GCP IAM Updates Detected

jdyke · Jan 18, 2025 · d81fd91 · d81fd91
1 parent a1e93e4
commit d81fd91
Show file tree

Hide file tree

Showing 21 changed files with 78 additions and 10 deletions.
diff --git a/roles/apigee.serviceAgent b/roles/apigee.serviceAgent
@@ -42,7 +42,8 @@
     "monitoring.metricDescriptors.list",
     "monitoring.monitoredResourceDescriptors.get",
     "monitoring.monitoredResourceDescriptors.list",
-    "monitoring.timeSeries.create"
+    "monitoring.timeSeries.create",
+    "telemetry.traces.write"
   ],
   "name": "roles/apigee.serviceAgent",
   "stage": "GA",

diff --git a/roles/backupdr.managementServerAccessor b/roles/backupdr.managementServerAccessor
@@ -5,6 +5,6 @@
     "backupdr.managementServers.createConnection"
   ],
   "name": "roles/backupdr.managementServerAccessor",
-  "stage": "BETA",
+  "stage": "GA",
   "title": "Backup and DR Management Server Accessor"
 }
diff --git a/roles/cloudtrace.admin b/roles/cloudtrace.admin
@@ -19,7 +19,8 @@
     "cloudtrace.traces.patch",
     "observability.scopes.get",
     "resourcemanager.projects.get",
-    "resourcemanager.projects.list"
+    "resourcemanager.projects.list",
+    "telemetry.traces.write"
   ],
   "name": "roles/cloudtrace.admin",
   "stage": "GA",

diff --git a/roles/dataform.codeCommenter b/roles/dataform.codeCommenter
@@ -0,0 +1,7 @@
+{
+  "description": "Permissions to comment, at the repository level. Grants CRUD access over commentThread and comment resources.",
+  "etag": "AA==",
+  "name": "roles/dataform.codeCommenter",
+  "stage": "BETA",
+  "title": "Code Commenter"
+}
diff --git a/roles/dataplex.encryptionAdmin b/roles/dataplex.encryptionAdmin
@@ -11,6 +11,6 @@
     "dataplex.operations.list"
   ],
   "name": "roles/dataplex.encryptionAdmin",
-  "stage": "BETA",
+  "stage": "GA",
   "title": "Dataplex Encryption Admin"
 }
diff --git a/roles/dataplex.metadataJobOwner b/roles/dataplex.metadataJobOwner
@@ -11,6 +11,6 @@
     "resourcemanager.projects.list"
   ],
   "name": "roles/dataplex.metadataJobOwner",
-  "stage": "BETA",
+  "stage": "GA",
   "title": "Dataplex Metadata Job Owner"
 }
diff --git a/roles/dataplex.metadataJobViewer b/roles/dataplex.metadataJobViewer
@@ -9,6 +9,6 @@
     "resourcemanager.projects.list"
   ],
   "name": "roles/dataplex.metadataJobViewer",
-  "stage": "BETA",
+  "stage": "GA",
   "title": "Dataplex Metadata Job Viewer"
 }
diff --git a/roles/editor b/roles/editor
@@ -6806,6 +6806,7 @@
     "netapp.storagePools.validateDirectoryService",
     "netapp.volumes.create",
     "netapp.volumes.delete",
+    "netapp.volumes.findValidCRRRegions",
     "netapp.volumes.get",
     "netapp.volumes.list",
     "netapp.volumes.revert",
@@ -8659,6 +8660,8 @@
     "telcoautomation.orchestrationClusters.list",
     "telcoautomation.publicBlueprints.get",
     "telcoautomation.publicBlueprints.list",
+    "telemetry.metrics.write",
+    "telemetry.traces.write",
     "timeseriesinsights.datasets.create",
     "timeseriesinsights.datasets.delete",
     "timeseriesinsights.datasets.evaluate",

diff --git a/roles/firebase.viewer b/roles/firebase.viewer
@@ -49,6 +49,8 @@
     "cloudtoolresults.settings.get",
     "cloudtoolresults.steps.get",
     "cloudtoolresults.steps.list",
+    "datastore.backups.get",
+    "datastore.backups.list",
     "datastore.databases.get",
     "datastore.databases.getMetadata",
     "datastore.databases.list",

diff --git a/roles/memorystore.admin b/roles/memorystore.admin
@@ -2,6 +2,7 @@
   "description": "Full access to Memorystore resources.",
   "etag": "AA==",
   "includedPermissions": [
+    "memorystore.instances.connect",
     "memorystore.instances.create",
     "memorystore.instances.delete",
     "memorystore.instances.get",
@@ -17,6 +18,6 @@
     "resourcemanager.projects.list"
   ],
   "name": "roles/memorystore.admin",
-  "stage": "BETA",
+  "stage": "GA",
   "title": "Memorystore Admin"
 }
diff --git a/roles/memorystore.dbConnectionUser b/roles/memorystore.dbConnectionUser
@@ -5,6 +5,6 @@
     "memorystore.instances.connect"
   ],
   "name": "roles/memorystore.dbConnectionUser",
-  "stage": "BETA",
+  "stage": "GA",
   "title": "Memorystore DB Connector User"
 }
diff --git a/roles/meshdataplane.serviceAgent b/roles/meshdataplane.serviceAgent
@@ -13,7 +13,8 @@
     "monitoring.monitoredResourceDescriptors.get",
     "monitoring.monitoredResourceDescriptors.list",
     "monitoring.timeSeries.create",
-    "serviceusage.services.use"
+    "serviceusage.services.use",
+    "telemetry.traces.write"
   ],
   "name": "roles/meshdataplane.serviceAgent",
   "stage": "GA",

diff --git a/roles/modelarmor.serviceAgent b/roles/modelarmor.serviceAgent
@@ -21,6 +21,6 @@
     "serviceusage.services.use"
   ],
   "name": "roles/modelarmor.serviceAgent",
-  "stage": "ALPHA",
+  "stage": "GA",
   "title": "Model Armor Service Agent"
 }
diff --git a/roles/netapp.admin b/roles/netapp.admin
@@ -64,6 +64,7 @@
     "netapp.storagePools.validateDirectoryService",
     "netapp.volumes.create",
     "netapp.volumes.delete",
+    "netapp.volumes.findValidCRRRegions",
     "netapp.volumes.get",
     "netapp.volumes.list",
     "netapp.volumes.revert",

diff --git a/roles/orgpolicy.policyAdmin b/roles/orgpolicy.policyAdmin
@@ -2,6 +2,10 @@
   "description": "The permission to set Organization Policies on resources.",
   "etag": "AA==",
   "includedPermissions": [
+    "cloudasset.assets.analyzeOrgPolicy",
+    "cloudasset.assets.exportResource",
+    "cloudasset.assets.listResource",
+    "cloudasset.assets.searchAllResources",
     "orgpolicy.constraints.list",
     "orgpolicy.customConstraints.create",
     "orgpolicy.customConstraints.delete",

diff --git a/roles/osconfig.rolloutServiceAgent b/roles/osconfig.rolloutServiceAgent
@@ -0,0 +1,12 @@
+{
+  "description": "Grants OS Config Rollout Service Account access to zonal OS Config resources.",
+  "etag": "AA==",
+  "includedPermissions": [
+    "osconfig.osPolicyAssignments.delete",
+    "osconfig.osPolicyAssignments.get",
+    "osconfig.osPolicyAssignments.update"
+  ],
+  "name": "roles/osconfig.rolloutServiceAgent",
+  "stage": "GA",
+  "title": "Cloud OS Config Rollout Service Agent"
+}
diff --git a/roles/owner b/roles/owner
@@ -7911,6 +7911,7 @@
     "netapp.storagePools.validateDirectoryService",
     "netapp.volumes.create",
     "netapp.volumes.delete",
+    "netapp.volumes.findValidCRRRegions",
     "netapp.volumes.get",
     "netapp.volumes.list",
     "netapp.volumes.revert",
@@ -9888,6 +9889,8 @@
     "telcoautomation.orchestrationClusters.list",
     "telcoautomation.publicBlueprints.get",
     "telcoautomation.publicBlueprints.list",
+    "telemetry.metrics.write",
+    "telemetry.traces.write",
     "timeseriesinsights.datasets.create",
     "timeseriesinsights.datasets.delete",
     "timeseriesinsights.datasets.evaluate",

diff --git a/roles/telemetry.metricsWriter b/roles/telemetry.metricsWriter
@@ -0,0 +1,10 @@
+{
+  "description": "Access to write metrics.",
+  "etag": "AA==",
+  "includedPermissions": [
+    "telemetry.metrics.write"
+  ],
+  "name": "roles/telemetry.metricsWriter",
+  "stage": "BETA",
+  "title": "Cloud Telemetry Metrics Writer"
+}
diff --git a/roles/telemetry.tracesWriter b/roles/telemetry.tracesWriter
@@ -0,0 +1,10 @@
+{
+  "description": "Access to write trace spans.",
+  "etag": "AA==",
+  "includedPermissions": [
+    "telemetry.traces.write"
+  ],
+  "name": "roles/telemetry.tracesWriter",
+  "stage": "BETA",
+  "title": "Cloud Telemetry Traces Writer"
+}
diff --git a/roles/telemetry.writer b/roles/telemetry.writer
@@ -0,0 +1,11 @@
+{
+  "description": "Full access to write all telemetry data.",
+  "etag": "AA==",
+  "includedPermissions": [
+    "telemetry.metrics.write",
+    "telemetry.traces.write"
+  ],
+  "name": "roles/telemetry.writer",
+  "stage": "BETA",
+  "title": "Cloud Telemetry Writer"
+}
diff --git a/roles/viewer b/roles/viewer
@@ -3357,6 +3357,7 @@
     "netapp.snapshots.list",
     "netapp.storagePools.get",
     "netapp.storagePools.list",
+    "netapp.volumes.findValidCRRRegions",
     "netapp.volumes.get",
     "netapp.volumes.list",
     "networkconnectivity.groups.get",