diff --git a/gcp_roles_cai.json b/gcp_roles_cai.json index b244784f..c53ae18c 100644 --- a/gcp_roles_cai.json +++ b/gcp_roles_cai.json @@ -79,7 +79,7 @@ {"description":"Administrator access to create and manage repositories.","etag":"AA==","includedPermissions":["artifactregistry.aptartifacts.create","artifactregistry.dockerimages.get","artifactregistry.dockerimages.list","artifactregistry.files.get","artifactregistry.files.list","artifactregistry.locations.get","artifactregistry.locations.list","artifactregistry.mavenartifacts.get","artifactregistry.mavenartifacts.list","artifactregistry.npmpackages.get","artifactregistry.npmpackages.list","artifactregistry.packages.delete","artifactregistry.packages.get","artifactregistry.packages.list","artifactregistry.pythonpackages.get","artifactregistry.pythonpackages.list","artifactregistry.repositories.create","artifactregistry.repositories.createTagBinding","artifactregistry.repositories.delete","artifactregistry.repositories.deleteArtifacts","artifactregistry.repositories.deleteTagBinding","artifactregistry.repositories.downloadArtifacts","artifactregistry.repositories.get","artifactregistry.repositories.getIamPolicy","artifactregistry.repositories.list","artifactregistry.repositories.listEffectiveTags","artifactregistry.repositories.listTagBindings","artifactregistry.repositories.setIamPolicy","artifactregistry.repositories.update","artifactregistry.repositories.uploadArtifacts","artifactregistry.tags.create","artifactregistry.tags.delete","artifactregistry.tags.get","artifactregistry.tags.list","artifactregistry.tags.update","artifactregistry.versions.delete","artifactregistry.versions.get","artifactregistry.versions.list","artifactregistry.yumartifacts.create"],"name":"roles/artifactregistry.admin","stage":"GA","title":"Artifact Registry Administrator","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Access to read repository items.","etag":"AA==","includedPermissions":["artifactregistry.dockerimages.get","artifactregistry.dockerimages.list","artifactregistry.files.get","artifactregistry.files.list","artifactregistry.locations.get","artifactregistry.locations.list","artifactregistry.mavenartifacts.get","artifactregistry.mavenartifacts.list","artifactregistry.npmpackages.get","artifactregistry.npmpackages.list","artifactregistry.packages.get","artifactregistry.packages.list","artifactregistry.pythonpackages.get","artifactregistry.pythonpackages.list","artifactregistry.repositories.downloadArtifacts","artifactregistry.repositories.get","artifactregistry.repositories.list","artifactregistry.repositories.listEffectiveTags","artifactregistry.repositories.listTagBindings","artifactregistry.tags.get","artifactregistry.tags.list","artifactregistry.versions.get","artifactregistry.versions.list"],"name":"roles/artifactregistry.reader","stage":"GA","title":"Artifact Registry Reader","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Access to manage artifacts in repositories.","etag":"AA==","includedPermissions":["artifactregistry.aptartifacts.create","artifactregistry.dockerimages.get","artifactregistry.dockerimages.list","artifactregistry.files.get","artifactregistry.files.list","artifactregistry.locations.get","artifactregistry.locations.list","artifactregistry.mavenartifacts.get","artifactregistry.mavenartifacts.list","artifactregistry.npmpackages.get","artifactregistry.npmpackages.list","artifactregistry.packages.delete","artifactregistry.packages.get","artifactregistry.packages.list","artifactregistry.pythonpackages.get","artifactregistry.pythonpackages.list","artifactregistry.repositories.deleteArtifacts","artifactregistry.repositories.downloadArtifacts","artifactregistry.repositories.get","artifactregistry.repositories.list","artifactregistry.repositories.listEffectiveTags","artifactregistry.repositories.listTagBindings","artifactregistry.repositories.uploadArtifacts","artifactregistry.tags.create","artifactregistry.tags.delete","artifactregistry.tags.get","artifactregistry.tags.list","artifactregistry.tags.update","artifactregistry.versions.delete","artifactregistry.versions.get","artifactregistry.versions.list","artifactregistry.yumartifacts.create"],"name":"roles/artifactregistry.repoAdmin","stage":"GA","title":"Artifact Registry Repository Administrator","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"Gives the Artifact Registry service account access to managed resources.","etag":"AA==","includedPermissions":["artifactregistry.repositories.downloadArtifacts","artifactregistry.versions.delete","pubsub.topics.publish"],"name":"roles/artifactregistry.serviceAgent","stage":"GA","title":"Artifact Registry Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"Gives the Artifact Registry service account access to managed resources.","etag":"AA==","includedPermissions":["artifactregistry.repositories.downloadArtifacts","pubsub.topics.publish"],"name":"roles/artifactregistry.serviceAgent","stage":"GA","title":"Artifact Registry Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Access to read and write repository items.","etag":"AA==","includedPermissions":["artifactregistry.aptartifacts.create","artifactregistry.dockerimages.get","artifactregistry.dockerimages.list","artifactregistry.files.get","artifactregistry.files.list","artifactregistry.locations.get","artifactregistry.locations.list","artifactregistry.mavenartifacts.get","artifactregistry.mavenartifacts.list","artifactregistry.npmpackages.get","artifactregistry.npmpackages.list","artifactregistry.packages.get","artifactregistry.packages.list","artifactregistry.pythonpackages.get","artifactregistry.pythonpackages.list","artifactregistry.repositories.downloadArtifacts","artifactregistry.repositories.get","artifactregistry.repositories.list","artifactregistry.repositories.listEffectiveTags","artifactregistry.repositories.listTagBindings","artifactregistry.repositories.uploadArtifacts","artifactregistry.tags.create","artifactregistry.tags.get","artifactregistry.tags.list","artifactregistry.tags.update","artifactregistry.versions.get","artifactregistry.versions.list","artifactregistry.yumartifacts.create"],"name":"roles/artifactregistry.writer","stage":"GA","title":"Artifact Registry Writer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Grants full access to Assured Workloads resources, CRM resources - project/folder and Organization Policy administration","etag":"AA==","includedPermissions":["assuredworkloads.operations.get","assuredworkloads.operations.list","assuredworkloads.violations.get","assuredworkloads.violations.list","assuredworkloads.violations.update","assuredworkloads.workload.create","assuredworkloads.workload.delete","assuredworkloads.workload.get","assuredworkloads.workload.list","assuredworkloads.workload.update","logging.cmekSettings.update","orgpolicy.policy.get","orgpolicy.policy.set","resourcemanager.folders.create","resourcemanager.folders.get","resourcemanager.folders.list","resourcemanager.organizations.get","resourcemanager.projects.create","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/assuredworkloads.admin","stage":"GA","title":"Assured Workloads Administrator","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Grants read, write access to Assured Workloads resources, CRM resources - project/folder and Organization Policy administration","etag":"AA==","includedPermissions":["assuredworkloads.operations.get","assuredworkloads.operations.list","assuredworkloads.violations.get","assuredworkloads.violations.list","assuredworkloads.violations.update","assuredworkloads.workload.create","assuredworkloads.workload.delete","assuredworkloads.workload.get","assuredworkloads.workload.list","assuredworkloads.workload.update","orgpolicy.policy.get","orgpolicy.policy.set","resourcemanager.folders.create","resourcemanager.folders.get","resourcemanager.folders.list","resourcemanager.organizations.get","resourcemanager.projects.create","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/assuredworkloads.editor","stage":"GA","title":"Assured Workloads Editor","asset_type":"iam.googleapis.com/ExportedIAMRole"} @@ -100,7 +100,7 @@ {"description":"Full access to all autoscaling site features","etag":"AA==","includedPermissions":["autoscaling.sites.getIamPolicy","autoscaling.sites.readRecommendations","autoscaling.sites.setIamPolicy","autoscaling.sites.writeMetrics","autoscaling.sites.writeState","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/autoscaling.sitesAdmin","stage":"BETA","title":"Autoscaling Site Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Access to write state for autoscaling site","etag":"AA==","includedPermissions":["autoscaling.sites.writeState"],"name":"roles/autoscaling.stateWriter","stage":"BETA","title":"Autoscaling State Writer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Enable Access Transparency for Organization","etag":"AA==","includedPermissions":["axt.labels.get","axt.labels.set","resourcemanager.organizations.get","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/axt.admin","stage":"GA","title":"Access Transparency Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"Full control of Backup and DR resources including ACL configuration via the management console.","etag":"AA==","includedPermissions":["backupdr.locations.get","backupdr.locations.list","backupdr.managementServers.backupAccess","backupdr.managementServers.create","backupdr.managementServers.delete","backupdr.managementServers.get","backupdr.managementServers.getIamPolicy","backupdr.managementServers.list","backupdr.managementServers.manageInternalACL","backupdr.managementServers.setIamPolicy","backupdr.operations.cancel","backupdr.operations.delete","backupdr.operations.get","backupdr.operations.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/backupdr.admin","stage":"GA","title":"Backup and DR Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"Full control of Backup and DR resources including ACL configuration via the management console.","etag":"AA==","includedPermissions":["backupdr.locations.get","backupdr.locations.list","backupdr.managementServers.backupAccess","backupdr.managementServers.create","backupdr.managementServers.delete","backupdr.managementServers.get","backupdr.managementServers.getIamPolicy","backupdr.managementServers.list","backupdr.managementServers.manageInternalACL","backupdr.managementServers.setIamPolicy","backupdr.operations.cancel","backupdr.operations.delete","backupdr.operations.get","backupdr.operations.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/backupdr.admin","stage":"ALPHA","title":"Backup and DR Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Provides access to management console. Granular Backup and DR permissions depend on ACL configuration provided by Backup and DR admin within the management console.","etag":"AA==","includedPermissions":["backupdr.managementServers.backupAccess","backupdr.managementServers.get","backupdr.managementServers.getIamPolicy","backupdr.managementServers.list","backupdr.operations.get","backupdr.operations.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/backupdr.user","stage":"GA","title":"Backup and DR User","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Read-only access to Backup and DR resources.","etag":"AA==","includedPermissions":["backupdr.locations.get","backupdr.locations.list","backupdr.managementServers.get","backupdr.managementServers.getIamPolicy","backupdr.managementServers.list","backupdr.operations.get","backupdr.operations.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/backupdr.viewer","stage":"GA","title":"Backup and DR Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Administrator of Bare Metal Solution resources","etag":"AA==","includedPermissions":["baremetalsolution.instancequotas.list","baremetalsolution.instances.attachVolume","baremetalsolution.instances.create","baremetalsolution.instances.detachVolume","baremetalsolution.instances.get","baremetalsolution.instances.list","baremetalsolution.instances.reset","baremetalsolution.instances.start","baremetalsolution.instances.update","baremetalsolution.luns.create","baremetalsolution.luns.delete","baremetalsolution.luns.get","baremetalsolution.luns.list","baremetalsolution.luns.update","baremetalsolution.networkquotas.list","baremetalsolution.networks.get","baremetalsolution.networks.list","baremetalsolution.networks.update","baremetalsolution.nfsshares.get","baremetalsolution.nfsshares.list","baremetalsolution.nfsshares.update","baremetalsolution.snapshotschedulepolicies.create","baremetalsolution.snapshotschedulepolicies.delete","baremetalsolution.snapshotschedulepolicies.get","baremetalsolution.snapshotschedulepolicies.list","baremetalsolution.snapshotschedulepolicies.update","baremetalsolution.volumequotas.list","baremetalsolution.volumes.create","baremetalsolution.volumes.delete","baremetalsolution.volumes.get","baremetalsolution.volumes.list","baremetalsolution.volumes.resize","baremetalsolution.volumes.update","baremetalsolution.volumesnapshots.create","baremetalsolution.volumesnapshots.delete","baremetalsolution.volumesnapshots.get","baremetalsolution.volumesnapshots.list","baremetalsolution.volumesnapshots.restore","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/baremetalsolution.admin","stage":"GA","title":"Bare Metal Solution Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} @@ -768,7 +768,7 @@ {"description":"Read/write access to uptime check configurations.","etag":"AA==","includedPermissions":["monitoring.uptimeCheckConfigs.create","monitoring.uptimeCheckConfigs.delete","monitoring.uptimeCheckConfigs.get","monitoring.uptimeCheckConfigs.list","monitoring.uptimeCheckConfigs.update"],"name":"roles/monitoring.uptimeCheckConfigEditor","stage":"BETA","title":"Monitoring Uptime Check Configuration Editor","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Read-only access to uptime check configurations.","etag":"AA==","includedPermissions":["monitoring.uptimeCheckConfigs.get","monitoring.uptimeCheckConfigs.list"],"name":"roles/monitoring.uptimeCheckConfigViewer","stage":"BETA","title":"Monitoring Uptime Check Configuration Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Read-only access to get and list information about all monitoring data and configuration.","etag":"AA==","includedPermissions":["cloudnotifications.activities.list","monitoring.alertPolicies.get","monitoring.alertPolicies.list","monitoring.dashboards.get","monitoring.dashboards.list","monitoring.groups.get","monitoring.groups.list","monitoring.metricDescriptors.get","monitoring.metricDescriptors.list","monitoring.monitoredResourceDescriptors.get","monitoring.monitoredResourceDescriptors.list","monitoring.notificationChannelDescriptors.get","monitoring.notificationChannelDescriptors.list","monitoring.notificationChannels.get","monitoring.notificationChannels.list","monitoring.publicWidgets.get","monitoring.publicWidgets.list","monitoring.services.get","monitoring.services.list","monitoring.slos.get","monitoring.slos.list","monitoring.timeSeries.list","monitoring.uptimeCheckConfigs.get","monitoring.uptimeCheckConfigs.list","opsconfigmonitoring.resourceMetadata.list","resourcemanager.projects.get","resourcemanager.projects.list","stackdriver.projects.get"],"name":"roles/monitoring.viewer","stage":"GA","title":"Monitoring Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"Gives the Multi Cluster Ingress service agent access to CloudPlatform resources.","etag":"AA==","includedPermissions":["certificatemanager.certmapentries.create","certificatemanager.certmapentries.delete","certificatemanager.certmapentries.get","certificatemanager.certmapentries.getIamPolicy","certificatemanager.certmapentries.list","certificatemanager.certmapentries.update","certificatemanager.certmaps.create","certificatemanager.certmaps.delete","certificatemanager.certmaps.get","certificatemanager.certmaps.getIamPolicy","certificatemanager.certmaps.list","certificatemanager.certmaps.update","certificatemanager.certmaps.use","certificatemanager.certs.create","certificatemanager.certs.delete","certificatemanager.certs.get","certificatemanager.certs.getIamPolicy","certificatemanager.certs.list","certificatemanager.certs.update","certificatemanager.certs.use","certificatemanager.dnsauthorizations.create","certificatemanager.dnsauthorizations.delete","certificatemanager.dnsauthorizations.get","certificatemanager.dnsauthorizations.getIamPolicy","certificatemanager.dnsauthorizations.list","certificatemanager.dnsauthorizations.update","certificatemanager.dnsauthorizations.use","compute.addresses.create","compute.addresses.createInternal","compute.addresses.delete","compute.addresses.deleteInternal","compute.addresses.get","compute.addresses.list","compute.addresses.use","compute.addresses.useInternal","compute.backendServices.create","compute.backendServices.delete","compute.backendServices.get","compute.backendServices.getIamPolicy","compute.backendServices.list","compute.backendServices.setIamPolicy","compute.backendServices.setSecurityPolicy","compute.backendServices.update","compute.backendServices.use","compute.firewalls.create","compute.firewalls.delete","compute.firewalls.get","compute.firewalls.list","compute.firewalls.update","compute.forwardingRules.create","compute.forwardingRules.delete","compute.forwardingRules.get","compute.forwardingRules.list","compute.forwardingRules.pscCreate","compute.forwardingRules.pscDelete","compute.forwardingRules.pscSetLabels","compute.forwardingRules.pscSetTarget","compute.forwardingRules.pscUpdate","compute.forwardingRules.setLabels","compute.forwardingRules.setTarget","compute.forwardingRules.update","compute.forwardingRules.use","compute.globalAddresses.create","compute.globalAddresses.delete","compute.globalAddresses.get","compute.globalAddresses.list","compute.globalAddresses.use","compute.globalForwardingRules.create","compute.globalForwardingRules.delete","compute.globalForwardingRules.get","compute.globalForwardingRules.list","compute.globalForwardingRules.pscCreate","compute.globalForwardingRules.pscDelete","compute.globalForwardingRules.pscGet","compute.globalForwardingRules.pscSetLabels","compute.globalForwardingRules.pscSetTarget","compute.globalForwardingRules.pscUpdate","compute.globalForwardingRules.setLabels","compute.globalForwardingRules.setTarget","compute.globalForwardingRules.update","compute.healthChecks.create","compute.healthChecks.delete","compute.healthChecks.get","compute.healthChecks.list","compute.healthChecks.update","compute.healthChecks.use","compute.healthChecks.useReadOnly","compute.networkEndpointGroups.get","compute.networkEndpointGroups.use","compute.networks.updatePolicy","compute.networks.use","compute.regionBackendServices.create","compute.regionBackendServices.delete","compute.regionBackendServices.get","compute.regionBackendServices.getIamPolicy","compute.regionBackendServices.list","compute.regionBackendServices.setIamPolicy","compute.regionBackendServices.setSecurityPolicy","compute.regionBackendServices.update","compute.regionBackendServices.use","compute.regionHealthChecks.create","compute.regionHealthChecks.delete","compute.regionHealthChecks.get","compute.regionHealthChecks.list","compute.regionHealthChecks.update","compute.regionHealthChecks.use","compute.regionHealthChecks.useReadOnly","compute.regionSslCertificates.create","compute.regionSslCertificates.delete","compute.regionSslCertificates.get","compute.regionSslCertificates.list","compute.regionTargetHttpProxies.create","compute.regionTargetHttpProxies.delete","compute.regionTargetHttpProxies.get","compute.regionTargetHttpProxies.list","compute.regionTargetHttpProxies.setUrlMap","compute.regionTargetHttpProxies.use","compute.regionTargetHttpsProxies.create","compute.regionTargetHttpsProxies.delete","compute.regionTargetHttpsProxies.get","compute.regionTargetHttpsProxies.list","compute.regionTargetHttpsProxies.setSslCertificates","compute.regionTargetHttpsProxies.setUrlMap","compute.regionTargetHttpsProxies.update","compute.regionTargetHttpsProxies.use","compute.regionUrlMaps.create","compute.regionUrlMaps.delete","compute.regionUrlMaps.get","compute.regionUrlMaps.invalidateCache","compute.regionUrlMaps.list","compute.regionUrlMaps.update","compute.regionUrlMaps.use","compute.regionUrlMaps.validate","compute.securityPolicies.use","compute.sslCertificates.create","compute.sslCertificates.delete","compute.sslCertificates.get","compute.sslCertificates.list","compute.sslPolicies.use","compute.subnetworks.list","compute.subnetworks.use","compute.targetHttpProxies.create","compute.targetHttpProxies.delete","compute.targetHttpProxies.get","compute.targetHttpProxies.list","compute.targetHttpProxies.setUrlMap","compute.targetHttpProxies.use","compute.targetHttpsProxies.create","compute.targetHttpsProxies.delete","compute.targetHttpsProxies.get","compute.targetHttpsProxies.list","compute.targetHttpsProxies.setSslCertificates","compute.targetHttpsProxies.setSslPolicy","compute.targetHttpsProxies.setUrlMap","compute.targetHttpsProxies.update","compute.targetHttpsProxies.use","compute.urlMaps.create","compute.urlMaps.delete","compute.urlMaps.get","compute.urlMaps.invalidateCache","compute.urlMaps.list","compute.urlMaps.update","compute.urlMaps.use","compute.urlMaps.validate","container.backendConfigs.create","container.backendConfigs.delete","container.backendConfigs.get","container.backendConfigs.list","container.backendConfigs.update","container.clusters.get","container.customResourceDefinitions.create","container.customResourceDefinitions.delete","container.customResourceDefinitions.get","container.customResourceDefinitions.list","container.customResourceDefinitions.update","container.deployments.create","container.deployments.delete","container.deployments.get","container.deployments.getScale","container.deployments.getStatus","container.deployments.list","container.deployments.rollback","container.deployments.update","container.deployments.updateScale","container.deployments.updateStatus","container.events.create","container.events.update","container.frontendConfigs.create","container.frontendConfigs.delete","container.frontendConfigs.get","container.frontendConfigs.list","container.frontendConfigs.update","container.namespaces.list","container.secrets.get","container.secrets.list","container.services.create","container.services.delete","container.services.get","container.services.getStatus","container.services.list","container.services.proxy","container.services.update","container.services.updateStatus","container.thirdPartyObjects.create","container.thirdPartyObjects.delete","container.thirdPartyObjects.get","container.thirdPartyObjects.list","container.thirdPartyObjects.update","gkehub.features.get","gkehub.locations.get","gkehub.locations.list","gkehub.memberships.get","gkehub.memberships.list","serviceusage.services.get","serviceusage.services.list"],"name":"roles/multiclusteringress.serviceAgent","stage":"GA","title":"Multi Cluster Ingress Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"Gives the Multi Cluster Ingress service agent access to CloudPlatform resources.","etag":"AA==","includedPermissions":["certificatemanager.certmapentries.create","certificatemanager.certmapentries.delete","certificatemanager.certmapentries.get","certificatemanager.certmapentries.getIamPolicy","certificatemanager.certmapentries.list","certificatemanager.certmapentries.update","certificatemanager.certmaps.create","certificatemanager.certmaps.delete","certificatemanager.certmaps.get","certificatemanager.certmaps.getIamPolicy","certificatemanager.certmaps.list","certificatemanager.certmaps.update","certificatemanager.certmaps.use","certificatemanager.certs.create","certificatemanager.certs.delete","certificatemanager.certs.get","certificatemanager.certs.getIamPolicy","certificatemanager.certs.list","certificatemanager.certs.update","certificatemanager.certs.use","certificatemanager.dnsauthorizations.create","certificatemanager.dnsauthorizations.delete","certificatemanager.dnsauthorizations.get","certificatemanager.dnsauthorizations.getIamPolicy","certificatemanager.dnsauthorizations.list","certificatemanager.dnsauthorizations.update","certificatemanager.dnsauthorizations.use","compute.addresses.create","compute.addresses.createInternal","compute.addresses.delete","compute.addresses.deleteInternal","compute.addresses.get","compute.addresses.list","compute.addresses.use","compute.addresses.useInternal","compute.backendServices.create","compute.backendServices.delete","compute.backendServices.get","compute.backendServices.getIamPolicy","compute.backendServices.list","compute.backendServices.setIamPolicy","compute.backendServices.setSecurityPolicy","compute.backendServices.update","compute.backendServices.use","compute.firewalls.create","compute.firewalls.delete","compute.firewalls.get","compute.firewalls.list","compute.firewalls.update","compute.forwardingRules.create","compute.forwardingRules.delete","compute.forwardingRules.get","compute.forwardingRules.list","compute.forwardingRules.pscCreate","compute.forwardingRules.pscDelete","compute.forwardingRules.pscSetLabels","compute.forwardingRules.pscSetTarget","compute.forwardingRules.pscUpdate","compute.forwardingRules.setLabels","compute.forwardingRules.setTarget","compute.forwardingRules.update","compute.forwardingRules.use","compute.globalAddresses.create","compute.globalAddresses.delete","compute.globalAddresses.get","compute.globalAddresses.list","compute.globalAddresses.use","compute.globalForwardingRules.create","compute.globalForwardingRules.delete","compute.globalForwardingRules.get","compute.globalForwardingRules.list","compute.globalForwardingRules.pscCreate","compute.globalForwardingRules.pscDelete","compute.globalForwardingRules.pscGet","compute.globalForwardingRules.pscSetLabels","compute.globalForwardingRules.pscSetTarget","compute.globalForwardingRules.pscUpdate","compute.globalForwardingRules.setLabels","compute.globalForwardingRules.setTarget","compute.globalForwardingRules.update","compute.healthChecks.create","compute.healthChecks.delete","compute.healthChecks.get","compute.healthChecks.list","compute.healthChecks.update","compute.healthChecks.use","compute.healthChecks.useReadOnly","compute.networkEndpointGroups.get","compute.networkEndpointGroups.use","compute.networks.updatePolicy","compute.networks.use","compute.regionBackendServices.create","compute.regionBackendServices.delete","compute.regionBackendServices.get","compute.regionBackendServices.getIamPolicy","compute.regionBackendServices.list","compute.regionBackendServices.setIamPolicy","compute.regionBackendServices.setSecurityPolicy","compute.regionBackendServices.update","compute.regionBackendServices.use","compute.regionHealthChecks.create","compute.regionHealthChecks.delete","compute.regionHealthChecks.get","compute.regionHealthChecks.list","compute.regionHealthChecks.update","compute.regionHealthChecks.use","compute.regionHealthChecks.useReadOnly","compute.regionSslCertificates.create","compute.regionSslCertificates.delete","compute.regionSslCertificates.get","compute.regionSslCertificates.list","compute.regionTargetHttpProxies.create","compute.regionTargetHttpProxies.delete","compute.regionTargetHttpProxies.get","compute.regionTargetHttpProxies.list","compute.regionTargetHttpProxies.setUrlMap","compute.regionTargetHttpProxies.use","compute.regionTargetHttpsProxies.create","compute.regionTargetHttpsProxies.delete","compute.regionTargetHttpsProxies.get","compute.regionTargetHttpsProxies.list","compute.regionTargetHttpsProxies.setSslCertificates","compute.regionTargetHttpsProxies.setUrlMap","compute.regionTargetHttpsProxies.update","compute.regionTargetHttpsProxies.use","compute.regionUrlMaps.create","compute.regionUrlMaps.delete","compute.regionUrlMaps.get","compute.regionUrlMaps.invalidateCache","compute.regionUrlMaps.list","compute.regionUrlMaps.update","compute.regionUrlMaps.use","compute.regionUrlMaps.validate","compute.securityPolicies.use","compute.sslCertificates.create","compute.sslCertificates.delete","compute.sslCertificates.get","compute.sslCertificates.list","compute.sslPolicies.use","compute.subnetworks.list","compute.subnetworks.use","compute.targetHttpProxies.create","compute.targetHttpProxies.delete","compute.targetHttpProxies.get","compute.targetHttpProxies.list","compute.targetHttpProxies.setUrlMap","compute.targetHttpProxies.use","compute.targetHttpsProxies.create","compute.targetHttpsProxies.delete","compute.targetHttpsProxies.get","compute.targetHttpsProxies.list","compute.targetHttpsProxies.setSslCertificates","compute.targetHttpsProxies.setSslPolicy","compute.targetHttpsProxies.setUrlMap","compute.targetHttpsProxies.update","compute.targetHttpsProxies.use","compute.urlMaps.create","compute.urlMaps.delete","compute.urlMaps.get","compute.urlMaps.invalidateCache","compute.urlMaps.list","compute.urlMaps.update","compute.urlMaps.use","compute.urlMaps.validate","container.backendConfigs.create","container.backendConfigs.delete","container.backendConfigs.get","container.backendConfigs.list","container.backendConfigs.update","container.clusters.get","container.customResourceDefinitions.create","container.customResourceDefinitions.delete","container.customResourceDefinitions.get","container.customResourceDefinitions.update","container.deployments.create","container.deployments.delete","container.deployments.get","container.deployments.getScale","container.deployments.getStatus","container.deployments.list","container.deployments.rollback","container.deployments.update","container.deployments.updateScale","container.deployments.updateStatus","container.events.create","container.events.update","container.frontendConfigs.create","container.frontendConfigs.delete","container.frontendConfigs.get","container.frontendConfigs.list","container.frontendConfigs.update","container.namespaces.list","container.secrets.get","container.secrets.list","container.services.create","container.services.delete","container.services.get","container.services.getStatus","container.services.list","container.services.proxy","container.services.update","container.services.updateStatus","container.thirdPartyObjects.create","container.thirdPartyObjects.delete","container.thirdPartyObjects.get","container.thirdPartyObjects.list","container.thirdPartyObjects.update","gkehub.features.get","gkehub.locations.get","gkehub.locations.list","gkehub.memberships.get","gkehub.memberships.list","serviceusage.services.get","serviceusage.services.list"],"name":"roles/multiclusteringress.serviceAgent","stage":"GA","title":"Multi Cluster Ingress Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Gives the Multi-cluster metering service agent access to CloudPlatform resources.","etag":"AA==","includedPermissions":["gkehub.features.get","gkehub.locations.get","gkehub.locations.list","gkehub.memberships.get","gkehub.memberships.list"],"name":"roles/multiclustermetering.serviceAgent","stage":"GA","title":"Multi-cluster metering Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"This role is managed by NetApp, not Google.","etag":"AA==","includedPermissions":["cloudvolumesgcp-api.netapp.com/activeDirectories.create","cloudvolumesgcp-api.netapp.com/activeDirectories.delete","cloudvolumesgcp-api.netapp.com/activeDirectories.get","cloudvolumesgcp-api.netapp.com/activeDirectories.list","cloudvolumesgcp-api.netapp.com/activeDirectories.update","cloudvolumesgcp-api.netapp.com/ipRanges.list","cloudvolumesgcp-api.netapp.com/jobs.get","cloudvolumesgcp-api.netapp.com/jobs.list","cloudvolumesgcp-api.netapp.com/regions.list","cloudvolumesgcp-api.netapp.com/serviceLevels.list","cloudvolumesgcp-api.netapp.com/snapshots.create","cloudvolumesgcp-api.netapp.com/snapshots.delete","cloudvolumesgcp-api.netapp.com/snapshots.get","cloudvolumesgcp-api.netapp.com/snapshots.list","cloudvolumesgcp-api.netapp.com/snapshots.update","cloudvolumesgcp-api.netapp.com/volumes.create","cloudvolumesgcp-api.netapp.com/volumes.delete","cloudvolumesgcp-api.netapp.com/volumes.get","cloudvolumesgcp-api.netapp.com/volumes.list","cloudvolumesgcp-api.netapp.com/volumes.update","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/netappcloudvolumes.admin","stage":"BETA","title":"NetApp Cloud Volumes Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"This role is managed by NetApp, not Google.","etag":"AA==","includedPermissions":["cloudvolumesgcp-api.netapp.com/activeDirectories.get","cloudvolumesgcp-api.netapp.com/activeDirectories.list","cloudvolumesgcp-api.netapp.com/ipRanges.list","cloudvolumesgcp-api.netapp.com/jobs.get","cloudvolumesgcp-api.netapp.com/jobs.list","cloudvolumesgcp-api.netapp.com/regions.list","cloudvolumesgcp-api.netapp.com/serviceLevels.list","cloudvolumesgcp-api.netapp.com/snapshots.get","cloudvolumesgcp-api.netapp.com/snapshots.list","cloudvolumesgcp-api.netapp.com/volumes.get","cloudvolumesgcp-api.netapp.com/volumes.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/netappcloudvolumes.viewer","stage":"BETA","title":"NetApp Cloud Volumes Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} diff --git a/roles/artifactregistry.serviceAgent b/roles/artifactregistry.serviceAgent index 9ae9e59a..88c06774 100644 --- a/roles/artifactregistry.serviceAgent +++ b/roles/artifactregistry.serviceAgent @@ -3,7 +3,6 @@ "etag": "AA==", "includedPermissions": [ "artifactregistry.repositories.downloadArtifacts", - "artifactregistry.versions.delete", "pubsub.topics.publish" ], "name": "roles/artifactregistry.serviceAgent", diff --git a/roles/backupdr.admin b/roles/backupdr.admin index 129545d1..66abfe73 100644 --- a/roles/backupdr.admin +++ b/roles/backupdr.admin @@ -20,6 +20,6 @@ "resourcemanager.projects.list" ], "name": "roles/backupdr.admin", - "stage": "GA", + "stage": "ALPHA", "title": "Backup and DR Admin" } diff --git a/roles/multiclusteringress.serviceAgent b/roles/multiclusteringress.serviceAgent index d0515dfb..0664e313 100644 --- a/roles/multiclusteringress.serviceAgent +++ b/roles/multiclusteringress.serviceAgent @@ -175,7 +175,6 @@ "container.customResourceDefinitions.create", "container.customResourceDefinitions.delete", "container.customResourceDefinitions.get", - "container.customResourceDefinitions.list", "container.customResourceDefinitions.update", "container.deployments.create", "container.deployments.delete",