This service periodically collects GCP IAM roles and their permissions and stores them in a local DB. Roles and/or Permissions can be queried via the api.
To retrieve details about a particular role:
curl --location --request GET 'v1/role/named' \
--header 'Content-Type: application/json' \
--data-raw '{
"named": "role/name"
}'To retrieve all roles with the provided permissions:
curl --location --request GET 'v1/role/permissions' \
--header 'Content-Type: application/json' \
--data-raw '{
"permissions": ["permission_1", "permissions_2"]
}'