GCP IAM Updates Detected

jdyke · Oct 10, 2024 · 4538989 · 4538989
1 parent 9611381
commit 4538989
Show file tree

Hide file tree

Showing 6 changed files with 59 additions and 0 deletions.
diff --git a/roles/cloudcontrolspartner.supportCaseServiceAgent b/roles/cloudcontrolspartner.supportCaseServiceAgent
@@ -0,0 +1,10 @@
+{
+  "description": "Gives the Partner Console service account access to support cases for workloads associated with a partner.",
+  "etag": "AA==",
+  "includedPermissions": [
+    "cloudsupport.techCases.get"
+  ],
+  "name": "roles/cloudcontrolspartner.supportCaseServiceAgent",
+  "stage": "ALPHA",
+  "title": "Cloud Controls Partner Support Case Service Agent"
+}
diff --git a/roles/dataprocrm.nodeServiceAgent b/roles/dataprocrm.nodeServiceAgent
@@ -0,0 +1,20 @@
+{
+  "description": "Dataproc Resource Manager Node Service Agent used to run managed resources in user project with restricted permissions.",
+  "etag": "AA==",
+  "includedPermissions": [
+    "dataprocrm.nodes.get",
+    "dataprocrm.nodes.heartbeat",
+    "dataprocrm.nodes.mintOAuthToken",
+    "logging.logEntries.create",
+    "logging.logEntries.route",
+    "monitoring.metricDescriptors.create",
+    "monitoring.metricDescriptors.get",
+    "monitoring.metricDescriptors.list",
+    "monitoring.monitoredResourceDescriptors.get",
+    "monitoring.monitoredResourceDescriptors.list",
+    "monitoring.timeSeries.create"
+  ],
+  "name": "roles/dataprocrm.nodeServiceAgent",
+  "stage": "ALPHA",
+  "title": "Dataproc Resource Manager Node Service Agent"
+}
diff --git a/roles/eventarc.messageBusAdmin b/roles/eventarc.messageBusAdmin
@@ -0,0 +1,7 @@
+{
+  "description": "Full control over Message Buses resources.",
+  "etag": "AA==",
+  "name": "roles/eventarc.messageBusAdmin",
+  "stage": "ALPHA",
+  "title": "Eventarc Message Bus Admin"
+}
diff --git a/roles/eventarc.messageBusUser b/roles/eventarc.messageBusUser
@@ -0,0 +1,7 @@
+{
+  "description": "Access to publish to or bind to a Message Bus.",
+  "etag": "AA==",
+  "name": "roles/eventarc.messageBusUser",
+  "stage": "ALPHA",
+  "title": "Eventarc Message Bus User"
+}
diff --git a/roles/eventarc.viewer b/roles/eventarc.viewer
@@ -8,11 +8,24 @@
     "eventarc.channels.get",
     "eventarc.channels.getIamPolicy",
     "eventarc.channels.list",
+    "eventarc.enrollments.get",
+    "eventarc.enrollments.getIamPolicy",
+    "eventarc.enrollments.list",
+    "eventarc.googleApiSources.get",
+    "eventarc.googleApiSources.getIamPolicy",
+    "eventarc.googleApiSources.list",
     "eventarc.googleChannelConfigs.get",
     "eventarc.locations.get",
     "eventarc.locations.list",
+    "eventarc.messageBuses.get",
+    "eventarc.messageBuses.getIamPolicy",
+    "eventarc.messageBuses.list",
+    "eventarc.messageBuses.use",
     "eventarc.operations.get",
     "eventarc.operations.list",
+    "eventarc.pipelines.get",
+    "eventarc.pipelines.getIamPolicy",
+    "eventarc.pipelines.list",
     "eventarc.providers.get",
     "eventarc.providers.list",
     "eventarc.triggers.get",

diff --git a/roles/logging.configWriter b/roles/logging.configWriter
@@ -46,6 +46,8 @@
     "logging.sinks.get",
     "logging.sinks.list",
     "logging.sinks.update",
+    "logging.sqlAlerts.create",
+    "logging.sqlAlerts.update",
     "logging.views.create",
     "logging.views.delete",
     "logging.views.get",