From 8546f57b2be37d9f48dacd7b25bf6c41e76beccf Mon Sep 17 00:00:00 2001
From: bgeesaman <bgeesaman@users.noreply.github.com>
Date: Thu, 30 Jun 2022 01:27:25 +0000
Subject: [PATCH] Fetch all roles

---
 gcp_roles_cai.json                     | 6 +++---
 roles/certificatemanager.owner         | 2 +-
 roles/dataform.viewer                  | 2 +-
 roles/workloadcertificate.serviceAgent | 3 ++-
 4 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/gcp_roles_cai.json b/gcp_roles_cai.json
index d7db8f21..934029e4 100644
--- a/gcp_roles_cai.json
+++ b/gcp_roles_cai.json
@@ -163,7 +163,7 @@
 {"description":"Access to browse GCP resources.","etag":"AA==","includedPermissions":["resourcemanager.folders.get","resourcemanager.folders.list","resourcemanager.organizations.get","resourcemanager.projects.get","resourcemanager.projects.getIamPolicy","resourcemanager.projects.list"],"name":"roles/browser","stage":"GA","title":"Browser","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"This role can view all properties of Patients.","etag":"AA==","includedPermissions":["carestudio.patients.get","carestudio.patients.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/carestudio.viewer","stage":"GA","title":"Care Studio Patients Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Edit access to Certificate Manager all resources.","etag":"AA==","includedPermissions":["certificatemanager.certmapentries.create","certificatemanager.certmapentries.get","certificatemanager.certmapentries.getIamPolicy","certificatemanager.certmapentries.list","certificatemanager.certmapentries.update","certificatemanager.certmaps.create","certificatemanager.certmaps.get","certificatemanager.certmaps.getIamPolicy","certificatemanager.certmaps.list","certificatemanager.certmaps.update","certificatemanager.certmaps.use","certificatemanager.certs.create","certificatemanager.certs.get","certificatemanager.certs.getIamPolicy","certificatemanager.certs.list","certificatemanager.certs.update","certificatemanager.certs.use","certificatemanager.dnsauthorizations.create","certificatemanager.dnsauthorizations.get","certificatemanager.dnsauthorizations.getIamPolicy","certificatemanager.dnsauthorizations.list","certificatemanager.dnsauthorizations.update","certificatemanager.dnsauthorizations.use","certificatemanager.locations.get","certificatemanager.locations.list","certificatemanager.operations.get","certificatemanager.operations.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/certificatemanager.editor","stage":"GA","title":"Certificate Manager Editor","asset_type":"iam.googleapis.com/ExportedIAMRole"}
-{"description":"Full access to Certificate Manager all resources.","etag":"AA==","includedPermissions":["certificatemanager.certmapentries.create","certificatemanager.certmapentries.delete","certificatemanager.certmapentries.get","certificatemanager.certmapentries.getIamPolicy","certificatemanager.certmapentries.list","certificatemanager.certmapentries.setIamPolicy","certificatemanager.certmapentries.update","certificatemanager.certmaps.create","certificatemanager.certmaps.delete","certificatemanager.certmaps.get","certificatemanager.certmaps.getIamPolicy","certificatemanager.certmaps.list","certificatemanager.certmaps.setIamPolicy","certificatemanager.certmaps.update","certificatemanager.certmaps.use","certificatemanager.certs.create","certificatemanager.certs.delete","certificatemanager.certs.get","certificatemanager.certs.getIamPolicy","certificatemanager.certs.list","certificatemanager.certs.setIamPolicy","certificatemanager.certs.update","certificatemanager.certs.use","certificatemanager.dnsauthorizations.create","certificatemanager.dnsauthorizations.delete","certificatemanager.dnsauthorizations.get","certificatemanager.dnsauthorizations.getIamPolicy","certificatemanager.dnsauthorizations.list","certificatemanager.dnsauthorizations.setIamPolicy","certificatemanager.dnsauthorizations.update","certificatemanager.dnsauthorizations.use","certificatemanager.locations.get","certificatemanager.locations.list","certificatemanager.operations.cancel","certificatemanager.operations.delete","certificatemanager.operations.get","certificatemanager.operations.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/certificatemanager.owner","stage":"BETA","title":"Certificate Manager Owner","asset_type":"iam.googleapis.com/ExportedIAMRole"}
+{"description":"Full access to Certificate Manager all resources.","etag":"AA==","includedPermissions":["certificatemanager.certmapentries.create","certificatemanager.certmapentries.delete","certificatemanager.certmapentries.get","certificatemanager.certmapentries.getIamPolicy","certificatemanager.certmapentries.list","certificatemanager.certmapentries.setIamPolicy","certificatemanager.certmapentries.update","certificatemanager.certmaps.create","certificatemanager.certmaps.delete","certificatemanager.certmaps.get","certificatemanager.certmaps.getIamPolicy","certificatemanager.certmaps.list","certificatemanager.certmaps.setIamPolicy","certificatemanager.certmaps.update","certificatemanager.certmaps.use","certificatemanager.certs.create","certificatemanager.certs.delete","certificatemanager.certs.get","certificatemanager.certs.getIamPolicy","certificatemanager.certs.list","certificatemanager.certs.setIamPolicy","certificatemanager.certs.update","certificatemanager.certs.use","certificatemanager.dnsauthorizations.create","certificatemanager.dnsauthorizations.delete","certificatemanager.dnsauthorizations.get","certificatemanager.dnsauthorizations.getIamPolicy","certificatemanager.dnsauthorizations.list","certificatemanager.dnsauthorizations.setIamPolicy","certificatemanager.dnsauthorizations.update","certificatemanager.dnsauthorizations.use","certificatemanager.locations.get","certificatemanager.locations.list","certificatemanager.operations.cancel","certificatemanager.operations.delete","certificatemanager.operations.get","certificatemanager.operations.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/certificatemanager.owner","stage":"GA","title":"Certificate Manager Owner","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Read-only access to Certificate Manager all resources.","etag":"AA==","includedPermissions":["certificatemanager.certmapentries.get","certificatemanager.certmapentries.getIamPolicy","certificatemanager.certmapentries.list","certificatemanager.certmaps.get","certificatemanager.certmaps.getIamPolicy","certificatemanager.certmaps.list","certificatemanager.certs.get","certificatemanager.certs.getIamPolicy","certificatemanager.certs.list","certificatemanager.dnsauthorizations.get","certificatemanager.dnsauthorizations.getIamPolicy","certificatemanager.dnsauthorizations.list","certificatemanager.locations.get","certificatemanager.locations.list","certificatemanager.operations.get","certificatemanager.operations.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/certificatemanager.viewer","stage":"GA","title":"Certificate Manager Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Can view and modify bot configurations","etag":"AA==","includedPermissions":["chat.bots.get","chat.bots.update"],"name":"roles/chat.owner","stage":"GA","title":"Chat Bots Owner","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Can view bot configurations","etag":"AA==","includedPermissions":["chat.bots.get"],"name":"roles/chat.reader","stage":"GA","title":"Chat Bots Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"}
@@ -373,7 +373,7 @@
 {"description":"Full access to all Dataform resources.","etag":"AA==","includedPermissions":["dataform.compilationResults.create","dataform.compilationResults.get","dataform.compilationResults.list","dataform.compilationResults.query","dataform.locations.get","dataform.locations.list","dataform.repositories.create","dataform.repositories.delete","dataform.repositories.fetchRemoteBranches","dataform.repositories.get","dataform.repositories.list","dataform.repositories.update","dataform.workflowInvocations.cancel","dataform.workflowInvocations.create","dataform.workflowInvocations.delete","dataform.workflowInvocations.get","dataform.workflowInvocations.list","dataform.workflowInvocations.query","dataform.workspaces.commit","dataform.workspaces.create","dataform.workspaces.delete","dataform.workspaces.fetchFileDiff","dataform.workspaces.fetchFileGitStatuses","dataform.workspaces.fetchGitAheadBehind","dataform.workspaces.get","dataform.workspaces.installNpmPackages","dataform.workspaces.list","dataform.workspaces.makeDirectory","dataform.workspaces.moveDirectory","dataform.workspaces.moveFile","dataform.workspaces.pull","dataform.workspaces.push","dataform.workspaces.queryDirectoryContents","dataform.workspaces.readFile","dataform.workspaces.removeDirectory","dataform.workspaces.removeFile","dataform.workspaces.reset","dataform.workspaces.writeFile","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/dataform.admin","stage":"BETA","title":"Dataform Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Edit access to Workspaces and Read-only access to Repositories.","etag":"AA==","includedPermissions":["dataform.compilationResults.create","dataform.compilationResults.get","dataform.compilationResults.list","dataform.compilationResults.query","dataform.locations.get","dataform.locations.list","dataform.repositories.fetchRemoteBranches","dataform.repositories.get","dataform.repositories.list","dataform.workflowInvocations.cancel","dataform.workflowInvocations.create","dataform.workflowInvocations.delete","dataform.workflowInvocations.get","dataform.workflowInvocations.list","dataform.workflowInvocations.query","dataform.workspaces.commit","dataform.workspaces.create","dataform.workspaces.delete","dataform.workspaces.fetchFileDiff","dataform.workspaces.fetchFileGitStatuses","dataform.workspaces.fetchGitAheadBehind","dataform.workspaces.get","dataform.workspaces.installNpmPackages","dataform.workspaces.list","dataform.workspaces.makeDirectory","dataform.workspaces.moveDirectory","dataform.workspaces.moveFile","dataform.workspaces.pull","dataform.workspaces.push","dataform.workspaces.queryDirectoryContents","dataform.workspaces.readFile","dataform.workspaces.removeDirectory","dataform.workspaces.removeFile","dataform.workspaces.reset","dataform.workspaces.writeFile","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/dataform.editor","stage":"BETA","title":"Dataform Editor","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Gives permission for the Dataform API to access a secret from Secret Manager","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/dataform.serviceAgent","stage":"GA","title":"Dataform Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"}
-{"description":"Read-only access to all Dataform resources.","etag":"AA==","includedPermissions":["dataform.compilationResults.get","dataform.compilationResults.list","dataform.compilationResults.query","dataform.locations.get","dataform.locations.list","dataform.repositories.fetchRemoteBranches","dataform.repositories.get","dataform.repositories.list","dataform.workflowInvocations.get","dataform.workflowInvocations.list","dataform.workflowInvocations.query","dataform.workspaces.fetchFileDiff","dataform.workspaces.fetchFileGitStatuses","dataform.workspaces.fetchGitAheadBehind","dataform.workspaces.get","dataform.workspaces.list","dataform.workspaces.queryDirectoryContents","dataform.workspaces.readFile","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/dataform.viewer","stage":"ALPHA","title":"Dataform Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"}
+{"description":"Read-only access to all Dataform resources.","etag":"AA==","includedPermissions":["dataform.compilationResults.get","dataform.compilationResults.list","dataform.compilationResults.query","dataform.locations.get","dataform.locations.list","dataform.repositories.fetchRemoteBranches","dataform.repositories.get","dataform.repositories.list","dataform.workflowInvocations.get","dataform.workflowInvocations.list","dataform.workflowInvocations.query","dataform.workspaces.fetchFileDiff","dataform.workspaces.fetchFileGitStatuses","dataform.workspaces.fetchGitAheadBehind","dataform.workspaces.get","dataform.workspaces.list","dataform.workspaces.queryDirectoryContents","dataform.workspaces.readFile","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/dataform.viewer","stage":"BETA","title":"Dataform Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Full access to Cloud Data Fusion Instances, Namespaces and related resources.","etag":"AA==","includedPermissions":["datafusion.instances.create","datafusion.instances.delete","datafusion.instances.get","datafusion.instances.getIamPolicy","datafusion.instances.list","datafusion.instances.restart","datafusion.instances.runtime","datafusion.instances.setIamPolicy","datafusion.instances.update","datafusion.instances.upgrade","datafusion.locations.get","datafusion.locations.list","datafusion.operations.cancel","datafusion.operations.get","datafusion.operations.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/datafusion.admin","stage":"BETA","title":"Cloud Data Fusion Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Access to Cloud Data Fusion runtime resources.","etag":"AA==","includedPermissions":["datafusion.instances.runtime"],"name":"roles/datafusion.runner","stage":"BETA","title":"Cloud Data Fusion Runner","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Gives Cloud Data Fusion service account access to Service Networking, Cloud Dataproc, Cloud Storage, BigQuery, Cloud Spanner, and Cloud Bigtable resources.","etag":"AA==","includedPermissions":["bigquery.config.get","bigquery.dataPolicies.create","bigquery.dataPolicies.delete","bigquery.dataPolicies.get","bigquery.dataPolicies.getIamPolicy","bigquery.dataPolicies.list","bigquery.dataPolicies.setIamPolicy","bigquery.dataPolicies.update","bigquery.datasets.create","bigquery.datasets.createTagBinding","bigquery.datasets.delete","bigquery.datasets.deleteTagBinding","bigquery.datasets.get","bigquery.datasets.getIamPolicy","bigquery.datasets.link","bigquery.datasets.listTagBindings","bigquery.datasets.setIamPolicy","bigquery.datasets.update","bigquery.datasets.updateTag","bigquery.jobs.create","bigquery.models.create","bigquery.models.delete","bigquery.models.export","bigquery.models.getData","bigquery.models.getMetadata","bigquery.models.list","bigquery.models.updateData","bigquery.models.updateMetadata","bigquery.models.updateTag","bigquery.routines.create","bigquery.routines.delete","bigquery.routines.get","bigquery.routines.list","bigquery.routines.update","bigquery.routines.updateTag","bigquery.rowAccessPolicies.create","bigquery.rowAccessPolicies.delete","bigquery.rowAccessPolicies.getIamPolicy","bigquery.rowAccessPolicies.list","bigquery.rowAccessPolicies.setIamPolicy","bigquery.rowAccessPolicies.update","bigquery.tables.create","bigquery.tables.createIndex","bigquery.tables.createSnapshot","bigquery.tables.delete","bigquery.tables.deleteIndex","bigquery.tables.deleteSnapshot","bigquery.tables.export","bigquery.tables.get","bigquery.tables.getData","bigquery.tables.getIamPolicy","bigquery.tables.list","bigquery.tables.restoreSnapshot","bigquery.tables.setCategory","bigquery.tables.setIamPolicy","bigquery.tables.update","bigquery.tables.updateData","bigquery.tables.updateTag","bigtable.appProfiles.create","bigtable.appProfiles.delete","bigtable.appProfiles.get","bigtable.appProfiles.list","bigtable.appProfiles.update","bigtable.backups.create","bigtable.backups.delete","bigtable.backups.get","bigtable.backups.getIamPolicy","bigtable.backups.list","bigtable.backups.restore","bigtable.backups.setIamPolicy","bigtable.backups.update","bigtable.clusters.create","bigtable.clusters.delete","bigtable.clusters.get","bigtable.clusters.list","bigtable.clusters.update","bigtable.instances.create","bigtable.instances.delete","bigtable.instances.get","bigtable.instances.getIamPolicy","bigtable.instances.list","bigtable.instances.setIamPolicy","bigtable.instances.update","bigtable.keyvisualizer.get","bigtable.keyvisualizer.list","bigtable.locations.list","bigtable.tables.checkConsistency","bigtable.tables.create","bigtable.tables.delete","bigtable.tables.generateConsistencyToken","bigtable.tables.get","bigtable.tables.getIamPolicy","bigtable.tables.list","bigtable.tables.mutateRows","bigtable.tables.readRows","bigtable.tables.sampleRowKeys","bigtable.tables.setIamPolicy","bigtable.tables.undelete","bigtable.tables.update","compute.acceleratorTypes.get","compute.acceleratorTypes.list","compute.addresses.get","compute.addresses.list","compute.autoscalers.get","compute.autoscalers.list","compute.backendBuckets.get","compute.backendBuckets.list","compute.backendServices.get","compute.backendServices.list","compute.disks.listEffectiveTags","compute.disks.listTagBindings","compute.externalVpnGateways.get","compute.externalVpnGateways.list","compute.firewalls.get","compute.firewalls.list","compute.forwardingRules.get","compute.forwardingRules.list","compute.globalAddresses.get","compute.globalAddresses.list","compute.globalForwardingRules.get","compute.globalForwardingRules.list","compute.globalForwardingRules.pscGet","compute.globalOperations.get","compute.healthChecks.get","compute.healthChecks.list","compute.httpHealthChecks.get","compute.httpHealthChecks.list","compute.httpsHealthChecks.get","compute.httpsHealthChecks.list","compute.images.listEffectiveTags","compute.images.listTagBindings","compute.instanceGroupManagers.get","compute.instanceGroupManagers.list","compute.instanceGroups.get","compute.instanceGroups.list","compute.instances.get","compute.instances.getGuestAttributes","compute.instances.getScreenshot","compute.instances.getSerialPortOutput","compute.instances.list","compute.instances.listEffectiveTags","compute.instances.listReferrers","compute.instances.listTagBindings","compute.interconnectAttachments.get","compute.interconnectAttachments.list","compute.interconnectLocations.get","compute.interconnectLocations.list","compute.interconnects.get","compute.interconnects.list","compute.machineTypes.get","compute.machineTypes.list","compute.networks.addPeering","compute.networks.get","compute.networks.getEffectiveFirewalls","compute.networks.getRegionEffectiveFirewalls","compute.networks.list","compute.networks.listPeeringRoutes","compute.networks.removePeering","compute.networks.update","compute.packetMirrorings.get","compute.packetMirrorings.list","compute.projects.get","compute.regionBackendServices.get","compute.regionBackendServices.list","compute.regionHealthCheckServices.get","compute.regionHealthCheckServices.list","compute.regionHealthChecks.get","compute.regionHealthChecks.list","compute.regionNotificationEndpoints.get","compute.regionNotificationEndpoints.list","compute.regionSslCertificates.get","compute.regionSslCertificates.list","compute.regionTargetHttpProxies.get","compute.regionTargetHttpProxies.list","compute.regionTargetHttpsProxies.get","compute.regionTargetHttpsProxies.list","compute.regionUrlMaps.get","compute.regionUrlMaps.list","compute.regions.get","compute.regions.list","compute.routers.get","compute.routers.list","compute.routes.get","compute.routes.list","compute.serviceAttachments.get","compute.serviceAttachments.list","compute.snapshots.listEffectiveTags","compute.snapshots.listTagBindings","compute.sslCertificates.get","compute.sslCertificates.list","compute.sslPolicies.get","compute.sslPolicies.list","compute.sslPolicies.listAvailableFeatures","compute.subnetworks.get","compute.subnetworks.list","compute.targetGrpcProxies.get","compute.targetGrpcProxies.list","compute.targetHttpProxies.get","compute.targetHttpProxies.list","compute.targetHttpsProxies.get","compute.targetHttpsProxies.list","compute.targetInstances.get","compute.targetInstances.list","compute.targetPools.get","compute.targetPools.list","compute.targetSslProxies.get","compute.targetSslProxies.list","compute.targetTcpProxies.get","compute.targetTcpProxies.list","compute.targetVpnGateways.get","compute.targetVpnGateways.list","compute.urlMaps.get","compute.urlMaps.list","compute.vpnGateways.get","compute.vpnGateways.list","compute.vpnTunnels.get","compute.vpnTunnels.list","compute.zones.get","compute.zones.list","dataproc.autoscalingPolicies.create","dataproc.autoscalingPolicies.delete","dataproc.autoscalingPolicies.get","dataproc.autoscalingPolicies.list","dataproc.autoscalingPolicies.update","dataproc.autoscalingPolicies.use","dataproc.batches.cancel","dataproc.batches.create","dataproc.batches.delete","dataproc.batches.get","dataproc.batches.list","dataproc.clusters.create","dataproc.clusters.delete","dataproc.clusters.get","dataproc.clusters.list","dataproc.clusters.start","dataproc.clusters.stop","dataproc.clusters.update","dataproc.clusters.use","dataproc.jobs.cancel","dataproc.jobs.create","dataproc.jobs.delete","dataproc.jobs.get","dataproc.jobs.list","dataproc.jobs.update","dataproc.operations.cancel","dataproc.operations.delete","dataproc.operations.get","dataproc.operations.list","dataproc.workflowTemplates.create","dataproc.workflowTemplates.delete","dataproc.workflowTemplates.get","dataproc.workflowTemplates.instantiate","dataproc.workflowTemplates.instantiateInline","dataproc.workflowTemplates.list","dataproc.workflowTemplates.update","dns.managedZones.create","dns.managedZones.delete","dns.managedZones.get","dns.managedZones.list","dns.networks.bindPrivateDNSZone","dns.networks.targetWithPeeringZone","firebase.projects.get","monitoring.metricDescriptors.create","monitoring.metricDescriptors.get","monitoring.metricDescriptors.list","monitoring.monitoredResourceDescriptors.get","monitoring.monitoredResourceDescriptors.list","monitoring.timeSeries.create","monitoring.timeSeries.list","networkconnectivity.locations.get","networkconnectivity.locations.list","networkconnectivity.operations.get","networkconnectivity.operations.list","networksecurity.authorizationPolicies.get","networksecurity.authorizationPolicies.list","networksecurity.clientTlsPolicies.get","networksecurity.clientTlsPolicies.list","networksecurity.locations.get","networksecurity.locations.list","networksecurity.operations.get","networksecurity.operations.list","networksecurity.serverTlsPolicies.get","networksecurity.serverTlsPolicies.list","networkservices.endpointConfigSelectors.get","networkservices.endpointConfigSelectors.list","networkservices.endpointPolicies.get","networkservices.endpointPolicies.list","networkservices.gateways.get","networkservices.gateways.list","networkservices.grpcRoutes.get","networkservices.grpcRoutes.list","networkservices.httpFilters.get","networkservices.httpFilters.list","networkservices.httpRoutes.get","networkservices.httpRoutes.list","networkservices.httpfilters.get","networkservices.httpfilters.list","networkservices.locations.get","networkservices.locations.list","networkservices.meshes.get","networkservices.meshes.list","networkservices.operations.get","networkservices.operations.list","networkservices.serviceBindings.get","networkservices.serviceBindings.list","networkservices.tcpRoutes.get","networkservices.tcpRoutes.list","networkservices.tlsRoutes.get","networkservices.tlsRoutes.list","orgpolicy.policy.get","resourcemanager.projects.get","resourcemanager.projects.list","servicenetworking.services.get","serviceusage.quotas.get","serviceusage.services.get","serviceusage.services.list","spanner.databaseOperations.cancel","spanner.databaseOperations.delete","spanner.databaseOperations.get","spanner.databaseOperations.list","spanner.databases.beginOrRollbackReadWriteTransaction","spanner.databases.beginPartitionedDmlTransaction","spanner.databases.beginReadOnlyTransaction","spanner.databases.getDdl","spanner.databases.list","spanner.databases.partitionQuery","spanner.databases.partitionRead","spanner.databases.read","spanner.databases.select","spanner.databases.updateDdl","spanner.databases.write","spanner.instanceConfigs.get","spanner.instanceConfigs.list","spanner.instances.get","spanner.instances.list","spanner.sessions.create","spanner.sessions.delete","spanner.sessions.get","spanner.sessions.list","storage.buckets.create","storage.buckets.createTagBinding","storage.buckets.delete","storage.buckets.deleteTagBinding","storage.buckets.get","storage.buckets.getIamPolicy","storage.buckets.list","storage.buckets.listEffectiveTags","storage.buckets.listTagBindings","storage.buckets.setIamPolicy","storage.buckets.update","storage.multipartUploads.abort","storage.multipartUploads.create","storage.multipartUploads.list","storage.multipartUploads.listParts","storage.objects.create","storage.objects.delete","storage.objects.get","storage.objects.getIamPolicy","storage.objects.list","storage.objects.setIamPolicy","storage.objects.update","trafficdirector.networks.getConfigs","trafficdirector.networks.reportMetrics"],"name":"roles/datafusion.serviceAgent","stage":"GA","title":"Cloud Data Fusion API Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"}
@@ -1040,4 +1040,4 @@
 {"description":"Access to execute workflows and manage the executions.","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","workflows.callbacks.send","workflows.executions.cancel","workflows.executions.create","workflows.executions.get","workflows.executions.list"],"name":"roles/workflows.invoker","stage":"GA","title":"Workflows Invoker","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Gives Cloud Workflows service account access to managed resources.","etag":"AA==","includedPermissions":["iam.serviceAccounts.get","iam.serviceAccounts.getAccessToken","iam.serviceAccounts.getOpenIdToken"],"name":"roles/workflows.serviceAgent","stage":"GA","title":"Cloud Workflows Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Read-only access to workflows and related resources.","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","workflows.executions.get","workflows.executions.list","workflows.locations.get","workflows.locations.list","workflows.operations.get","workflows.operations.list","workflows.workflows.get","workflows.workflows.list"],"name":"roles/workflows.viewer","stage":"GA","title":"Workflows Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"}
-{"description":"Gives the Workload Certificate service agent access to Cloud Platform resources.","etag":"AA==","includedPermissions":["container.clusters.get","container.clusters.update","gkehub.features.get","gkehub.locations.get","gkehub.locations.list","gkehub.memberships.get","gkehub.memberships.list","serviceconsumermanagement.tenancyu.addResource","serviceconsumermanagement.tenancyu.create","serviceconsumermanagement.tenancyu.delete","serviceconsumermanagement.tenancyu.removeResource"],"name":"roles/workloadcertificate.serviceAgent","stage":"GA","title":"Workload Certificate Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"}
+{"description":"Gives the Workload Certificate service agent access to Cloud Platform resources.","etag":"AA==","includedPermissions":["container.clusters.get","container.clusters.update","gkehub.features.get","gkehub.locations.get","gkehub.locations.list","gkehub.memberships.get","gkehub.memberships.list","serviceconsumermanagement.tenancyu.addResource","serviceconsumermanagement.tenancyu.create","serviceconsumermanagement.tenancyu.delete","serviceconsumermanagement.tenancyu.removeResource","serviceusage.services.use"],"name":"roles/workloadcertificate.serviceAgent","stage":"GA","title":"Workload Certificate Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"}
diff --git a/roles/certificatemanager.owner b/roles/certificatemanager.owner
index 9ab7c110..cd02d747 100644
--- a/roles/certificatemanager.owner
+++ b/roles/certificatemanager.owner
@@ -43,6 +43,6 @@
     "resourcemanager.projects.list"
   ],
   "name": "roles/certificatemanager.owner",
-  "stage": "BETA",
+  "stage": "GA",
   "title": "Certificate Manager Owner"
 }
diff --git a/roles/dataform.viewer b/roles/dataform.viewer
index c983bf37..e0125ddb 100644
--- a/roles/dataform.viewer
+++ b/roles/dataform.viewer
@@ -24,6 +24,6 @@
     "resourcemanager.projects.list"
   ],
   "name": "roles/dataform.viewer",
-  "stage": "ALPHA",
+  "stage": "BETA",
   "title": "Dataform Viewer"
 }
diff --git a/roles/workloadcertificate.serviceAgent b/roles/workloadcertificate.serviceAgent
index e0a07f30..97e52b44 100644
--- a/roles/workloadcertificate.serviceAgent
+++ b/roles/workloadcertificate.serviceAgent
@@ -12,7 +12,8 @@
     "serviceconsumermanagement.tenancyu.addResource",
     "serviceconsumermanagement.tenancyu.create",
     "serviceconsumermanagement.tenancyu.delete",
-    "serviceconsumermanagement.tenancyu.removeResource"
+    "serviceconsumermanagement.tenancyu.removeResource",
+    "serviceusage.services.use"
   ],
   "name": "roles/workloadcertificate.serviceAgent",
   "stage": "GA",