Skip to content

Commit

Permalink
GCP IAM Updates Detected
Browse files Browse the repository at this point in the history
  • Loading branch information
@jdyke
jdyke committed Mar 23, 2024
1 parent 0c920d8 commit a38ae82
Show file tree
Hide file tree
Showing 13 changed files with 109 additions and 50 deletions.
19 changes: 0 additions & 19 deletions roles/apihub.admin
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,25 +2,6 @@
"description": "Full access to Cloud API Hub Registry and Runtime resources.",
"etag": "AA==",
"includedPermissions": [
"apihub.apis.create",
"apihub.apis.delete",
"apihub.apis.get",
"apihub.apis.list",
"apihub.apis.update",
"apihub.operations.cancel",
"apihub.operations.delete",
"apihub.operations.get",
"apihub.operations.list",
"apihub.specs.create",
"apihub.specs.delete",
"apihub.specs.get",
"apihub.specs.list",
"apihub.specs.update",
"apihub.versions.create",
"apihub.versions.delete",
"apihub.versions.get",
"apihub.versions.list",
"apihub.versions.update",
"resourcemanager.projects.get",
"resourcemanager.projects.list"
],
Expand Down
6 changes: 0 additions & 6 deletions roles/apihub.viewer
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,6 @@
"description": "Read-only access to Cloud API Hub Registry resources.",
"etag": "AA==",
"includedPermissions": [
"apihub.apis.get",
"apihub.apis.list",
"apihub.specs.get",
"apihub.specs.list",
"apihub.versions.get",
"apihub.versions.list",
"resourcemanager.projects.get",
"resourcemanager.projects.list"
],
Expand Down
19 changes: 19 additions & 0 deletions roles/edgecontainer.clusterServiceAgent
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,26 @@
"description": "Grants the Edge Container Cluster Service Account access to manage resources.",
"etag": "AA==",
"includedPermissions": [
"gkehub.endpoints.connect",
"gkehub.features.create",
"gkehub.features.get",
"gkehub.features.list",
"gkehub.features.update",
"gkehub.fleet.create",
"gkehub.fleet.delete",
"gkehub.fleet.get",
"gkehub.locations.get",
"gkehub.locations.list",
"gkehub.memberships.create",
"gkehub.memberships.delete",
"gkehub.memberships.generateConnectManifest",
"gkehub.memberships.get",
"gkehub.memberships.list",
"gkehub.memberships.update",
"gkehub.operations.cancel",
"gkehub.operations.delete",
"gkehub.operations.get",
"gkehub.operations.list",
"logging.logEntries.create",
"monitoring.dashboards.create",
"monitoring.dashboards.delete",
Expand Down Expand Up @@ -37,6 +55,7 @@
"serviceusage.operations.list",
"serviceusage.quotas.get",
"serviceusage.services.get",
"serviceusage.services.list",
"stackdriver.resourceMetadata.write",
"storage.buckets.create",
"storage.buckets.get",
Expand Down
24 changes: 24 additions & 0 deletions roles/editor
View file
Original file line number Diff line number Diff line change
Expand Up @@ -718,6 +718,25 @@
"apigeeregistry.versions.getIamPolicy",
"apigeeregistry.versions.list",
"apigeeregistry.versions.update",
"apihub.apis.create",
"apihub.apis.delete",
"apihub.apis.get",
"apihub.apis.list",
"apihub.apis.update",
"apihub.operations.cancel",
"apihub.operations.delete",
"apihub.operations.get",
"apihub.operations.list",
"apihub.specs.create",
"apihub.specs.delete",
"apihub.specs.get",
"apihub.specs.list",
"apihub.specs.update",
"apihub.versions.create",
"apihub.versions.delete",
"apihub.versions.get",
"apihub.versions.list",
"apihub.versions.update",
"apikeys.keys.create",
"apikeys.keys.delete",
"apikeys.keys.get",
Expand Down Expand Up @@ -5078,6 +5097,11 @@
"gdchardwaremanagement.sites.update",
"gdchardwaremanagement.skus.get",
"gdchardwaremanagement.skus.list",
"gdchardwaremanagement.zones.create",
"gdchardwaremanagement.zones.delete",
"gdchardwaremanagement.zones.get",
"gdchardwaremanagement.zones.list",
"gdchardwaremanagement.zones.update",
"genomics.datasets.create",
"genomics.datasets.delete",
"genomics.datasets.get",
Expand Down
5 changes: 0 additions & 5 deletions roles/gdchardwaremanagement.admin
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,11 +33,6 @@
"gdchardwaremanagement.sites.update",
"gdchardwaremanagement.skus.get",
"gdchardwaremanagement.skus.list",
"gdchardwaremanagement.zones.create",
"gdchardwaremanagement.zones.delete",
"gdchardwaremanagement.zones.get",
"gdchardwaremanagement.zones.list",
"gdchardwaremanagement.zones.update",
"resourcemanager.projects.get",
"resourcemanager.projects.list"
],
Expand Down
2 changes: 0 additions & 2 deletions roles/gdchardwaremanagement.reader
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,6 @@
"gdchardwaremanagement.sites.list",
"gdchardwaremanagement.skus.get",
"gdchardwaremanagement.skus.list",
"gdchardwaremanagement.zones.get",
"gdchardwaremanagement.zones.list",
"resourcemanager.projects.get",
"resourcemanager.projects.list"
],
Expand Down
5 changes: 5 additions & 0 deletions roles/iam.securityAdmin
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,6 +165,10 @@
"apigeeregistry.versions.getIamPolicy",
"apigeeregistry.versions.list",
"apigeeregistry.versions.setIamPolicy",
"apihub.apis.list",
"apihub.operations.list",
"apihub.specs.list",
"apihub.versions.list",
"apikeys.keys.list",
"appengine.instances.list",
"appengine.memcache.list",
Expand Down Expand Up @@ -1197,6 +1201,7 @@
"gdchardwaremanagement.orders.list",
"gdchardwaremanagement.sites.list",
"gdchardwaremanagement.skus.list",
"gdchardwaremanagement.zones.list",
"genomics.datasets.getIamPolicy",
"genomics.datasets.list",
"genomics.datasets.setIamPolicy",
Expand Down
5 changes: 5 additions & 0 deletions roles/iam.securityReviewer
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,10 @@
"apigeeregistry.specs.list",
"apigeeregistry.versions.getIamPolicy",
"apigeeregistry.versions.list",
"apihub.apis.list",
"apihub.operations.list",
"apihub.specs.list",
"apihub.versions.list",
"apikeys.keys.list",
"appengine.instances.list",
"appengine.memcache.list",
Expand Down Expand Up @@ -1043,6 +1047,7 @@
"gdchardwaremanagement.orders.list",
"gdchardwaremanagement.sites.list",
"gdchardwaremanagement.skus.list",
"gdchardwaremanagement.zones.list",
"genomics.datasets.getIamPolicy",
"genomics.datasets.list",
"genomics.operations.list",
Expand Down
25 changes: 25 additions & 0 deletions roles/owner
View file
Original file line number Diff line number Diff line change
Expand Up @@ -747,6 +747,25 @@
"apigeeregistry.versions.list",
"apigeeregistry.versions.setIamPolicy",
"apigeeregistry.versions.update",
"apihub.apis.create",
"apihub.apis.delete",
"apihub.apis.get",
"apihub.apis.list",
"apihub.apis.update",
"apihub.operations.cancel",
"apihub.operations.delete",
"apihub.operations.get",
"apihub.operations.list",
"apihub.specs.create",
"apihub.specs.delete",
"apihub.specs.get",
"apihub.specs.list",
"apihub.specs.update",
"apihub.versions.create",
"apihub.versions.delete",
"apihub.versions.get",
"apihub.versions.list",
"apihub.versions.update",
"apikeys.keys.create",
"apikeys.keys.delete",
"apikeys.keys.get",
Expand Down Expand Up @@ -6006,6 +6025,11 @@
"gdchardwaremanagement.sites.update",
"gdchardwaremanagement.skus.get",
"gdchardwaremanagement.skus.list",
"gdchardwaremanagement.zones.create",
"gdchardwaremanagement.zones.delete",
"gdchardwaremanagement.zones.get",
"gdchardwaremanagement.zones.list",
"gdchardwaremanagement.zones.update",
"genomics.datasets.create",
"genomics.datasets.delete",
"genomics.datasets.get",
Expand Down Expand Up @@ -7573,6 +7597,7 @@
"privilegedaccessmanager.grants.get",
"privilegedaccessmanager.grants.list",
"privilegedaccessmanager.grants.revoke",
"privilegedaccessmanager.locations.checkOnboardingStatus",
"privilegedaccessmanager.locations.get",
"privilegedaccessmanager.locations.list",
"privilegedaccessmanager.operations.delete",
Expand Down
14 changes: 14 additions & 0 deletions roles/privilegedaccessmanager.approver
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
{
"description": "Access to Approve/Deny Privileged Access Manager Grants.",
"etag": "AA==",
"includedPermissions": [
"privilegedaccessmanager.entitlements.get",
"privilegedaccessmanager.grants.approve",
"privilegedaccessmanager.grants.deny",
"privilegedaccessmanager.grants.get",
"privilegedaccessmanager.grants.list"
],
"name": "roles/privilegedaccessmanager.approver",
"stage": "BETA",
"title": "Privileged Access Manager Approver"
}
7 changes: 7 additions & 0 deletions roles/privilegedaccessmanager.requester
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
{
"description": "Access to request Privileged Access Manager Grants.",
"etag": "AA==",
"name": "roles/privilegedaccessmanager.requester",
"stage": "BETA",
"title": "Privileged Access Manager Requester"
}
18 changes: 0 additions & 18 deletions roles/privilegedaccessmanager.serviceAgent
View file

This file was deleted.

10 changes: 10 additions & 0 deletions roles/viewer
View file
Original file line number Diff line number Diff line change
Expand Up @@ -330,6 +330,14 @@
"apigeeregistry.versions.get",
"apigeeregistry.versions.getIamPolicy",
"apigeeregistry.versions.list",
"apihub.apis.get",
"apihub.apis.list",
"apihub.operations.get",
"apihub.operations.list",
"apihub.specs.get",
"apihub.specs.list",
"apihub.versions.get",
"apihub.versions.list",
"apikeys.keys.get",
"apikeys.keys.getKeyString",
"apikeys.keys.list",
Expand Down Expand Up @@ -2487,6 +2495,8 @@
"gdchardwaremanagement.sites.list",
"gdchardwaremanagement.skus.get",
"gdchardwaremanagement.skus.list",
"gdchardwaremanagement.zones.get",
"gdchardwaremanagement.zones.list",
"genomics.datasets.get",
"genomics.datasets.list",
"genomics.operations.get",
Expand Down

0 comments on commit a38ae82

Please sign in to comment.