From e095c10a58057bfa453bbdc44efbe0800ab15e51 Mon Sep 17 00:00:00 2001 From: bgeesaman Date: Thu, 28 Jul 2022 01:26:01 +0000 Subject: [PATCH] Fetch all roles --- gcp_roles_cai.json | 2 +- roles/run.serviceAgent | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/gcp_roles_cai.json b/gcp_roles_cai.json index 40478e93..96021473 100644 --- a/gcp_roles_cai.json +++ b/gcp_roles_cai.json @@ -919,7 +919,7 @@ {"description":"Full control over all Cloud Run resources.","etag":"AA==","includedPermissions":["recommender.locations.get","recommender.locations.list","recommender.runServiceIdentityInsights.get","recommender.runServiceIdentityInsights.list","recommender.runServiceIdentityInsights.update","recommender.runServiceIdentityRecommendations.get","recommender.runServiceIdentityRecommendations.list","recommender.runServiceIdentityRecommendations.update","resourcemanager.projects.get","resourcemanager.projects.list","run.configurations.get","run.configurations.list","run.executions.delete","run.executions.get","run.executions.list","run.jobs.create","run.jobs.delete","run.jobs.get","run.jobs.getIamPolicy","run.jobs.list","run.jobs.run","run.jobs.setIamPolicy","run.jobs.update","run.locations.list","run.operations.delete","run.operations.get","run.operations.list","run.revisions.delete","run.revisions.get","run.revisions.list","run.routes.get","run.routes.invoke","run.routes.list","run.services.create","run.services.createTagBinding","run.services.delete","run.services.deleteTagBinding","run.services.get","run.services.getIamPolicy","run.services.list","run.services.listEffectiveTags","run.services.listTagBindings","run.services.setIamPolicy","run.services.update","run.tasks.get","run.tasks.list"],"name":"roles/run.admin","stage":"GA","title":"Cloud Run Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Read and write access to all Cloud Run resources.","etag":"AA==","includedPermissions":["recommender.locations.get","recommender.locations.list","recommender.runServiceIdentityInsights.get","recommender.runServiceIdentityInsights.list","recommender.runServiceIdentityInsights.update","recommender.runServiceIdentityRecommendations.get","recommender.runServiceIdentityRecommendations.list","recommender.runServiceIdentityRecommendations.update","resourcemanager.projects.get","resourcemanager.projects.list","run.configurations.get","run.configurations.list","run.executions.delete","run.executions.get","run.executions.list","run.jobs.create","run.jobs.delete","run.jobs.get","run.jobs.getIamPolicy","run.jobs.list","run.jobs.run","run.jobs.update","run.locations.list","run.operations.delete","run.operations.get","run.operations.list","run.revisions.delete","run.revisions.get","run.revisions.list","run.routes.get","run.routes.invoke","run.routes.list","run.services.create","run.services.delete","run.services.get","run.services.getIamPolicy","run.services.list","run.services.listEffectiveTags","run.services.listTagBindings","run.services.update","run.tasks.get","run.tasks.list"],"name":"roles/run.developer","stage":"GA","title":"Cloud Run Developer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Can invoke a Cloud Run service.","etag":"AA==","includedPermissions":["run.jobs.run","run.routes.invoke"],"name":"roles/run.invoker","stage":"GA","title":"Cloud Run Invoker","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"Gives Cloud Run service account access to managed resources.","etag":"AA==","includedPermissions":["artifactregistry.dockerimages.get","artifactregistry.dockerimages.list","artifactregistry.files.get","artifactregistry.files.list","artifactregistry.locations.get","artifactregistry.locations.list","artifactregistry.mavenartifacts.get","artifactregistry.mavenartifacts.list","artifactregistry.npmpackages.get","artifactregistry.npmpackages.list","artifactregistry.packages.get","artifactregistry.packages.list","artifactregistry.pythonpackages.get","artifactregistry.pythonpackages.list","artifactregistry.repositories.downloadArtifacts","artifactregistry.repositories.get","artifactregistry.repositories.list","artifactregistry.repositories.listEffectiveTags","artifactregistry.repositories.listTagBindings","artifactregistry.tags.get","artifactregistry.tags.list","artifactregistry.versions.get","artifactregistry.versions.list","binaryauthorization.platformPolicies.evaluatePolicy","binaryauthorization.policy.evaluatePolicy","clientauthconfig.clients.list","cloudbuild.builds.create","cloudbuild.builds.get","compute.addresses.createInternal","compute.addresses.deleteInternal","compute.addresses.get","compute.addresses.list","compute.globalOperations.get","compute.networks.access","compute.subnetworks.get","compute.subnetworks.use","iam.serviceAccounts.actAs","iam.serviceAccounts.getAccessToken","iam.serviceAccounts.getOpenIdToken","iam.serviceAccounts.signBlob","resourcemanager.projects.get","resourcemanager.projects.getIamPolicy","resourcemanager.projects.list","run.routes.invoke","serviceusage.services.use","storage.objects.get","storage.objects.list","vpcaccess.connectors.get","vpcaccess.connectors.use"],"name":"roles/run.serviceAgent","stage":"GA","title":"Cloud Run Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"Gives Cloud Run service account access to managed resources.","etag":"AA==","includedPermissions":["artifactregistry.dockerimages.get","artifactregistry.dockerimages.list","artifactregistry.files.get","artifactregistry.files.list","artifactregistry.locations.get","artifactregistry.locations.list","artifactregistry.mavenartifacts.get","artifactregistry.mavenartifacts.list","artifactregistry.npmpackages.get","artifactregistry.npmpackages.list","artifactregistry.packages.get","artifactregistry.packages.list","artifactregistry.pythonpackages.get","artifactregistry.pythonpackages.list","artifactregistry.repositories.downloadArtifacts","artifactregistry.repositories.get","artifactregistry.repositories.list","artifactregistry.repositories.listEffectiveTags","artifactregistry.repositories.listTagBindings","artifactregistry.tags.get","artifactregistry.tags.list","artifactregistry.versions.get","artifactregistry.versions.list","binaryauthorization.platformPolicies.evaluatePolicy","binaryauthorization.policy.evaluatePolicy","clientauthconfig.clients.list","cloudbuild.builds.create","cloudbuild.builds.get","compute.addresses.createInternal","compute.addresses.deleteInternal","compute.addresses.get","compute.addresses.list","compute.globalOperations.get","compute.networks.access","compute.networks.get","compute.subnetworks.get","compute.subnetworks.use","iam.serviceAccounts.actAs","iam.serviceAccounts.getAccessToken","iam.serviceAccounts.getOpenIdToken","iam.serviceAccounts.signBlob","resourcemanager.projects.get","resourcemanager.projects.getIamPolicy","resourcemanager.projects.list","run.routes.invoke","serviceusage.services.use","storage.objects.get","storage.objects.list","vpcaccess.connectors.get","vpcaccess.connectors.use"],"name":"roles/run.serviceAgent","stage":"GA","title":"Cloud Run Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Can view the state of all Cloud Run resources, including IAM policies.","etag":"AA==","includedPermissions":["recommender.locations.get","recommender.locations.list","recommender.runServiceIdentityInsights.get","recommender.runServiceIdentityInsights.list","recommender.runServiceIdentityRecommendations.get","recommender.runServiceIdentityRecommendations.list","resourcemanager.projects.get","resourcemanager.projects.list","run.configurations.get","run.configurations.list","run.executions.get","run.executions.list","run.jobs.get","run.jobs.getIamPolicy","run.jobs.list","run.locations.list","run.operations.get","run.operations.list","run.revisions.get","run.revisions.list","run.routes.get","run.routes.list","run.services.get","run.services.getIamPolicy","run.services.list","run.services.listEffectiveTags","run.services.listTagBindings","run.tasks.get","run.tasks.list"],"name":"roles/run.viewer","stage":"GA","title":"Cloud Run Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Full access to RuntimeConfig resources.","etag":"AA==","includedPermissions":["runtimeconfig.configs.create","runtimeconfig.configs.delete","runtimeconfig.configs.get","runtimeconfig.configs.getIamPolicy","runtimeconfig.configs.list","runtimeconfig.configs.setIamPolicy","runtimeconfig.configs.update","runtimeconfig.operations.get","runtimeconfig.operations.list","runtimeconfig.variables.create","runtimeconfig.variables.delete","runtimeconfig.variables.get","runtimeconfig.variables.getIamPolicy","runtimeconfig.variables.list","runtimeconfig.variables.setIamPolicy","runtimeconfig.variables.update","runtimeconfig.variables.watch","runtimeconfig.waiters.create","runtimeconfig.waiters.delete","runtimeconfig.waiters.get","runtimeconfig.waiters.getIamPolicy","runtimeconfig.waiters.list","runtimeconfig.waiters.setIamPolicy","runtimeconfig.waiters.update"],"name":"roles/runtimeconfig.admin","stage":"GA","title":"Cloud RuntimeConfig Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Full access to administer Secret Manager resources.","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","secretmanager.locations.get","secretmanager.locations.list","secretmanager.secrets.create","secretmanager.secrets.delete","secretmanager.secrets.get","secretmanager.secrets.getIamPolicy","secretmanager.secrets.list","secretmanager.secrets.setIamPolicy","secretmanager.secrets.update","secretmanager.versions.access","secretmanager.versions.add","secretmanager.versions.destroy","secretmanager.versions.disable","secretmanager.versions.enable","secretmanager.versions.get","secretmanager.versions.list"],"name":"roles/secretmanager.admin","stage":"GA","title":"Secret Manager Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} diff --git a/roles/run.serviceAgent b/roles/run.serviceAgent index bf666234..578199da 100644 --- a/roles/run.serviceAgent +++ b/roles/run.serviceAgent @@ -36,6 +36,7 @@ "compute.addresses.list", "compute.globalOperations.get", "compute.networks.access", + "compute.networks.get", "compute.subnetworks.get", "compute.subnetworks.use", "iam.serviceAccounts.actAs",