Fetch all roles

darkbitio · Jul 28, 2022 · e095c10 · e095c10
1 parent 788b57b
commit e095c10
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/gcp_roles_cai.json b/gcp_roles_cai.json
@@ -919,7 +919,7 @@
 {"description":"Full control over all Cloud Run resources.","etag":"AA==","includedPermissions":["recommender.locations.get","recommender.locations.list","recommender.runServiceIdentityInsights.get","recommender.runServiceIdentityInsights.list","recommender.runServiceIdentityInsights.update","recommender.runServiceIdentityRecommendations.get","recommender.runServiceIdentityRecommendations.list","recommender.runServiceIdentityRecommendations.update","resourcemanager.projects.get","resourcemanager.projects.list","run.configurations.get","run.configurations.list","run.executions.delete","run.executions.get","run.executions.list","run.jobs.create","run.jobs.delete","run.jobs.get","run.jobs.getIamPolicy","run.jobs.list","run.jobs.run","run.jobs.setIamPolicy","run.jobs.update","run.locations.list","run.operations.delete","run.operations.get","run.operations.list","run.revisions.delete","run.revisions.get","run.revisions.list","run.routes.get","run.routes.invoke","run.routes.list","run.services.create","run.services.createTagBinding","run.services.delete","run.services.deleteTagBinding","run.services.get","run.services.getIamPolicy","run.services.list","run.services.listEffectiveTags","run.services.listTagBindings","run.services.setIamPolicy","run.services.update","run.tasks.get","run.tasks.list"],"name":"roles/run.admin","stage":"GA","title":"Cloud Run Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Read and write access to all Cloud Run resources.","etag":"AA==","includedPermissions":["recommender.locations.get","recommender.locations.list","recommender.runServiceIdentityInsights.get","recommender.runServiceIdentityInsights.list","recommender.runServiceIdentityInsights.update","recommender.runServiceIdentityRecommendations.get","recommender.runServiceIdentityRecommendations.list","recommender.runServiceIdentityRecommendations.update","resourcemanager.projects.get","resourcemanager.projects.list","run.configurations.get","run.configurations.list","run.executions.delete","run.executions.get","run.executions.list","run.jobs.create","run.jobs.delete","run.jobs.get","run.jobs.getIamPolicy","run.jobs.list","run.jobs.run","run.jobs.update","run.locations.list","run.operations.delete","run.operations.get","run.operations.list","run.revisions.delete","run.revisions.get","run.revisions.list","run.routes.get","run.routes.invoke","run.routes.list","run.services.create","run.services.delete","run.services.get","run.services.getIamPolicy","run.services.list","run.services.listEffectiveTags","run.services.listTagBindings","run.services.update","run.tasks.get","run.tasks.list"],"name":"roles/run.developer","stage":"GA","title":"Cloud Run Developer","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Can invoke a Cloud Run service.","etag":"AA==","includedPermissions":["run.jobs.run","run.routes.invoke"],"name":"roles/run.invoker","stage":"GA","title":"Cloud Run Invoker","asset_type":"iam.googleapis.com/ExportedIAMRole"}
-{"description":"Gives Cloud Run service account access to managed resources.","etag":"AA==","includedPermissions":["artifactregistry.dockerimages.get","artifactregistry.dockerimages.list","artifactregistry.files.get","artifactregistry.files.list","artifactregistry.locations.get","artifactregistry.locations.list","artifactregistry.mavenartifacts.get","artifactregistry.mavenartifacts.list","artifactregistry.npmpackages.get","artifactregistry.npmpackages.list","artifactregistry.packages.get","artifactregistry.packages.list","artifactregistry.pythonpackages.get","artifactregistry.pythonpackages.list","artifactregistry.repositories.downloadArtifacts","artifactregistry.repositories.get","artifactregistry.repositories.list","artifactregistry.repositories.listEffectiveTags","artifactregistry.repositories.listTagBindings","artifactregistry.tags.get","artifactregistry.tags.list","artifactregistry.versions.get","artifactregistry.versions.list","binaryauthorization.platformPolicies.evaluatePolicy","binaryauthorization.policy.evaluatePolicy","clientauthconfig.clients.list","cloudbuild.builds.create","cloudbuild.builds.get","compute.addresses.createInternal","compute.addresses.deleteInternal","compute.addresses.get","compute.addresses.list","compute.globalOperations.get","compute.networks.access","compute.subnetworks.get","compute.subnetworks.use","iam.serviceAccounts.actAs","iam.serviceAccounts.getAccessToken","iam.serviceAccounts.getOpenIdToken","iam.serviceAccounts.signBlob","resourcemanager.projects.get","resourcemanager.projects.getIamPolicy","resourcemanager.projects.list","run.routes.invoke","serviceusage.services.use","storage.objects.get","storage.objects.list","vpcaccess.connectors.get","vpcaccess.connectors.use"],"name":"roles/run.serviceAgent","stage":"GA","title":"Cloud Run Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"}
+{"description":"Gives Cloud Run service account access to managed resources.","etag":"AA==","includedPermissions":["artifactregistry.dockerimages.get","artifactregistry.dockerimages.list","artifactregistry.files.get","artifactregistry.files.list","artifactregistry.locations.get","artifactregistry.locations.list","artifactregistry.mavenartifacts.get","artifactregistry.mavenartifacts.list","artifactregistry.npmpackages.get","artifactregistry.npmpackages.list","artifactregistry.packages.get","artifactregistry.packages.list","artifactregistry.pythonpackages.get","artifactregistry.pythonpackages.list","artifactregistry.repositories.downloadArtifacts","artifactregistry.repositories.get","artifactregistry.repositories.list","artifactregistry.repositories.listEffectiveTags","artifactregistry.repositories.listTagBindings","artifactregistry.tags.get","artifactregistry.tags.list","artifactregistry.versions.get","artifactregistry.versions.list","binaryauthorization.platformPolicies.evaluatePolicy","binaryauthorization.policy.evaluatePolicy","clientauthconfig.clients.list","cloudbuild.builds.create","cloudbuild.builds.get","compute.addresses.createInternal","compute.addresses.deleteInternal","compute.addresses.get","compute.addresses.list","compute.globalOperations.get","compute.networks.access","compute.networks.get","compute.subnetworks.get","compute.subnetworks.use","iam.serviceAccounts.actAs","iam.serviceAccounts.getAccessToken","iam.serviceAccounts.getOpenIdToken","iam.serviceAccounts.signBlob","resourcemanager.projects.get","resourcemanager.projects.getIamPolicy","resourcemanager.projects.list","run.routes.invoke","serviceusage.services.use","storage.objects.get","storage.objects.list","vpcaccess.connectors.get","vpcaccess.connectors.use"],"name":"roles/run.serviceAgent","stage":"GA","title":"Cloud Run Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Can view the state of all Cloud Run resources, including IAM policies.","etag":"AA==","includedPermissions":["recommender.locations.get","recommender.locations.list","recommender.runServiceIdentityInsights.get","recommender.runServiceIdentityInsights.list","recommender.runServiceIdentityRecommendations.get","recommender.runServiceIdentityRecommendations.list","resourcemanager.projects.get","resourcemanager.projects.list","run.configurations.get","run.configurations.list","run.executions.get","run.executions.list","run.jobs.get","run.jobs.getIamPolicy","run.jobs.list","run.locations.list","run.operations.get","run.operations.list","run.revisions.get","run.revisions.list","run.routes.get","run.routes.list","run.services.get","run.services.getIamPolicy","run.services.list","run.services.listEffectiveTags","run.services.listTagBindings","run.tasks.get","run.tasks.list"],"name":"roles/run.viewer","stage":"GA","title":"Cloud Run Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Full access to RuntimeConfig resources.","etag":"AA==","includedPermissions":["runtimeconfig.configs.create","runtimeconfig.configs.delete","runtimeconfig.configs.get","runtimeconfig.configs.getIamPolicy","runtimeconfig.configs.list","runtimeconfig.configs.setIamPolicy","runtimeconfig.configs.update","runtimeconfig.operations.get","runtimeconfig.operations.list","runtimeconfig.variables.create","runtimeconfig.variables.delete","runtimeconfig.variables.get","runtimeconfig.variables.getIamPolicy","runtimeconfig.variables.list","runtimeconfig.variables.setIamPolicy","runtimeconfig.variables.update","runtimeconfig.variables.watch","runtimeconfig.waiters.create","runtimeconfig.waiters.delete","runtimeconfig.waiters.get","runtimeconfig.waiters.getIamPolicy","runtimeconfig.waiters.list","runtimeconfig.waiters.setIamPolicy","runtimeconfig.waiters.update"],"name":"roles/runtimeconfig.admin","stage":"GA","title":"Cloud RuntimeConfig Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"}
 {"description":"Full access to administer Secret Manager resources.","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","secretmanager.locations.get","secretmanager.locations.list","secretmanager.secrets.create","secretmanager.secrets.delete","secretmanager.secrets.get","secretmanager.secrets.getIamPolicy","secretmanager.secrets.list","secretmanager.secrets.setIamPolicy","secretmanager.secrets.update","secretmanager.versions.access","secretmanager.versions.add","secretmanager.versions.destroy","secretmanager.versions.disable","secretmanager.versions.enable","secretmanager.versions.get","secretmanager.versions.list"],"name":"roles/secretmanager.admin","stage":"GA","title":"Secret Manager Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"}

diff --git a/roles/run.serviceAgent b/roles/run.serviceAgent
@@ -36,6 +36,7 @@
     "compute.addresses.list",
     "compute.globalOperations.get",
     "compute.networks.access",
+    "compute.networks.get",
     "compute.subnetworks.get",
     "compute.subnetworks.use",
     "iam.serviceAccounts.actAs",