GCP IAM Updates Detected

jdyke · Nov 1, 2024 · b81288d · b81288d
1 parent 718a7e7
commit b81288d
Show file tree

Hide file tree

Showing 36 changed files with 323 additions and 5 deletions.
diff --git a/roles/aiplatform.expressAdmin b/roles/aiplatform.expressAdmin
@@ -0,0 +1,20 @@
+{
+  "description": "Grants admin access to Vertex AI Express",
+  "etag": "AA==",
+  "includedPermissions": [
+    "aiplatform.datasetVersions.create",
+    "aiplatform.datasetVersions.delete",
+    "aiplatform.datasetVersions.get",
+    "aiplatform.datasetVersions.list",
+    "aiplatform.datasetVersions.restore",
+    "aiplatform.datasets.create",
+    "aiplatform.datasets.delete",
+    "aiplatform.datasets.get",
+    "aiplatform.datasets.list",
+    "aiplatform.datasets.update",
+    "aiplatform.endpoints.predict"
+  ],
+  "name": "roles/aiplatform.expressAdmin",
+  "stage": "ALPHA",
+  "title": "Vertex AI Platform Express Admin"
+}
diff --git a/roles/aiplatform.expressUser b/roles/aiplatform.expressUser
@@ -0,0 +1,10 @@
+{
+  "description": "Grants user access to Vertex AI Express",
+  "etag": "AA==",
+  "includedPermissions": [
+    "aiplatform.endpoints.predict"
+  ],
+  "name": "roles/aiplatform.expressUser",
+  "stage": "ALPHA",
+  "title": "Vertex AI Platform Express User"
+}
diff --git a/roles/artifactregistry.containerRegistryMigrationAdmin b/roles/artifactregistry.containerRegistryMigrationAdmin
@@ -0,0 +1,26 @@
+{
+  "description": "Access to run migration tooling to migrate from Container Registry to Artifact Registry",
+  "etag": "AA==",
+  "includedPermissions": [
+    "artifactregistry.projectsettings.get",
+    "artifactregistry.projectsettings.update",
+    "artifactregistry.repositories.create",
+    "artifactregistry.repositories.downloadArtifacts",
+    "artifactregistry.repositories.get",
+    "artifactregistry.repositories.getIamPolicy",
+    "artifactregistry.repositories.list",
+    "artifactregistry.repositories.setIamPolicy",
+    "artifactregistry.repositories.uploadArtifacts",
+    "cloudasset.assets.analyzeIamPolicy",
+    "cloudasset.assets.searchAllIamPolicies",
+    "cloudasset.assets.searchAllResources",
+    "iam.roles.get",
+    "resourcemanager.projects.get",
+    "resourcemanager.projects.getIamPolicy",
+    "serviceusage.services.use",
+    "storage.objects.list"
+  ],
+  "name": "roles/artifactregistry.containerRegistryMigrationAdmin",
+  "stage": "GA",
+  "title": "Container Registry -> Artifact Registry Migration Admin"
+}
diff --git a/roles/batch.serviceAgent b/roles/batch.serviceAgent
@@ -234,6 +234,10 @@
     "compute.machineImages.useReadOnly",
     "compute.machineTypes.get",
     "compute.machineTypes.list",
+    "compute.multiMig.create",
+    "compute.multiMig.delete",
+    "compute.multiMig.get",
+    "compute.multiMig.list",
     "compute.networkAttachments.get",
     "compute.networkAttachments.list",
     "compute.networkAttachments.listEffectiveTags",

diff --git a/roles/composer.serviceAgent b/roles/composer.serviceAgent
@@ -438,6 +438,10 @@
     "compute.machineImages.useReadOnly",
     "compute.machineTypes.get",
     "compute.machineTypes.list",
+    "compute.multiMig.create",
+    "compute.multiMig.delete",
+    "compute.multiMig.get",
+    "compute.multiMig.list",
     "compute.networkAttachments.create",
     "compute.networkAttachments.createTagBinding",
     "compute.networkAttachments.delete",
@@ -1590,6 +1594,12 @@
     "networkservices.tlsRoutes.get",
     "networkservices.tlsRoutes.list",
     "networkservices.tlsRoutes.update",
+    "networkservices.wasmPlugins.create",
+    "networkservices.wasmPlugins.delete",
+    "networkservices.wasmPlugins.get",
+    "networkservices.wasmPlugins.list",
+    "networkservices.wasmPlugins.update",
+    "networkservices.wasmPlugins.use",
     "observability.scopes.get",
     "opsconfigmonitoring.resourceMetadata.list",
     "orgpolicy.policy.get",

diff --git a/roles/compute.admin b/roles/compute.admin
@@ -384,6 +384,10 @@
     "compute.machineImages.useReadOnly",
     "compute.machineTypes.get",
     "compute.machineTypes.list",
+    "compute.multiMig.create",
+    "compute.multiMig.delete",
+    "compute.multiMig.get",
+    "compute.multiMig.list",
     "compute.networkAttachments.create",
     "compute.networkAttachments.createTagBinding",
     "compute.networkAttachments.delete",

diff --git a/roles/compute.instanceAdmin.v1 b/roles/compute.instanceAdmin.v1
@@ -242,6 +242,10 @@
     "compute.machineImages.useReadOnly",
     "compute.machineTypes.get",
     "compute.machineTypes.list",
+    "compute.multiMig.create",
+    "compute.multiMig.delete",
+    "compute.multiMig.get",
+    "compute.multiMig.list",
     "compute.networkAttachments.get",
     "compute.networkAttachments.list",
     "compute.networkAttachments.listEffectiveTags",

diff --git a/roles/compute.networkUser b/roles/compute.networkUser
@@ -174,6 +174,9 @@
     "networkservices.tcpRoutes.list",
     "networkservices.tlsRoutes.get",
     "networkservices.tlsRoutes.list",
+    "networkservices.wasmPlugins.get",
+    "networkservices.wasmPlugins.list",
+    "networkservices.wasmPlugins.use",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list",
     "servicenetworking.services.get",

diff --git a/roles/compute.networkViewer b/roles/compute.networkViewer
@@ -291,6 +291,8 @@
     "networkservices.tcpRoutes.list",
     "networkservices.tlsRoutes.get",
     "networkservices.tlsRoutes.list",
+    "networkservices.wasmPlugins.get",
+    "networkservices.wasmPlugins.list",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list",
     "servicenetworking.services.get",

diff --git a/roles/compute.viewer b/roles/compute.viewer
@@ -135,6 +135,8 @@
     "compute.machineImages.list",
     "compute.machineTypes.get",
     "compute.machineTypes.list",
+    "compute.multiMig.get",
+    "compute.multiMig.list",
     "compute.networkAttachments.get",
     "compute.networkAttachments.getIamPolicy",
     "compute.networkAttachments.list",

diff --git a/roles/container.serviceAgent b/roles/container.serviceAgent
@@ -400,6 +400,10 @@
     "compute.machineImages.useReadOnly",
     "compute.machineTypes.get",
     "compute.machineTypes.list",
+    "compute.multiMig.create",
+    "compute.multiMig.delete",
+    "compute.multiMig.get",
+    "compute.multiMig.list",
     "compute.networkAttachments.create",
     "compute.networkAttachments.createTagBinding",
     "compute.networkAttachments.delete",
@@ -1561,6 +1565,24 @@
     "networkservices.tlsRoutes.get",
     "networkservices.tlsRoutes.list",
     "networkservices.tlsRoutes.update",
+    "networkservices.wasmPlugins.create",
+    "networkservices.wasmPlugins.delete",
+    "networkservices.wasmPlugins.get",
+    "networkservices.wasmPlugins.list",
+    "networkservices.wasmPlugins.update",
+    "networkservices.wasmPlugins.use",
+    "parallelstore.instances.create",
+    "parallelstore.instances.delete",
+    "parallelstore.instances.get",
+    "parallelstore.instances.importData",
+    "parallelstore.instances.list",
+    "parallelstore.instances.update",
+    "parallelstore.locations.get",
+    "parallelstore.locations.list",
+    "parallelstore.operations.cancel",
+    "parallelstore.operations.delete",
+    "parallelstore.operations.get",
+    "parallelstore.operations.list",
     "pubsub.topics.create",
     "pubsub.topics.get",
     "pubsub.topics.publish",

diff --git a/roles/dataflow.serviceAgent b/roles/dataflow.serviceAgent
@@ -467,6 +467,10 @@
     "compute.machineImages.useReadOnly",
     "compute.machineTypes.get",
     "compute.machineTypes.list",
+    "compute.multiMig.create",
+    "compute.multiMig.delete",
+    "compute.multiMig.get",
+    "compute.multiMig.list",
     "compute.networkAttachments.create",
     "compute.networkAttachments.createTagBinding",
     "compute.networkAttachments.delete",
@@ -1252,6 +1256,12 @@
     "networkservices.tlsRoutes.get",
     "networkservices.tlsRoutes.list",
     "networkservices.tlsRoutes.update",
+    "networkservices.wasmPlugins.create",
+    "networkservices.wasmPlugins.delete",
+    "networkservices.wasmPlugins.get",
+    "networkservices.wasmPlugins.list",
+    "networkservices.wasmPlugins.update",
+    "networkservices.wasmPlugins.use",
     "observability.scopes.get",
     "opsconfigmonitoring.resourceMetadata.list",
     "orgpolicy.policy.get",

diff --git a/roles/datafusion.serviceAgent b/roles/datafusion.serviceAgent
@@ -512,6 +512,8 @@
     "networkservices.tcpRoutes.list",
     "networkservices.tlsRoutes.get",
     "networkservices.tlsRoutes.list",
+    "networkservices.wasmPlugins.get",
+    "networkservices.wasmPlugins.list",
     "orgpolicy.policy.get",
     "recommender.iamPolicyInsights.get",
     "recommender.iamPolicyInsights.list",

diff --git a/roles/dataplex.discoveryBigLakePublishingServiceAgent b/roles/dataplex.discoveryBigLakePublishingServiceAgent
@@ -6,6 +6,6 @@
     "bigquery.connections.use"
   ],
   "name": "roles/dataplex.discoveryBigLakePublishingServiceAgent",
-  "stage": "ALPHA",
+  "stage": "GA",
   "title": "Dataplex Discovery BigLake Publishing Service Agent"
 }
diff --git a/roles/dataplex.discoveryPublishingServiceAgent b/roles/dataplex.discoveryPublishingServiceAgent
@@ -6,6 +6,6 @@
     "bigquery.datasets.get"
   ],
   "name": "roles/dataplex.discoveryPublishingServiceAgent",
-  "stage": "ALPHA",
+  "stage": "GA",
   "title": "Dataplex Discovery Publishing Service Agent"
 }
diff --git a/roles/dataplex.discoveryServiceAgent b/roles/dataplex.discoveryServiceAgent
@@ -7,6 +7,6 @@
     "storage.objects.list"
   ],
   "name": "roles/dataplex.discoveryServiceAgent",
-  "stage": "ALPHA",
+  "stage": "GA",
   "title": "Dataplex Discovery Service Agent"
 }
diff --git a/roles/dataproc.serviceAgent b/roles/dataproc.serviceAgent
@@ -158,6 +158,10 @@
     "compute.machineImages.useReadOnly",
     "compute.machineTypes.get",
     "compute.machineTypes.list",
+    "compute.multiMig.create",
+    "compute.multiMig.delete",
+    "compute.multiMig.get",
+    "compute.multiMig.list",
     "compute.networkEndpointGroups.attachNetworkEndpoints",
     "compute.networkEndpointGroups.create",
     "compute.networkEndpointGroups.createTagBinding",

diff --git a/roles/designcenter.serviceAgent b/roles/designcenter.serviceAgent
@@ -19,6 +19,6 @@
     "storage.objects.update"
   ],
   "name": "roles/designcenter.serviceAgent",
-  "stage": "ALPHA",
+  "stage": "GA",
   "title": "DesignCenter Service Agent"
 }
diff --git a/roles/genomics.serviceAgent b/roles/genomics.serviceAgent
@@ -242,6 +242,10 @@
     "compute.machineImages.useReadOnly",
     "compute.machineTypes.get",
     "compute.machineTypes.list",
+    "compute.multiMig.create",
+    "compute.multiMig.delete",
+    "compute.multiMig.get",
+    "compute.multiMig.list",
     "compute.networkAttachments.get",
     "compute.networkAttachments.list",
     "compute.networkAttachments.listEffectiveTags",

diff --git a/roles/iam.securityAdmin b/roles/iam.securityAdmin
@@ -661,6 +661,7 @@
     "compute.machineImages.list",
     "compute.machineImages.setIamPolicy",
     "compute.machineTypes.list",
+    "compute.multiMig.list",
     "compute.networkAttachments.getIamPolicy",
     "compute.networkAttachments.list",
     "compute.networkAttachments.setIamPolicy",
@@ -1688,6 +1689,7 @@
     "networkservices.serviceLbPolicies.list",
     "networkservices.tcpRoutes.list",
     "networkservices.tlsRoutes.list",
+    "networkservices.wasmPlugins.list",
     "notebooks.environments.getIamPolicy",
     "notebooks.environments.list",
     "notebooks.environments.setIamPolicy",
@@ -1726,12 +1728,18 @@
     "osconfig.guestPolicies.list",
     "osconfig.instanceOSPoliciesCompliances.list",
     "osconfig.inventories.list",
+    "osconfig.locations.list",
+    "osconfig.operations.list",
     "osconfig.osPolicyAssignmentReports.list",
     "osconfig.osPolicyAssignments.list",
     "osconfig.patchDeployments.list",
     "osconfig.patchJobs.list",
+    "osconfig.policyOrchestrators.list",
     "osconfig.upgradeReports.list",
     "osconfig.vulnerabilityReports.list",
+    "parallelstore.instances.list",
+    "parallelstore.locations.list",
+    "parallelstore.operations.list",
     "paymentsresellersubscription.products.list",
     "paymentsresellersubscription.promotions.list",
     "policyremediatormanager.locations.list",

diff --git a/roles/iam.securityReviewer b/roles/iam.securityReviewer
@@ -588,6 +588,7 @@
     "compute.machineImages.getIamPolicy",
     "compute.machineImages.list",
     "compute.machineTypes.list",
+    "compute.multiMig.list",
     "compute.networkAttachments.getIamPolicy",
     "compute.networkAttachments.list",
     "compute.networkEdgeSecurityServices.list",
@@ -1476,6 +1477,7 @@
     "networkservices.serviceLbPolicies.list",
     "networkservices.tcpRoutes.list",
     "networkservices.tlsRoutes.list",
+    "networkservices.wasmPlugins.list",
     "notebooks.environments.getIamPolicy",
     "notebooks.environments.list",
     "notebooks.executions.getIamPolicy",
@@ -1509,12 +1511,18 @@
     "osconfig.guestPolicies.list",
     "osconfig.instanceOSPoliciesCompliances.list",
     "osconfig.inventories.list",
+    "osconfig.locations.list",
+    "osconfig.operations.list",
     "osconfig.osPolicyAssignmentReports.list",
     "osconfig.osPolicyAssignments.list",
     "osconfig.patchDeployments.list",
     "osconfig.patchJobs.list",
+    "osconfig.policyOrchestrators.list",
     "osconfig.upgradeReports.list",
     "osconfig.vulnerabilityReports.list",
+    "parallelstore.instances.list",
+    "parallelstore.locations.list",
+    "parallelstore.operations.list",
     "paymentsresellersubscription.products.list",
     "paymentsresellersubscription.promotions.list",
     "policyremediatormanager.locations.list",

diff --git a/roles/lifesciences.serviceAgent b/roles/lifesciences.serviceAgent
@@ -242,6 +242,10 @@
     "compute.machineImages.useReadOnly",
     "compute.machineTypes.get",
     "compute.machineTypes.list",
+    "compute.multiMig.create",
+    "compute.multiMig.delete",
+    "compute.multiMig.get",
+    "compute.multiMig.list",
     "compute.networkAttachments.get",
     "compute.networkAttachments.list",
     "compute.networkAttachments.listEffectiveTags",

diff --git a/roles/networkservices.serviceExtensionsAdmin b/roles/networkservices.serviceExtensionsAdmin
@@ -0,0 +1,33 @@
+{
+  "description": "Provides full access to Service Extensions resources.",
+  "etag": "AA==",
+  "includedPermissions": [
+    "networkservices.authzExtensions.create",
+    "networkservices.authzExtensions.delete",
+    "networkservices.authzExtensions.get",
+    "networkservices.authzExtensions.list",
+    "networkservices.authzExtensions.update",
+    "networkservices.authzExtensions.use",
+    "networkservices.lbRouteExtensions.create",
+    "networkservices.lbRouteExtensions.delete",
+    "networkservices.lbRouteExtensions.get",
+    "networkservices.lbRouteExtensions.list",
+    "networkservices.lbRouteExtensions.update",
+    "networkservices.lbTrafficExtensions.create",
+    "networkservices.lbTrafficExtensions.delete",
+    "networkservices.lbTrafficExtensions.get",
+    "networkservices.lbTrafficExtensions.list",
+    "networkservices.lbTrafficExtensions.update",
+    "networkservices.wasmPlugins.create",
+    "networkservices.wasmPlugins.delete",
+    "networkservices.wasmPlugins.get",
+    "networkservices.wasmPlugins.list",
+    "networkservices.wasmPlugins.update",
+    "networkservices.wasmPlugins.use",
+    "resourcemanager.projects.get",
+    "resourcemanager.projects.list"
+  ],
+  "name": "roles/networkservices.serviceExtensionsAdmin",
+  "stage": "BETA",
+  "title": "Service Extensions Admin"
+}