Skip to content

Commit

Permalink
GCP IAM Updates Detected
Browse files Browse the repository at this point in the history
  • Loading branch information
@jdyke
jdyke committed Sep 19, 2024
1 parent 087dea0 commit 9bd09e0
Show file tree
Hide file tree
Showing 36 changed files with 200 additions and 17 deletions.
37 changes: 37 additions & 0 deletions roles/aiplatform.batchPredictionServiceAgent
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
{
"description": "Vertex AI Batch Prediction Service Agent for serving batch prediction requests.",
"etag": "AA==",
"includedPermissions": [
"bigquery.datasets.create",
"bigquery.datasets.get",
"bigquery.jobs.create",
"bigquery.jobs.get",
"bigquery.models.create",
"bigquery.models.export",
"bigquery.models.getData",
"bigquery.readsessions.create",
"bigquery.readsessions.getData",
"bigquery.tables.create",
"bigquery.tables.createSnapshot",
"bigquery.tables.deleteSnapshot",
"bigquery.tables.export",
"bigquery.tables.get",
"bigquery.tables.getData",
"bigquery.tables.restoreSnapshot",
"bigquery.tables.update",
"bigquery.tables.updateData",
"storage.buckets.create",
"storage.buckets.delete",
"storage.buckets.get",
"storage.buckets.list",
"storage.buckets.update",
"storage.objects.create",
"storage.objects.delete",
"storage.objects.get",
"storage.objects.list",
"storage.objects.update"
],
"name": "roles/aiplatform.batchPredictionServiceAgent",
"stage": "GA",
"title": "Vertex AI Batch Prediction Service Agent"
}
2 changes: 1 addition & 1 deletion roles/apigee.deploymentInvoker
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,6 @@
"apigee.deployments.invoke"
],
"name": "roles/apigee.deploymentInvoker",
"stage": "ALPHA",
"stage": "GA",
"title": "Apigee Deployment Invoker"
}
2 changes: 2 additions & 0 deletions roles/assuredworkloads.admin
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@
"includedPermissions": [
"assuredworkloads.operations.get",
"assuredworkloads.operations.list",
"assuredworkloads.updates.list",
"assuredworkloads.updates.update",
"assuredworkloads.violations.get",
"assuredworkloads.violations.list",
"assuredworkloads.violations.update",
Expand Down
1 change: 1 addition & 0 deletions roles/assuredworkloads.reader
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
"includedPermissions": [
"assuredworkloads.operations.get",
"assuredworkloads.operations.list",
"assuredworkloads.updates.list",
"assuredworkloads.violations.get",
"assuredworkloads.violations.list",
"assuredworkloads.workload.get",
Expand Down
1 change: 1 addition & 0 deletions roles/chronicle.admin
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@
"chronicle.dataExports.create",
"chronicle.dataExports.fetchLogTypesAvailableForExport",
"chronicle.dataExports.get",
"chronicle.dataTableOperationErrors.get",
"chronicle.dataTableRows.asyncBulkCreate",
"chronicle.dataTableRows.asyncBulkReplace",
"chronicle.dataTableRows.asyncBulkUpdate",
Expand Down
10 changes: 10 additions & 0 deletions roles/chronicle.globalDataAccess
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{
"description": "Grants global access to data i.e. all data can be accessed.",
"etag": "AA==",
"includedPermissions": [
"chronicle.globalDataAccessScopes.permit"
],
"name": "roles/chronicle.globalDataAccess",
"stage": "BETA",
"title": "Chronicle API Global Data Access"
}
2 changes: 1 addition & 1 deletion roles/cloudaicompanion.codeRepositoryIndexesAdmin
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,5 +23,5 @@
],
"name": "roles/cloudaicompanion.codeRepositoryIndexesAdmin",
"stage": "BETA",
"title": "Cloud AI Companion Code Repository Indexes Admin"
"title": "Code Repository Indexes Admin"
}
2 changes: 1 addition & 1 deletion roles/cloudaicompanion.codeRepositoryIndexesViewer
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,5 +14,5 @@
],
"name": "roles/cloudaicompanion.codeRepositoryIndexesViewer",
"stage": "BETA",
"title": "Cloud AI Companion Code Repository Indexes Viewer"
"title": "Code Repository Indexes Viewer"
}
2 changes: 1 addition & 1 deletion roles/cloudaicompanion.repositoryGroupsUser
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,5 @@
],
"name": "roles/cloudaicompanion.repositoryGroupsUser",
"stage": "BETA",
"title": "Cloud AI Companion Repository Groups User"
"title": "Repository Groups User"
}
4 changes: 2 additions & 2 deletions roles/cloudaicompanion.user
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"description": "A user who can receive assistance from Cloud AI Companion",
"description": "A user who can use Gemini for Google Cloud",
"etag": "AA==",
"includedPermissions": [
"cloudaicompanion.companions.generateChat",
Expand All @@ -14,5 +14,5 @@
],
"name": "roles/cloudaicompanion.user",
"stage": "BETA",
"title": "Cloud AI Companion User"
"title": "Gemini for Google Cloud User"
}
4 changes: 4 additions & 0 deletions roles/cloudbuild.builds.builder
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,16 @@
"etag": "AA==",
"includedPermissions": [
"artifactregistry.aptartifacts.create",
"artifactregistry.attachments.create",
"artifactregistry.attachments.get",
"artifactregistry.attachments.list",
"artifactregistry.dockerimages.get",
"artifactregistry.dockerimages.list",
"artifactregistry.files.download",
"artifactregistry.files.get",
"artifactregistry.files.list",
"artifactregistry.files.update",
"artifactregistry.files.upload",
"artifactregistry.kfpartifacts.create",
"artifactregistry.locations.get",
"artifactregistry.locations.list",
Expand Down
4 changes: 4 additions & 0 deletions roles/cloudbuild.serviceAgent
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,16 @@
"etag": "AA==",
"includedPermissions": [
"artifactregistry.aptartifacts.create",
"artifactregistry.attachments.create",
"artifactregistry.attachments.get",
"artifactregistry.attachments.list",
"artifactregistry.dockerimages.get",
"artifactregistry.dockerimages.list",
"artifactregistry.files.download",
"artifactregistry.files.get",
"artifactregistry.files.list",
"artifactregistry.files.update",
"artifactregistry.files.upload",
"artifactregistry.kfpartifacts.create",
"artifactregistry.locations.get",
"artifactregistry.locations.list",
Expand Down
1 change: 1 addition & 0 deletions roles/cloudkms.autokeyUser
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
"cloudkms.keyHandles.create",
"cloudkms.keyHandles.get",
"cloudkms.keyHandles.list",
"cloudkms.operations.get",
"cloudkms.projects.showEffectiveAutokeyConfig"
],
"name": "roles/cloudkms.autokeyUser",
Expand Down
14 changes: 14 additions & 0 deletions roles/cloudsql.studioUser
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
{
"description": "Role allowing access to Cloud SQL Studio",
"etag": "AA==",
"includedPermissions": [
"cloudsql.databases.list",
"cloudsql.instances.executeSql",
"cloudsql.instances.get",
"cloudsql.instances.login",
"cloudsql.users.list"
],
"name": "roles/cloudsql.studioUser",
"stage": "GA",
"title": "Cloud SQL Studio User"
}
1 change: 1 addition & 0 deletions roles/cloudtrace.admin
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
"cloudtrace.traces.get",
"cloudtrace.traces.list",
"cloudtrace.traces.patch",
"observability.scopes.get",
"resourcemanager.projects.get",
"resourcemanager.projects.list"
],
Expand Down
1 change: 1 addition & 0 deletions roles/cloudtrace.user
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
"cloudtrace.tasks.list",
"cloudtrace.traces.get",
"cloudtrace.traces.list",
"observability.scopes.get",
"resourcemanager.projects.get",
"resourcemanager.projects.list"
],
Expand Down
3 changes: 3 additions & 0 deletions roles/composer.serviceAgent
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@
"cloudsql.databases.list",
"cloudsql.databases.update",
"cloudsql.instances.addServerCa",
"cloudsql.instances.addServerCertificate",
"cloudsql.instances.clone",
"cloudsql.instances.connect",
"cloudsql.instances.create",
Expand All @@ -58,6 +59,7 @@
"cloudsql.instances.list",
"cloudsql.instances.listEffectiveTags",
"cloudsql.instances.listServerCas",
"cloudsql.instances.listServerCertificates",
"cloudsql.instances.listTagBindings",
"cloudsql.instances.login",
"cloudsql.instances.migrate",
Expand All @@ -69,6 +71,7 @@
"cloudsql.instances.restart",
"cloudsql.instances.restoreBackup",
"cloudsql.instances.rotateServerCa",
"cloudsql.instances.rotateServerCertificate",
"cloudsql.instances.startReplica",
"cloudsql.instances.stopReplica",
"cloudsql.instances.truncateLog",
Expand Down
5 changes: 5 additions & 0 deletions roles/composer.worker
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,18 @@
"etag": "AA==",
"includedPermissions": [
"artifactregistry.aptartifacts.create",
"artifactregistry.attachments.create",
"artifactregistry.attachments.delete",
"artifactregistry.attachments.get",
"artifactregistry.attachments.list",
"artifactregistry.dockerimages.get",
"artifactregistry.dockerimages.list",
"artifactregistry.files.delete",
"artifactregistry.files.download",
"artifactregistry.files.get",
"artifactregistry.files.list",
"artifactregistry.files.update",
"artifactregistry.files.upload",
"artifactregistry.kfpartifacts.create",
"artifactregistry.locations.get",
"artifactregistry.locations.list",
Expand Down
3 changes: 2 additions & 1 deletion roles/datacatalog.glossaryOwner
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,8 @@
"datacatalog.relationships.deleteIsDescribedBy",
"datacatalog.relationships.deleteIsRelatedTo",
"datacatalog.relationships.deleteIsSynonymousTo",
"datacatalog.relationships.list"
"datacatalog.relationships.list",
"dataplex.projects.search"
],
"name": "roles/datacatalog.glossaryOwner",
"stage": "BETA",
Expand Down
3 changes: 2 additions & 1 deletion roles/datacatalog.glossaryUser
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,8 @@
"datacatalog.relationships.deleteIsDescribedBy",
"datacatalog.relationships.deleteIsRelatedTo",
"datacatalog.relationships.deleteIsSynonymousTo",
"datacatalog.relationships.list"
"datacatalog.relationships.list",
"dataplex.projects.search"
],
"name": "roles/datacatalog.glossaryUser",
"stage": "BETA",
Expand Down
4 changes: 4 additions & 0 deletions roles/dialogflow.serviceAgent
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,8 +102,12 @@
"dialogflow.versions.list",
"dialogflow.webhooks.get",
"dialogflow.webhooks.list",
"discoveryengine.collections.list",
"discoveryengine.dataStores.list",
"discoveryengine.engines.create",
"discoveryengine.engines.delete",
"discoveryengine.engines.get",
"discoveryengine.engines.update",
"discoveryengine.servingConfigs.search",
"dlp.deidentifyTemplates.get",
"dlp.deidentifyTemplates.list",
Expand Down
2 changes: 2 additions & 0 deletions roles/firebase.developViewer
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@
"description": "Read access to Firebase Develop products and Analytics.",
"etag": "AA==",
"includedPermissions": [
"apikeys.keys.get",
"apikeys.keys.list",
"automl.annotationSpecs.get",
"automl.annotationSpecs.list",
"automl.annotations.list",
Expand Down
2 changes: 2 additions & 0 deletions roles/firebase.growthAdmin
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@
"description": "Full access to Firebase Grow products and Analytics.",
"etag": "AA==",
"includedPermissions": [
"apikeys.keys.get",
"apikeys.keys.list",
"clientauthconfig.clients.get",
"clientauthconfig.clients.list",
"cloudconfig.configs.get",
Expand Down
2 changes: 2 additions & 0 deletions roles/firebase.growthViewer
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@
"description": "Read access to Firebase Grow products and Analytics.",
"etag": "AA==",
"includedPermissions": [
"apikeys.keys.get",
"apikeys.keys.list",
"cloudconfig.configs.get",
"cloudnotifications.activities.list",
"fcmdata.deliverydata.list",
Expand Down
2 changes: 2 additions & 0 deletions roles/firebase.qualityAdmin
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@
"description": "Full access to Firebase Quality products and Analytics.",
"etag": "AA==",
"includedPermissions": [
"apikeys.keys.get",
"apikeys.keys.list",
"cloudnotifications.activities.list",
"firebase.billingPlans.get",
"firebase.clients.get",
Expand Down
2 changes: 2 additions & 0 deletions roles/firebase.qualityViewer
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@
"description": "Read access to Firebase Quality products and Analytics.",
"etag": "AA==",
"includedPermissions": [
"apikeys.keys.get",
"apikeys.keys.list",
"cloudnotifications.activities.list",
"firebase.billingPlans.get",
"firebase.clients.get",
Expand Down
2 changes: 2 additions & 0 deletions roles/firebase.viewer
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@
"description": "Read-only access to Firebase products.",
"etag": "AA==",
"includedPermissions": [
"apikeys.keys.get",
"apikeys.keys.list",
"automl.annotationSpecs.get",
"automl.annotationSpecs.list",
"automl.annotations.list",
Expand Down
3 changes: 3 additions & 0 deletions roles/iam.securityAdmin
View file
Original file line number Diff line number Diff line change
Expand Up @@ -218,6 +218,7 @@
"apphub.services.list",
"apphub.workloads.list",
"applianceactivation.rttCommands.list",
"artifactregistry.attachments.list",
"artifactregistry.dockerimages.list",
"artifactregistry.files.list",
"artifactregistry.locations.list",
Expand All @@ -234,6 +235,7 @@
"assuredoss.metadata.list",
"assuredoss.operations.list",
"assuredworkloads.operations.list",
"assuredworkloads.updates.list",
"assuredworkloads.violations.list",
"assuredworkloads.workload.list",
"auditmanager.auditReports.list",
Expand Down Expand Up @@ -792,6 +794,7 @@
"contactcenteraiplatform.locations.list",
"contactcenteraiplatform.operations.list",
"contactcenterinsights.analyses.list",
"contactcenterinsights.analysisRules.list",
"contactcenterinsights.conversations.list",
"contactcenterinsights.faqEntries.list",
"contactcenterinsights.faqModels.list",
Expand Down
1 change: 1 addition & 0 deletions roles/managedkafka.serviceAgent
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
"dns.resourceRecordSets.list",
"dns.resourceRecordSets.update",
"managedkafka.clusters.connect",
"privateca.caPools.get",
"servicedirectory.namespaces.create",
"servicedirectory.services.create",
"servicedirectory.services.delete"
Expand Down
1 change: 1 addition & 0 deletions roles/metastore.serviceAgent
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@
"metastore.databases.get",
"metastore.databases.setIamPolicy",
"metastore.databases.update",
"metastore.federations.use",
"metastore.services.get",
"metastore.tables.get",
"metastore.tables.setIamPolicy",
Expand Down
Loading

0 comments on commit 9bd09e0

Please sign in to comment.