GCP IAM Updates Detected

jdyke · Dec 6, 2023 · d6f4af2 · d6f4af2
1 parent a254259
commit d6f4af2
Show file tree

Hide file tree

Showing 17 changed files with 26 additions and 9 deletions.
diff --git a/roles/binaryauthorization.serviceAgent b/roles/binaryauthorization.serviceAgent
@@ -2,6 +2,7 @@
   "description": "Can read Notes and Occurrences from the Container Analysis Service to find and verify signatures.",
   "etag": "AA==",
   "includedPermissions": [
+    "artifactregistry.dockerimages.get",
     "artifactregistry.repositories.downloadArtifacts",
     "binaryauthorization.attestors.get",
     "binaryauthorization.attestors.list",

diff --git a/roles/blockchainnodeengine.viewer b/roles/blockchainnodeengine.viewer
@@ -12,6 +12,6 @@
     "resourcemanager.projects.list"
   ],
   "name": "roles/blockchainnodeengine.viewer",
-  "stage": "BETA",
+  "stage": "GA",
   "title": "Blockchain Node Engine Viewer"
 }
diff --git a/roles/commercebusinessenablement.admin b/roles/commercebusinessenablement.admin
@@ -8,6 +8,9 @@
     "commercebusinessenablement.partnerAccounts.list",
     "commercebusinessenablement.partnerInfo.get",
     "commercebusinessenablement.resellerConfig.get",
+    "commercebusinessenablement.resellerConfig.update",
+    "commercebusinessenablement.resellerRestrictions.list",
+    "commercebusinessenablement.resellerRestrictions.update",
     "resourcemanager.organizations.get",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list"

diff --git a/roles/commercebusinessenablement.viewer b/roles/commercebusinessenablement.viewer
@@ -7,6 +7,7 @@
     "commercebusinessenablement.partnerAccounts.list",
     "commercebusinessenablement.partnerInfo.get",
     "commercebusinessenablement.resellerConfig.get",
+    "commercebusinessenablement.resellerRestrictions.list",
     "resourcemanager.organizations.get",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list"

diff --git a/roles/datamigration.serviceAgent b/roles/datamigration.serviceAgent
@@ -21,6 +21,7 @@
     "cloudsql.instances.delete",
     "cloudsql.instances.demoteMaster",
     "cloudsql.instances.get",
+    "cloudsql.instances.import",
     "cloudsql.instances.list",
     "cloudsql.instances.migrate",
     "cloudsql.instances.promoteReplica",
@@ -52,7 +53,8 @@
     "compute.subnetworks.get",
     "compute.subnetworks.list",
     "compute.subnetworks.use",
-    "storage.objects.get"
+    "storage.objects.get",
+    "storage.objects.list"
   ],
   "name": "roles/datamigration.serviceAgent",
   "stage": "GA",

diff --git a/roles/dataplex.serviceAgent b/roles/dataplex.serviceAgent
@@ -111,6 +111,7 @@
     "datacatalog.catalogs.searchAll",
     "datacatalog.categories.getIamPolicy",
     "datacatalog.categories.setIamPolicy",
+    "datacatalog.entries.get",
     "datacatalog.taxonomies.create",
     "datacatalog.taxonomies.delete",
     "datacatalog.taxonomies.get",

diff --git a/roles/editor b/roles/editor
@@ -2017,6 +2017,7 @@
     "commercebusinessenablement.refunds.start",
     "commercebusinessenablement.refunds.update",
     "commercebusinessenablement.resellerConfig.get",
+    "commercebusinessenablement.resellerConfig.update",
     "commercebusinessenablement.resellerDiscountConfig.get",
     "commercebusinessenablement.resellerDiscountOffers.cancel",
     "commercebusinessenablement.resellerDiscountOffers.create",
@@ -2028,6 +2029,8 @@
     "commercebusinessenablement.resellerPrivateOfferPlans.list",
     "commercebusinessenablement.resellerPrivateOfferPlans.publish",
     "commercebusinessenablement.resellerPrivateOfferPlans.update",
+    "commercebusinessenablement.resellerRestrictions.list",
+    "commercebusinessenablement.resellerRestrictions.update",
     "commerceoffercatalog.agreements.get",
     "commerceoffercatalog.agreements.list",
     "commerceoffercatalog.documents.get",

diff --git a/roles/fleetengine.deliveryAdmin b/roles/fleetengine.deliveryAdmin
@@ -22,6 +22,6 @@
     "serviceusage.services.use"
   ],
   "name": "roles/fleetengine.deliveryAdmin",
-  "stage": "ALPHA",
+  "stage": "GA",
   "title": "Fleet Engine Delivery Admin"
 }
diff --git a/roles/fleetengine.ondemandAdmin b/roles/fleetengine.ondemandAdmin
@@ -21,6 +21,6 @@
     "serviceusage.services.use"
   ],
   "name": "roles/fleetengine.ondemandAdmin",
-  "stage": "ALPHA",
+  "stage": "GA",
   "title": "Fleet Engine On-Demand Admin"
 }
diff --git a/roles/gkemulticloud.controlPlaneMachineServiceAgent b/roles/gkemulticloud.controlPlaneMachineServiceAgent
@@ -4,7 +4,8 @@
   "includedPermissions": [
     "artifactregistry.dockerimages.get",
     "artifactregistry.repositories.downloadArtifacts",
-    "artifactregistry.repositories.get"
+    "artifactregistry.repositories.get",
+    "serviceusage.services.use"
   ],
   "name": "roles/gkemulticloud.controlPlaneMachineServiceAgent",
   "stage": "GA",

diff --git a/roles/iam.securityReviewer b/roles/iam.securityReviewer
@@ -438,6 +438,7 @@
     "commercebusinessenablement.refunds.list",
     "commercebusinessenablement.resellerDiscountOffers.list",
     "commercebusinessenablement.resellerPrivateOfferPlans.list",
+    "commercebusinessenablement.resellerRestrictions.list",
     "commerceoffercatalog.agreements.list",
     "commerceoffercatalog.documents.list",
     "commerceorggovernance.collections.list",

diff --git a/roles/kubernetesmetadata.publisher b/roles/kubernetesmetadata.publisher
@@ -7,6 +7,6 @@
     "kubernetesmetadata.metadata.snapshot"
   ],
   "name": "roles/kubernetesmetadata.publisher",
-  "stage": "ALPHA",
+  "stage": "BETA",
   "title": "Metadata Publisher"
 }
diff --git a/roles/networkconnectivity.regionalEndpointViewer b/roles/networkconnectivity.regionalEndpointViewer
@@ -8,6 +8,6 @@
     "resourcemanager.projects.list"
   ],
   "name": "roles/networkconnectivity.regionalEndpointViewer",
-  "stage": "ALPHA",
+  "stage": "BETA",
   "title": "Regional Endpoint Viewer"
 }
diff --git a/roles/owner b/roles/owner
@@ -2649,6 +2649,7 @@
     "commercebusinessenablement.refunds.start",
     "commercebusinessenablement.refunds.update",
     "commercebusinessenablement.resellerConfig.get",
+    "commercebusinessenablement.resellerConfig.update",
     "commercebusinessenablement.resellerDiscountConfig.get",
     "commercebusinessenablement.resellerDiscountOffers.cancel",
     "commercebusinessenablement.resellerDiscountOffers.create",
@@ -2660,6 +2661,8 @@
     "commercebusinessenablement.resellerPrivateOfferPlans.list",
     "commercebusinessenablement.resellerPrivateOfferPlans.publish",
     "commercebusinessenablement.resellerPrivateOfferPlans.update",
+    "commercebusinessenablement.resellerRestrictions.list",
+    "commercebusinessenablement.resellerRestrictions.update",
     "commerceoffercatalog.agreements.get",
     "commerceoffercatalog.agreements.list",
     "commerceoffercatalog.documents.get",

diff --git a/roles/viewer b/roles/viewer
@@ -1054,6 +1054,7 @@
     "commercebusinessenablement.resellerDiscountOffers.list",
     "commercebusinessenablement.resellerPrivateOfferPlans.get",
     "commercebusinessenablement.resellerPrivateOfferPlans.list",
+    "commercebusinessenablement.resellerRestrictions.list",
     "commerceoffercatalog.agreements.get",
     "commerceoffercatalog.agreements.list",
     "commerceoffercatalog.documents.get",

diff --git a/roles/workloadmanager.deploymentAdmin b/roles/workloadmanager.deploymentAdmin
@@ -32,6 +32,6 @@
     "workloadmanager.operations.list"
   ],
   "name": "roles/workloadmanager.deploymentAdmin",
-  "stage": "ALPHA",
+  "stage": "BETA",
   "title": "Workload Manager Deployment Admin"
 }
diff --git a/roles/workloadmanager.deploymentViewer b/roles/workloadmanager.deploymentViewer
@@ -10,6 +10,6 @@
     "workloadmanager.deployments.list"
   ],
   "name": "roles/workloadmanager.deploymentViewer",
-  "stage": "ALPHA",
+  "stage": "BETA",
   "title": "Workload Manager Deployment Viewer"
 }