Skip to content

Commit

Permalink
GCP IAM Updates Detected
Browse files Browse the repository at this point in the history
  • Loading branch information
@jdyke
jdyke committed Jan 31, 2025
1 parent 74b2b70 commit 6129624
Show file tree
Hide file tree
Showing 16 changed files with 32 additions and 2 deletions.
1 change: 1 addition & 0 deletions roles/composer.serviceAgent
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1786,6 +1786,7 @@
"storage.buckets.list",
"storage.buckets.listEffectiveTags",
"storage.buckets.listTagBindings",
"storage.buckets.relocate",
"storage.buckets.restore",
"storage.buckets.setIamPolicy",
"storage.buckets.setIpFilter",
Expand Down
1 change: 1 addition & 0 deletions roles/datapipelines.serviceAgent
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@
"storage.buckets.list",
"storage.buckets.listEffectiveTags",
"storage.buckets.listTagBindings",
"storage.buckets.relocate",
"storage.buckets.restore",
"storage.buckets.setIamPolicy",
"storage.buckets.setIpFilter",
Expand Down
1 change: 1 addition & 0 deletions roles/dataplex.serviceAgent
View file
Original file line number Diff line number Diff line change
Expand Up @@ -249,6 +249,7 @@
"storage.buckets.list",
"storage.buckets.listEffectiveTags",
"storage.buckets.listTagBindings",
"storage.buckets.relocate",
"storage.buckets.restore",
"storage.buckets.setIamPolicy",
"storage.buckets.setIpFilter",
Expand Down
1 change: 1 addition & 0 deletions roles/datastream.serviceAgent
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
"etag": "AA==",
"includedPermissions": [
"bigquery.connections.delegate",
"bigquery.connections.get",
"bigquery.datasets.create",
"bigquery.datasets.get",
"bigquery.jobs.create",
Expand Down
2 changes: 1 addition & 1 deletion roles/discoveryengine.notebookViewer
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,6 @@
"description": "Grants read-only access to a Cloud NotebookLM Notebook.",
"etag": "AA==",
"name": "roles/discoveryengine.notebookViewer",
"stage": "ALPHA",
"stage": "BETA",
"title": "Cloud NotebookLM Notebook Viewer"
}
1 change: 1 addition & 0 deletions roles/iam.securityReviewer
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@
"aiplatform.entityTypes.list",
"aiplatform.executions.list",
"aiplatform.extensions.list",
"aiplatform.featureGroups.getIamPolicy",
"aiplatform.featureGroups.list",
"aiplatform.featureOnlineStores.getIamPolicy",
"aiplatform.featureOnlineStores.list",
Expand Down
1 change: 1 addition & 0 deletions roles/managedkafka.admin
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
"description": "Full access to Managed Kafka resources.",
"etag": "AA==",
"includedPermissions": [
"cloudasset.assets.searchAllResources",
"managedkafka.clusters.connect",
"managedkafka.clusters.create",
"managedkafka.clusters.delete",
Expand Down
1 change: 1 addition & 0 deletions roles/managedkafka.clusterEditor
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
"description": "Provides read and write access to Kafka clusters. Intended for, e.g., IT Departments that provision Kafka clusters, but need not be able to read or modify topics or consumer groups.",
"etag": "AA==",
"includedPermissions": [
"cloudasset.assets.searchAllResources",
"managedkafka.clusters.create",
"managedkafka.clusters.delete",
"managedkafka.clusters.get",
Expand Down
1 change: 1 addition & 0 deletions roles/managedkafka.consumerGroupEditor
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
"description": "Provides read and write access to consumer group metadata. Intended for, e.g., developers who configure consumer groups.",
"etag": "AA==",
"includedPermissions": [
"cloudasset.assets.searchAllResources",
"managedkafka.clusters.get",
"managedkafka.clusters.list",
"managedkafka.consumerGroups.delete",
Expand Down
1 change: 1 addition & 0 deletions roles/managedkafka.topicEditor
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
"description": "Provides read and write access to topic metadata. Intended for, e.g., developers who configure topics.",
"etag": "AA==",
"includedPermissions": [
"cloudasset.assets.searchAllResources",
"managedkafka.clusters.get",
"managedkafka.clusters.list",
"managedkafka.consumerGroups.get",
Expand Down
1 change: 1 addition & 0 deletions roles/ml.serviceAgent
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,7 @@
"storage.buckets.list",
"storage.buckets.listEffectiveTags",
"storage.buckets.listTagBindings",
"storage.buckets.relocate",
"storage.buckets.restore",
"storage.buckets.setIamPolicy",
"storage.buckets.setIpFilter",
Expand Down
3 changes: 3 additions & 0 deletions roles/oauthconfig.viewer
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@
"clientauthconfig.brands.list",
"clientauthconfig.clients.get",
"clientauthconfig.clients.list",
"firebase.clients.get",
"firebase.clients.list",
"firebaseappcheck.resourcePolicies.get",
"oauthconfig.clientpolicy.get",
"oauthconfig.testusers.get",
"oauthconfig.verification.get"
Expand Down
14 changes: 13 additions & 1 deletion roles/retail.merchantApprover
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,19 @@
{
"description": "Grants access and approval rights to MerchantControls in the merchant console.",
"etag": "AA==",
"includedPermissions": [
"retail.merchantControls.approverDelete",
"retail.merchantControls.approverGet",
"retail.merchantControls.approverList",
"retail.merchantControls.approverUpdate",
"retail.merchantControls.creatorCreate",
"retail.merchantControls.creatorDelete",
"retail.merchantControls.creatorGet",
"retail.merchantControls.creatorList",
"retail.merchantControls.creatorSubmit",
"retail.merchantControls.creatorUpdate"
],
"name": "roles/retail.merchantApprover",
"stage": "ALPHA",
"stage": "BETA",
"title": "Retail Merchant Approver"
}
2 changes: 2 additions & 0 deletions roles/securitycenter.controlServiceAgent
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@
"description": "Security Center Control service agent can monitor and configure GCP resources and import security findings.",
"etag": "AA==",
"includedPermissions": [
"accesscontextmanager.gcpUserAccessBindings.get",
"accesscontextmanager.gcpUserAccessBindings.list",
"bigquery.datasets.get",
"binaryauthorization.policy.get",
"cloudasset.assets.analyzeIamPolicy",
Expand Down
2 changes: 2 additions & 0 deletions roles/securitycenter.serviceAgent
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@
"description": "Security Center service agent can scan GCP resources and import security scans.",
"etag": "AA==",
"includedPermissions": [
"accesscontextmanager.gcpUserAccessBindings.get",
"accesscontextmanager.gcpUserAccessBindings.list",
"bigquery.datasets.get",
"binaryauthorization.policy.get",
"cloudasset.assets.analyzeIamPolicy",
Expand Down
1 change: 1 addition & 0 deletions roles/storage.legacyBucketOwner
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
"storage.buckets.getIpFilter",
"storage.buckets.listEffectiveTags",
"storage.buckets.listTagBindings",
"storage.buckets.relocate",
"storage.buckets.restore",
"storage.buckets.setIamPolicy",
"storage.buckets.setIpFilter",
Expand Down

0 comments on commit 6129624

Please sign in to comment.