From 43053fae7c10d6196f132e718128fd3e79b13327 Mon Sep 17 00:00:00 2001 From: jdyke Date: Sat, 13 Jul 2024 12:40:36 +0000 Subject: [PATCH] GCP IAM Updates Detected --- roles/batch.admin | 21 +++++++++++++++++++++ roles/batch.resourceAllowancesEditor | 20 ++++++++++++++++++++ roles/batch.resourceAllowancesViewer | 17 +++++++++++++++++ roles/clouddeploy.admin | 6 ++++++ roles/clouddeploy.developer | 2 ++ roles/clouddeploy.operator | 2 ++ roles/clouddeploy.policyAdmin | 23 +++++++++++++++++++++++ roles/clouddeploy.policyOverrider | 20 ++++++++++++++++++++ roles/clouddeploy.viewer | 2 ++ roles/discoveryengine.admin | 1 + roles/discoveryengine.editor | 1 + roles/discoveryengine.viewer | 1 + roles/editor | 12 ++++++++++++ roles/iam.securityAdmin | 2 ++ roles/iam.securityReviewer | 2 ++ roles/owner | 12 ++++++++++++ roles/viewer | 5 +++++ 17 files changed, 149 insertions(+) create mode 100644 roles/batch.admin create mode 100644 roles/batch.resourceAllowancesEditor create mode 100644 roles/batch.resourceAllowancesViewer create mode 100644 roles/clouddeploy.policyAdmin create mode 100644 roles/clouddeploy.policyOverrider diff --git a/roles/batch.admin b/roles/batch.admin new file mode 100644 index 00000000..c4a2ad6c --- /dev/null +++ b/roles/batch.admin @@ -0,0 +1,21 @@ +{ + "description": "Administrator of Batch resources", + "etag": "AA==", + "includedPermissions": [ + "batch.jobs.create", + "batch.jobs.delete", + "batch.jobs.get", + "batch.jobs.list", + "batch.locations.get", + "batch.locations.list", + "batch.operations.get", + "batch.operations.list", + "batch.tasks.get", + "batch.tasks.list", + "resourcemanager.projects.get", + "resourcemanager.projects.list" + ], + "name": "roles/batch.admin", + "stage": "ALPHA", + "title": "Batch Administrator" +} diff --git a/roles/batch.resourceAllowancesEditor b/roles/batch.resourceAllowancesEditor new file mode 100644 index 00000000..a1f53903 --- /dev/null +++ b/roles/batch.resourceAllowancesEditor @@ -0,0 +1,20 @@ +{ + "description": "Editor of Batch ResourceAllowances", + "etag": "AA==", + "includedPermissions": [ + "batch.locations.get", + "batch.locations.list", + "batch.operations.get", + "batch.operations.list", + "batch.resourceAllowances.create", + "batch.resourceAllowances.delete", + "batch.resourceAllowances.get", + "batch.resourceAllowances.list", + "batch.resourceAllowances.update", + "resourcemanager.projects.get", + "resourcemanager.projects.list" + ], + "name": "roles/batch.resourceAllowancesEditor", + "stage": "ALPHA", + "title": "Batch ResourceAllowance Editor" +} diff --git a/roles/batch.resourceAllowancesViewer b/roles/batch.resourceAllowancesViewer new file mode 100644 index 00000000..ab6fb5ba --- /dev/null +++ b/roles/batch.resourceAllowancesViewer @@ -0,0 +1,17 @@ +{ + "description": "Viewer of Batch ResourceAllowances", + "etag": "AA==", + "includedPermissions": [ + "batch.locations.get", + "batch.locations.list", + "batch.operations.get", + "batch.operations.list", + "batch.resourceAllowances.get", + "batch.resourceAllowances.list", + "resourcemanager.projects.get", + "resourcemanager.projects.list" + ], + "name": "roles/batch.resourceAllowancesViewer", + "stage": "ALPHA", + "title": "Batch ResourceAllowance Viewer" +} diff --git a/roles/clouddeploy.admin b/roles/clouddeploy.admin index 3c0d0d84..c05b6f7d 100644 --- a/roles/clouddeploy.admin +++ b/roles/clouddeploy.admin @@ -29,6 +29,12 @@ "clouddeploy.deliveryPipelines.listTagBindings", "clouddeploy.deliveryPipelines.setIamPolicy", "clouddeploy.deliveryPipelines.update", + "clouddeploy.deployPolicies.create", + "clouddeploy.deployPolicies.delete", + "clouddeploy.deployPolicies.get", + "clouddeploy.deployPolicies.list", + "clouddeploy.deployPolicies.override", + "clouddeploy.deployPolicies.update", "clouddeploy.jobRuns.get", "clouddeploy.jobRuns.list", "clouddeploy.jobRuns.terminate", diff --git a/roles/clouddeploy.developer b/roles/clouddeploy.developer index 3dc73169..c5a0e037 100644 --- a/roles/clouddeploy.developer +++ b/roles/clouddeploy.developer @@ -17,6 +17,8 @@ "clouddeploy.deliveryPipelines.listEffectiveTags", "clouddeploy.deliveryPipelines.listTagBindings", "clouddeploy.deliveryPipelines.update", + "clouddeploy.deployPolicies.get", + "clouddeploy.deployPolicies.list", "clouddeploy.jobRuns.get", "clouddeploy.jobRuns.list", "clouddeploy.locations.get", diff --git a/roles/clouddeploy.operator b/roles/clouddeploy.operator index 6b1178e0..98eb0825 100644 --- a/roles/clouddeploy.operator +++ b/roles/clouddeploy.operator @@ -24,6 +24,8 @@ "clouddeploy.deliveryPipelines.listEffectiveTags", "clouddeploy.deliveryPipelines.listTagBindings", "clouddeploy.deliveryPipelines.update", + "clouddeploy.deployPolicies.get", + "clouddeploy.deployPolicies.list", "clouddeploy.jobRuns.get", "clouddeploy.jobRuns.list", "clouddeploy.jobRuns.terminate", diff --git a/roles/clouddeploy.policyAdmin b/roles/clouddeploy.policyAdmin new file mode 100644 index 00000000..4993a999 --- /dev/null +++ b/roles/clouddeploy.policyAdmin @@ -0,0 +1,23 @@ +{ + "description": "Permission to manage Deploy Policies.", + "etag": "AA==", + "includedPermissions": [ + "clouddeploy.deployPolicies.create", + "clouddeploy.deployPolicies.delete", + "clouddeploy.deployPolicies.get", + "clouddeploy.deployPolicies.list", + "clouddeploy.deployPolicies.override", + "clouddeploy.deployPolicies.update", + "clouddeploy.locations.get", + "clouddeploy.locations.list", + "clouddeploy.operations.cancel", + "clouddeploy.operations.delete", + "clouddeploy.operations.get", + "clouddeploy.operations.list", + "resourcemanager.projects.get", + "resourcemanager.projects.list" + ], + "name": "roles/clouddeploy.policyAdmin", + "stage": "ALPHA", + "title": "Cloud Deploy Policy Admin" +} diff --git a/roles/clouddeploy.policyOverrider b/roles/clouddeploy.policyOverrider new file mode 100644 index 00000000..40fc467a --- /dev/null +++ b/roles/clouddeploy.policyOverrider @@ -0,0 +1,20 @@ +{ + "description": "Permission to override Deploy Policies.", + "etag": "AA==", + "includedPermissions": [ + "clouddeploy.deployPolicies.get", + "clouddeploy.deployPolicies.list", + "clouddeploy.deployPolicies.override", + "clouddeploy.locations.get", + "clouddeploy.locations.list", + "clouddeploy.operations.cancel", + "clouddeploy.operations.delete", + "clouddeploy.operations.get", + "clouddeploy.operations.list", + "resourcemanager.projects.get", + "resourcemanager.projects.list" + ], + "name": "roles/clouddeploy.policyOverrider", + "stage": "ALPHA", + "title": "Cloud Deploy Policy Overrider" +} diff --git a/roles/clouddeploy.viewer b/roles/clouddeploy.viewer index dee15ba5..98e1bbc7 100644 --- a/roles/clouddeploy.viewer +++ b/roles/clouddeploy.viewer @@ -15,6 +15,8 @@ "clouddeploy.deliveryPipelines.list", "clouddeploy.deliveryPipelines.listEffectiveTags", "clouddeploy.deliveryPipelines.listTagBindings", + "clouddeploy.deployPolicies.get", + "clouddeploy.deployPolicies.list", "clouddeploy.jobRuns.get", "clouddeploy.jobRuns.list", "clouddeploy.locations.get", diff --git a/roles/discoveryengine.admin b/roles/discoveryengine.admin index db04a9e3..50bc16e3 100644 --- a/roles/discoveryengine.admin +++ b/roles/discoveryengine.admin @@ -55,6 +55,7 @@ "discoveryengine.evaluations.create", "discoveryengine.evaluations.get", "discoveryengine.evaluations.list", + "discoveryengine.groundingConfigs.check", "discoveryengine.locations.estimateDataSize", "discoveryengine.models.create", "discoveryengine.models.delete", diff --git a/roles/discoveryengine.editor b/roles/discoveryengine.editor index ba3c1d27..c40a7d0f 100644 --- a/roles/discoveryengine.editor +++ b/roles/discoveryengine.editor @@ -38,6 +38,7 @@ "discoveryengine.engines.tune", "discoveryengine.evaluations.get", "discoveryengine.evaluations.list", + "discoveryengine.groundingConfigs.check", "discoveryengine.models.create", "discoveryengine.models.delete", "discoveryengine.models.get", diff --git a/roles/discoveryengine.viewer b/roles/discoveryengine.viewer index b0ea5ee9..d0ce374c 100644 --- a/roles/discoveryengine.viewer +++ b/roles/discoveryengine.viewer @@ -28,6 +28,7 @@ "discoveryengine.engines.list", "discoveryengine.evaluations.get", "discoveryengine.evaluations.list", + "discoveryengine.groundingConfigs.check", "discoveryengine.models.get", "discoveryengine.models.list", "discoveryengine.operations.get", diff --git a/roles/editor b/roles/editor index d28cb901..9c9e5667 100644 --- a/roles/editor +++ b/roles/editor @@ -1236,6 +1236,11 @@ "batch.locations.list", "batch.operations.get", "batch.operations.list", + "batch.resourceAllowances.create", + "batch.resourceAllowances.delete", + "batch.resourceAllowances.get", + "batch.resourceAllowances.list", + "batch.resourceAllowances.update", "batch.states.report", "batch.tasks.get", "batch.tasks.list", @@ -1967,6 +1972,12 @@ "clouddeploy.deliveryPipelines.listEffectiveTags", "clouddeploy.deliveryPipelines.listTagBindings", "clouddeploy.deliveryPipelines.update", + "clouddeploy.deployPolicies.create", + "clouddeploy.deployPolicies.delete", + "clouddeploy.deployPolicies.get", + "clouddeploy.deployPolicies.list", + "clouddeploy.deployPolicies.override", + "clouddeploy.deployPolicies.update", "clouddeploy.jobRuns.get", "clouddeploy.jobRuns.list", "clouddeploy.jobRuns.terminate", @@ -4736,6 +4747,7 @@ "discoveryengine.evaluations.create", "discoveryengine.evaluations.get", "discoveryengine.evaluations.list", + "discoveryengine.groundingConfigs.check", "discoveryengine.locations.estimateDataSize", "discoveryengine.models.create", "discoveryengine.models.delete", diff --git a/roles/iam.securityAdmin b/roles/iam.securityAdmin index d61a1c8a..e60d9999 100644 --- a/roles/iam.securityAdmin +++ b/roles/iam.securityAdmin @@ -296,6 +296,7 @@ "batch.jobs.list", "batch.locations.list", "batch.operations.list", + "batch.resourceAllowances.list", "batch.tasks.list", "beyondcorp.appConnections.getIamPolicy", "beyondcorp.appConnections.list", @@ -474,6 +475,7 @@ "clouddeploy.deliveryPipelines.getIamPolicy", "clouddeploy.deliveryPipelines.list", "clouddeploy.deliveryPipelines.setIamPolicy", + "clouddeploy.deployPolicies.list", "clouddeploy.jobRuns.list", "clouddeploy.locations.list", "clouddeploy.operations.list", diff --git a/roles/iam.securityReviewer b/roles/iam.securityReviewer index f3e5d100..151ec5b5 100644 --- a/roles/iam.securityReviewer +++ b/roles/iam.securityReviewer @@ -272,6 +272,7 @@ "batch.jobs.list", "batch.locations.list", "batch.operations.list", + "batch.resourceAllowances.list", "batch.tasks.list", "beyondcorp.appConnections.getIamPolicy", "beyondcorp.appConnections.list", @@ -424,6 +425,7 @@ "clouddeploy.customTargetTypes.list", "clouddeploy.deliveryPipelines.getIamPolicy", "clouddeploy.deliveryPipelines.list", + "clouddeploy.deployPolicies.list", "clouddeploy.jobRuns.list", "clouddeploy.locations.list", "clouddeploy.operations.list", diff --git a/roles/owner b/roles/owner index 967d5d40..bc433f52 100644 --- a/roles/owner +++ b/roles/owner @@ -1288,6 +1288,11 @@ "batch.locations.list", "batch.operations.get", "batch.operations.list", + "batch.resourceAllowances.create", + "batch.resourceAllowances.delete", + "batch.resourceAllowances.get", + "batch.resourceAllowances.list", + "batch.resourceAllowances.update", "batch.states.report", "batch.tasks.get", "batch.tasks.list", @@ -2598,6 +2603,12 @@ "clouddeploy.deliveryPipelines.listTagBindings", "clouddeploy.deliveryPipelines.setIamPolicy", "clouddeploy.deliveryPipelines.update", + "clouddeploy.deployPolicies.create", + "clouddeploy.deployPolicies.delete", + "clouddeploy.deployPolicies.get", + "clouddeploy.deployPolicies.list", + "clouddeploy.deployPolicies.override", + "clouddeploy.deployPolicies.update", "clouddeploy.jobRuns.get", "clouddeploy.jobRuns.list", "clouddeploy.jobRuns.terminate", @@ -5628,6 +5639,7 @@ "discoveryengine.evaluations.create", "discoveryengine.evaluations.get", "discoveryengine.evaluations.list", + "discoveryengine.groundingConfigs.check", "discoveryengine.locations.estimateDataSize", "discoveryengine.models.create", "discoveryengine.models.delete", diff --git a/roles/viewer b/roles/viewer index d63ebbf9..1d2fdcff 100644 --- a/roles/viewer +++ b/roles/viewer @@ -590,6 +590,8 @@ "batch.locations.list", "batch.operations.get", "batch.operations.list", + "batch.resourceAllowances.get", + "batch.resourceAllowances.list", "batch.tasks.get", "batch.tasks.list", "beyondcorp.appConnections.get", @@ -1057,6 +1059,8 @@ "clouddeploy.deliveryPipelines.list", "clouddeploy.deliveryPipelines.listEffectiveTags", "clouddeploy.deliveryPipelines.listTagBindings", + "clouddeploy.deployPolicies.get", + "clouddeploy.deployPolicies.list", "clouddeploy.jobRuns.get", "clouddeploy.jobRuns.list", "clouddeploy.locations.get", @@ -2320,6 +2324,7 @@ "discoveryengine.engines.list", "discoveryengine.evaluations.get", "discoveryengine.evaluations.list", + "discoveryengine.groundingConfigs.check", "discoveryengine.locations.estimateDataSize", "discoveryengine.models.get", "discoveryengine.models.list",