Skip to content

Commit

Permalink
GCP IAM Updates Detected
Browse files Browse the repository at this point in the history
  • Loading branch information
@jdyke
jdyke committed Oct 19, 2024
1 parent 96364e2 commit 0f95cd9
Show file tree
Hide file tree
Showing 15 changed files with 56 additions and 37 deletions.
5 changes: 5 additions & 0 deletions roles/backupdr.computeEngineOperator
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,17 +22,21 @@
"compute.images.useReadOnly",
"compute.instances.attachDisk",
"compute.instances.create",
"compute.instances.createTagBinding",
"compute.instances.delete",
"compute.instances.detachDisk",
"compute.instances.get",
"compute.instances.list",
"compute.instances.listEffectiveTags",
"compute.instances.pscInterfaceCreate",
"compute.instances.setDeletionProtection",
"compute.instances.setLabels",
"compute.instances.setMetadata",
"compute.instances.setServiceAccount",
"compute.instances.setTags",
"compute.instances.start",
"compute.instances.stop",
"compute.instances.updateDisplayDevice",
"compute.instances.useReadOnly",
"compute.machineTypes.get",
"compute.machineTypes.list",
Expand All @@ -44,6 +48,7 @@
"compute.regionOperations.get",
"compute.regions.get",
"compute.regions.list",
"compute.resourcePolicies.use",
"compute.snapshots.create",
"compute.snapshots.delete",
"compute.snapshots.get",
Expand Down
2 changes: 1 addition & 1 deletion roles/bigquerydatapolicy.admin
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,6 @@
"bigquery.dataPolicies.update"
],
"name": "roles/bigquerydatapolicy.admin",
"stage": "ALPHA",
"stage": "GA",
"title": "BigQuery Data Policy Admin"
}
8 changes: 0 additions & 8 deletions roles/certificatemanager.owner
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,32 +11,24 @@
"certificatemanager.certmapentries.create",
"certificatemanager.certmapentries.delete",
"certificatemanager.certmapentries.get",
"certificatemanager.certmapentries.getIamPolicy",
"certificatemanager.certmapentries.list",
"certificatemanager.certmapentries.setIamPolicy",
"certificatemanager.certmapentries.update",
"certificatemanager.certmaps.create",
"certificatemanager.certmaps.delete",
"certificatemanager.certmaps.get",
"certificatemanager.certmaps.getIamPolicy",
"certificatemanager.certmaps.list",
"certificatemanager.certmaps.setIamPolicy",
"certificatemanager.certmaps.update",
"certificatemanager.certmaps.use",
"certificatemanager.certs.create",
"certificatemanager.certs.delete",
"certificatemanager.certs.get",
"certificatemanager.certs.getIamPolicy",
"certificatemanager.certs.list",
"certificatemanager.certs.setIamPolicy",
"certificatemanager.certs.update",
"certificatemanager.certs.use",
"certificatemanager.dnsauthorizations.create",
"certificatemanager.dnsauthorizations.delete",
"certificatemanager.dnsauthorizations.get",
"certificatemanager.dnsauthorizations.getIamPolicy",
"certificatemanager.dnsauthorizations.list",
"certificatemanager.dnsauthorizations.setIamPolicy",
"certificatemanager.dnsauthorizations.update",
"certificatemanager.dnsauthorizations.use",
"certificatemanager.locations.get",
Expand Down
4 changes: 0 additions & 4 deletions roles/certificatemanager.viewer
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,16 +5,12 @@
"certificatemanager.certissuanceconfigs.get",
"certificatemanager.certissuanceconfigs.list",
"certificatemanager.certmapentries.get",
"certificatemanager.certmapentries.getIamPolicy",
"certificatemanager.certmapentries.list",
"certificatemanager.certmaps.get",
"certificatemanager.certmaps.getIamPolicy",
"certificatemanager.certmaps.list",
"certificatemanager.certs.get",
"certificatemanager.certs.getIamPolicy",
"certificatemanager.certs.list",
"certificatemanager.dnsauthorizations.get",
"certificatemanager.dnsauthorizations.getIamPolicy",
"certificatemanager.dnsauthorizations.list",
"certificatemanager.locations.get",
"certificatemanager.locations.list",
Expand Down
4 changes: 0 additions & 4 deletions roles/container.serviceAgent
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,27 +15,23 @@
"certificatemanager.certmapentries.create",
"certificatemanager.certmapentries.delete",
"certificatemanager.certmapentries.get",
"certificatemanager.certmapentries.getIamPolicy",
"certificatemanager.certmapentries.list",
"certificatemanager.certmapentries.update",
"certificatemanager.certmaps.create",
"certificatemanager.certmaps.delete",
"certificatemanager.certmaps.get",
"certificatemanager.certmaps.getIamPolicy",
"certificatemanager.certmaps.list",
"certificatemanager.certmaps.update",
"certificatemanager.certmaps.use",
"certificatemanager.certs.create",
"certificatemanager.certs.delete",
"certificatemanager.certs.get",
"certificatemanager.certs.getIamPolicy",
"certificatemanager.certs.list",
"certificatemanager.certs.update",
"certificatemanager.certs.use",
"certificatemanager.dnsauthorizations.create",
"certificatemanager.dnsauthorizations.delete",
"certificatemanager.dnsauthorizations.get",
"certificatemanager.dnsauthorizations.getIamPolicy",
"certificatemanager.dnsauthorizations.list",
"certificatemanager.dnsauthorizations.update",
"certificatemanager.dnsauthorizations.use",
Expand Down
1 change: 1 addition & 0 deletions roles/datamigration.serviceAgent
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@
"compute.subnetworks.get",
"compute.subnetworks.list",
"compute.subnetworks.use",
"networkmanagement.connectivitytests.list",
"serviceusage.services.use",
"storage.objects.get",
"storage.objects.list"
Expand Down
1 change: 1 addition & 0 deletions roles/dataplex.aspectTypeUser
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
"description": "Grants access to use Aspect Types to create/modify Entries with the corresponding aspects.",
"etag": "AA==",
"includedPermissions": [
"datacatalog.migrationConfig.get",
"dataplex.aspectTypes.get",
"dataplex.aspectTypes.list",
"dataplex.aspectTypes.use",
Expand Down
1 change: 1 addition & 0 deletions roles/dataplex.catalogEditor
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
"description": "Has write access to Catalog resources: Entry Groups, Entry Types, Aspect Types and Entries. Cannot set IAM policies on resources",
"etag": "AA==",
"includedPermissions": [
"datacatalog.migrationConfig.get",
"dataplex.aspectTypes.create",
"dataplex.aspectTypes.delete",
"dataplex.aspectTypes.get",
Expand Down
1 change: 1 addition & 0 deletions roles/dataplex.entryOwner
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
"description": "Owns Metadata Entries.",
"etag": "AA==",
"includedPermissions": [
"datacatalog.migrationConfig.get",
"dataplex.aspectTypes.get",
"dataplex.aspectTypes.list",
"dataplex.aspectTypes.use",
Expand Down
20 changes: 16 additions & 4 deletions roles/editor
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1029,6 +1029,7 @@
"auditmanager.auditReports.get",
"auditmanager.auditReports.list",
"auditmanager.auditScopeReports.generate",
"auditmanager.billingSettings.get",
"auditmanager.controlReports.get",
"auditmanager.controlReports.list",
"auditmanager.controls.list",
Expand Down Expand Up @@ -1546,6 +1547,17 @@
"blockchainnodeengine.operations.delete",
"blockchainnodeengine.operations.get",
"blockchainnodeengine.operations.list",
"blockchainvalidatormanager.blockchainValidatorConfigs.create",
"blockchainvalidatormanager.blockchainValidatorConfigs.delete",
"blockchainvalidatormanager.blockchainValidatorConfigs.get",
"blockchainvalidatormanager.blockchainValidatorConfigs.list",
"blockchainvalidatormanager.blockchainValidatorConfigs.update",
"blockchainvalidatormanager.locations.get",
"blockchainvalidatormanager.locations.list",
"blockchainvalidatormanager.operations.cancel",
"blockchainvalidatormanager.operations.delete",
"blockchainvalidatormanager.operations.get",
"blockchainvalidatormanager.operations.list",
"capacityplanner.forecasts.list",
"capacityplanner.usageHistories.list",
"capacityplanner.usageHistories.summarize",
Expand All @@ -1560,27 +1572,23 @@
"certificatemanager.certmapentries.create",
"certificatemanager.certmapentries.delete",
"certificatemanager.certmapentries.get",
"certificatemanager.certmapentries.getIamPolicy",
"certificatemanager.certmapentries.list",
"certificatemanager.certmapentries.update",
"certificatemanager.certmaps.create",
"certificatemanager.certmaps.delete",
"certificatemanager.certmaps.get",
"certificatemanager.certmaps.getIamPolicy",
"certificatemanager.certmaps.list",
"certificatemanager.certmaps.update",
"certificatemanager.certmaps.use",
"certificatemanager.certs.create",
"certificatemanager.certs.delete",
"certificatemanager.certs.get",
"certificatemanager.certs.getIamPolicy",
"certificatemanager.certs.list",
"certificatemanager.certs.update",
"certificatemanager.certs.use",
"certificatemanager.dnsauthorizations.create",
"certificatemanager.dnsauthorizations.delete",
"certificatemanager.dnsauthorizations.get",
"certificatemanager.dnsauthorizations.getIamPolicy",
"certificatemanager.dnsauthorizations.list",
"certificatemanager.dnsauthorizations.update",
"certificatemanager.dnsauthorizations.use",
Expand Down Expand Up @@ -2870,6 +2878,8 @@
"compute.networkEdgeSecurityServices.delete",
"compute.networkEdgeSecurityServices.get",
"compute.networkEdgeSecurityServices.list",
"compute.networkEdgeSecurityServices.listEffectiveTags",
"compute.networkEdgeSecurityServices.listTagBindings",
"compute.networkEdgeSecurityServices.update",
"compute.networkEndpointGroups.attachNetworkEndpoints",
"compute.networkEndpointGroups.create",
Expand Down Expand Up @@ -4251,6 +4261,8 @@
"datamigration.migrationjobs.stop",
"datamigration.migrationjobs.update",
"datamigration.migrationjobs.verify",
"datamigration.objects.get",
"datamigration.objects.list",
"datamigration.operations.cancel",
"datamigration.operations.delete",
"datamigration.operations.get",
Expand Down
12 changes: 4 additions & 8 deletions roles/iam.securityAdmin
View file
Original file line number Diff line number Diff line change
Expand Up @@ -395,22 +395,17 @@
"blockchainnodeengine.blockchainNodes.list",
"blockchainnodeengine.locations.list",
"blockchainnodeengine.operations.list",
"blockchainvalidatormanager.blockchainValidatorConfigs.list",
"blockchainvalidatormanager.locations.list",
"blockchainvalidatormanager.operations.list",
"capacityplanner.forecasts.list",
"capacityplanner.usageHistories.list",
"carestudio.patients.list",
"certificatemanager.certissuanceconfigs.list",
"certificatemanager.certmapentries.getIamPolicy",
"certificatemanager.certmapentries.list",
"certificatemanager.certmapentries.setIamPolicy",
"certificatemanager.certmaps.getIamPolicy",
"certificatemanager.certmaps.list",
"certificatemanager.certmaps.setIamPolicy",
"certificatemanager.certs.getIamPolicy",
"certificatemanager.certs.list",
"certificatemanager.certs.setIamPolicy",
"certificatemanager.dnsauthorizations.getIamPolicy",
"certificatemanager.dnsauthorizations.list",
"certificatemanager.dnsauthorizations.setIamPolicy",
"certificatemanager.locations.list",
"certificatemanager.operations.list",
"certificatemanager.trustconfigs.list",
Expand Down Expand Up @@ -962,6 +957,7 @@
"datamigration.migrationjobs.getIamPolicy",
"datamigration.migrationjobs.list",
"datamigration.migrationjobs.setIamPolicy",
"datamigration.objects.list",
"datamigration.operations.list",
"datamigration.privateconnections.getIamPolicy",
"datamigration.privateconnections.list",
Expand Down
4 changes: 4 additions & 0 deletions roles/notebooks.legacyAdmin
View file
Original file line number Diff line number Diff line change
Expand Up @@ -391,9 +391,13 @@
"compute.networkAttachments.setIamPolicy",
"compute.networkAttachments.update",
"compute.networkEdgeSecurityServices.create",
"compute.networkEdgeSecurityServices.createTagBinding",
"compute.networkEdgeSecurityServices.delete",
"compute.networkEdgeSecurityServices.deleteTagBinding",
"compute.networkEdgeSecurityServices.get",
"compute.networkEdgeSecurityServices.list",
"compute.networkEdgeSecurityServices.listEffectiveTags",
"compute.networkEdgeSecurityServices.listTagBindings",
"compute.networkEdgeSecurityServices.update",
"compute.networkEndpointGroups.attachNetworkEndpoints",
"compute.networkEndpointGroups.create",
Expand Down
2 changes: 2 additions & 0 deletions roles/notebooks.runner
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,6 +153,8 @@
"compute.networkAttachments.listTagBindings",
"compute.networkEdgeSecurityServices.get",
"compute.networkEdgeSecurityServices.list",
"compute.networkEdgeSecurityServices.listEffectiveTags",
"compute.networkEdgeSecurityServices.listTagBindings",
"compute.networkEndpointGroups.get",
"compute.networkEndpointGroups.list",
"compute.networkEndpointGroups.listEffectiveTags",
Expand Down
2 changes: 2 additions & 0 deletions roles/notebooks.viewer
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,8 @@
"compute.networkAttachments.listTagBindings",
"compute.networkEdgeSecurityServices.get",
"compute.networkEdgeSecurityServices.list",
"compute.networkEdgeSecurityServices.listEffectiveTags",
"compute.networkEdgeSecurityServices.listTagBindings",
"compute.networkEndpointGroups.get",
"compute.networkEndpointGroups.list",
"compute.networkEndpointGroups.listEffectiveTags",
Expand Down
26 changes: 18 additions & 8 deletions roles/owner
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1073,6 +1073,7 @@
"auditmanager.auditReports.get",
"auditmanager.auditReports.list",
"auditmanager.auditScopeReports.generate",
"auditmanager.billingSettings.get",
"auditmanager.controlReports.get",
"auditmanager.controlReports.list",
"auditmanager.controls.list",
Expand Down Expand Up @@ -1639,6 +1640,17 @@
"blockchainnodeengine.operations.delete",
"blockchainnodeengine.operations.get",
"blockchainnodeengine.operations.list",
"blockchainvalidatormanager.blockchainValidatorConfigs.create",
"blockchainvalidatormanager.blockchainValidatorConfigs.delete",
"blockchainvalidatormanager.blockchainValidatorConfigs.get",
"blockchainvalidatormanager.blockchainValidatorConfigs.list",
"blockchainvalidatormanager.blockchainValidatorConfigs.update",
"blockchainvalidatormanager.locations.get",
"blockchainvalidatormanager.locations.list",
"blockchainvalidatormanager.operations.cancel",
"blockchainvalidatormanager.operations.delete",
"blockchainvalidatormanager.operations.get",
"blockchainvalidatormanager.operations.list",
"capacityplanner.forecasts.list",
"capacityplanner.usageHistories.list",
"capacityplanner.usageHistories.summarize",
Expand All @@ -1653,32 +1665,24 @@
"certificatemanager.certmapentries.create",
"certificatemanager.certmapentries.delete",
"certificatemanager.certmapentries.get",
"certificatemanager.certmapentries.getIamPolicy",
"certificatemanager.certmapentries.list",
"certificatemanager.certmapentries.setIamPolicy",
"certificatemanager.certmapentries.update",
"certificatemanager.certmaps.create",
"certificatemanager.certmaps.delete",
"certificatemanager.certmaps.get",
"certificatemanager.certmaps.getIamPolicy",
"certificatemanager.certmaps.list",
"certificatemanager.certmaps.setIamPolicy",
"certificatemanager.certmaps.update",
"certificatemanager.certmaps.use",
"certificatemanager.certs.create",
"certificatemanager.certs.delete",
"certificatemanager.certs.get",
"certificatemanager.certs.getIamPolicy",
"certificatemanager.certs.list",
"certificatemanager.certs.setIamPolicy",
"certificatemanager.certs.update",
"certificatemanager.certs.use",
"certificatemanager.dnsauthorizations.create",
"certificatemanager.dnsauthorizations.delete",
"certificatemanager.dnsauthorizations.get",
"certificatemanager.dnsauthorizations.getIamPolicy",
"certificatemanager.dnsauthorizations.list",
"certificatemanager.dnsauthorizations.setIamPolicy",
"certificatemanager.dnsauthorizations.update",
"certificatemanager.dnsauthorizations.use",
"certificatemanager.locations.get",
Expand Down Expand Up @@ -3597,9 +3601,13 @@
"compute.networkAttachments.setIamPolicy",
"compute.networkAttachments.update",
"compute.networkEdgeSecurityServices.create",
"compute.networkEdgeSecurityServices.createTagBinding",
"compute.networkEdgeSecurityServices.delete",
"compute.networkEdgeSecurityServices.deleteTagBinding",
"compute.networkEdgeSecurityServices.get",
"compute.networkEdgeSecurityServices.list",
"compute.networkEdgeSecurityServices.listEffectiveTags",
"compute.networkEdgeSecurityServices.listTagBindings",
"compute.networkEdgeSecurityServices.update",
"compute.networkEndpointGroups.attachNetworkEndpoints",
"compute.networkEndpointGroups.create",
Expand Down Expand Up @@ -5123,6 +5131,8 @@
"datamigration.migrationjobs.stop",
"datamigration.migrationjobs.update",
"datamigration.migrationjobs.verify",
"datamigration.objects.get",
"datamigration.objects.list",
"datamigration.operations.cancel",
"datamigration.operations.delete",
"datamigration.operations.get",
Expand Down

0 comments on commit 0f95cd9

Please sign in to comment.