GCP IAM Updates Detected

jdyke · Feb 18, 2024 · c5f0f10 · c5f0f10
1 parent bc096e5
commit c5f0f10
Show file tree

Hide file tree

Showing 34 changed files with 210 additions and 0 deletions.
diff --git a/roles/aiplatform.notebookExecutorUser b/roles/aiplatform.notebookExecutorUser
@@ -0,0 +1,16 @@
+{
+  "description": "Grants users full access to schedules and notebook execution jobs.",
+  "etag": "AA==",
+  "includedPermissions": [
+    "aiplatform.operations.list",
+    "aiplatform.pipelineJobs.create",
+    "aiplatform.schedules.create",
+    "aiplatform.schedules.delete",
+    "aiplatform.schedules.get",
+    "aiplatform.schedules.list",
+    "aiplatform.schedules.update"
+  ],
+  "name": "roles/aiplatform.notebookExecutorUser",
+  "stage": "BETA",
+  "title": "Notebook Executor User"
+}
diff --git a/roles/cloudsql.admin b/roles/cloudsql.admin
@@ -42,6 +42,7 @@
     "cloudsql.instances.stopReplica",
     "cloudsql.instances.truncateLog",
     "cloudsql.instances.update",
+    "cloudsql.schemas.view",
     "cloudsql.sslCerts.create",
     "cloudsql.sslCerts.delete",
     "cloudsql.sslCerts.get",

diff --git a/roles/cloudsql.editor b/roles/cloudsql.editor
@@ -27,6 +27,7 @@
     "cloudsql.instances.rotateServerCa",
     "cloudsql.instances.truncateLog",
     "cloudsql.instances.update",
+    "cloudsql.schemas.view",
     "cloudsql.sslCerts.get",
     "cloudsql.sslCerts.list",
     "cloudsql.users.get",

diff --git a/roles/cloudtpu.serviceAgent b/roles/cloudtpu.serviceAgent
@@ -554,6 +554,8 @@
     "compute.sslPolicies.listTagBindings",
     "compute.sslPolicies.update",
     "compute.sslPolicies.use",
+    "compute.storagePools.get",
+    "compute.storagePools.list",
     "compute.subnetworks.create",
     "compute.subnetworks.createTagBinding",
     "compute.subnetworks.delete",

diff --git a/roles/composer.environmentAndStorageObjectAdmin b/roles/composer.environmentAndStorageObjectAdmin
@@ -46,6 +46,7 @@
     "storage.objects.getIamPolicy",
     "storage.objects.list",
     "storage.objects.overrideUnlockedRetention",
+    "storage.objects.restore",
     "storage.objects.setIamPolicy",
     "storage.objects.setRetention",
     "storage.objects.update"

diff --git a/roles/composer.serviceAgent b/roles/composer.serviceAgent
@@ -71,6 +71,7 @@
     "cloudsql.instances.stopReplica",
     "cloudsql.instances.truncateLog",
     "cloudsql.instances.update",
+    "cloudsql.schemas.view",
     "cloudsql.sslCerts.create",
     "cloudsql.sslCerts.delete",
     "cloudsql.sslCerts.get",
@@ -631,6 +632,8 @@
     "compute.sslPolicies.listTagBindings",
     "compute.sslPolicies.update",
     "compute.sslPolicies.use",
+    "compute.storagePools.get",
+    "compute.storagePools.list",
     "compute.subnetworks.create",
     "compute.subnetworks.createTagBinding",
     "compute.subnetworks.delete",
@@ -1644,6 +1647,9 @@
     "serviceusage.services.list",
     "stackdriver.projects.get",
     "stackdriver.resourceMetadata.list",
+    "storage.bucketOperations.cancel",
+    "storage.bucketOperations.get",
+    "storage.bucketOperations.list",
     "storage.buckets.create",
     "storage.buckets.createTagBinding",
     "storage.buckets.delete",
@@ -1655,6 +1661,7 @@
     "storage.buckets.list",
     "storage.buckets.listEffectiveTags",
     "storage.buckets.listTagBindings",
+    "storage.buckets.restore",
     "storage.buckets.setIamPolicy",
     "storage.buckets.update",
     "storage.managedFolders.create",
@@ -1673,6 +1680,7 @@
     "storage.objects.getIamPolicy",
     "storage.objects.list",
     "storage.objects.overrideUnlockedRetention",
+    "storage.objects.restore",
     "storage.objects.setIamPolicy",
     "storage.objects.setRetention",
     "storage.objects.update",

diff --git a/roles/compute.admin b/roles/compute.admin
@@ -685,6 +685,12 @@
     "compute.sslPolicies.listTagBindings",
     "compute.sslPolicies.update",
     "compute.sslPolicies.use",
+    "compute.storagePools.create",
+    "compute.storagePools.delete",
+    "compute.storagePools.get",
+    "compute.storagePools.getIamPolicy",
+    "compute.storagePools.list",
+    "compute.storagePools.update",
     "compute.subnetworks.create",
     "compute.subnetworks.createTagBinding",
     "compute.subnetworks.delete",

diff --git a/roles/compute.instanceAdmin b/roles/compute.instanceAdmin
@@ -178,6 +178,8 @@
     "compute.reservations.get",
     "compute.reservations.list",
     "compute.resourcePolicies.useReadOnly",
+    "compute.storagePools.get",
+    "compute.storagePools.list",
     "compute.subnetworks.get",
     "compute.subnetworks.list",
     "compute.subnetworks.listEffectiveTags",

diff --git a/roles/compute.storageAdmin b/roles/compute.storageAdmin
@@ -90,6 +90,12 @@
     "compute.snapshots.setIamPolicy",
     "compute.snapshots.setLabels",
     "compute.snapshots.useReadOnly",
+    "compute.storagePools.create",
+    "compute.storagePools.delete",
+    "compute.storagePools.get",
+    "compute.storagePools.getIamPolicy",
+    "compute.storagePools.list",
+    "compute.storagePools.update",
     "compute.zoneOperations.get",
     "compute.zoneOperations.list",
     "compute.zones.get",

diff --git a/roles/container.serviceAgent b/roles/container.serviceAgent
@@ -639,6 +639,12 @@
     "compute.sslPolicies.listTagBindings",
     "compute.sslPolicies.update",
     "compute.sslPolicies.use",
+    "compute.storagePools.create",
+    "compute.storagePools.delete",
+    "compute.storagePools.get",
+    "compute.storagePools.getIamPolicy",
+    "compute.storagePools.list",
+    "compute.storagePools.update",
     "compute.subnetworks.create",
     "compute.subnetworks.createTagBinding",
     "compute.subnetworks.delete",

diff --git a/roles/dataplex.serviceAgent b/roles/dataplex.serviceAgent
@@ -212,6 +212,9 @@
     "resourcemanager.projects.list",
     "servicemanagement.services.report",
     "serviceusage.services.use",
+    "storage.bucketOperations.cancel",
+    "storage.bucketOperations.get",
+    "storage.bucketOperations.list",
     "storage.buckets.create",
     "storage.buckets.createTagBinding",
     "storage.buckets.delete",
@@ -223,6 +226,7 @@
     "storage.buckets.list",
     "storage.buckets.listEffectiveTags",
     "storage.buckets.listTagBindings",
+    "storage.buckets.restore",
     "storage.buckets.setIamPolicy",
     "storage.buckets.update",
     "storage.managedFolders.create",
@@ -241,6 +245,7 @@
     "storage.objects.getIamPolicy",
     "storage.objects.list",
     "storage.objects.overrideUnlockedRetention",
+    "storage.objects.restore",
     "storage.objects.setIamPolicy",
     "storage.objects.setRetention",
     "storage.objects.update"

diff --git a/roles/dataproc.serviceAgent b/roles/dataproc.serviceAgent
@@ -184,6 +184,8 @@
     "compute.reservations.get",
     "compute.reservations.list",
     "compute.resourcePolicies.useReadOnly",
+    "compute.storagePools.get",
+    "compute.storagePools.list",
     "compute.subnetworks.get",
     "compute.subnetworks.list",
     "compute.subnetworks.listEffectiveTags",
@@ -281,6 +283,9 @@
     "serviceusage.services.get",
     "serviceusage.services.list",
     "serviceusage.services.use",
+    "storage.bucketOperations.cancel",
+    "storage.bucketOperations.get",
+    "storage.bucketOperations.list",
     "storage.buckets.create",
     "storage.buckets.createTagBinding",
     "storage.buckets.delete",
@@ -292,6 +297,7 @@
     "storage.buckets.list",
     "storage.buckets.listEffectiveTags",
     "storage.buckets.listTagBindings",
+    "storage.buckets.restore",
     "storage.buckets.setIamPolicy",
     "storage.buckets.update",
     "storage.managedFolders.create",
@@ -310,6 +316,7 @@
     "storage.objects.getIamPolicy",
     "storage.objects.list",
     "storage.objects.overrideUnlockedRetention",
+    "storage.objects.restore",
     "storage.objects.setIamPolicy",
     "storage.objects.setRetention",
     "storage.objects.update"

diff --git a/roles/editor b/roles/editor
@@ -328,12 +328,16 @@
     "alloydb.backups.delete",
     "alloydb.backups.get",
     "alloydb.backups.list",
+    "alloydb.backups.listEffectiveTags",
+    "alloydb.backups.listTagBindings",
     "alloydb.backups.update",
     "alloydb.clusters.create",
     "alloydb.clusters.delete",
     "alloydb.clusters.generateClientCertificate",
     "alloydb.clusters.get",
     "alloydb.clusters.list",
+    "alloydb.clusters.listEffectiveTags",
+    "alloydb.clusters.listTagBindings",
     "alloydb.clusters.update",
     "alloydb.databases.list",
     "alloydb.instances.connect",
@@ -1928,6 +1932,7 @@
     "cloudsql.instances.stopReplica",
     "cloudsql.instances.truncateLog",
     "cloudsql.instances.update",
+    "cloudsql.schemas.view",
     "cloudsql.sslCerts.create",
     "cloudsql.sslCerts.delete",
     "cloudsql.sslCerts.get",
@@ -2765,6 +2770,12 @@
     "compute.sslPolicies.listTagBindings",
     "compute.sslPolicies.update",
     "compute.sslPolicies.use",
+    "compute.storagePools.create",
+    "compute.storagePools.delete",
+    "compute.storagePools.get",
+    "compute.storagePools.getIamPolicy",
+    "compute.storagePools.list",
+    "compute.storagePools.update",
     "compute.subnetworks.create",
     "compute.subnetworks.delete",
     "compute.subnetworks.expandIpCidrRange",
@@ -6504,6 +6515,14 @@
     "recommender.cloudPerformanceGeneralRecommendations.get",
     "recommender.cloudPerformanceGeneralRecommendations.list",
     "recommender.cloudPerformanceGeneralRecommendations.update",
+    "recommender.cloudRecentChangeInsights.get",
+    "recommender.cloudRecentChangeInsights.list",
+    "recommender.cloudRecentChangeInsights.update",
+    "recommender.cloudRecentChangeRecommendations.get",
+    "recommender.cloudRecentChangeRecommendations.list",
+    "recommender.cloudRecentChangeRecommendations.update",
+    "recommender.cloudRecentChangeRecommenderConfig.get",
+    "recommender.cloudRecentChangeRecommenderConfig.update",
     "recommender.cloudReliabilityGeneralInsights.get",
     "recommender.cloudReliabilityGeneralInsights.list",
     "recommender.cloudReliabilityGeneralInsights.update",

diff --git a/roles/firebase.admin b/roles/firebase.admin
@@ -451,6 +451,9 @@
     "serviceusage.quotas.get",
     "serviceusage.services.get",
     "serviceusage.services.list",
+    "storage.bucketOperations.cancel",
+    "storage.bucketOperations.get",
+    "storage.bucketOperations.list",
     "storage.buckets.create",
     "storage.buckets.createTagBinding",
     "storage.buckets.delete",
@@ -462,6 +465,7 @@
     "storage.buckets.list",
     "storage.buckets.listEffectiveTags",
     "storage.buckets.listTagBindings",
+    "storage.buckets.restore",
     "storage.buckets.setIamPolicy",
     "storage.buckets.update",
     "storage.managedFolders.create",
@@ -480,6 +484,7 @@
     "storage.objects.getIamPolicy",
     "storage.objects.list",
     "storage.objects.overrideUnlockedRetention",
+    "storage.objects.restore",
     "storage.objects.setIamPolicy",
     "storage.objects.setRetention",
     "storage.objects.update"

diff --git a/roles/firebase.developAdmin b/roles/firebase.developAdmin
@@ -355,6 +355,9 @@
     "serviceusage.quotas.get",
     "serviceusage.services.get",
     "serviceusage.services.list",
+    "storage.bucketOperations.cancel",
+    "storage.bucketOperations.get",
+    "storage.bucketOperations.list",
     "storage.buckets.create",
     "storage.buckets.createTagBinding",
     "storage.buckets.delete",
@@ -366,6 +369,7 @@
     "storage.buckets.list",
     "storage.buckets.listEffectiveTags",
     "storage.buckets.listTagBindings",
+    "storage.buckets.restore",
     "storage.buckets.setIamPolicy",
     "storage.buckets.update",
     "storage.managedFolders.create",
@@ -384,6 +388,7 @@
     "storage.objects.getIamPolicy",
     "storage.objects.list",
     "storage.objects.overrideUnlockedRetention",
+    "storage.objects.restore",
     "storage.objects.setIamPolicy",
     "storage.objects.setRetention",
     "storage.objects.update"

diff --git a/roles/firebase.sdkAdminServiceAgent b/roles/firebase.sdkAdminServiceAgent
@@ -122,6 +122,7 @@
     "storage.objects.getIamPolicy",
     "storage.objects.list",
     "storage.objects.overrideUnlockedRetention",
+    "storage.objects.restore",
     "storage.objects.setIamPolicy",
     "storage.objects.setRetention",
     "storage.objects.update"

diff --git a/roles/genomics.serviceAgent b/roles/genomics.serviceAgent
@@ -333,6 +333,8 @@
     "compute.sslPolicies.listAvailableFeatures",
     "compute.sslPolicies.listEffectiveTags",
     "compute.sslPolicies.listTagBindings",
+    "compute.storagePools.get",
+    "compute.storagePools.list",
     "compute.subnetworks.get",
     "compute.subnetworks.list",
     "compute.subnetworks.listEffectiveTags",

diff --git a/roles/iam.securityAdmin b/roles/iam.securityAdmin
@@ -653,6 +653,8 @@
     "compute.snapshots.setIamPolicy",
     "compute.sslCertificates.list",
     "compute.sslPolicies.list",
+    "compute.storagePools.getIamPolicy",
+    "compute.storagePools.list",
     "compute.subnetworks.getIamPolicy",
     "compute.subnetworks.list",
     "compute.subnetworks.setIamPolicy",
@@ -1646,6 +1648,8 @@
     "recommender.cloudManageabilityGeneralRecommendations.list",
     "recommender.cloudPerformanceGeneralInsights.list",
     "recommender.cloudPerformanceGeneralRecommendations.list",
+    "recommender.cloudRecentChangeInsights.list",
+    "recommender.cloudRecentChangeRecommendations.list",
     "recommender.cloudReliabilityGeneralInsights.list",
     "recommender.cloudReliabilityGeneralRecommendations.list",
     "recommender.cloudSecurityGeneralInsights.list",
@@ -1904,6 +1908,7 @@
     "speech.phraseSets.list",
     "speech.recognizers.list",
     "stackdriver.resourceMetadata.list",
+    "storage.bucketOperations.list",
     "storage.buckets.getIamPolicy",
     "storage.buckets.list",
     "storage.buckets.setIamPolicy",

diff --git a/roles/lifesciences.serviceAgent b/roles/lifesciences.serviceAgent
@@ -333,6 +333,8 @@
     "compute.sslPolicies.listAvailableFeatures",
     "compute.sslPolicies.listEffectiveTags",
     "compute.sslPolicies.listTagBindings",
+    "compute.storagePools.get",
+    "compute.storagePools.list",
     "compute.subnetworks.get",
     "compute.subnetworks.list",
     "compute.subnetworks.listEffectiveTags",

diff --git a/roles/notebooks.legacyAdmin b/roles/notebooks.legacyAdmin
@@ -685,6 +685,12 @@
     "compute.sslPolicies.listTagBindings",
     "compute.sslPolicies.update",
     "compute.sslPolicies.use",
+    "compute.storagePools.create",
+    "compute.storagePools.delete",
+    "compute.storagePools.get",
+    "compute.storagePools.getIamPolicy",
+    "compute.storagePools.list",
+    "compute.storagePools.update",
     "compute.subnetworks.create",
     "compute.subnetworks.createTagBinding",
     "compute.subnetworks.delete",

diff --git a/roles/notebooks.runner b/roles/notebooks.runner
@@ -244,6 +244,9 @@
     "compute.sslPolicies.listAvailableFeatures",
     "compute.sslPolicies.listEffectiveTags",
     "compute.sslPolicies.listTagBindings",
+    "compute.storagePools.get",
+    "compute.storagePools.getIamPolicy",
+    "compute.storagePools.list",
     "compute.subnetworks.get",
     "compute.subnetworks.getIamPolicy",
     "compute.subnetworks.list",

diff --git a/roles/notebooks.viewer b/roles/notebooks.viewer
@@ -244,6 +244,9 @@
     "compute.sslPolicies.listAvailableFeatures",
     "compute.sslPolicies.listEffectiveTags",
     "compute.sslPolicies.listTagBindings",
+    "compute.storagePools.get",
+    "compute.storagePools.getIamPolicy",
+    "compute.storagePools.list",
     "compute.subnetworks.get",
     "compute.subnetworks.getIamPolicy",
     "compute.subnetworks.list",