GCP IAM Updates Detected

jdyke · Sep 28, 2024 · ea95a9a · ea95a9a
1 parent 92a260e
commit ea95a9a
Show file tree

Hide file tree

Showing 44 changed files with 566 additions and 11 deletions.
diff --git a/roles/apigee.securityAdmin b/roles/apigee.securityAdmin
@@ -38,6 +38,11 @@
     "apigee.securityProfiles.get",
     "apigee.securityProfiles.list",
     "apigee.securityProfiles.update",
+    "apigee.securityProfilesV2.create",
+    "apigee.securityProfilesV2.delete",
+    "apigee.securityProfilesV2.get",
+    "apigee.securityProfilesV2.list",
+    "apigee.securityProfilesV2.update",
     "apigee.securitySettings.get",
     "apigee.securitySettings.update",
     "apigee.securityStats.queryTabularStats",

diff --git a/roles/artifactregistry.createOnPushRepoAdmin b/roles/artifactregistry.createOnPushRepoAdmin
@@ -38,6 +38,11 @@
     "artifactregistry.repositories.listTagBindings",
     "artifactregistry.repositories.readViaVirtualRepository",
     "artifactregistry.repositories.uploadArtifacts",
+    "artifactregistry.rules.create",
+    "artifactregistry.rules.delete",
+    "artifactregistry.rules.get",
+    "artifactregistry.rules.list",
+    "artifactregistry.rules.update",
     "artifactregistry.tags.create",
     "artifactregistry.tags.delete",
     "artifactregistry.tags.get",

diff --git a/roles/artifactregistry.createOnPushWriter b/roles/artifactregistry.createOnPushWriter
@@ -34,6 +34,8 @@
     "artifactregistry.repositories.listTagBindings",
     "artifactregistry.repositories.readViaVirtualRepository",
     "artifactregistry.repositories.uploadArtifacts",
+    "artifactregistry.rules.get",
+    "artifactregistry.rules.list",
     "artifactregistry.tags.create",
     "artifactregistry.tags.get",
     "artifactregistry.tags.list",

diff --git a/roles/artifactregistry.writer b/roles/artifactregistry.writer
@@ -33,6 +33,8 @@
     "artifactregistry.repositories.listTagBindings",
     "artifactregistry.repositories.readViaVirtualRepository",
     "artifactregistry.repositories.uploadArtifacts",
+    "artifactregistry.rules.get",
+    "artifactregistry.rules.list",
     "artifactregistry.tags.create",
     "artifactregistry.tags.get",
     "artifactregistry.tags.list",

diff --git a/roles/assuredoss.admin b/roles/assuredoss.admin
@@ -27,6 +27,8 @@
     "artifactregistry.repositories.listEffectiveTags",
     "artifactregistry.repositories.listTagBindings",
     "artifactregistry.repositories.readViaVirtualRepository",
+    "artifactregistry.rules.get",
+    "artifactregistry.rules.list",
     "artifactregistry.tags.get",
     "artifactregistry.tags.list",
     "artifactregistry.versions.get",

diff --git a/roles/assuredoss.projectAdmin b/roles/assuredoss.projectAdmin
@@ -27,6 +27,8 @@
     "artifactregistry.repositories.listEffectiveTags",
     "artifactregistry.repositories.listTagBindings",
     "artifactregistry.repositories.readViaVirtualRepository",
+    "artifactregistry.rules.get",
+    "artifactregistry.rules.list",
     "artifactregistry.tags.get",
     "artifactregistry.tags.list",
     "artifactregistry.versions.get",

diff --git a/roles/assuredoss.user b/roles/assuredoss.user
@@ -26,6 +26,8 @@
     "artifactregistry.repositories.listEffectiveTags",
     "artifactregistry.repositories.listTagBindings",
     "artifactregistry.repositories.readViaVirtualRepository",
+    "artifactregistry.rules.get",
+    "artifactregistry.rules.list",
     "artifactregistry.tags.get",
     "artifactregistry.tags.list",
     "artifactregistry.versions.get",

diff --git a/roles/cloudbuild.serviceAgent b/roles/cloudbuild.serviceAgent
@@ -35,6 +35,8 @@
     "artifactregistry.repositories.listTagBindings",
     "artifactregistry.repositories.readViaVirtualRepository",
     "artifactregistry.repositories.uploadArtifacts",
+    "artifactregistry.rules.get",
+    "artifactregistry.rules.list",
     "artifactregistry.tags.create",
     "artifactregistry.tags.get",
     "artifactregistry.tags.list",

diff --git a/roles/cloudtpu.serviceAgent b/roles/cloudtpu.serviceAgent
@@ -6,10 +6,14 @@
     "compute.acceleratorTypes.list",
     "compute.addresses.create",
     "compute.addresses.createInternal",
+    "compute.addresses.createTagBinding",
     "compute.addresses.delete",
     "compute.addresses.deleteInternal",
+    "compute.addresses.deleteTagBinding",
     "compute.addresses.get",
     "compute.addresses.list",
+    "compute.addresses.listEffectiveTags",
+    "compute.addresses.listTagBindings",
     "compute.addresses.setLabels",
     "compute.addresses.use",
     "compute.addresses.useInternal",
@@ -112,10 +116,14 @@
     "compute.forwardingRules.use",
     "compute.globalAddresses.create",
     "compute.globalAddresses.createInternal",
+    "compute.globalAddresses.createTagBinding",
     "compute.globalAddresses.delete",
     "compute.globalAddresses.deleteInternal",
+    "compute.globalAddresses.deleteTagBinding",
     "compute.globalAddresses.get",
     "compute.globalAddresses.list",
+    "compute.globalAddresses.listEffectiveTags",
+    "compute.globalAddresses.listTagBindings",
     "compute.globalAddresses.setLabels",
     "compute.globalAddresses.use",
     "compute.globalForwardingRules.create",
@@ -151,7 +159,6 @@
     "compute.globalPublicDelegatedPrefixes.delete",
     "compute.globalPublicDelegatedPrefixes.get",
     "compute.globalPublicDelegatedPrefixes.list",
-    "compute.globalPublicDelegatedPrefixes.update",
     "compute.globalPublicDelegatedPrefixes.updatePolicy",
     "compute.healthChecks.create",
     "compute.healthChecks.createTagBinding",
@@ -345,10 +352,14 @@
     "compute.machineTypes.get",
     "compute.machineTypes.list",
     "compute.networkAttachments.create",
+    "compute.networkAttachments.createTagBinding",
     "compute.networkAttachments.delete",
+    "compute.networkAttachments.deleteTagBinding",
     "compute.networkAttachments.get",
     "compute.networkAttachments.getIamPolicy",
     "compute.networkAttachments.list",
+    "compute.networkAttachments.listEffectiveTags",
+    "compute.networkAttachments.listTagBindings",
     "compute.networkAttachments.setIamPolicy",
     "compute.networkAttachments.update",
     "compute.networkEndpointGroups.attachNetworkEndpoints",
@@ -395,6 +406,8 @@
     "compute.publicDelegatedPrefixes.delete",
     "compute.publicDelegatedPrefixes.get",
     "compute.publicDelegatedPrefixes.list",
+    "compute.publicDelegatedPrefixes.listEffectiveTags",
+    "compute.publicDelegatedPrefixes.listTagBindings",
     "compute.publicDelegatedPrefixes.update",
     "compute.publicDelegatedPrefixes.updatePolicy",
     "compute.regionBackendServices.create",
@@ -557,10 +570,14 @@
     "compute.securityPolicies.listTagBindings",
     "compute.securityPolicies.use",
     "compute.serviceAttachments.create",
+    "compute.serviceAttachments.createTagBinding",
     "compute.serviceAttachments.delete",
+    "compute.serviceAttachments.deleteTagBinding",
     "compute.serviceAttachments.get",
     "compute.serviceAttachments.getIamPolicy",
     "compute.serviceAttachments.list",
+    "compute.serviceAttachments.listEffectiveTags",
+    "compute.serviceAttachments.listTagBindings",
     "compute.serviceAttachments.setIamPolicy",
     "compute.serviceAttachments.update",
     "compute.serviceAttachments.use",

diff --git a/roles/composer.serviceAgent b/roles/composer.serviceAgent
@@ -92,10 +92,14 @@
     "compute.acceleratorTypes.list",
     "compute.addresses.create",
     "compute.addresses.createInternal",
+    "compute.addresses.createTagBinding",
     "compute.addresses.delete",
     "compute.addresses.deleteInternal",
+    "compute.addresses.deleteTagBinding",
     "compute.addresses.get",
     "compute.addresses.list",
+    "compute.addresses.listEffectiveTags",
+    "compute.addresses.listTagBindings",
     "compute.addresses.setLabels",
     "compute.addresses.use",
     "compute.addresses.useInternal",
@@ -195,10 +199,14 @@
     "compute.forwardingRules.use",
     "compute.globalAddresses.create",
     "compute.globalAddresses.createInternal",
+    "compute.globalAddresses.createTagBinding",
     "compute.globalAddresses.delete",
     "compute.globalAddresses.deleteInternal",
+    "compute.globalAddresses.deleteTagBinding",
     "compute.globalAddresses.get",
     "compute.globalAddresses.list",
+    "compute.globalAddresses.listEffectiveTags",
+    "compute.globalAddresses.listTagBindings",
     "compute.globalAddresses.setLabels",
     "compute.globalAddresses.use",
     "compute.globalForwardingRules.create",
@@ -234,7 +242,6 @@
     "compute.globalPublicDelegatedPrefixes.delete",
     "compute.globalPublicDelegatedPrefixes.get",
     "compute.globalPublicDelegatedPrefixes.list",
-    "compute.globalPublicDelegatedPrefixes.update",
     "compute.globalPublicDelegatedPrefixes.updatePolicy",
     "compute.healthChecks.create",
     "compute.healthChecks.createTagBinding",
@@ -428,10 +435,14 @@
     "compute.machineTypes.get",
     "compute.machineTypes.list",
     "compute.networkAttachments.create",
+    "compute.networkAttachments.createTagBinding",
     "compute.networkAttachments.delete",
+    "compute.networkAttachments.deleteTagBinding",
     "compute.networkAttachments.get",
     "compute.networkAttachments.getIamPolicy",
     "compute.networkAttachments.list",
+    "compute.networkAttachments.listEffectiveTags",
+    "compute.networkAttachments.listTagBindings",
     "compute.networkAttachments.setIamPolicy",
     "compute.networkAttachments.update",
     "compute.networkEndpointGroups.attachNetworkEndpoints",
@@ -478,6 +489,8 @@
     "compute.publicDelegatedPrefixes.delete",
     "compute.publicDelegatedPrefixes.get",
     "compute.publicDelegatedPrefixes.list",
+    "compute.publicDelegatedPrefixes.listEffectiveTags",
+    "compute.publicDelegatedPrefixes.listTagBindings",
     "compute.publicDelegatedPrefixes.update",
     "compute.publicDelegatedPrefixes.updatePolicy",
     "compute.regionBackendServices.create",
@@ -640,10 +653,14 @@
     "compute.securityPolicies.listTagBindings",
     "compute.securityPolicies.use",
     "compute.serviceAttachments.create",
+    "compute.serviceAttachments.createTagBinding",
     "compute.serviceAttachments.delete",
+    "compute.serviceAttachments.deleteTagBinding",
     "compute.serviceAttachments.get",
     "compute.serviceAttachments.getIamPolicy",
     "compute.serviceAttachments.list",
+    "compute.serviceAttachments.listEffectiveTags",
+    "compute.serviceAttachments.listTagBindings",
     "compute.serviceAttachments.setIamPolicy",
     "compute.serviceAttachments.update",
     "compute.serviceAttachments.use",
@@ -1677,6 +1694,12 @@
     "recommender.networkAnalyzerGkeIpAddressInsights.get",
     "recommender.networkAnalyzerGkeIpAddressInsights.list",
     "recommender.networkAnalyzerGkeIpAddressInsights.update",
+    "recommender.storageBucketSoftDeleteInsights.get",
+    "recommender.storageBucketSoftDeleteInsights.list",
+    "recommender.storageBucketSoftDeleteInsights.update",
+    "recommender.storageBucketSoftDeleteRecommendations.get",
+    "recommender.storageBucketSoftDeleteRecommendations.list",
+    "recommender.storageBucketSoftDeleteRecommendations.update",
     "resourcemanager.hierarchyNodes.listEffectiveTags",
     "resourcemanager.projects.get",
     "resourcemanager.projects.getIamPolicy",
@@ -1729,6 +1752,8 @@
     "storage.managedFolders.getIamPolicy",
     "storage.managedFolders.list",
     "storage.managedFolders.setIamPolicy",
+    "storage.managementHubs.get",
+    "storage.managementHubs.update",
     "storage.multipartUploads.abort",
     "storage.multipartUploads.create",
     "storage.multipartUploads.list",

diff --git a/roles/compute.admin b/roles/compute.admin
@@ -6,10 +6,14 @@
     "compute.acceleratorTypes.list",
     "compute.addresses.create",
     "compute.addresses.createInternal",
+    "compute.addresses.createTagBinding",
     "compute.addresses.delete",
     "compute.addresses.deleteInternal",
+    "compute.addresses.deleteTagBinding",
     "compute.addresses.get",
     "compute.addresses.list",
+    "compute.addresses.listEffectiveTags",
+    "compute.addresses.listTagBindings",
     "compute.addresses.setLabels",
     "compute.addresses.use",
     "compute.addresses.useInternal",
@@ -137,10 +141,14 @@
     "compute.futureReservations.update",
     "compute.globalAddresses.create",
     "compute.globalAddresses.createInternal",
+    "compute.globalAddresses.createTagBinding",
     "compute.globalAddresses.delete",
     "compute.globalAddresses.deleteInternal",
+    "compute.globalAddresses.deleteTagBinding",
     "compute.globalAddresses.get",
     "compute.globalAddresses.list",
+    "compute.globalAddresses.listEffectiveTags",
+    "compute.globalAddresses.listTagBindings",
     "compute.globalAddresses.setLabels",
     "compute.globalAddresses.use",
     "compute.globalForwardingRules.create",
@@ -180,9 +188,7 @@
     "compute.globalPublicDelegatedPrefixes.delete",
     "compute.globalPublicDelegatedPrefixes.get",
     "compute.globalPublicDelegatedPrefixes.list",
-    "compute.globalPublicDelegatedPrefixes.update",
     "compute.globalPublicDelegatedPrefixes.updatePolicy",
-    "compute.globalPublicDelegatedPrefixes.use",
     "compute.healthChecks.create",
     "compute.healthChecks.createTagBinding",
     "compute.healthChecks.delete",
@@ -382,10 +388,14 @@
     "compute.maintenancePolicies.setIamPolicy",
     "compute.maintenancePolicies.use",
     "compute.networkAttachments.create",
+    "compute.networkAttachments.createTagBinding",
     "compute.networkAttachments.delete",
+    "compute.networkAttachments.deleteTagBinding",
     "compute.networkAttachments.get",
     "compute.networkAttachments.getIamPolicy",
     "compute.networkAttachments.list",
+    "compute.networkAttachments.listEffectiveTags",
+    "compute.networkAttachments.listTagBindings",
     "compute.networkAttachments.setIamPolicy",
     "compute.networkAttachments.update",
     "compute.networkEdgeSecurityServices.create",
@@ -448,7 +458,6 @@
     "compute.nodeTemplates.setIamPolicy",
     "compute.nodeTypes.get",
     "compute.nodeTypes.list",
-    "compute.organizations.administerXpn",
     "compute.organizations.disableXpnHost",
     "compute.organizations.disableXpnResource",
     "compute.organizations.enableXpnHost",
@@ -479,11 +488,14 @@
     "compute.publicAdvertisedPrefixes.list",
     "compute.publicAdvertisedPrefixes.update",
     "compute.publicAdvertisedPrefixes.updatePolicy",
-    "compute.publicAdvertisedPrefixes.use",
     "compute.publicDelegatedPrefixes.create",
+    "compute.publicDelegatedPrefixes.createTagBinding",
     "compute.publicDelegatedPrefixes.delete",
+    "compute.publicDelegatedPrefixes.deleteTagBinding",
     "compute.publicDelegatedPrefixes.get",
     "compute.publicDelegatedPrefixes.list",
+    "compute.publicDelegatedPrefixes.listEffectiveTags",
+    "compute.publicDelegatedPrefixes.listTagBindings",
     "compute.publicDelegatedPrefixes.update",
     "compute.publicDelegatedPrefixes.updatePolicy",
     "compute.publicDelegatedPrefixes.use",
@@ -683,10 +695,14 @@
     "compute.securityPolicies.update",
     "compute.securityPolicies.use",
     "compute.serviceAttachments.create",
+    "compute.serviceAttachments.createTagBinding",
     "compute.serviceAttachments.delete",
+    "compute.serviceAttachments.deleteTagBinding",
     "compute.serviceAttachments.get",
     "compute.serviceAttachments.getIamPolicy",
     "compute.serviceAttachments.list",
+    "compute.serviceAttachments.listEffectiveTags",
+    "compute.serviceAttachments.listTagBindings",
     "compute.serviceAttachments.setIamPolicy",
     "compute.serviceAttachments.update",
     "compute.serviceAttachments.use",

diff --git a/roles/compute.networkViewer b/roles/compute.networkViewer
@@ -6,6 +6,8 @@
     "compute.acceleratorTypes.list",
     "compute.addresses.get",
     "compute.addresses.list",
+    "compute.addresses.listEffectiveTags",
+    "compute.addresses.listTagBindings",
     "compute.autoscalers.get",
     "compute.autoscalers.list",
     "compute.backendBuckets.get",
@@ -32,6 +34,8 @@
     "compute.forwardingRules.listTagBindings",
     "compute.globalAddresses.get",
     "compute.globalAddresses.list",
+    "compute.globalAddresses.listEffectiveTags",
+    "compute.globalAddresses.listTagBindings",
     "compute.globalForwardingRules.get",
     "compute.globalForwardingRules.list",
     "compute.globalForwardingRules.listEffectiveTags",
@@ -84,6 +88,8 @@
     "compute.machineTypes.list",
     "compute.networkAttachments.get",
     "compute.networkAttachments.list",
+    "compute.networkAttachments.listEffectiveTags",
+    "compute.networkAttachments.listTagBindings",
     "compute.networks.get",
     "compute.networks.getEffectiveFirewalls",
     "compute.networks.getRegionEffectiveFirewalls",
@@ -148,6 +154,8 @@
     "compute.routes.listTagBindings",
     "compute.serviceAttachments.get",
     "compute.serviceAttachments.list",
+    "compute.serviceAttachments.listEffectiveTags",
+    "compute.serviceAttachments.listTagBindings",
     "compute.snapshots.listEffectiveTags",
     "compute.snapshots.listTagBindings",
     "compute.sslCertificates.get",

diff --git a/roles/connectors.viewer b/roles/connectors.viewer
@@ -2,6 +2,7 @@
   "description": "Read-only access to Connectors all resources.",
   "etag": "AA==",
   "includedPermissions": [
+    "connectors.connections.generateOpenAPISpec",
     "connectors.connections.get",
     "connectors.connections.getConnectionSchemaMetadata",
     "connectors.connections.getIamPolicy",