From 20c01038b0f14468636d679b5a22d8520aca8c09 Mon Sep 17 00:00:00 2001
From: bgeesaman <bgeesaman@users.noreply.github.com>
Date: Mon, 22 Aug 2022 13:17:43 +0000
Subject: [PATCH] Fetch all roles

---
 gcp_roles_cai.json                         | 8 ++++----
 roles/appengine.memcacheDataAdmin          | 2 +-
 roles/firebasemessagingcampaigns.admin     | 2 +-
 roles/iam.serviceAccountOpenIdTokenCreator | 2 +-
 roles/integrations.serviceAgent            | 2 ++
 5 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/gcp_roles_cai.json b/gcp_roles_cai.json
index a8258137..db2ac649 100644
--- a/gcp_roles_cai.json
+++ b/gcp_roles_cai.json
@@ -73,7 +73,7 @@
 {"description":"Ability to view App Engine app status.","etag":"AA==","includedPermissions":["appengine.applications.get","appengine.instances.get","appengine.instances.list","appengine.operations.get","appengine.operations.list","appengine.services.get","appengine.services.list","appengine.versions.get","appengine.versions.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/appengine.appViewer","stage":"GA","title":"App Engine Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Ability to view App Engine app status and deployed source code.","etag":"AA==","includedPermissions":["appengine.applications.get","appengine.instances.get","appengine.instances.list","appengine.operations.get","appengine.operations.list","appengine.services.get","appengine.services.list","appengine.versions.get","appengine.versions.getFileContents","appengine.versions.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/appengine.codeViewer","stage":"GA","title":"App Engine Code Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Necessary permissions to deploy new code to App Engine, and remove old versions.","etag":"AA==","includedPermissions":["appengine.applications.get","appengine.instances.get","appengine.instances.list","appengine.operations.get","appengine.operations.list","appengine.services.get","appengine.services.list","appengine.versions.create","appengine.versions.delete","appengine.versions.get","appengine.versions.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/appengine.deployer","stage":"GA","title":"App Engine Deployer","asset_type":"iam.googleapis.com/ExportedIAMRole"}
-{"description":"Can get, set, delete, and flush App Engine Memcache items.","etag":"AA==","includedPermissions":["appengine.applications.get","appengine.memcache.addKey","appengine.memcache.flush","appengine.memcache.get","appengine.memcache.update","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/appengine.memcacheDataAdmin","stage":"ALPHA","title":"App Engine Memcache Data Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"}
+{"description":"Can get, set, delete, and flush App Engine Memcache items.","etag":"AA==","includedPermissions":["appengine.applications.get","appengine.memcache.addKey","appengine.memcache.flush","appengine.memcache.get","appengine.memcache.update","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/appengine.memcacheDataAdmin","stage":"GA","title":"App Engine Memcache Data Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Can view and change traffic splits, scaling settings, and delete old versions; can't create new versions.","etag":"AA==","includedPermissions":["appengine.applications.get","appengine.instances.delete","appengine.instances.get","appengine.instances.list","appengine.operations.get","appengine.operations.list","appengine.services.delete","appengine.services.get","appengine.services.list","appengine.services.update","appengine.versions.delete","appengine.versions.get","appengine.versions.list","appengine.versions.update","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/appengine.serviceAdmin","stage":"GA","title":"App Engine Service Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Give App Engine Standard Enviroment service account access to managed resources. Includes access to service accounts.","etag":"AA==","includedPermissions":["datastore.databases.get","datastore.entities.create","datastore.entities.delete","datastore.entities.get","datastore.entities.list","datastore.entities.update","datastore.indexes.list","datastore.namespaces.get","datastore.namespaces.list","datastore.statistics.get","datastore.statistics.list","iam.serviceAccounts.getAccessToken","iam.serviceAccounts.getOpenIdToken","iam.serviceAccounts.signBlob"],"name":"roles/appengine.serviceAgent","stage":"GA","title":"App Engine Standard Environment Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Can edit and manage App Engine Flexible Environment apps. Includes access to service accounts.","etag":"AA==","includedPermissions":["billing.accounts.get","cloudbuild.builds.create","cloudbuild.builds.get","compute.addresses.create","compute.addresses.delete","compute.addresses.get","compute.addresses.list","compute.addresses.use","compute.autoscalers.create","compute.autoscalers.delete","compute.autoscalers.get","compute.autoscalers.update","compute.backendServices.create","compute.backendServices.delete","compute.backendServices.get","compute.backendServices.list","compute.backendServices.update","compute.backendServices.use","compute.disks.list","compute.firewalls.create","compute.firewalls.delete","compute.firewalls.get","compute.firewalls.list","compute.firewalls.update","compute.forwardingRules.create","compute.forwardingRules.delete","compute.forwardingRules.get","compute.globalAddresses.create","compute.globalAddresses.delete","compute.globalAddresses.get","compute.globalAddresses.use","compute.globalForwardingRules.create","compute.globalForwardingRules.delete","compute.globalForwardingRules.get","compute.globalOperations.get","compute.healthChecks.create","compute.healthChecks.delete","compute.healthChecks.get","compute.healthChecks.update","compute.healthChecks.useReadOnly","compute.httpHealthChecks.create","compute.httpHealthChecks.delete","compute.httpHealthChecks.get","compute.httpHealthChecks.use","compute.httpHealthChecks.useReadOnly","compute.httpsHealthChecks.create","compute.httpsHealthChecks.delete","compute.httpsHealthChecks.get","compute.httpsHealthChecks.update","compute.httpsHealthChecks.use","compute.httpsHealthChecks.useReadOnly","compute.images.get","compute.images.useReadOnly","compute.instanceGroupManagers.create","compute.instanceGroupManagers.delete","compute.instanceGroupManagers.get","compute.instanceGroupManagers.update","compute.instanceGroupManagers.use","compute.instanceGroups.create","compute.instanceGroups.delete","compute.instanceGroups.get","compute.instanceGroups.update","compute.instanceTemplates.create","compute.instanceTemplates.delete","compute.instanceTemplates.get","compute.instanceTemplates.useReadOnly","compute.instances.attachDisk","compute.instances.create","compute.instances.delete","compute.instances.detachDisk","compute.instances.get","compute.instances.getGuestAttributes","compute.instances.getSerialPortOutput","compute.instances.list","compute.instances.reset","compute.instances.setLabels","compute.instances.setMetadata","compute.instances.setTags","compute.instances.start","compute.instances.stop","compute.instances.use","compute.machineTypes.get","compute.networks.create","compute.networks.delete","compute.networks.get","compute.networks.updatePolicy","compute.networks.use","compute.networks.useExternalIp","compute.projects.get","compute.projects.setCommonInstanceMetadata","compute.regionBackendServices.create","compute.regionBackendServices.delete","compute.regionBackendServices.get","compute.regionBackendServices.list","compute.regionBackendServices.update","compute.regionBackendServices.use","compute.regionOperations.get","compute.regions.get","compute.routes.get","compute.routes.list","compute.subnetworks.delete","compute.subnetworks.get","compute.targetHttpProxies.create","compute.targetHttpProxies.delete","compute.targetHttpProxies.get","compute.targetHttpProxies.use","compute.targetHttpsProxies.create","compute.targetHttpsProxies.delete","compute.targetHttpsProxies.get","compute.targetHttpsProxies.setSslCertificates","compute.targetHttpsProxies.use","compute.urlMaps.create","compute.urlMaps.delete","compute.urlMaps.get","compute.urlMaps.update","compute.urlMaps.use","compute.zoneOperations.get","compute.zoneOperations.list","compute.zones.get","compute.zones.list","deploymentmanager.compositeTypes.get","deploymentmanager.deployments.create","deploymentmanager.deployments.delete","deploymentmanager.deployments.get","deploymentmanager.deployments.list","deploymentmanager.deployments.update","deploymentmanager.manifests.get","deploymentmanager.manifests.list","deploymentmanager.operations.get","deploymentmanager.operations.list","deploymentmanager.typeProviders.create","deploymentmanager.typeProviders.get","iam.serviceAccounts.actAs","iam.serviceAccounts.get","iam.serviceAccounts.getAccessToken","iam.serviceAccounts.signBlob","iam.serviceAccounts.signJwt","logging.logEntries.create","logging.logMetrics.create","logging.logMetrics.delete","logging.logMetrics.get","logging.logMetrics.update","resourcemanager.organizations.get","resourcemanager.projects.get","resourcemanager.projects.getIamPolicy","resourcemanager.projects.setIamPolicy","storage.buckets.create","storage.buckets.delete","storage.buckets.get","storage.buckets.getIamPolicy","storage.buckets.setIamPolicy","storage.buckets.update","storage.objects.create","storage.objects.delete","storage.objects.get","storage.objects.getIamPolicy","storage.objects.list"],"name":"roles/appengineflex.serviceAgent","stage":"GA","title":"App Engine flexible environment Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"}
@@ -560,7 +560,7 @@
 {"description":"Read-only access to Firebase Hosting resources.","etag":"AA==","includedPermissions":["firebase.clients.get","firebase.clients.list","firebase.projects.get","firebasehosting.sites.get","firebasehosting.sites.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/firebasehosting.viewer","stage":"GA","title":"Firebase Hosting Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Full read/write access to Firebase In-App Messaging resources.","etag":"AA==","includedPermissions":["firebase.clients.get","firebase.clients.list","firebase.projects.get","firebaseinappmessaging.campaigns.create","firebaseinappmessaging.campaigns.delete","firebaseinappmessaging.campaigns.get","firebaseinappmessaging.campaigns.list","firebaseinappmessaging.campaigns.update","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/firebaseinappmessaging.admin","stage":"BETA","title":"Firebase In-App Messaging Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Read-only access to Firebase In-App Messaging resources.","etag":"AA==","includedPermissions":["firebase.clients.get","firebase.clients.list","firebase.projects.get","firebaseinappmessaging.campaigns.get","firebaseinappmessaging.campaigns.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/firebaseinappmessaging.viewer","stage":"BETA","title":"Firebase In-App Messaging Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"}
-{"description":"Full management of Firebase Messaging Campaigns.","etag":"AA==","includedPermissions":["firebasemessagingcampaigns.campaigns.create","firebasemessagingcampaigns.campaigns.delete","firebasemessagingcampaigns.campaigns.get","firebasemessagingcampaigns.campaigns.list","firebasemessagingcampaigns.campaigns.start","firebasemessagingcampaigns.campaigns.stop","firebasemessagingcampaigns.campaigns.update"],"name":"roles/firebasemessagingcampaigns.admin","stage":"ALPHA","title":"Firebase Messaging Campaigns Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"}
+{"description":"Full management of Firebase Messaging Campaigns.","etag":"AA==","includedPermissions":["firebasemessagingcampaigns.campaigns.create","firebasemessagingcampaigns.campaigns.delete","firebasemessagingcampaigns.campaigns.get","firebasemessagingcampaigns.campaigns.list","firebasemessagingcampaigns.campaigns.start","firebasemessagingcampaigns.campaigns.stop","firebasemessagingcampaigns.campaigns.update"],"name":"roles/firebasemessagingcampaigns.admin","stage":"BETA","title":"Firebase Messaging Campaigns Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Read-only access for Firebase Messaging Campaigns.","etag":"AA==","includedPermissions":["firebasemessagingcampaigns.campaigns.get","firebasemessagingcampaigns.campaigns.list"],"name":"roles/firebasemessagingcampaigns.viewer","stage":"ALPHA","title":"Firebase Messaging Campaigns Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Full read/write access to Firebase ML Kit resources.","etag":"AA==","includedPermissions":["firebase.clients.get","firebase.clients.list","firebase.projects.get","firebaseml.compressionjobs.create","firebaseml.compressionjobs.delete","firebaseml.compressionjobs.get","firebaseml.compressionjobs.list","firebaseml.compressionjobs.start","firebaseml.compressionjobs.update","firebaseml.models.create","firebaseml.models.delete","firebaseml.models.get","firebaseml.models.list","firebaseml.modelversions.create","firebaseml.modelversions.get","firebaseml.modelversions.list","firebaseml.modelversions.update","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/firebaseml.admin","stage":"BETA","title":"Firebase ML Kit Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Read-only access to Firebase ML Kit resources.","etag":"AA==","includedPermissions":["firebase.clients.get","firebase.clients.list","firebase.projects.get","firebaseml.compressionjobs.get","firebaseml.compressionjobs.list","firebaseml.models.get","firebaseml.models.list","firebaseml.modelversions.get","firebaseml.modelversions.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/firebaseml.viewer","stage":"BETA","title":"Firebase ML Kit Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"}
@@ -661,7 +661,7 @@
 {"description":"Access to create service accounts.","etag":"AA==","includedPermissions":["iam.serviceAccounts.create","iam.serviceAccounts.get","iam.serviceAccounts.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/iam.serviceAccountCreator","stage":"GA","title":"Create Service Accounts","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Access to delete service accounts.","etag":"AA==","includedPermissions":["iam.serviceAccounts.delete","iam.serviceAccounts.get","iam.serviceAccounts.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/iam.serviceAccountDeleter","stage":"GA","title":"Delete Service Accounts","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Create and manage (and rotate) service account keys.","etag":"AA==","includedPermissions":["iam.serviceAccountKeys.create","iam.serviceAccountKeys.delete","iam.serviceAccountKeys.disable","iam.serviceAccountKeys.enable","iam.serviceAccountKeys.get","iam.serviceAccountKeys.list","iam.serviceAccounts.get","iam.serviceAccounts.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/iam.serviceAccountKeyAdmin","stage":"GA","title":"Service Account Key Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"}
-{"description":"Create OpenID Connect (OIDC) identity tokens","etag":"AA==","includedPermissions":["iam.serviceAccounts.getOpenIdToken"],"name":"roles/iam.serviceAccountOpenIdTokenCreator","stage":"ALPHA","title":"Service Account OpenID Connect Identity Token Creator","asset_type":"iam.googleapis.com/ExportedIAMRole"}
+{"description":"Create OpenID Connect (OIDC) identity tokens","etag":"AA==","includedPermissions":["iam.serviceAccounts.getOpenIdToken"],"name":"roles/iam.serviceAccountOpenIdTokenCreator","stage":"GA","title":"Service Account OpenID Connect Identity Token Creator","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Impersonate service accounts (create OAuth2 access tokens, sign blobs or JWTs, etc).","etag":"AA==","includedPermissions":["iam.serviceAccounts.get","iam.serviceAccounts.getAccessToken","iam.serviceAccounts.getOpenIdToken","iam.serviceAccounts.implicitDelegation","iam.serviceAccounts.list","iam.serviceAccounts.signBlob","iam.serviceAccounts.signJwt","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/iam.serviceAccountTokenCreator","stage":"GA","title":"Service Account Token Creator","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Run operations as the service account.","etag":"AA==","includedPermissions":["iam.serviceAccounts.actAs","iam.serviceAccounts.get","iam.serviceAccounts.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/iam.serviceAccountUser","stage":"GA","title":"Service Account User","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Read access to service accounts, metadata, and keys.","etag":"AA==","includedPermissions":["iam.serviceAccountKeys.get","iam.serviceAccountKeys.list","iam.serviceAccounts.get","iam.serviceAccounts.getIamPolicy","iam.serviceAccounts.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/iam.serviceAccountViewer","stage":"GA","title":"View Service Accounts","asset_type":"iam.googleapis.com/ExportedIAMRole"}
@@ -696,7 +696,7 @@
 {"description":"A role that can invoke integrations.","etag":"AA==","includedPermissions":["integrations.apigeeExecutions.list","integrations.apigeeIntegrationVers.get","integrations.apigeeIntegrationVers.list","integrations.apigeeIntegrations.invoke","integrations.apigeeIntegrations.list","integrations.executions.list","integrations.integrationVersions.get","integrations.integrationVersions.invoke","integrations.integrationVersions.list","integrations.integrations.get","integrations.integrations.invoke","integrations.integrations.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/integrations.integrationInvoker","stage":"GA","title":"Application Integration Invoker","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"A developer that can list and view integrations.","etag":"AA==","includedPermissions":["integrations.apigeeAuthConfigs.list","integrations.apigeeCertificates.list","integrations.apigeeIntegrationVers.get","integrations.apigeeIntegrationVers.list","integrations.apigeeIntegrations.list","integrations.apigeeSfdcChannels.list","integrations.apigeeSfdcInstances.list","integrations.authConfigs.get","integrations.authConfigs.list","integrations.certificates.get","integrations.certificates.list","integrations.executions.list","integrations.integrationVersions.get","integrations.integrationVersions.list","integrations.integrations.get","integrations.integrations.list","integrations.sfdcChannels.list","integrations.sfdcInstances.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/integrations.integrationViewer","stage":"GA","title":"Application Integration Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"A user that has full access to all Security integrations.","etag":"AA==","includedPermissions":["integrations.securityAuthConfigs.create","integrations.securityAuthConfigs.delete","integrations.securityAuthConfigs.get","integrations.securityAuthConfigs.list","integrations.securityAuthConfigs.update","integrations.securityExecutions.cancel","integrations.securityExecutions.get","integrations.securityExecutions.list","integrations.securityIntegTempVers.create","integrations.securityIntegTempVers.get","integrations.securityIntegTempVers.list","integrations.securityIntegrationVers.create","integrations.securityIntegrationVers.deploy","integrations.securityIntegrationVers.get","integrations.securityIntegrationVers.list","integrations.securityIntegrationVers.update","integrations.securityIntegrations.invoke","integrations.securityIntegrations.list"],"name":"roles/integrations.securityIntegrationAdmin","stage":"BETA","title":"Security Integration Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"}
-{"description":"Service agent that grants access to execute an integration.","etag":"AA==","includedPermissions":["cloudfunctions.functions.invoke","cloudsql.instances.connect","cloudsql.instances.get","connectors.actions.execute","connectors.actions.list","connectors.connections.executeSqlQuery","connectors.entities.create","connectors.entities.delete","connectors.entities.deleteEntitiesWithConditions","connectors.entities.get","connectors.entities.list","connectors.entities.update","connectors.entities.updateEntitiesWithConditions","connectors.entityTypes.list","integrations.apigeeAuthConfigs.create","integrations.apigeeAuthConfigs.delete","integrations.apigeeAuthConfigs.get","integrations.apigeeAuthConfigs.list","integrations.apigeeAuthConfigs.update","integrations.apigeeCertificates.create","integrations.apigeeCertificates.delete","integrations.apigeeCertificates.get","integrations.apigeeCertificates.list","integrations.apigeeCertificates.update","integrations.apigeeExecutions.list","integrations.apigeeIntegrationVers.create","integrations.apigeeIntegrationVers.delete","integrations.apigeeIntegrationVers.deploy","integrations.apigeeIntegrationVers.get","integrations.apigeeIntegrationVers.list","integrations.apigeeIntegrationVers.update","integrations.apigeeIntegrations.invoke","integrations.apigeeIntegrations.list","integrations.apigeeSfdcChannels.create","integrations.apigeeSfdcChannels.delete","integrations.apigeeSfdcChannels.get","integrations.apigeeSfdcChannels.list","integrations.apigeeSfdcChannels.update","integrations.apigeeSfdcInstances.create","integrations.apigeeSfdcInstances.delete","integrations.apigeeSfdcInstances.get","integrations.apigeeSfdcInstances.list","integrations.apigeeSfdcInstances.update","integrations.apigeeSuspensions.lift","integrations.apigeeSuspensions.list","integrations.apigeeSuspensions.resolve","integrations.authConfigs.create","integrations.authConfigs.delete","integrations.authConfigs.get","integrations.authConfigs.list","integrations.authConfigs.update","integrations.certificates.create","integrations.certificates.delete","integrations.certificates.get","integrations.certificates.list","integrations.certificates.update","integrations.executions.list","integrations.integrationVersions.create","integrations.integrationVersions.delete","integrations.integrationVersions.deploy","integrations.integrationVersions.get","integrations.integrationVersions.list","integrations.integrationVersions.update","integrations.integrations.create","integrations.integrations.delete","integrations.integrations.deploy","integrations.integrations.get","integrations.integrations.invoke","integrations.integrations.list","integrations.integrations.update","integrations.sfdcChannels.create","integrations.sfdcChannels.delete","integrations.sfdcChannels.get","integrations.sfdcChannels.list","integrations.sfdcChannels.update","integrations.sfdcInstances.create","integrations.sfdcInstances.delete","integrations.sfdcInstances.get","integrations.sfdcInstances.list","integrations.sfdcInstances.update","integrations.suspensions.lift","integrations.suspensions.list","integrations.suspensions.resolve","pubsub.schemas.attach","pubsub.schemas.create","pubsub.schemas.delete","pubsub.schemas.get","pubsub.schemas.list","pubsub.schemas.validate","pubsub.snapshots.create","pubsub.snapshots.delete","pubsub.snapshots.get","pubsub.snapshots.list","pubsub.snapshots.seek","pubsub.snapshots.update","pubsub.subscriptions.consume","pubsub.subscriptions.create","pubsub.subscriptions.delete","pubsub.subscriptions.get","pubsub.subscriptions.list","pubsub.subscriptions.update","pubsub.topics.attachSubscription","pubsub.topics.create","pubsub.topics.delete","pubsub.topics.detachSubscription","pubsub.topics.get","pubsub.topics.list","pubsub.topics.publish","pubsub.topics.update","pubsub.topics.updateTag","resourcemanager.projects.get","resourcemanager.projects.list","serviceusage.quotas.get","serviceusage.services.get","serviceusage.services.list"],"name":"roles/integrations.serviceAgent","stage":"GA","title":"Integrations Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"}
+{"description":"Service agent that grants access to execute an integration.","etag":"AA==","includedPermissions":["cloudfunctions.functions.invoke","cloudsql.instances.connect","cloudsql.instances.get","connectors.actions.execute","connectors.actions.list","connectors.connections.executeSqlQuery","connectors.entities.create","connectors.entities.delete","connectors.entities.deleteEntitiesWithConditions","connectors.entities.get","connectors.entities.list","connectors.entities.update","connectors.entities.updateEntitiesWithConditions","connectors.entityTypes.list","integrations.apigeeAuthConfigs.create","integrations.apigeeAuthConfigs.delete","integrations.apigeeAuthConfigs.get","integrations.apigeeAuthConfigs.list","integrations.apigeeAuthConfigs.update","integrations.apigeeCertificates.create","integrations.apigeeCertificates.delete","integrations.apigeeCertificates.get","integrations.apigeeCertificates.list","integrations.apigeeCertificates.update","integrations.apigeeExecutions.list","integrations.apigeeIntegrationVers.create","integrations.apigeeIntegrationVers.delete","integrations.apigeeIntegrationVers.deploy","integrations.apigeeIntegrationVers.get","integrations.apigeeIntegrationVers.list","integrations.apigeeIntegrationVers.update","integrations.apigeeIntegrations.invoke","integrations.apigeeIntegrations.list","integrations.apigeeSfdcChannels.create","integrations.apigeeSfdcChannels.delete","integrations.apigeeSfdcChannels.get","integrations.apigeeSfdcChannels.list","integrations.apigeeSfdcChannels.update","integrations.apigeeSfdcInstances.create","integrations.apigeeSfdcInstances.delete","integrations.apigeeSfdcInstances.get","integrations.apigeeSfdcInstances.list","integrations.apigeeSfdcInstances.update","integrations.apigeeSuspensions.lift","integrations.apigeeSuspensions.list","integrations.apigeeSuspensions.resolve","integrations.authConfigs.create","integrations.authConfigs.delete","integrations.authConfigs.get","integrations.authConfigs.list","integrations.authConfigs.update","integrations.certificates.create","integrations.certificates.delete","integrations.certificates.get","integrations.certificates.list","integrations.certificates.update","integrations.executions.list","integrations.integrationVersions.create","integrations.integrationVersions.delete","integrations.integrationVersions.deploy","integrations.integrationVersions.get","integrations.integrationVersions.list","integrations.integrationVersions.update","integrations.integrations.create","integrations.integrations.delete","integrations.integrations.deploy","integrations.integrations.get","integrations.integrations.invoke","integrations.integrations.list","integrations.integrations.update","integrations.sfdcChannels.create","integrations.sfdcChannels.delete","integrations.sfdcChannels.get","integrations.sfdcChannels.list","integrations.sfdcChannels.update","integrations.sfdcInstances.create","integrations.sfdcInstances.delete","integrations.sfdcInstances.get","integrations.sfdcInstances.list","integrations.sfdcInstances.update","integrations.suspensions.lift","integrations.suspensions.list","integrations.suspensions.resolve","pubsub.schemas.attach","pubsub.schemas.create","pubsub.schemas.delete","pubsub.schemas.get","pubsub.schemas.list","pubsub.schemas.validate","pubsub.snapshots.create","pubsub.snapshots.delete","pubsub.snapshots.get","pubsub.snapshots.list","pubsub.snapshots.seek","pubsub.snapshots.update","pubsub.subscriptions.consume","pubsub.subscriptions.create","pubsub.subscriptions.delete","pubsub.subscriptions.get","pubsub.subscriptions.list","pubsub.subscriptions.update","pubsub.topics.attachSubscription","pubsub.topics.create","pubsub.topics.delete","pubsub.topics.detachSubscription","pubsub.topics.get","pubsub.topics.list","pubsub.topics.publish","pubsub.topics.update","pubsub.topics.updateTag","resourcemanager.projects.get","resourcemanager.projects.list","run.jobs.run","run.routes.invoke","serviceusage.quotas.get","serviceusage.services.get","serviceusage.services.list"],"name":"roles/integrations.serviceAgent","stage":"GA","title":"Integrations Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"A user that has full access (CRUD) to all SFDC instances.","etag":"AA==","includedPermissions":["integrations.sfdcChannels.create","integrations.sfdcChannels.delete","integrations.sfdcChannels.get","integrations.sfdcChannels.list","integrations.sfdcChannels.update","integrations.sfdcInstances.create","integrations.sfdcInstances.delete","integrations.sfdcInstances.get","integrations.sfdcInstances.list","integrations.sfdcInstances.update","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/integrations.sfdcInstanceAdmin","stage":"GA","title":"Application Integration SFDC Instance Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"A developer that can list, create and update integrations.","etag":"AA==","includedPermissions":["integrations.sfdcChannels.create","integrations.sfdcChannels.get","integrations.sfdcChannels.list","integrations.sfdcChannels.update","integrations.sfdcInstances.create","integrations.sfdcInstances.get","integrations.sfdcInstances.list","integrations.sfdcInstances.update","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/integrations.sfdcInstanceEditor","stage":"GA","title":"Application Integration SFDC Instance Editor","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"A developer that can list and view SFDC instances.","etag":"AA==","includedPermissions":["integrations.sfdcChannels.get","integrations.sfdcChannels.list","integrations.sfdcInstances.get","integrations.sfdcInstances.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/integrations.sfdcInstanceViewer","stage":"GA","title":"Application Integration SFDC Instance Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"}
diff --git a/roles/appengine.memcacheDataAdmin b/roles/appengine.memcacheDataAdmin
index f21abad9..bd92c745 100644
--- a/roles/appengine.memcacheDataAdmin
+++ b/roles/appengine.memcacheDataAdmin
@@ -11,6 +11,6 @@
     "resourcemanager.projects.list"
   ],
   "name": "roles/appengine.memcacheDataAdmin",
-  "stage": "ALPHA",
+  "stage": "GA",
   "title": "App Engine Memcache Data Admin"
 }
diff --git a/roles/firebasemessagingcampaigns.admin b/roles/firebasemessagingcampaigns.admin
index 76391f0b..6f962736 100644
--- a/roles/firebasemessagingcampaigns.admin
+++ b/roles/firebasemessagingcampaigns.admin
@@ -11,6 +11,6 @@
     "firebasemessagingcampaigns.campaigns.update"
   ],
   "name": "roles/firebasemessagingcampaigns.admin",
-  "stage": "ALPHA",
+  "stage": "BETA",
   "title": "Firebase Messaging Campaigns Admin"
 }
diff --git a/roles/iam.serviceAccountOpenIdTokenCreator b/roles/iam.serviceAccountOpenIdTokenCreator
index 9e32154f..88f73fe9 100644
--- a/roles/iam.serviceAccountOpenIdTokenCreator
+++ b/roles/iam.serviceAccountOpenIdTokenCreator
@@ -5,6 +5,6 @@
     "iam.serviceAccounts.getOpenIdToken"
   ],
   "name": "roles/iam.serviceAccountOpenIdTokenCreator",
-  "stage": "ALPHA",
+  "stage": "GA",
   "title": "Service Account OpenID Connect Identity Token Creator"
 }
diff --git a/roles/integrations.serviceAgent b/roles/integrations.serviceAgent
index bf4121e9..83cabdbb 100644
--- a/roles/integrations.serviceAgent
+++ b/roles/integrations.serviceAgent
@@ -114,6 +114,8 @@
     "pubsub.topics.updateTag",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list",
+    "run.jobs.run",
+    "run.routes.invoke",
     "serviceusage.quotas.get",
     "serviceusage.services.get",
     "serviceusage.services.list"