Fetch all roles

darkbitio · Oct 25, 2024 · 2c13b23 · 2c13b23
1 parent 917a1bc
commit 2c13b23
Show file tree

Hide file tree

Showing 32 changed files with 121 additions and 92 deletions.
diff --git a/gcp_roles_cai.json b/gcp_roles_cai.json
diff --git a/roles/anthossupport.serviceAgent b/roles/anthossupport.serviceAgent
@@ -7,6 +7,7 @@
     "gkehub.features.list",
     "gkehub.fleet.get",
     "gkehub.fleet.getFreeTrial",
+    "gkehub.gateway.generateCredentials",
     "gkehub.gateway.get",
     "gkehub.locations.get",
     "gkehub.locations.list",

diff --git a/roles/backupdr.admin b/roles/backupdr.admin
@@ -2,16 +2,16 @@
   "description": "Provides full access to all Backup and DR resources. ",
   "etag": "AA==",
   "includedPermissions": [
-    "backupdr.backupPlanAssociations.create",
-    "backupdr.backupPlanAssociations.delete",
+    "backupdr.backupPlanAssociations.createForComputeInstance",
+    "backupdr.backupPlanAssociations.deleteForComputeInstance",
     "backupdr.backupPlanAssociations.get",
     "backupdr.backupPlanAssociations.list",
-    "backupdr.backupPlanAssociations.triggerBackup",
+    "backupdr.backupPlanAssociations.triggerBackupForComputeInstance",
     "backupdr.backupPlans.create",
     "backupdr.backupPlans.delete",
     "backupdr.backupPlans.get",
     "backupdr.backupPlans.list",
-    "backupdr.backupPlans.useComputeInstanceOnly",
+    "backupdr.backupPlans.useForComputeInstance",
     "backupdr.backupVaults.associate",
     "backupdr.backupVaults.create",
     "backupdr.backupVaults.delete",

diff --git a/roles/backupdr.backupUser b/roles/backupdr.backupUser
@@ -2,14 +2,14 @@
   "description": "Allows the user to apply existing backup plans. This role cannot create backup plans or restore from a backup.",
   "etag": "AA==",
   "includedPermissions": [
-    "backupdr.backupPlanAssociations.create",
-    "backupdr.backupPlanAssociations.delete",
+    "backupdr.backupPlanAssociations.createForComputeInstance",
+    "backupdr.backupPlanAssociations.deleteForComputeInstance",
     "backupdr.backupPlanAssociations.get",
     "backupdr.backupPlanAssociations.list",
-    "backupdr.backupPlanAssociations.triggerBackup",
+    "backupdr.backupPlanAssociations.triggerBackupForComputeInstance",
     "backupdr.backupPlans.get",
     "backupdr.backupPlans.list",
-    "backupdr.backupPlans.useComputeInstanceOnly",
+    "backupdr.backupPlans.useForComputeInstance",
     "backupdr.backupVaults.get",
     "backupdr.backupVaults.list",
     "backupdr.bvbackups.get",

diff --git a/roles/backupdr.user b/roles/backupdr.user
@@ -2,8 +2,8 @@
   "description": "Provides access to management console. Granular Backup and DR permissions depend on ACL configuration provided by Backup and DR admin within the management console.",
   "etag": "AA==",
   "includedPermissions": [
-    "backupdr.backupPlanAssociations.create",
-    "backupdr.backupPlanAssociations.delete",
+    "backupdr.backupPlanAssociations.createForComputeInstance",
+    "backupdr.backupPlanAssociations.deleteForComputeInstance",
     "backupdr.managementServers.access",
     "backupdr.managementServers.backupAccess",
     "backupdr.managementServers.get",

diff --git a/roles/batch.serviceAgent b/roles/batch.serviceAgent
@@ -2,6 +2,11 @@
   "description": "Gives Google Batch account access to manage customer resources.",
   "etag": "AA==",
   "includedPermissions": [
+    "backupdr.backupPlanAssociations.createForComputeInstance",
+    "backupdr.backupPlanAssociations.deleteForComputeInstance",
+    "backupdr.backupPlanAssociations.list",
+    "backupdr.backupPlanAssociations.triggerBackupForComputeInstance",
+    "backupdr.backupPlans.useForComputeInstance",
     "compute.acceleratorTypes.get",
     "compute.acceleratorTypes.list",
     "compute.addresses.createInternal",

diff --git a/roles/cloudsql.admin b/roles/cloudsql.admin
@@ -7,11 +7,6 @@
     "cloudsql.backupRuns.delete",
     "cloudsql.backupRuns.get",
     "cloudsql.backupRuns.list",
-    "cloudsql.backups.create",
-    "cloudsql.backups.delete",
-    "cloudsql.backups.get",
-    "cloudsql.backups.list",
-    "cloudsql.backups.update",
     "cloudsql.databases.create",
     "cloudsql.databases.delete",
     "cloudsql.databases.get",
@@ -52,8 +47,6 @@
     "cloudsql.instances.stopReplica",
     "cloudsql.instances.truncateLog",
     "cloudsql.instances.update",
-    "cloudsql.operations.get",
-    "cloudsql.operations.list",
     "cloudsql.schemas.view",
     "cloudsql.sslCerts.create",
     "cloudsql.sslCerts.delete",

diff --git a/roles/cloudsql.viewer b/roles/cloudsql.viewer
@@ -5,8 +5,6 @@
     "cloudaicompanion.entitlements.get",
     "cloudsql.backupRuns.get",
     "cloudsql.backupRuns.list",
-    "cloudsql.backups.get",
-    "cloudsql.backups.list",
     "cloudsql.databases.get",
     "cloudsql.databases.list",
     "cloudsql.instances.export",
@@ -17,8 +15,6 @@
     "cloudsql.instances.listServerCas",
     "cloudsql.instances.listServerCertificates",
     "cloudsql.instances.listTagBindings",
-    "cloudsql.operations.get",
-    "cloudsql.operations.list",
     "cloudsql.sslCerts.get",
     "cloudsql.sslCerts.list",
     "cloudsql.users.get",

diff --git a/roles/cloudtpu.serviceAgent b/roles/cloudtpu.serviceAgent
@@ -2,6 +2,11 @@
   "description": "Give Cloud TPUs service account access to managed resources",
   "etag": "AA==",
   "includedPermissions": [
+    "backupdr.backupPlanAssociations.createForComputeInstance",
+    "backupdr.backupPlanAssociations.deleteForComputeInstance",
+    "backupdr.backupPlanAssociations.list",
+    "backupdr.backupPlanAssociations.triggerBackupForComputeInstance",
+    "backupdr.backupPlans.useForComputeInstance",
     "compute.acceleratorTypes.get",
     "compute.acceleratorTypes.list",
     "compute.addresses.create",

diff --git a/roles/composer.serviceAgent b/roles/composer.serviceAgent
@@ -30,17 +30,17 @@
     "artifactregistry.repositories.get",
     "artifactregistry.repositories.list",
     "artifactregistry.repositories.update",
+    "backupdr.backupPlanAssociations.createForComputeInstance",
+    "backupdr.backupPlanAssociations.deleteForComputeInstance",
+    "backupdr.backupPlanAssociations.list",
+    "backupdr.backupPlanAssociations.triggerBackupForComputeInstance",
+    "backupdr.backupPlans.useForComputeInstance",
     "cloudaicompanion.entitlements.get",
     "cloudnotifications.activities.list",
     "cloudsql.backupRuns.create",
     "cloudsql.backupRuns.delete",
     "cloudsql.backupRuns.get",
     "cloudsql.backupRuns.list",
-    "cloudsql.backups.create",
-    "cloudsql.backups.delete",
-    "cloudsql.backups.get",
-    "cloudsql.backups.list",
-    "cloudsql.backups.update",
     "cloudsql.databases.create",
     "cloudsql.databases.delete",
     "cloudsql.databases.get",
@@ -81,8 +81,6 @@
     "cloudsql.instances.stopReplica",
     "cloudsql.instances.truncateLog",
     "cloudsql.instances.update",
-    "cloudsql.operations.get",
-    "cloudsql.operations.list",
     "cloudsql.schemas.view",
     "cloudsql.sslCerts.create",
     "cloudsql.sslCerts.delete",

diff --git a/roles/compute.admin b/roles/compute.admin
@@ -2,6 +2,11 @@
   "description": "Full control of all Compute Engine resources.",
   "etag": "AA==",
   "includedPermissions": [
+    "backupdr.backupPlanAssociations.createForComputeInstance",
+    "backupdr.backupPlanAssociations.deleteForComputeInstance",
+    "backupdr.backupPlanAssociations.list",
+    "backupdr.backupPlanAssociations.triggerBackupForComputeInstance",
+    "backupdr.backupPlans.useForComputeInstance",
     "compute.acceleratorTypes.get",
     "compute.acceleratorTypes.list",
     "compute.addresses.create",

diff --git a/roles/compute.instanceAdmin b/roles/compute.instanceAdmin
@@ -2,6 +2,11 @@
   "description": "Full control of Compute Engine instance resources.",
   "etag": "AA==",
   "includedPermissions": [
+    "backupdr.backupPlanAssociations.createForComputeInstance",
+    "backupdr.backupPlanAssociations.deleteForComputeInstance",
+    "backupdr.backupPlanAssociations.list",
+    "backupdr.backupPlanAssociations.triggerBackupForComputeInstance",
+    "backupdr.backupPlans.useForComputeInstance",
     "compute.acceleratorTypes.get",
     "compute.acceleratorTypes.list",
     "compute.addresses.createInternal",

diff --git a/roles/compute.instanceAdmin.v1 b/roles/compute.instanceAdmin.v1
@@ -2,6 +2,11 @@
   "description": "Full control of Compute Engine instances, instance groups, disks, snapshots, and images. Read access to all Compute Engine networking resources.",
   "etag": "AA==",
   "includedPermissions": [
+    "backupdr.backupPlanAssociations.createForComputeInstance",
+    "backupdr.backupPlanAssociations.deleteForComputeInstance",
+    "backupdr.backupPlanAssociations.list",
+    "backupdr.backupPlanAssociations.triggerBackupForComputeInstance",
+    "backupdr.backupPlans.useForComputeInstance",
     "compute.acceleratorTypes.get",
     "compute.acceleratorTypes.list",
     "compute.addresses.createInternal",

diff --git a/roles/contactcenterinsights.editor b/roles/contactcenterinsights.editor
@@ -67,6 +67,7 @@
     "contactcenterinsights.qaScorecardRevisions.get",
     "contactcenterinsights.qaScorecardRevisions.list",
     "contactcenterinsights.qaScorecardRevisions.tune",
+    "contactcenterinsights.qaScorecardRevisions.undeploy",
     "contactcenterinsights.qaScorecards.create",
     "contactcenterinsights.qaScorecards.delete",
     "contactcenterinsights.qaScorecards.get",

diff --git a/roles/container.serviceAgent b/roles/container.serviceAgent
@@ -5,6 +5,11 @@
     "autoscaling.sites.readRecommendations",
     "autoscaling.sites.writeMetrics",
     "autoscaling.sites.writeState",
+    "backupdr.backupPlanAssociations.createForComputeInstance",
+    "backupdr.backupPlanAssociations.deleteForComputeInstance",
+    "backupdr.backupPlanAssociations.list",
+    "backupdr.backupPlanAssociations.triggerBackupForComputeInstance",
+    "backupdr.backupPlans.useForComputeInstance",
     "bigquery.datasets.create",
     "bigquery.datasets.get",
     "bigquery.tables.create",

diff --git a/roles/dataflow.serviceAgent b/roles/dataflow.serviceAgent
@@ -2,6 +2,11 @@
   "description": "Gives Cloud Dataflow service account access to managed resources. Includes access to service accounts.",
   "etag": "AA==",
   "includedPermissions": [
+    "backupdr.backupPlanAssociations.createForComputeInstance",
+    "backupdr.backupPlanAssociations.deleteForComputeInstance",
+    "backupdr.backupPlanAssociations.list",
+    "backupdr.backupPlanAssociations.triggerBackupForComputeInstance",
+    "backupdr.backupPlans.useForComputeInstance",
     "bigquery.bireservations.get",
     "bigquery.bireservations.update",
     "bigquery.capacityCommitments.create",

diff --git a/roles/datafusion.serviceAgent b/roles/datafusion.serviceAgent
@@ -533,7 +533,6 @@
     "serviceusage.services.get",
     "serviceusage.services.list",
     "spanner.databaseOperations.cancel",
-    "spanner.databaseOperations.delete",
     "spanner.databaseOperations.get",
     "spanner.databaseOperations.list",
     "spanner.databases.beginOrRollbackReadWriteTransaction",

diff --git a/roles/datamigration.serviceAgent b/roles/datamigration.serviceAgent
@@ -24,6 +24,7 @@
     "cloudsql.instances.delete",
     "cloudsql.instances.demoteMaster",
     "cloudsql.instances.executeSql",
+    "cloudsql.instances.export",
     "cloudsql.instances.get",
     "cloudsql.instances.import",
     "cloudsql.instances.list",
@@ -33,7 +34,6 @@
     "cloudsql.instances.startReplica",
     "cloudsql.instances.stopReplica",
     "cloudsql.instances.update",
-    "cloudsql.operations.get",
     "compute.forwardingRules.use",
     "compute.globalAddresses.create",
     "compute.globalAddresses.createInternal",

diff --git a/roles/dataproc.serviceAgent b/roles/dataproc.serviceAgent
@@ -2,6 +2,11 @@
   "description": "Gives Dataproc Service Account access to service accounts, compute resources, storage resources, and kubernetes resources. Includes access to service accounts.",
   "etag": "AA==",
   "includedPermissions": [
+    "backupdr.backupPlanAssociations.createForComputeInstance",
+    "backupdr.backupPlanAssociations.deleteForComputeInstance",
+    "backupdr.backupPlanAssociations.list",
+    "backupdr.backupPlanAssociations.triggerBackupForComputeInstance",
+    "backupdr.backupPlans.useForComputeInstance",
     "compute.acceleratorTypes.get",
     "compute.acceleratorTypes.list",
     "compute.addresses.createInternal",
@@ -318,7 +323,9 @@
     "resourcemanager.hierarchyNodes.listEffectiveTags",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list",
+    "servicemanagement.services.bind",
     "serviceusage.quotas.get",
+    "serviceusage.services.enable",
     "serviceusage.services.get",
     "serviceusage.services.list",
     "serviceusage.services.use",

diff --git a/roles/dspm.serviceAgent b/roles/dspm.serviceAgent
@@ -43,6 +43,7 @@
     "securitycentermanagement.securityHealthAnalyticsCustomModules.get",
     "securityposture.operations.get",
     "securityposture.postureDeployments.create",
+    "securityposture.postureDeployments.delete",
     "securityposture.postures.create",
     "securityposture.postures.get",
     "storage.buckets.createTagBinding",

diff --git a/roles/editor b/roles/editor
@@ -1124,16 +1124,16 @@
     "autoscaling.sites.readRecommendations",
     "autoscaling.sites.writeMetrics",
     "autoscaling.sites.writeState",
-    "backupdr.backupPlanAssociations.create",
-    "backupdr.backupPlanAssociations.delete",
+    "backupdr.backupPlanAssociations.createForComputeInstance",
+    "backupdr.backupPlanAssociations.deleteForComputeInstance",
     "backupdr.backupPlanAssociations.get",
     "backupdr.backupPlanAssociations.list",
-    "backupdr.backupPlanAssociations.triggerBackup",
+    "backupdr.backupPlanAssociations.triggerBackupForComputeInstance",
     "backupdr.backupPlans.create",
     "backupdr.backupPlans.delete",
     "backupdr.backupPlans.get",
     "backupdr.backupPlans.list",
-    "backupdr.backupPlans.useComputeInstanceOnly",
+    "backupdr.backupPlans.useForComputeInstance",
     "backupdr.backupVaults.associate",
     "backupdr.backupVaults.create",
     "backupdr.backupVaults.delete",
@@ -2244,11 +2244,6 @@
     "cloudsql.backupRuns.delete",
     "cloudsql.backupRuns.get",
     "cloudsql.backupRuns.list",
-    "cloudsql.backups.create",
-    "cloudsql.backups.delete",
-    "cloudsql.backups.get",
-    "cloudsql.backups.list",
-    "cloudsql.backups.update",
     "cloudsql.databases.create",
     "cloudsql.databases.delete",
     "cloudsql.databases.get",
@@ -2287,8 +2282,6 @@
     "cloudsql.instances.stopReplica",
     "cloudsql.instances.truncateLog",
     "cloudsql.instances.update",
-    "cloudsql.operations.get",
-    "cloudsql.operations.list",
     "cloudsql.schemas.view",
     "cloudsql.sslCerts.create",
     "cloudsql.sslCerts.delete",
@@ -3514,6 +3507,7 @@
     "contactcenterinsights.qaScorecardRevisions.get",
     "contactcenterinsights.qaScorecardRevisions.list",
     "contactcenterinsights.qaScorecardRevisions.tune",
+    "contactcenterinsights.qaScorecardRevisions.undeploy",
     "contactcenterinsights.qaScorecards.create",
     "contactcenterinsights.qaScorecards.delete",
     "contactcenterinsights.qaScorecards.get",
@@ -6743,6 +6737,7 @@
     "networkconnectivity.hubs.getIamPolicy",
     "networkconnectivity.hubs.list",
     "networkconnectivity.hubs.listSpokes",
+    "networkconnectivity.hubs.queryStatus",
     "networkconnectivity.hubs.update",
     "networkconnectivity.internalRanges.create",
     "networkconnectivity.internalRanges.delete",
@@ -8265,7 +8260,6 @@
     "spanner.backups.restoreDatabase",
     "spanner.backups.update",
     "spanner.databaseOperations.cancel",
-    "spanner.databaseOperations.delete",
     "spanner.databaseOperations.get",
     "spanner.databaseOperations.list",
     "spanner.databaseRoles.list",

diff --git a/roles/iam.securityAdmin b/roles/iam.securityAdmin
@@ -540,10 +540,8 @@
     "cloudsecurityscanner.scanruns.list",
     "cloudsecurityscanner.scans.list",
     "cloudsql.backupRuns.list",
-    "cloudsql.backups.list",
     "cloudsql.databases.list",
     "cloudsql.instances.list",
-    "cloudsql.operations.list",
     "cloudsql.sslCerts.list",
     "cloudsql.users.list",
     "cloudsupport.accounts.getIamPolicy",

diff --git a/roles/iam.securityReviewer b/roles/iam.securityReviewer
@@ -482,10 +482,8 @@
     "cloudsecurityscanner.scanruns.list",
     "cloudsecurityscanner.scans.list",
     "cloudsql.backupRuns.list",
-    "cloudsql.backups.list",
     "cloudsql.databases.list",
     "cloudsql.instances.list",
-    "cloudsql.operations.list",
     "cloudsql.sslCerts.list",
     "cloudsql.users.list",
     "cloudsupport.accounts.getIamPolicy",

diff --git a/roles/lifesciences.serviceAgent b/roles/lifesciences.serviceAgent
@@ -2,6 +2,11 @@
   "description": "Gives Cloud Life Sciences Service Account access to compute resources. Includes access to service accounts.",
   "etag": "AA==",
   "includedPermissions": [
+    "backupdr.backupPlanAssociations.createForComputeInstance",
+    "backupdr.backupPlanAssociations.deleteForComputeInstance",
+    "backupdr.backupPlanAssociations.list",
+    "backupdr.backupPlanAssociations.triggerBackupForComputeInstance",
+    "backupdr.backupPlans.useForComputeInstance",
     "compute.acceleratorTypes.get",
     "compute.acceleratorTypes.list",
     "compute.addresses.createInternal",

diff --git a/roles/networkconnectivity.hubAdmin b/roles/networkconnectivity.hubAdmin
@@ -23,6 +23,7 @@
     "networkconnectivity.hubs.getIamPolicy",
     "networkconnectivity.hubs.list",
     "networkconnectivity.hubs.listSpokes",
+    "networkconnectivity.hubs.queryStatus",
     "networkconnectivity.hubs.setIamPolicy",
     "networkconnectivity.hubs.update",
     "networkconnectivity.locations.get",

diff --git a/roles/networkconnectivity.hubViewer b/roles/networkconnectivity.hubViewer
@@ -15,6 +15,7 @@
     "networkconnectivity.hubs.getIamPolicy",
     "networkconnectivity.hubs.list",
     "networkconnectivity.hubs.listSpokes",
+    "networkconnectivity.hubs.queryStatus",
     "networkconnectivity.locations.get",
     "networkconnectivity.locations.list",
     "networkconnectivity.spokes.get",