GCP IAM Updates Detected

jdyke · Oct 4, 2024 · 2da0dd2 · 2da0dd2
1 parent 2480efe
commit 2da0dd2
Show file tree

Hide file tree

Showing 73 changed files with 615 additions and 72 deletions.
diff --git a/roles/aiplatform.admin b/roles/aiplatform.admin
@@ -39,6 +39,11 @@
     "aiplatform.batchPredictionJobs.list",
     "aiplatform.cacheConfigs.get",
     "aiplatform.cacheConfigs.update",
+    "aiplatform.cachedContents.create",
+    "aiplatform.cachedContents.delete",
+    "aiplatform.cachedContents.get",
+    "aiplatform.cachedContents.list",
+    "aiplatform.cachedContents.update",
     "aiplatform.consents.get",
     "aiplatform.consents.update",
     "aiplatform.contexts.addContextArtifactsAndExecutions",

diff --git a/roles/aiplatform.customCodeServiceAgent b/roles/aiplatform.customCodeServiceAgent
@@ -38,6 +38,11 @@
     "aiplatform.batchPredictionJobs.get",
     "aiplatform.batchPredictionJobs.list",
     "aiplatform.cacheConfigs.get",
+    "aiplatform.cachedContents.create",
+    "aiplatform.cachedContents.delete",
+    "aiplatform.cachedContents.get",
+    "aiplatform.cachedContents.list",
+    "aiplatform.cachedContents.update",
     "aiplatform.consents.get",
     "aiplatform.contexts.addContextArtifactsAndExecutions",
     "aiplatform.contexts.addContextChildren",

diff --git a/roles/aiplatform.extensionCustomCodeServiceAgent b/roles/aiplatform.extensionCustomCodeServiceAgent
@@ -7,6 +7,11 @@
     "orgpolicy.policy.get",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list",
+    "storage.folders.create",
+    "storage.folders.delete",
+    "storage.folders.get",
+    "storage.folders.list",
+    "storage.folders.rename",
     "storage.managedFolders.create",
     "storage.managedFolders.delete",
     "storage.managedFolders.get",

diff --git a/roles/aiplatform.user b/roles/aiplatform.user
@@ -38,6 +38,11 @@
     "aiplatform.batchPredictionJobs.get",
     "aiplatform.batchPredictionJobs.list",
     "aiplatform.cacheConfigs.get",
+    "aiplatform.cachedContents.create",
+    "aiplatform.cachedContents.delete",
+    "aiplatform.cachedContents.get",
+    "aiplatform.cachedContents.list",
+    "aiplatform.cachedContents.update",
     "aiplatform.consents.get",
     "aiplatform.contexts.addContextArtifactsAndExecutions",
     "aiplatform.contexts.addContextChildren",

diff --git a/roles/billing.admin b/roles/billing.admin
@@ -72,6 +72,11 @@
     "consumerprocurement.consents.revoke",
     "consumerprocurement.events.get",
     "consumerprocurement.events.list",
+    "consumerprocurement.licensePools.assign",
+    "consumerprocurement.licensePools.enumerateLicensedUsers",
+    "consumerprocurement.licensePools.get",
+    "consumerprocurement.licensePools.unassign",
+    "consumerprocurement.licensePools.update",
     "consumerprocurement.orderAttributions.get",
     "consumerprocurement.orderAttributions.list",
     "consumerprocurement.orderAttributions.update",

diff --git a/roles/cloudbuild.serviceAgent b/roles/cloudbuild.serviceAgent
@@ -80,6 +80,7 @@
     "containeranalysis.occurrences.get",
     "containeranalysis.occurrences.list",
     "containeranalysis.occurrences.update",
+    "developerconnect.connections.get",
     "iam.serviceAccounts.get",
     "iam.serviceAccounts.getAccessToken",
     "iam.serviceAccounts.getOpenIdToken",

diff --git a/roles/cloudjobdiscovery.jobsEditor b/roles/cloudjobdiscovery.jobsEditor
@@ -22,5 +22,5 @@
   ],
   "name": "roles/cloudjobdiscovery.jobsEditor",
   "stage": "GA",
-  "title": "Job Editor"
+  "title": "Cloud Talent Solution Job Editor"
 }
diff --git a/roles/cloudjobdiscovery.jobsViewer b/roles/cloudjobdiscovery.jobsViewer
@@ -12,5 +12,5 @@
   ],
   "name": "roles/cloudjobdiscovery.jobsViewer",
   "stage": "GA",
-  "title": "Job Viewer"
+  "title": "Cloud Talent Solution Job Viewer"
 }
diff --git a/roles/cloudjobdiscovery.profilesEditor b/roles/cloudjobdiscovery.profilesEditor
@@ -17,5 +17,5 @@
   ],
   "name": "roles/cloudjobdiscovery.profilesEditor",
   "stage": "GA",
-  "title": "Profile Editor"
+  "title": "Cloud Talent Solution Profile Editor"
 }
diff --git a/roles/cloudjobdiscovery.profilesViewer b/roles/cloudjobdiscovery.profilesViewer
@@ -10,5 +10,5 @@
   ],
   "name": "roles/cloudjobdiscovery.profilesViewer",
   "stage": "GA",
-  "title": "Profile Viewer"
+  "title": "Cloud Talent Solution Profile Viewer"
 }
diff --git a/roles/cloudsql.admin b/roles/cloudsql.admin
@@ -7,6 +7,11 @@
     "cloudsql.backupRuns.delete",
     "cloudsql.backupRuns.get",
     "cloudsql.backupRuns.list",
+    "cloudsql.backups.create",
+    "cloudsql.backups.delete",
+    "cloudsql.backups.get",
+    "cloudsql.backups.list",
+    "cloudsql.backups.update",
     "cloudsql.databases.create",
     "cloudsql.databases.delete",
     "cloudsql.databases.get",
@@ -47,6 +52,8 @@
     "cloudsql.instances.stopReplica",
     "cloudsql.instances.truncateLog",
     "cloudsql.instances.update",
+    "cloudsql.operations.get",
+    "cloudsql.operations.list",
     "cloudsql.schemas.view",
     "cloudsql.sslCerts.create",
     "cloudsql.sslCerts.delete",

diff --git a/roles/cloudsql.editor b/roles/cloudsql.editor
@@ -6,6 +6,10 @@
     "cloudsql.backupRuns.create",
     "cloudsql.backupRuns.get",
     "cloudsql.backupRuns.list",
+    "cloudsql.backups.create",
+    "cloudsql.backups.get",
+    "cloudsql.backups.list",
+    "cloudsql.backups.update",
     "cloudsql.databases.create",
     "cloudsql.databases.get",
     "cloudsql.databases.list",
@@ -31,6 +35,8 @@
     "cloudsql.instances.rotateServerCertificate",
     "cloudsql.instances.truncateLog",
     "cloudsql.instances.update",
+    "cloudsql.operations.get",
+    "cloudsql.operations.list",
     "cloudsql.schemas.view",
     "cloudsql.sslCerts.get",
     "cloudsql.sslCerts.list",

diff --git a/roles/cloudsql.viewer b/roles/cloudsql.viewer
@@ -5,6 +5,8 @@
     "cloudaicompanion.entitlements.get",
     "cloudsql.backupRuns.get",
     "cloudsql.backupRuns.list",
+    "cloudsql.backups.get",
+    "cloudsql.backups.list",
     "cloudsql.databases.get",
     "cloudsql.databases.list",
     "cloudsql.instances.export",
@@ -15,6 +17,8 @@
     "cloudsql.instances.listServerCas",
     "cloudsql.instances.listServerCertificates",
     "cloudsql.instances.listTagBindings",
+    "cloudsql.operations.get",
+    "cloudsql.operations.list",
     "cloudsql.sslCerts.get",
     "cloudsql.sslCerts.list",
     "cloudsql.users.get",

diff --git a/roles/cloudtpu.serviceAgent b/roles/cloudtpu.serviceAgent
@@ -493,7 +493,6 @@
     "compute.regionTargetHttpProxies.listEffectiveTags",
     "compute.regionTargetHttpProxies.listTagBindings",
     "compute.regionTargetHttpProxies.setUrlMap",
-    "compute.regionTargetHttpProxies.update",
     "compute.regionTargetHttpProxies.use",
     "compute.regionTargetHttpsProxies.create",
     "compute.regionTargetHttpsProxies.createTagBinding",

diff --git a/roles/cloudtrace.admin b/roles/cloudtrace.admin
@@ -9,6 +9,11 @@
     "cloudtrace.tasks.delete",
     "cloudtrace.tasks.get",
     "cloudtrace.tasks.list",
+    "cloudtrace.traceScopes.create",
+    "cloudtrace.traceScopes.delete",
+    "cloudtrace.traceScopes.get",
+    "cloudtrace.traceScopes.list",
+    "cloudtrace.traceScopes.update",
     "cloudtrace.traces.get",
     "cloudtrace.traces.list",
     "cloudtrace.traces.patch",

diff --git a/roles/cloudtrace.user b/roles/cloudtrace.user
@@ -9,6 +9,11 @@
     "cloudtrace.tasks.delete",
     "cloudtrace.tasks.get",
     "cloudtrace.tasks.list",
+    "cloudtrace.traceScopes.create",
+    "cloudtrace.traceScopes.delete",
+    "cloudtrace.traceScopes.get",
+    "cloudtrace.traceScopes.list",
+    "cloudtrace.traceScopes.update",
     "cloudtrace.traces.get",
     "cloudtrace.traces.list",
     "observability.scopes.get",

diff --git a/roles/composer.environmentAndStorageObjectAdmin b/roles/composer.environmentAndStorageObjectAdmin
@@ -32,6 +32,11 @@
     "serviceusage.quotas.get",
     "serviceusage.services.get",
     "serviceusage.services.list",
+    "storage.folders.create",
+    "storage.folders.delete",
+    "storage.folders.get",
+    "storage.folders.list",
+    "storage.folders.rename",
     "storage.managedFolders.create",
     "storage.managedFolders.delete",
     "storage.managedFolders.get",

diff --git a/roles/composer.environmentAndStorageObjectUser b/roles/composer.environmentAndStorageObjectUser
@@ -20,6 +20,8 @@
     "serviceusage.quotas.get",
     "serviceusage.services.get",
     "serviceusage.services.list",
+    "storage.folders.get",
+    "storage.folders.list",
     "storage.managedFolders.get",
     "storage.managedFolders.list",
     "storage.objects.get",

diff --git a/roles/composer.environmentAndStorageObjectViewer b/roles/composer.environmentAndStorageObjectViewer
@@ -20,6 +20,8 @@
     "serviceusage.quotas.get",
     "serviceusage.services.get",
     "serviceusage.services.list",
+    "storage.folders.get",
+    "storage.folders.list",
     "storage.managedFolders.get",
     "storage.managedFolders.list",
     "storage.objects.get",

diff --git a/roles/composer.serviceAgent b/roles/composer.serviceAgent
@@ -36,6 +36,11 @@
     "cloudsql.backupRuns.delete",
     "cloudsql.backupRuns.get",
     "cloudsql.backupRuns.list",
+    "cloudsql.backups.create",
+    "cloudsql.backups.delete",
+    "cloudsql.backups.get",
+    "cloudsql.backups.list",
+    "cloudsql.backups.update",
     "cloudsql.databases.create",
     "cloudsql.databases.delete",
     "cloudsql.databases.get",
@@ -76,6 +81,8 @@
     "cloudsql.instances.stopReplica",
     "cloudsql.instances.truncateLog",
     "cloudsql.instances.update",
+    "cloudsql.operations.get",
+    "cloudsql.operations.list",
     "cloudsql.schemas.view",
     "cloudsql.sslCerts.create",
     "cloudsql.sslCerts.delete",
@@ -576,7 +583,6 @@
     "compute.regionTargetHttpProxies.listEffectiveTags",
     "compute.regionTargetHttpProxies.listTagBindings",
     "compute.regionTargetHttpProxies.setUrlMap",
-    "compute.regionTargetHttpProxies.update",
     "compute.regionTargetHttpProxies.use",
     "compute.regionTargetHttpsProxies.create",
     "compute.regionTargetHttpsProxies.createTagBinding",
@@ -1293,9 +1299,13 @@
     "iam.serviceAccounts.getAccessToken",
     "iam.serviceAccounts.list",
     "logging.buckets.create",
+    "logging.buckets.createTagBinding",
     "logging.buckets.delete",
+    "logging.buckets.deleteTagBinding",
     "logging.buckets.get",
     "logging.buckets.list",
+    "logging.buckets.listEffectiveTags",
+    "logging.buckets.listTagBindings",
     "logging.buckets.undelete",
     "logging.buckets.update",
     "logging.exclusions.create",
@@ -1746,6 +1756,11 @@
     "storage.buckets.restore",
     "storage.buckets.setIamPolicy",
     "storage.buckets.update",
+    "storage.folders.create",
+    "storage.folders.delete",
+    "storage.folders.get",
+    "storage.folders.list",
+    "storage.folders.rename",
     "storage.managedFolders.create",
     "storage.managedFolders.delete",
     "storage.managedFolders.get",

diff --git a/roles/composer.worker b/roles/composer.worker
@@ -561,6 +561,11 @@
     "storage.buckets.create",
     "storage.buckets.get",
     "storage.buckets.list",
+    "storage.folders.create",
+    "storage.folders.delete",
+    "storage.folders.get",
+    "storage.folders.list",
+    "storage.folders.rename",
     "storage.managedFolders.create",
     "storage.managedFolders.delete",
     "storage.managedFolders.get",

diff --git a/roles/compute.admin b/roles/compute.admin
@@ -380,13 +380,6 @@
     "compute.machineImages.useReadOnly",
     "compute.machineTypes.get",
     "compute.machineTypes.list",
-    "compute.maintenancePolicies.create",
-    "compute.maintenancePolicies.delete",
-    "compute.maintenancePolicies.get",
-    "compute.maintenancePolicies.getIamPolicy",
-    "compute.maintenancePolicies.list",
-    "compute.maintenancePolicies.setIamPolicy",
-    "compute.maintenancePolicies.use",
     "compute.networkAttachments.create",
     "compute.networkAttachments.createTagBinding",
     "compute.networkAttachments.delete",
@@ -602,7 +595,6 @@
     "compute.regionTargetHttpProxies.listEffectiveTags",
     "compute.regionTargetHttpProxies.listTagBindings",
     "compute.regionTargetHttpProxies.setUrlMap",
-    "compute.regionTargetHttpProxies.update",
     "compute.regionTargetHttpProxies.use",
     "compute.regionTargetHttpsProxies.create",
     "compute.regionTargetHttpsProxies.createTagBinding",

diff --git a/roles/compute.loadBalancerAdmin b/roles/compute.loadBalancerAdmin
@@ -261,7 +261,6 @@
     "compute.regionTargetHttpProxies.listEffectiveTags",
     "compute.regionTargetHttpProxies.listTagBindings",
     "compute.regionTargetHttpProxies.setUrlMap",
-    "compute.regionTargetHttpProxies.update",
     "compute.regionTargetHttpProxies.use",
     "compute.regionTargetHttpsProxies.create",
     "compute.regionTargetHttpsProxies.createTagBinding",

diff --git a/roles/compute.networkAdmin b/roles/compute.networkAdmin
@@ -342,7 +342,6 @@
     "compute.regionTargetHttpProxies.listEffectiveTags",
     "compute.regionTargetHttpProxies.listTagBindings",
     "compute.regionTargetHttpProxies.setUrlMap",
-    "compute.regionTargetHttpProxies.update",
     "compute.regionTargetHttpProxies.use",
     "compute.regionTargetHttpsProxies.create",
     "compute.regionTargetHttpsProxies.createTagBinding",

diff --git a/roles/compute.viewer b/roles/compute.viewer
@@ -135,9 +135,6 @@
     "compute.machineImages.list",
     "compute.machineTypes.get",
     "compute.machineTypes.list",
-    "compute.maintenancePolicies.get",
-    "compute.maintenancePolicies.getIamPolicy",
-    "compute.maintenancePolicies.list",
     "compute.networkAttachments.get",
     "compute.networkAttachments.getIamPolicy",
     "compute.networkAttachments.list",

diff --git a/roles/container.serviceAgent b/roles/container.serviceAgent
@@ -565,7 +565,6 @@
     "compute.regionTargetHttpProxies.listEffectiveTags",
     "compute.regionTargetHttpProxies.listTagBindings",
     "compute.regionTargetHttpProxies.setUrlMap",
-    "compute.regionTargetHttpProxies.update",
     "compute.regionTargetHttpProxies.use",
     "compute.regionTargetHttpsProxies.create",
     "compute.regionTargetHttpsProxies.createTagBinding",

diff --git a/roles/dataflow.serviceAgent b/roles/dataflow.serviceAgent
@@ -604,7 +604,6 @@
     "compute.regionTargetHttpProxies.listEffectiveTags",
     "compute.regionTargetHttpProxies.listTagBindings",
     "compute.regionTargetHttpProxies.setUrlMap",
-    "compute.regionTargetHttpProxies.update",
     "compute.regionTargetHttpProxies.use",
     "compute.regionTargetHttpsProxies.create",
     "compute.regionTargetHttpsProxies.createTagBinding",
@@ -955,9 +954,13 @@
     "iam.serviceAccounts.signBlob",
     "iam.serviceAccounts.signJwt",
     "logging.buckets.create",
+    "logging.buckets.createTagBinding",
     "logging.buckets.delete",
+    "logging.buckets.deleteTagBinding",
     "logging.buckets.get",
     "logging.buckets.list",
+    "logging.buckets.listEffectiveTags",
+    "logging.buckets.listTagBindings",
     "logging.buckets.undelete",
     "logging.buckets.update",
     "logging.exclusions.create",
@@ -1346,6 +1349,11 @@
     "storage.buckets.restore",
     "storage.buckets.setIamPolicy",
     "storage.buckets.update",
+    "storage.folders.create",
+    "storage.folders.delete",
+    "storage.folders.get",
+    "storage.folders.list",
+    "storage.folders.rename",
     "storage.managedFolders.create",
     "storage.managedFolders.delete",
     "storage.managedFolders.get",

diff --git a/roles/datafusion.serviceAgent b/roles/datafusion.serviceAgent
@@ -585,6 +585,11 @@
     "storage.buckets.restore",
     "storage.buckets.setIamPolicy",
     "storage.buckets.update",
+    "storage.folders.create",
+    "storage.folders.delete",
+    "storage.folders.get",
+    "storage.folders.list",
+    "storage.folders.rename",
     "storage.managedFolders.create",
     "storage.managedFolders.delete",
     "storage.managedFolders.get",

diff --git a/roles/datamigration.serviceAgent b/roles/datamigration.serviceAgent
@@ -33,6 +33,7 @@
     "cloudsql.instances.startReplica",
     "cloudsql.instances.stopReplica",
     "cloudsql.instances.update",
+    "cloudsql.operations.get",
     "compute.forwardingRules.use",
     "compute.globalAddresses.create",
     "compute.globalAddresses.createInternal",