsageAdmin",
+    "roles/storage.admin",
+    "roles/workflows.admin"
   ]
 }