GCP IAM Updates Detected

jdyke · Feb 16, 2024 · bc096e5 · bc096e5
1 parent 3d654e1
commit bc096e5
Show file tree

Hide file tree

Showing 7 changed files with 130 additions and 16 deletions.
diff --git a/roles/aiplatform.notebookExecutorUser b/roles/aiplatform.notebookExecutorUser
diff --git a/roles/auditmanager.serviceAgent b/roles/auditmanager.serviceAgent
@@ -576,7 +576,9 @@
     "compute.subnetworks.list",
     "compute.targetHttpProxies.list",
     "compute.targetSslProxies.list",
+    "compute.vpnGateways.list",
     "compute.zones.list",
+    "logging.buckets.list",
     "orgpolicy.policy.get",
     "recommender.cloudAssetInsights.get",
     "recommender.cloudAssetInsights.list",
@@ -590,6 +592,8 @@
     "resourcemanager.projects.get",
     "resourcemanager.projects.getIamPolicy",
     "resourcemanager.projects.list",
+    "serviceusage.services.get",
+    "storage.buckets.getIamPolicy",
     "storage.buckets.list"
   ],
   "name": "roles/auditmanager.serviceAgent",

diff --git a/roles/bigquery.admin b/roles/bigquery.admin
@@ -110,6 +110,64 @@
     "bigquery.transfers.get",
     "bigquery.transfers.update",
     "bigquerymigration.translation.translate",
+    "dataform.compilationResults.create",
+    "dataform.compilationResults.get",
+    "dataform.compilationResults.list",
+    "dataform.compilationResults.query",
+    "dataform.locations.get",
+    "dataform.locations.list",
+    "dataform.releaseConfigs.create",
+    "dataform.releaseConfigs.delete",
+    "dataform.releaseConfigs.get",
+    "dataform.releaseConfigs.list",
+    "dataform.releaseConfigs.update",
+    "dataform.repositories.commit",
+    "dataform.repositories.computeAccessTokenStatus",
+    "dataform.repositories.create",
+    "dataform.repositories.delete",
+    "dataform.repositories.fetchHistory",
+    "dataform.repositories.fetchRemoteBranches",
+    "dataform.repositories.get",
+    "dataform.repositories.getIamPolicy",
+    "dataform.repositories.list",
+    "dataform.repositories.queryDirectoryContents",
+    "dataform.repositories.readFile",
+    "dataform.repositories.setIamPolicy",
+    "dataform.repositories.update",
+    "dataform.workflowConfigs.create",
+    "dataform.workflowConfigs.delete",
+    "dataform.workflowConfigs.get",
+    "dataform.workflowConfigs.list",
+    "dataform.workflowConfigs.update",
+    "dataform.workflowInvocations.cancel",
+    "dataform.workflowInvocations.create",
+    "dataform.workflowInvocations.delete",
+    "dataform.workflowInvocations.get",
+    "dataform.workflowInvocations.list",
+    "dataform.workflowInvocations.query",
+    "dataform.workspaces.commit",
+    "dataform.workspaces.create",
+    "dataform.workspaces.delete",
+    "dataform.workspaces.fetchFileDiff",
+    "dataform.workspaces.fetchFileGitStatuses",
+    "dataform.workspaces.fetchGitAheadBehind",
+    "dataform.workspaces.get",
+    "dataform.workspaces.getIamPolicy",
+    "dataform.workspaces.installNpmPackages",
+    "dataform.workspaces.list",
+    "dataform.workspaces.makeDirectory",
+    "dataform.workspaces.moveDirectory",
+    "dataform.workspaces.moveFile",
+    "dataform.workspaces.pull",
+    "dataform.workspaces.push",
+    "dataform.workspaces.queryDirectoryContents",
+    "dataform.workspaces.readFile",
+    "dataform.workspaces.removeDirectory",
+    "dataform.workspaces.removeFile",
+    "dataform.workspaces.reset",
+    "dataform.workspaces.searchFiles",
+    "dataform.workspaces.setIamPolicy",
+    "dataform.workspaces.writeFile",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list"
   ],

diff --git a/roles/bigquery.studioAdmin b/roles/bigquery.studioAdmin
@@ -125,6 +125,8 @@
     "bigquery.transfers.get",
     "bigquery.transfers.update",
     "bigquerymigration.translation.translate",
+    "compute.reservations.get",
+    "compute.reservations.list",
     "dataform.compilationResults.create",
     "dataform.compilationResults.get",
     "dataform.compilationResults.list",

diff --git a/roles/datafusion.serviceAgent b/roles/datafusion.serviceAgent
@@ -296,6 +296,10 @@
     "compute.vpnTunnels.list",
     "compute.zones.get",
     "compute.zones.list",
+    "dataform.locations.get",
+    "dataform.locations.list",
+    "dataform.repositories.create",
+    "dataform.repositories.list",
     "dataproc.autoscalingPolicies.create",
     "dataproc.autoscalingPolicies.delete",
     "dataproc.autoscalingPolicies.get",

diff --git a/roles/dataplex.serviceAgent b/roles/dataplex.serviceAgent
@@ -119,6 +119,64 @@
     "datacatalog.taxonomies.get",
     "datacatalog.taxonomies.list",
     "datacatalog.taxonomies.update",
+    "dataform.compilationResults.create",
+    "dataform.compilationResults.get",
+    "dataform.compilationResults.list",
+    "dataform.compilationResults.query",
+    "dataform.locations.get",
+    "dataform.locations.list",
+    "dataform.releaseConfigs.create",
+    "dataform.releaseConfigs.delete",
+    "dataform.releaseConfigs.get",
+    "dataform.releaseConfigs.list",
+    "dataform.releaseConfigs.update",
+    "dataform.repositories.commit",
+    "dataform.repositories.computeAccessTokenStatus",
+    "dataform.repositories.create",
+    "dataform.repositories.delete",
+    "dataform.repositories.fetchHistory",
+    "dataform.repositories.fetchRemoteBranches",
+    "dataform.repositories.get",
+    "dataform.repositories.getIamPolicy",
+    "dataform.repositories.list",
+    "dataform.repositories.queryDirectoryContents",
+    "dataform.repositories.readFile",
+    "dataform.repositories.setIamPolicy",
+    "dataform.repositories.update",
+    "dataform.workflowConfigs.create",
+    "dataform.workflowConfigs.delete",
+    "dataform.workflowConfigs.get",
+    "dataform.workflowConfigs.list",
+    "dataform.workflowConfigs.update",
+    "dataform.workflowInvocations.cancel",
+    "dataform.workflowInvocations.create",
+    "dataform.workflowInvocations.delete",
+    "dataform.workflowInvocations.get",
+    "dataform.workflowInvocations.list",
+    "dataform.workflowInvocations.query",
+    "dataform.workspaces.commit",
+    "dataform.workspaces.create",
+    "dataform.workspaces.delete",
+    "dataform.workspaces.fetchFileDiff",
+    "dataform.workspaces.fetchFileGitStatuses",
+    "dataform.workspaces.fetchGitAheadBehind",
+    "dataform.workspaces.get",
+    "dataform.workspaces.getIamPolicy",
+    "dataform.workspaces.installNpmPackages",
+    "dataform.workspaces.list",
+    "dataform.workspaces.makeDirectory",
+    "dataform.workspaces.moveDirectory",
+    "dataform.workspaces.moveFile",
+    "dataform.workspaces.pull",
+    "dataform.workspaces.push",
+    "dataform.workspaces.queryDirectoryContents",
+    "dataform.workspaces.readFile",
+    "dataform.workspaces.removeDirectory",
+    "dataform.workspaces.removeFile",
+    "dataform.workspaces.reset",
+    "dataform.workspaces.searchFiles",
+    "dataform.workspaces.setIamPolicy",
+    "dataform.workspaces.writeFile",
     "dataplex.assets.getIamPolicy",
     "dataplex.environments.execute",
     "dataplex.environments.get",

diff --git a/roles/dlp.serviceAgent b/roles/dlp.serviceAgent
@@ -85,6 +85,10 @@
     "datacatalog.tagTemplates.setIamPolicy",
     "datacatalog.tagTemplates.update",
     "datacatalog.tagTemplates.use",
+    "dataform.locations.get",
+    "dataform.locations.list",
+    "dataform.repositories.create",
+    "dataform.repositories.list",
     "datastore.databases.get",
     "datastore.databases.getMetadata",
     "datastore.databases.list",