diff --git a/infra/gcp/bash/roles/CustomRole.yaml b/infra/gcp/bash/roles/CustomRole.yaml index b65239b288a..6753c934cd2 100644 --- a/infra/gcp/bash/roles/CustomRole.yaml +++ b/infra/gcp/bash/roles/CustomRole.yaml @@ -1,7 +1,8 @@ -# DO NOT EDIT. Generated by generate-role-yaml.sh from ./roles/specs/CustomRole.yaml +# DO NOT EDIT. Generated by generate-role-yaml.sh from infra/gcp/bash/roles/specs/CustomRole.yaml description: View access to billing info includedPermissions: + - billing.accounts.getCarbonInformation - billing.accounts.getPricing - billing.accounts.getSpendingInformation - billing.budgets.get @@ -11,6 +12,7 @@ includedPermissions: - billing.resourceCosts.get - billing.subscriptions.get - billing.subscriptions.list + - commerceoffercatalog.documents.get - commerceoffercatalog.offers.get - resourcemanager.projects.get - resourcemanager.projects.list diff --git a/infra/gcp/bash/roles/audit.viewer.yaml b/infra/gcp/bash/roles/audit.viewer.yaml index d97049aed4b..b9577941d7a 100644 --- a/infra/gcp/bash/roles/audit.viewer.yaml +++ b/infra/gcp/bash/roles/audit.viewer.yaml @@ -1,4 +1,4 @@ -# DO NOT EDIT. Generated by generate-role-yaml.sh from ./roles/specs/audit.viewer.yaml +# DO NOT EDIT. Generated by generate-role-yaml.sh from infra/gcp/bash/roles/specs/audit.viewer.yaml description: View access to resources includedPermissions: @@ -7,11 +7,13 @@ includedPermissions: - accesscontextmanager.accessPolicies.getIamPolicy - accesscontextmanager.accessPolicies.list - accesscontextmanager.accessZones.list + - accesscontextmanager.authorizedOrgsDescs.list - accesscontextmanager.gcpUserAccessBindings.list - accesscontextmanager.policies.getIamPolicy - accesscontextmanager.policies.list - accesscontextmanager.servicePerimeters.list - actions.agentVersions.list + - advisorynotifications.notifications.list - aiplatform.annotationSpecs.list - aiplatform.annotations.list - aiplatform.artifacts.list @@ -21,12 +23,15 @@ includedPermissions: - aiplatform.dataItems.list - aiplatform.dataLabelingJobs.list - aiplatform.datasets.list + - aiplatform.deploymentResourcePools.list - aiplatform.edgeDeploymentJobs.list - aiplatform.edgeDevices.list - aiplatform.endpoints.list + - aiplatform.entityTypes.getIamPolicy - aiplatform.entityTypes.list - aiplatform.executions.list - aiplatform.features.list + - aiplatform.featurestores.getIamPolicy - aiplatform.featurestores.list - aiplatform.humanInTheLoops.list - aiplatform.hyperparameterTuningJobs.list @@ -40,6 +45,7 @@ includedPermissions: - aiplatform.modelEvaluations.list - aiplatform.models.list - aiplatform.nasJobs.list + - aiplatform.nasTrialDetails.list - aiplatform.operations.list - aiplatform.pipelineJobs.list - aiplatform.specialistPools.list @@ -50,6 +56,16 @@ includedPermissions: - aiplatform.tensorboards.list - aiplatform.trainingPipelines.list - aiplatform.trials.list + - alloydb.backups.list + - alloydb.clusters.list + - alloydb.instances.list + - alloydb.locations.list + - alloydb.operations.list + - alloydb.supportedDatabaseFlags.list + - analyticshub.dataExchanges.getIamPolicy + - analyticshub.dataExchanges.list + - analyticshub.listings.getIamPolicy + - analyticshub.listings.list - apigateway.apiconfigs.getIamPolicy - apigateway.apiconfigs.list - apigateway.apis.getIamPolicy @@ -71,6 +87,7 @@ includedPermissions: - apigee.developerattributes.list - apigee.developers.list - apigee.developersubscriptions.list + - apigee.endpointattachments.list - apigee.envgroupattachments.list - apigee.envgroups.list - apigee.environments.getIamPolicy @@ -78,11 +95,14 @@ includedPermissions: - apigee.exports.list - apigee.flowhooks.list - apigee.hostqueries.list + - apigee.hostsecurityreports.list - apigee.instanceattachments.list - apigee.instances.list - apigee.keystorealiases.list - apigee.keystores.list + - apigee.keyvaluemapentries.list - apigee.keyvaluemaps.list + - apigee.nataddresses.list - apigee.operations.list - apigee.organizations.list - apigee.portals.list @@ -93,24 +113,45 @@ includedPermissions: - apigee.references.list - apigee.reports.list - apigee.resourcefiles.list + - apigee.securityIncidents.list + - apigee.securityProfiles.list + - apigee.securityreports.list - apigee.sharedflowrevisions.list - apigee.sharedflows.list - apigee.targetservers.list + - apigee.traceconfigoverrides.list - apigee.tracesessions.list - apigeeconnect.connections.list + - apigeeregistry.apis.getIamPolicy + - apigeeregistry.apis.list + - apigeeregistry.artifacts.getIamPolicy + - apigeeregistry.artifacts.list + - apigeeregistry.deployments.list + - apigeeregistry.locations.list + - apigeeregistry.operations.list + - apigeeregistry.specs.getIamPolicy + - apigeeregistry.specs.list + - apigeeregistry.versions.getIamPolicy + - apigeeregistry.versions.list - apikeys.keys.list - appengine.instances.list - appengine.memcache.list - appengine.operations.list - appengine.services.list - appengine.versions.list + - artifactregistry.dockerimages.list - artifactregistry.files.list + - artifactregistry.locations.list + - artifactregistry.mavenartifacts.list + - artifactregistry.npmpackages.list - artifactregistry.packages.list + - artifactregistry.pythonpackages.list - artifactregistry.repositories.getIamPolicy - artifactregistry.repositories.list - artifactregistry.tags.list - artifactregistry.versions.list - assuredworkloads.operations.list + - assuredworkloads.violations.list - assuredworkloads.workload.list - automl.annotationSpecs.list - automl.annotations.list @@ -118,6 +159,7 @@ includedPermissions: - automl.datasets.getIamPolicy - automl.datasets.list - automl.examples.list + - automl.files.list - automl.humanAnnotationTasks.list - automl.locations.getIamPolicy - automl.locations.list @@ -129,21 +171,62 @@ includedPermissions: - automlrecommendations.apiKeys.list - automlrecommendations.catalogItems.list - automlrecommendations.catalogs.list + - automlrecommendations.eventStores.list - automlrecommendations.events.list - automlrecommendations.placements.list - automlrecommendations.recommendations.list - autoscaling.sites.getIamPolicy + - backupdr.locations.list + - backupdr.managementServers.getIamPolicy + - backupdr.managementServers.list + - backupdr.operations.list + - baremetalsolution.instancequotas.list - baremetalsolution.instances.list + - baremetalsolution.luns.list + - baremetalsolution.maintenanceevents.list + - baremetalsolution.networkquotas.list + - baremetalsolution.networks.list + - baremetalsolution.nfsshares.list + - baremetalsolution.snapshotschedulepolicies.list + - baremetalsolution.sshKeys.list + - baremetalsolution.storageaggregatepools.list + - baremetalsolution.volumequotas.list + - baremetalsolution.volumes.list + - baremetalsolution.volumesnapshots.list + - batch.jobs.list + - batch.locations.list + - batch.operations.list + - batch.tasks.list + - beyondcorp.appConnections.getIamPolicy + - beyondcorp.appConnections.list + - beyondcorp.appConnectors.getIamPolicy + - beyondcorp.appConnectors.list + - beyondcorp.appGateways.getIamPolicy + - beyondcorp.appGateways.list + - beyondcorp.clientConnectorServices.getIamPolicy + - beyondcorp.clientConnectorServices.list + - beyondcorp.clientGateways.getIamPolicy + - beyondcorp.clientGateways.list + - beyondcorp.locations.list + - beyondcorp.operations.list + - beyondcorp.subscriptions.list + - biglake.catalogs.list + - biglake.databases.list + - biglake.locks.list + - biglake.tables.list - bigquery.bireservations.get - bigquery.capacityCommitments.get - bigquery.capacityCommitments.list - bigquery.connections.getIamPolicy - bigquery.connections.list + - bigquery.dataPolicies.getIamPolicy + - bigquery.dataPolicies.list - bigquery.datasets.get - bigquery.datasets.getIamPolicy - bigquery.jobs.get - bigquery.jobs.list - bigquery.jobs.listAll + - bigquery.jobs.listExecutionMetadata - bigquery.models.getMetadata - bigquery.models.list - bigquery.reservationAssignments.list @@ -157,10 +240,14 @@ includedPermissions: - bigquery.tables.get - bigquery.tables.getIamPolicy - bigquery.tables.list + - bigquerymigration.locations.list + - bigquerymigration.subtasks.list + - bigquerymigration.workflows.list - bigtable.appProfiles.list - bigtable.backups.getIamPolicy - bigtable.backups.list - bigtable.clusters.list + - bigtable.hotTablets.list - bigtable.instances.getIamPolicy - bigtable.instances.list - bigtable.keyvisualizer.list @@ -176,35 +263,104 @@ includedPermissions: - binaryauthorization.attestors.getIamPolicy - binaryauthorization.attestors.list - binaryauthorization.continuousValidationConfig.getIamPolicy + - binaryauthorization.platformPolicies.list - binaryauthorization.policy.getIamPolicy + - blockchainnodeengine.blockchainNodes.list + - blockchainnodeengine.locations.list + - blockchainnodeengine.operations.list + - carestudio.patients.list + - certificatemanager.certissuanceconfigs.list + - certificatemanager.certmapentries.getIamPolicy + - certificatemanager.certmapentries.list + - certificatemanager.certmaps.getIamPolicy + - certificatemanager.certmaps.list + - certificatemanager.certs.getIamPolicy + - certificatemanager.certs.list + - certificatemanager.dnsauthorizations.getIamPolicy + - certificatemanager.dnsauthorizations.list + - certificatemanager.locations.list + - certificatemanager.operations.list - clientauthconfig.brands.list - clientauthconfig.clients.list + - cloud.locations.list - cloudasset.assets.analyzeIamPolicy - cloudasset.assets.analyzeMove - cloudasset.assets.exportAccessLevel - cloudasset.assets.exportAccessPolicy + - cloudasset.assets.exportAiplatformBatchPredictionJobs + - cloudasset.assets.exportAiplatformCustomJobs + - cloudasset.assets.exportAiplatformDataLabelingJobs + - cloudasset.assets.exportAiplatformDatasets + - cloudasset.assets.exportAiplatformEndpoints + - cloudasset.assets.exportAiplatformHyperparameterTuningJobs + - cloudasset.assets.exportAiplatformMetadataStores + - cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs + - cloudasset.assets.exportAiplatformModels + - cloudasset.assets.exportAiplatformPipelineJobs + - cloudasset.assets.exportAiplatformSpecialistPools + - cloudasset.assets.exportAiplatformTrainingPipelines - cloudasset.assets.exportAllAccessPolicy + - cloudasset.assets.exportAnthosConnectedCluster + - cloudasset.assets.exportAnthosedgeCluster + - cloudasset.assets.exportApigatewayApi + - cloudasset.assets.exportApigatewayApiConfig + - cloudasset.assets.exportApigatewayGateway + - cloudasset.assets.exportApikeysKeys - cloudasset.assets.exportAppengineApplications - cloudasset.assets.exportAppengineServices - cloudasset.assets.exportAppengineVersions + - cloudasset.assets.exportArtifactregistryDockerImages + - cloudasset.assets.exportArtifactregistryRepositories + - cloudasset.assets.exportAssuredWorkloadsWorkloads + - cloudasset.assets.exportBeyondCorpApiGateways + - cloudasset.assets.exportBeyondCorpAppConnections + - cloudasset.assets.exportBeyondCorpAppConnectors + - cloudasset.assets.exportBeyondCorpAppGateways + - cloudasset.assets.exportBeyondCorpClientConnectorServices + - cloudasset.assets.exportBeyondCorpClientGateways - cloudasset.assets.exportBigqueryDatasets + - cloudasset.assets.exportBigqueryModels - cloudasset.assets.exportBigqueryTables + - cloudasset.assets.exportBigtableAppProfile + - cloudasset.assets.exportBigtableBackup - cloudasset.assets.exportBigtableCluster - cloudasset.assets.exportBigtableInstance - cloudasset.assets.exportBigtableTable + - cloudasset.assets.exportCloudAssetFeeds + - cloudasset.assets.exportCloudDeployDeliveryPipelines + - cloudasset.assets.exportCloudDeployReleases + - cloudasset.assets.exportCloudDeployRollouts + - cloudasset.assets.exportCloudDeployTargets + - cloudasset.assets.exportCloudDocumentAIEvaluation + - cloudasset.assets.exportCloudDocumentAIHumanReviewConfig + - cloudasset.assets.exportCloudDocumentAILabelerPool + - cloudasset.assets.exportCloudDocumentAIProcessor + - cloudasset.assets.exportCloudDocumentAIProcessorVersion - cloudasset.assets.exportCloudbillingBillingAccounts + - cloudasset.assets.exportCloudbillingProjectBillingInfos + - cloudasset.assets.exportCloudfunctionsFunctions + - cloudasset.assets.exportCloudfunctionsGen2Functions - cloudasset.assets.exportCloudkmsCryptoKeyVersions - cloudasset.assets.exportCloudkmsCryptoKeys + - cloudasset.assets.exportCloudkmsEkmConnections - cloudasset.assets.exportCloudkmsImportJobs - cloudasset.assets.exportCloudkmsKeyRings + - cloudasset.assets.exportCloudmemcacheInstances - cloudasset.assets.exportCloudresourcemanagerFolders - cloudasset.assets.exportCloudresourcemanagerOrganizations - cloudasset.assets.exportCloudresourcemanagerProjects + - cloudasset.assets.exportCloudresourcemanagerTagBindings + - cloudasset.assets.exportCloudresourcemanagerTagKeys + - cloudasset.assets.exportCloudresourcemanagerTagValues + - cloudasset.assets.exportComposerEnvironments - cloudasset.assets.exportComputeAddress - cloudasset.assets.exportComputeAutoscalers - cloudasset.assets.exportComputeBackendBuckets - cloudasset.assets.exportComputeBackendServices + - cloudasset.assets.exportComputeCommitments - cloudasset.assets.exportComputeDisks + - cloudasset.assets.exportComputeExternalVpnGateways + - cloudasset.assets.exportComputeFirewallPolicies - cloudasset.assets.exportComputeFirewalls - cloudasset.assets.exportComputeForwardingRules - cloudasset.assets.exportComputeGlobalAddress @@ -220,18 +376,26 @@ includedPermissions: - cloudasset.assets.exportComputeInterconnect - cloudasset.assets.exportComputeInterconnectAttachment - cloudasset.assets.exportComputeLicenses + - cloudasset.assets.exportComputeNetworkEndpointGroups - cloudasset.assets.exportComputeNetworks + - cloudasset.assets.exportComputeNodeGroups + - cloudasset.assets.exportComputeNodeTemplates + - cloudasset.assets.exportComputePacketMirrorings - cloudasset.assets.exportComputeProjects - cloudasset.assets.exportComputeRegionAutoscaler - cloudasset.assets.exportComputeRegionBackendServices - cloudasset.assets.exportComputeRegionDisk - cloudasset.assets.exportComputeRegionInstanceGroup - cloudasset.assets.exportComputeRegionInstanceGroupManager + - cloudasset.assets.exportComputeReservations + - cloudasset.assets.exportComputeResourcePolicies - cloudasset.assets.exportComputeRouters - cloudasset.assets.exportComputeRoutes - cloudasset.assets.exportComputeSecurityPolicy + - cloudasset.assets.exportComputeServiceAttachments - cloudasset.assets.exportComputeSnapshots - cloudasset.assets.exportComputeSslCertificates + - cloudasset.assets.exportComputeSslPolicies - cloudasset.assets.exportComputeSubnetworks - cloudasset.assets.exportComputeTargetHttpProxies - cloudasset.assets.exportComputeTargetHttpsProxies @@ -241,52 +405,452 @@ includedPermissions: - cloudasset.assets.exportComputeTargetTcpProxies - cloudasset.assets.exportComputeTargetVpnGateways - cloudasset.assets.exportComputeUrlMaps + - cloudasset.assets.exportComputeVpnGateways - cloudasset.assets.exportComputeVpnTunnels + - cloudasset.assets.exportConnectorsConnections + - cloudasset.assets.exportConnectorsConnectorVersions + - cloudasset.assets.exportConnectorsConnectors + - cloudasset.assets.exportConnectorsProviders + - cloudasset.assets.exportConnectorsRuntimeConfigs + - cloudasset.assets.exportContainerAppsDeployment + - cloudasset.assets.exportContainerAppsReplicaSets + - cloudasset.assets.exportContainerBatchJobs - cloudasset.assets.exportContainerClusterrole - cloudasset.assets.exportContainerClusterrolebinding - cloudasset.assets.exportContainerClusters + - cloudasset.assets.exportContainerExtensionsIngresses + - cloudasset.assets.exportContainerJobs - cloudasset.assets.exportContainerNamespace + - cloudasset.assets.exportContainerNetworkingIngresses + - cloudasset.assets.exportContainerNetworkingNetworkPolicies - cloudasset.assets.exportContainerNode - cloudasset.assets.exportContainerNodepool - cloudasset.assets.exportContainerPod + - cloudasset.assets.exportContainerReplicaSets - cloudasset.assets.exportContainerRole - cloudasset.assets.exportContainerRolebinding + - cloudasset.assets.exportContainerServices - cloudasset.assets.exportContainerregistryImage + - cloudasset.assets.exportDataMigrationConnectionProfiles + - cloudasset.assets.exportDataMigrationMigrationJobs + - cloudasset.assets.exportDataflowJobs - cloudasset.assets.exportDatafusionInstance + - cloudasset.assets.exportDataplexAssets + - cloudasset.assets.exportDataplexLakes + - cloudasset.assets.exportDataplexTasks + - cloudasset.assets.exportDataplexZones + - cloudasset.assets.exportDataprocAutoscalingPolicies + - cloudasset.assets.exportDataprocBatches - cloudasset.assets.exportDataprocClusters - cloudasset.assets.exportDataprocJobs + - cloudasset.assets.exportDataprocSessions + - cloudasset.assets.exportDataprocWorkflowTemplates + - cloudasset.assets.exportDatastreamConnectionProfile + - cloudasset.assets.exportDatastreamPrivateConnection + - cloudasset.assets.exportDatastreamStream + - cloudasset.assets.exportDialogflowAgents + - cloudasset.assets.exportDialogflowConversationProfiles + - cloudasset.assets.exportDialogflowKnowledgeBases + - cloudasset.assets.exportDialogflowLocationSettings + - cloudasset.assets.exportDlpDeidentifyTemplates + - cloudasset.assets.exportDlpDlpJobs + - cloudasset.assets.exportDlpInspectTemplates + - cloudasset.assets.exportDlpJobTriggers + - cloudasset.assets.exportDlpStoredInfoTypes - cloudasset.assets.exportDnsManagedZones - cloudasset.assets.exportDnsPolicies + - cloudasset.assets.exportDomainsRegistrations + - cloudasset.assets.exportEventarcTriggers + - cloudasset.assets.exportFileBackups + - cloudasset.assets.exportFileInstances + - cloudasset.assets.exportFirebaseAppInfos + - cloudasset.assets.exportFirebaseProjects + - cloudasset.assets.exportFirestoreDatabases + - cloudasset.assets.exportGKEHubFeatures + - cloudasset.assets.exportGKEHubMemberships + - cloudasset.assets.exportGameservicesGameServerClusters + - cloudasset.assets.exportGameservicesGameServerConfigs + - cloudasset.assets.exportGameservicesGameServerDeployments + - cloudasset.assets.exportGameservicesRealms + - cloudasset.assets.exportGkeBackupBackupPlans + - cloudasset.assets.exportGkeBackupBackups + - cloudasset.assets.exportGkeBackupRestorePlans + - cloudasset.assets.exportGkeBackupRestores + - cloudasset.assets.exportGkeBackupVolumeBackups + - cloudasset.assets.exportGkeBackupVolumeRestores + - cloudasset.assets.exportHealthcareConsentStores + - cloudasset.assets.exportHealthcareDatasets + - cloudasset.assets.exportHealthcareDicomStores + - cloudasset.assets.exportHealthcareFhirStores + - cloudasset.assets.exportHealthcareHl7V2Stores - cloudasset.assets.exportIamPolicy - cloudasset.assets.exportIamRoles - cloudasset.assets.exportIamServiceAccountKeys - cloudasset.assets.exportIamServiceAccounts + - cloudasset.assets.exportIapTunnel + - cloudasset.assets.exportIapTunnelInstances + - cloudasset.assets.exportIapTunnelZones + - cloudasset.assets.exportIapWeb + - cloudasset.assets.exportIapWebServiceVersion + - cloudasset.assets.exportIapWebServices + - cloudasset.assets.exportIapWebType + - cloudasset.assets.exportIdsEndpoints + - cloudasset.assets.exportIntegrationsAuthConfigs + - cloudasset.assets.exportIntegrationsCertificates + - cloudasset.assets.exportIntegrationsExecutions + - cloudasset.assets.exportIntegrationsIntegrationVersions + - cloudasset.assets.exportIntegrationsIntegrations + - cloudasset.assets.exportIntegrationsSfdcChannels + - cloudasset.assets.exportIntegrationsSfdcInstances + - cloudasset.assets.exportIntegrationsSuspensions + - cloudasset.assets.exportLoggingLogMetrics + - cloudasset.assets.exportLoggingLogSinks - cloudasset.assets.exportManagedidentitiesDomain + - cloudasset.assets.exportMetastoreBackups + - cloudasset.assets.exportMetastoreMetadataImports + - cloudasset.assets.exportMetastoreServices + - cloudasset.assets.exportMonitoringAlertPolicies + - cloudasset.assets.exportNetworkConnectivityHubs + - cloudasset.assets.exportNetworkConnectivitySpokes + - cloudasset.assets.exportNetworkManagementConnectivityTests + - cloudasset.assets.exportNetworkServicesEndpointPolicies + - cloudasset.assets.exportNetworkServicesGateways + - cloudasset.assets.exportNetworkServicesGrpcRoutes + - cloudasset.assets.exportNetworkServicesHttpRoutes + - cloudasset.assets.exportNetworkServicesMeshes + - cloudasset.assets.exportNetworkServicesServiceBindings + - cloudasset.assets.exportNetworkServicesTcpRoutes + - cloudasset.assets.exportNetworkServicesTlsRoutes + - cloudasset.assets.exportOSConfigOSPolicyAssignmentReports + - cloudasset.assets.exportOSConfigOSPolicyAssignments + - cloudasset.assets.exportOSConfigVulnerabilityReports + - cloudasset.assets.exportOSInventories - cloudasset.assets.exportOrgPolicy + - cloudasset.assets.exportPatchDeployments + - cloudasset.assets.exportPubsubSnapshots - cloudasset.assets.exportPubsubSubscriptions - cloudasset.assets.exportPubsubTopics + - cloudasset.assets.exportRedisInstances - cloudasset.assets.exportResource + - cloudasset.assets.exportSecretManagerSecretVersions + - cloudasset.assets.exportSecretManagerSecrets + - cloudasset.assets.exportServiceDirectoryNamespaces - cloudasset.assets.exportServicePerimeter + - cloudasset.assets.exportServiceconsumermanagementConsumerProperty + - cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits + - cloudasset.assets.exportServiceconsumermanagementConsumers + - cloudasset.assets.exportServiceconsumermanagementProducerOverrides + - cloudasset.assets.exportServiceconsumermanagementTenancyUnits + - cloudasset.assets.exportServiceconsumermanagementVisibility - cloudasset.assets.exportServicemanagementServices + - cloudasset.assets.exportServiceusageAdminOverrides + - cloudasset.assets.exportServiceusageConsumerOverrides + - cloudasset.assets.exportServiceusageServices + - cloudasset.assets.exportSpannerBackups - cloudasset.assets.exportSpannerDatabases - cloudasset.assets.exportSpannerInstances + - cloudasset.assets.exportSpeakerIdPhrases + - cloudasset.assets.exportSpeakerIdSettings + - cloudasset.assets.exportSpeakerIdSpeakers + - cloudasset.assets.exportSpeechCustomClasses + - cloudasset.assets.exportSpeechPhraseSets + - cloudasset.assets.exportSqladminBackupRuns - cloudasset.assets.exportSqladminInstances - cloudasset.assets.exportStorageBuckets + - cloudasset.assets.exportTpuNodes + - cloudasset.assets.exportVpcaccessConnector + - cloudasset.assets.listAccessLevel - cloudasset.assets.listAccessPolicy + - cloudasset.assets.listAiplatformBatchPredictionJobs + - cloudasset.assets.listAiplatformCustomJobs + - cloudasset.assets.listAiplatformDataLabelingJobs + - cloudasset.assets.listAiplatformDatasets + - cloudasset.assets.listAiplatformEndpoints + - cloudasset.assets.listAiplatformHyperparameterTuningJobs + - cloudasset.assets.listAiplatformMetadataStores + - cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs + - cloudasset.assets.listAiplatformModels + - cloudasset.assets.listAiplatformPipelineJobs + - cloudasset.assets.listAiplatformSpecialistPools + - cloudasset.assets.listAiplatformTrainingPipelines + - cloudasset.assets.listAllAccessPolicy + - cloudasset.assets.listAnthosConnectedCluster + - cloudasset.assets.listAnthosedgeCluster + - cloudasset.assets.listApigatewayApi + - cloudasset.assets.listApigatewayApiConfig + - cloudasset.assets.listApigatewayGateway + - cloudasset.assets.listApikeysKeys + - cloudasset.assets.listAppengineApplications + - cloudasset.assets.listAppengineServices + - cloudasset.assets.listAppengineVersions + - cloudasset.assets.listArtifactregistryDockerImages + - cloudasset.assets.listArtifactregistryRepositories + - cloudasset.assets.listAssuredWorkloadsWorkloads + - cloudasset.assets.listBeyondCorpApiGateways + - cloudasset.assets.listBeyondCorpAppConnections + - cloudasset.assets.listBeyondCorpAppConnectors + - cloudasset.assets.listBeyondCorpAppGateways + - cloudasset.assets.listBeyondCorpClientConnectorServices + - cloudasset.assets.listBeyondCorpClientGateways + - cloudasset.assets.listBigqueryDatasets + - cloudasset.assets.listBigqueryModels + - cloudasset.assets.listBigqueryTables + - cloudasset.assets.listBigtableAppProfile + - cloudasset.assets.listBigtableBackup + - cloudasset.assets.listBigtableCluster + - cloudasset.assets.listBigtableInstance + - cloudasset.assets.listBigtableTable + - cloudasset.assets.listCloudAssetFeeds + - cloudasset.assets.listCloudDeployDeliveryPipelines + - cloudasset.assets.listCloudDeployReleases + - cloudasset.assets.listCloudDeployRollouts + - cloudasset.assets.listCloudDeployTargets + - cloudasset.assets.listCloudDocumentAIEvaluation + - cloudasset.assets.listCloudDocumentAIHumanReviewConfig + - cloudasset.assets.listCloudDocumentAILabelerPool + - cloudasset.assets.listCloudDocumentAIProcessor + - cloudasset.assets.listCloudDocumentAIProcessorVersion + - cloudasset.assets.listCloudbillingBillingAccounts + - cloudasset.assets.listCloudbillingProjectBillingInfos + - cloudasset.assets.listCloudfunctionsFunctions + - cloudasset.assets.listCloudfunctionsGen2Functions + - cloudasset.assets.listCloudkmsCryptoKeyVersions - cloudasset.assets.listCloudkmsCryptoKeys + - cloudasset.assets.listCloudkmsEkmConnections + - cloudasset.assets.listCloudkmsImportJobs + - cloudasset.assets.listCloudkmsKeyRings + - cloudasset.assets.listCloudmemcacheInstances + - cloudasset.assets.listCloudresourcemanagerFolders + - cloudasset.assets.listCloudresourcemanagerOrganizations + - cloudasset.assets.listCloudresourcemanagerProjects + - cloudasset.assets.listCloudresourcemanagerTagBindings + - cloudasset.assets.listCloudresourcemanagerTagKeys + - cloudasset.assets.listCloudresourcemanagerTagValues + - cloudasset.assets.listComposerEnvironments + - cloudasset.assets.listComputeAddress + - cloudasset.assets.listComputeAutoscalers + - cloudasset.assets.listComputeBackendBuckets + - cloudasset.assets.listComputeBackendServices + - cloudasset.assets.listComputeCommitments + - cloudasset.assets.listComputeDisks + - cloudasset.assets.listComputeExternalVpnGateways + - cloudasset.assets.listComputeFirewallPolicies + - cloudasset.assets.listComputeFirewalls + - cloudasset.assets.listComputeForwardingRules + - cloudasset.assets.listComputeGlobalAddress + - cloudasset.assets.listComputeGlobalForwardingRules + - cloudasset.assets.listComputeHealthChecks + - cloudasset.assets.listComputeHttpHealthChecks + - cloudasset.assets.listComputeHttpsHealthChecks + - cloudasset.assets.listComputeImages + - cloudasset.assets.listComputeInstanceGroupManagers + - cloudasset.assets.listComputeInstanceGroups + - cloudasset.assets.listComputeInstanceTemplates + - cloudasset.assets.listComputeInstances + - cloudasset.assets.listComputeInterconnect + - cloudasset.assets.listComputeInterconnectAttachment + - cloudasset.assets.listComputeLicenses + - cloudasset.assets.listComputeNetworkEndpointGroups + - cloudasset.assets.listComputeNetworks + - cloudasset.assets.listComputeNodeGroups + - cloudasset.assets.listComputeNodeTemplates + - cloudasset.assets.listComputePacketMirrorings + - cloudasset.assets.listComputeProjects + - cloudasset.assets.listComputeRegionAutoscaler + - cloudasset.assets.listComputeRegionBackendServices + - cloudasset.assets.listComputeRegionDisk + - cloudasset.assets.listComputeRegionInstanceGroup + - cloudasset.assets.listComputeRegionInstanceGroupManager + - cloudasset.assets.listComputeReservations + - cloudasset.assets.listComputeResourcePolicies + - cloudasset.assets.listComputeRouters + - cloudasset.assets.listComputeRoutes + - cloudasset.assets.listComputeSecurityPolicy + - cloudasset.assets.listComputeServiceAttachments + - cloudasset.assets.listComputeSnapshots + - cloudasset.assets.listComputeSslCertificates + - cloudasset.assets.listComputeSslPolicies + - cloudasset.assets.listComputeSubnetworks + - cloudasset.assets.listComputeTargetHttpProxies + - cloudasset.assets.listComputeTargetHttpsProxies + - cloudasset.assets.listComputeTargetInstances + - cloudasset.assets.listComputeTargetPools + - cloudasset.assets.listComputeTargetSslProxies + - cloudasset.assets.listComputeTargetTcpProxies + - cloudasset.assets.listComputeTargetVpnGateways + - cloudasset.assets.listComputeUrlMaps + - cloudasset.assets.listComputeVpnGateways + - cloudasset.assets.listComputeVpnTunnels + - cloudasset.assets.listConnectorsConnections + - cloudasset.assets.listConnectorsConnectorVersions + - cloudasset.assets.listConnectorsConnectors + - cloudasset.assets.listConnectorsProviders + - cloudasset.assets.listConnectorsRuntimeConfigs + - cloudasset.assets.listContainerAppsDeployment + - cloudasset.assets.listContainerAppsReplicaSets + - cloudasset.assets.listContainerBatchJobs + - cloudasset.assets.listContainerClusterrole + - cloudasset.assets.listContainerClusterrolebinding + - cloudasset.assets.listContainerClusters + - cloudasset.assets.listContainerExtensionsIngresses + - cloudasset.assets.listContainerJobs + - cloudasset.assets.listContainerNamespace + - cloudasset.assets.listContainerNetworkingIngresses + - cloudasset.assets.listContainerNetworkingNetworkPolicies + - cloudasset.assets.listContainerNode + - cloudasset.assets.listContainerNodepool + - cloudasset.assets.listContainerPod + - cloudasset.assets.listContainerReplicaSets + - cloudasset.assets.listContainerRole + - cloudasset.assets.listContainerRolebinding + - cloudasset.assets.listContainerServices + - cloudasset.assets.listContainerregistryImage + - cloudasset.assets.listDataMigrationConnectionProfiles + - cloudasset.assets.listDataMigrationMigrationJobs + - cloudasset.assets.listDataflowJobs + - cloudasset.assets.listDatafusionInstance + - cloudasset.assets.listDataplexAssets + - cloudasset.assets.listDataplexLakes + - cloudasset.assets.listDataplexTasks + - cloudasset.assets.listDataplexZones + - cloudasset.assets.listDataprocAutoscalingPolicies + - cloudasset.assets.listDataprocBatches + - cloudasset.assets.listDataprocClusters + - cloudasset.assets.listDataprocJobs + - cloudasset.assets.listDataprocSessions + - cloudasset.assets.listDataprocWorkflowTemplates + - cloudasset.assets.listDatastreamConnectionProfile + - cloudasset.assets.listDatastreamPrivateConnection + - cloudasset.assets.listDatastreamStream + - cloudasset.assets.listDialogflowAgents + - cloudasset.assets.listDialogflowConversationProfiles + - cloudasset.assets.listDialogflowKnowledgeBases + - cloudasset.assets.listDialogflowLocationSettings + - cloudasset.assets.listDlpDeidentifyTemplates + - cloudasset.assets.listDlpDlpJobs + - cloudasset.assets.listDlpInspectTemplates + - cloudasset.assets.listDlpJobTriggers + - cloudasset.assets.listDlpStoredInfoTypes + - cloudasset.assets.listDnsManagedZones + - cloudasset.assets.listDnsPolicies + - cloudasset.assets.listDomainsRegistrations + - cloudasset.assets.listEventarcTriggers + - cloudasset.assets.listFileBackups + - cloudasset.assets.listFileInstances + - cloudasset.assets.listFirebaseAppInfos + - cloudasset.assets.listFirebaseProjects + - cloudasset.assets.listFirestoreDatabases + - cloudasset.assets.listGKEHubFeatures + - cloudasset.assets.listGKEHubMemberships + - cloudasset.assets.listGameservicesGameServerClusters + - cloudasset.assets.listGameservicesGameServerConfigs + - cloudasset.assets.listGameservicesGameServerDeployments + - cloudasset.assets.listGameservicesRealms + - cloudasset.assets.listGkeBackupBackupPlans + - cloudasset.assets.listGkeBackupBackups + - cloudasset.assets.listGkeBackupRestorePlans + - cloudasset.assets.listGkeBackupRestores + - cloudasset.assets.listGkeBackupVolumeBackups + - cloudasset.assets.listGkeBackupVolumeRestores + - cloudasset.assets.listHealthcareConsentStores + - cloudasset.assets.listHealthcareDatasets + - cloudasset.assets.listHealthcareDicomStores + - cloudasset.assets.listHealthcareFhirStores + - cloudasset.assets.listHealthcareHl7V2Stores - cloudasset.assets.listIamPolicy + - cloudasset.assets.listIamRoles + - cloudasset.assets.listIamServiceAccountKeys + - cloudasset.assets.listIamServiceAccounts + - cloudasset.assets.listIapTunnel + - cloudasset.assets.listIapTunnelInstances + - cloudasset.assets.listIapTunnelZones + - cloudasset.assets.listIapWeb + - cloudasset.assets.listIapWebServiceVersion + - cloudasset.assets.listIapWebServices + - cloudasset.assets.listIapWebType + - cloudasset.assets.listIdsEndpoints + - cloudasset.assets.listIntegrationsAuthConfigs + - cloudasset.assets.listIntegrationsCertificates + - cloudasset.assets.listIntegrationsExecutions + - cloudasset.assets.listIntegrationsIntegrationVersions + - cloudasset.assets.listIntegrationsIntegrations + - cloudasset.assets.listIntegrationsSfdcChannels + - cloudasset.assets.listIntegrationsSfdcInstances + - cloudasset.assets.listIntegrationsSuspensions + - cloudasset.assets.listLoggingLogMetrics + - cloudasset.assets.listLoggingLogSinks + - cloudasset.assets.listManagedidentitiesDomain + - cloudasset.assets.listMetastoreBackups + - cloudasset.assets.listMetastoreMetadataImports + - cloudasset.assets.listMetastoreServices + - cloudasset.assets.listMonitoringAlertPolicies + - cloudasset.assets.listNetworkConnectivityHubs + - cloudasset.assets.listNetworkConnectivitySpokes + - cloudasset.assets.listNetworkManagementConnectivityTests + - cloudasset.assets.listNetworkServicesEndpointPolicies + - cloudasset.assets.listNetworkServicesGateways + - cloudasset.assets.listNetworkServicesGrpcRoutes + - cloudasset.assets.listNetworkServicesHttpRoutes + - cloudasset.assets.listNetworkServicesMeshes + - cloudasset.assets.listNetworkServicesServiceBindings + - cloudasset.assets.listNetworkServicesTcpRoutes + - cloudasset.assets.listNetworkServicesTlsRoutes + - cloudasset.assets.listOSConfigOSPolicyAssignmentReports + - cloudasset.assets.listOSConfigOSPolicyAssignments + - cloudasset.assets.listOSConfigVulnerabilityReports - cloudasset.assets.listOSInventories - cloudasset.assets.listOrgPolicy + - cloudasset.assets.listPatchDeployments + - cloudasset.assets.listPubsubSnapshots + - cloudasset.assets.listPubsubSubscriptions + - cloudasset.assets.listPubsubTopics + - cloudasset.assets.listRedisInstances - cloudasset.assets.listResource + - cloudasset.assets.listRunDomainMapping + - cloudasset.assets.listRunRevision + - cloudasset.assets.listRunService + - cloudasset.assets.listSecretManagerSecretVersions + - cloudasset.assets.listSecretManagerSecrets + - cloudasset.assets.listServiceDirectoryNamespaces + - cloudasset.assets.listServicePerimeter + - cloudasset.assets.listServiceconsumermanagementConsumerProperty + - cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits + - cloudasset.assets.listServiceconsumermanagementConsumers + - cloudasset.assets.listServiceconsumermanagementProducerOverrides + - cloudasset.assets.listServiceconsumermanagementTenancyUnits + - cloudasset.assets.listServiceconsumermanagementVisibility + - cloudasset.assets.listServicemanagementServices + - cloudasset.assets.listServiceusageAdminOverrides + - cloudasset.assets.listServiceusageConsumerOverrides + - cloudasset.assets.listServiceusageServices + - cloudasset.assets.listSpannerBackups + - cloudasset.assets.listSpannerDatabases + - cloudasset.assets.listSpannerInstances + - cloudasset.assets.listSpeakerIdPhrases + - cloudasset.assets.listSpeakerIdSettings + - cloudasset.assets.listSpeakerIdSpeakers + - cloudasset.assets.listSpeechCustomClasses + - cloudasset.assets.listSpeechPhraseSets + - cloudasset.assets.listSqladminBackupRuns + - cloudasset.assets.listSqladminInstances + - cloudasset.assets.listStorageBuckets + - cloudasset.assets.listTpuNodes + - cloudasset.assets.listVpcaccessConnector - cloudasset.assets.searchAllIamPolicies - cloudasset.assets.searchAllResources - cloudasset.feeds.list + - cloudasset.savedqueries.list - cloudbuild.builds.list + - cloudbuild.connections.getIamPolicy + - cloudbuild.connections.list + - cloudbuild.integrations.list + - cloudbuild.repositories.list - cloudbuild.workerpools.list - clouddebugger.breakpoints.list - clouddebugger.debuggees.list - clouddeploy.deliveryPipelines.getIamPolicy - clouddeploy.deliveryPipelines.list + - clouddeploy.jobRuns.list - clouddeploy.locations.list - clouddeploy.operations.list - clouddeploy.releases.list @@ -297,6 +861,7 @@ includedPermissions: - cloudfunctions.functions.list - cloudfunctions.locations.list - cloudfunctions.operations.list + - cloudfunctions.runtimes.list - cloudiot.devices.list - cloudiot.registries.getIamPolicy - cloudiot.registries.list @@ -305,6 +870,9 @@ includedPermissions: - cloudkms.cryptoKeyVersions.viewPublicKey - cloudkms.cryptoKeys.getIamPolicy - cloudkms.cryptoKeys.list + - cloudkms.ekmConfigs.getIamPolicy + - cloudkms.ekmConnections.getIamPolicy + - cloudkms.ekmConnections.list - cloudkms.importJobs.getIamPolicy - cloudkms.importJobs.list - cloudkms.keyRings.getIamPolicy @@ -350,6 +918,7 @@ includedPermissions: - cloudtrace.traces.get - cloudtrace.traces.list - cloudtranslate.glossaries.list + - cloudtranslate.glossaryentries.list - cloudtranslate.locations.list - cloudtranslate.operations.list - cloudvolumesgcp-api.netapp.com/activeDirectories.list @@ -358,8 +927,13 @@ includedPermissions: - cloudvolumesgcp-api.netapp.com/regions.list - cloudvolumesgcp-api.netapp.com/serviceLevels.list - cloudvolumesgcp-api.netapp.com/snapshots.list + - cloudvolumesgcp-api.netapp.com/volumereplication.list - cloudvolumesgcp-api.netapp.com/volumes.list + - commercebusinessenablement.partnerAccounts.list + - commerceorggovernance.collections.list + - commerceorggovernance.services.list - commerceprice.privateoffers.list + - composer.dags.list - composer.environments.list - composer.imageversions.list - composer.operations.list @@ -370,6 +944,7 @@ includedPermissions: - compute.autoscalers.get - compute.autoscalers.list - compute.backendBuckets.get + - compute.backendBuckets.getIamPolicy - compute.backendBuckets.list - compute.backendServices.get - compute.backendServices.getIamPolicy @@ -381,6 +956,8 @@ includedPermissions: - compute.disks.get - compute.disks.getIamPolicy - compute.disks.list + - compute.disks.listEffectiveTags + - compute.disks.listTagBindings - compute.externalVpnGateways.get - compute.externalVpnGateways.list - compute.firewallPolicies.get @@ -411,6 +988,8 @@ includedPermissions: - compute.images.getFromFamily - compute.images.getIamPolicy - compute.images.list + - compute.images.listEffectiveTags + - compute.images.listTagBindings - compute.instanceGroupManagers.get - compute.instanceGroupManagers.list - compute.instanceGroups.get @@ -427,7 +1006,9 @@ includedPermissions: - compute.instances.getShieldedInstanceIdentity - compute.instances.getShieldedVmIdentity - compute.instances.list + - compute.instances.listEffectiveTags - compute.instances.listReferrers + - compute.instances.listTagBindings - compute.interconnectAttachments.get - compute.interconnectAttachments.list - compute.interconnectLocations.get @@ -448,11 +1029,16 @@ includedPermissions: - compute.maintenancePolicies.get - compute.maintenancePolicies.getIamPolicy - compute.maintenancePolicies.list + - compute.networkAttachments.get + - compute.networkAttachments.list + - compute.networkEdgeSecurityServices.get + - compute.networkEdgeSecurityServices.list - compute.networkEndpointGroups.get - compute.networkEndpointGroups.getIamPolicy - compute.networkEndpointGroups.list - compute.networks.get - compute.networks.getEffectiveFirewalls + - compute.networks.getRegionEffectiveFirewalls - compute.networks.list - compute.networks.listPeeringRoutes - compute.nodeGroups.get @@ -464,6 +1050,8 @@ includedPermissions: - compute.nodeTypes.get - compute.nodeTypes.list - compute.organizations.listAssociations + - compute.packetMirrorings.get + - compute.packetMirrorings.list - compute.projects.get - compute.publicAdvertisedPrefixes.get - compute.publicAdvertisedPrefixes.list @@ -472,6 +1060,9 @@ includedPermissions: - compute.regionBackendServices.get - compute.regionBackendServices.getIamPolicy - compute.regionBackendServices.list + - compute.regionFirewallPolicies.get + - compute.regionFirewallPolicies.getIamPolicy + - compute.regionFirewallPolicies.list - compute.regionHealthCheckServices.get - compute.regionHealthCheckServices.list - compute.regionHealthChecks.get @@ -483,12 +1074,19 @@ includedPermissions: - compute.regionOperations.get - compute.regionOperations.getIamPolicy - compute.regionOperations.list + - compute.regionSecurityPolicies.get + - compute.regionSecurityPolicies.list - compute.regionSslCertificates.get - compute.regionSslCertificates.list + - compute.regionSslPolicies.get + - compute.regionSslPolicies.list + - compute.regionSslPolicies.listAvailableFeatures - compute.regionTargetHttpProxies.get - compute.regionTargetHttpProxies.list - compute.regionTargetHttpsProxies.get - compute.regionTargetHttpsProxies.list + - compute.regionTargetTcpProxies.get + - compute.regionTargetTcpProxies.list - compute.regionUrlMaps.get - compute.regionUrlMaps.list - compute.regions.get @@ -496,6 +1094,7 @@ includedPermissions: - compute.reservations.get - compute.reservations.list - compute.resourcePolicies.get + - compute.resourcePolicies.getIamPolicy - compute.resourcePolicies.list - compute.routers.get - compute.routers.list @@ -505,10 +1104,13 @@ includedPermissions: - compute.securityPolicies.getIamPolicy - compute.securityPolicies.list - compute.serviceAttachments.get + - compute.serviceAttachments.getIamPolicy - compute.serviceAttachments.list - compute.snapshots.get - compute.snapshots.getIamPolicy - compute.snapshots.list + - compute.snapshots.listEffectiveTags + - compute.snapshots.listTagBindings - compute.sslCertificates.get - compute.sslCertificates.list - compute.sslPolicies.get @@ -544,16 +1146,33 @@ includedPermissions: - compute.zoneOperations.list - compute.zones.get - compute.zones.list + - confidentialcomputing.locations.list + - connectors.actions.list + - connectors.connections.getIamPolicy + - connectors.connections.list + - connectors.connectors.list + - connectors.entities.list + - connectors.entityTypes.list + - connectors.locations.list + - connectors.operations.list + - connectors.providers.list + - connectors.versions.list - consumerprocurement.accounts.list + - consumerprocurement.consents.list - consumerprocurement.entitlements.list - consumerprocurement.freeTrials.list + - consumerprocurement.orderAttributions.list - consumerprocurement.orders.list + - contactcenteraiplatform.contactCenters.list + - contactcenteraiplatform.locations.list + - contactcenteraiplatform.operations.list - contactcenterinsights.analyses.list - contactcenterinsights.conversations.list - contactcenterinsights.issueModels.list - contactcenterinsights.issues.list - contactcenterinsights.operations.list - contactcenterinsights.phraseMatchers.list + - contactcenterinsights.views.list - container.apiServices.list - container.auditSinks.list - container.backendConfigs.list @@ -626,21 +1245,46 @@ includedPermissions: - containeranalysis.notes.list - containeranalysis.occurrences.getIamPolicy - containeranalysis.occurrences.list + - containersecurity.clusterSummaries.list + - containersecurity.findings.list + - containersecurity.locations.list + - containersecurity.workloadConfigAudits.list + - contentwarehouse.documentSchemas.list + - contentwarehouse.documents.getIamPolicy + - contentwarehouse.ruleSets.list + - contentwarehouse.synonymSets.list - datacatalog.categories.getIamPolicy - datacatalog.entries.getIamPolicy - datacatalog.entries.list - datacatalog.entryGroups.getIamPolicy - datacatalog.entryGroups.list + - datacatalog.relationships.list - datacatalog.tagTemplates.getIamPolicy - datacatalog.taxonomies.getIamPolicy - datacatalog.taxonomies.list + - dataconnectors.connectors.getIamPolicy + - dataconnectors.connectors.list + - dataconnectors.locations.list + - dataconnectors.operations.list - dataflow.jobs.list - dataflow.messages.list - dataflow.snapshots.list + - dataform.compilationResults.list + - dataform.locations.list + - dataform.repositories.getIamPolicy + - dataform.repositories.list + - dataform.workflowInvocations.list + - dataform.workspaces.getIamPolicy + - dataform.workspaces.list + - datafusion.artifacts.list - datafusion.instances.getIamPolicy - datafusion.instances.list - datafusion.locations.list - datafusion.operations.list + - datafusion.pipelineConnections.list + - datafusion.pipelines.list + - datafusion.profiles.list + - datafusion.secureKeys.list - datalabeling.annotateddatasets.list - datalabeling.annotationspecsets.list - datalabeling.dataitems.list @@ -648,16 +1292,53 @@ includedPermissions: - datalabeling.examples.list - datalabeling.instructions.list - datalabeling.operations.list + - datalineage.events.list + - datalineage.processes.list + - datalineage.runs.list - datamigration.connectionprofiles.getIamPolicy - datamigration.connectionprofiles.list + - datamigration.conversionworkspaces.getIamPolicy + - datamigration.conversionworkspaces.list - datamigration.locations.list + - datamigration.mappingrules.getIamPolicy - datamigration.migrationjobs.getIamPolicy - datamigration.migrationjobs.list - datamigration.operations.list + - datamigration.privateconnections.getIamPolicy + - datamigration.privateconnections.list + - datapipelines.jobs.list - datapipelines.pipelines.list + - dataplex.assetActions.list + - dataplex.assets.getIamPolicy + - dataplex.assets.list + - dataplex.content.getIamPolicy + - dataplex.content.list + - dataplex.dataAttributeBindings.getIamPolicy + - dataplex.dataAttributeBindings.list + - dataplex.dataAttributes.getIamPolicy + - dataplex.dataAttributes.list + - dataplex.dataTaxonomies.getIamPolicy + - dataplex.dataTaxonomies.list + - dataplex.datascans.getIamPolicy + - dataplex.datascans.list + - dataplex.entities.list + - dataplex.environments.getIamPolicy + - dataplex.environments.list + - dataplex.lakeActions.list + - dataplex.lakes.getIamPolicy + - dataplex.lakes.list + - dataplex.locations.list + - dataplex.operations.list + - dataplex.partitions.list + - dataplex.tasks.getIamPolicy + - dataplex.tasks.list + - dataplex.zoneActions.list + - dataplex.zones.getIamPolicy + - dataplex.zones.list - dataproc.agents.list - dataproc.autoscalingPolicies.getIamPolicy - dataproc.autoscalingPolicies.list + - dataproc.batches.list - dataproc.clusters.getIamPolicy - dataproc.clusters.list - dataproc.jobs.getIamPolicy @@ -672,6 +1353,7 @@ includedPermissions: - datastream.connectionProfiles.getIamPolicy - datastream.connectionProfiles.list - datastream.locations.list + - datastream.objects.list - datastream.operations.list - datastream.privateConnections.getIamPolicy - datastream.privateConnections.list @@ -679,6 +1361,9 @@ includedPermissions: - datastream.routes.list - datastream.streams.getIamPolicy - datastream.streams.list + - datastudio.datasources.getIamPolicy + - datastudio.reports.getIamPolicy + - datastudio.workspaces.getIamPolicy - deploymentmanager.compositeTypes.list - deploymentmanager.deployments.getIamPolicy - deploymentmanager.deployments.list @@ -696,10 +1381,13 @@ includedPermissions: - dialogflow.conversationModels.list - dialogflow.conversationProfiles.list - dialogflow.conversations.list + - dialogflow.deployments.list - dialogflow.documents.list - dialogflow.entityTypes.list - dialogflow.environments.list + - dialogflow.experiments.list - dialogflow.flows.list + - dialogflow.integrations.list - dialogflow.intents.list - dialogflow.knowledgeBases.list - dialogflow.messages.list @@ -711,9 +1399,12 @@ includedPermissions: - dialogflow.securitySettings.list - dialogflow.sessionEntityTypes.list - dialogflow.smartMessagingEntries.list + - dialogflow.testcases.list - dialogflow.transitionRouteGroups.list - dialogflow.versions.list - dialogflow.webhooks.list + - discoveryengine.documents.list + - discoveryengine.operations.list - dlp.analyzeRiskTemplates.list - dlp.columnDataProfiles.list - dlp.deidentifyTemplates.list @@ -722,6 +1413,7 @@ includedPermissions: - dlp.inspectTemplates.list - dlp.jobTriggers.list - dlp.jobs.list + - dlp.locations.list - dlp.projectDataProfiles.list - dlp.storedInfoTypes.list - dlp.tableDataProfiles.list @@ -732,6 +1424,7 @@ includedPermissions: - dns.managedZoneOperations.get - dns.managedZoneOperations.list - dns.managedZones.get + - dns.managedZones.getIamPolicy - dns.managedZones.list - dns.policies.get - dns.policies.getIamPolicy @@ -743,6 +1436,7 @@ includedPermissions: - dns.responsePolicies.list - dns.responsePolicyRules.get - dns.responsePolicyRules.list + - documentai.dataLabelingJobs.list - documentai.evaluations.list - documentai.labelerPools.list - documentai.locations.list @@ -751,17 +1445,45 @@ includedPermissions: - documentai.processors.list - domains.locations.list - domains.operations.list - - earlyaccesscenter.campaigns.list - - earlyaccesscenter.customerAllowlists.list - earthengine.assets.getIamPolicy - earthengine.assets.list - earthengine.operations.list + - edgecontainer.clusters.getIamPolicy + - edgecontainer.clusters.list + - edgecontainer.locations.list + - edgecontainer.machines.getIamPolicy + - edgecontainer.machines.list + - edgecontainer.nodePools.getIamPolicy + - edgecontainer.nodePools.list + - edgecontainer.operations.list + - edgecontainer.vpnConnections.getIamPolicy + - edgecontainer.vpnConnections.list + - edgenetwork.interconnectAttachments.getIamPolicy + - edgenetwork.interconnectAttachments.list + - edgenetwork.interconnects.getIamPolicy + - edgenetwork.interconnects.list + - edgenetwork.locations.list + - edgenetwork.networks.getIamPolicy + - edgenetwork.networks.list + - edgenetwork.operations.list + - edgenetwork.routers.getIamPolicy + - edgenetwork.routers.list + - edgenetwork.routes.list + - edgenetwork.subnetworks.getIamPolicy + - edgenetwork.subnetworks.list + - edgenetwork.zones.list + - enterpriseknowledgegraph.entityReconciliationJobs.list - errorreporting.applications.list - errorreporting.errorEvents.list - errorreporting.groups.list - essentialcontacts.contacts.list + - eventarc.channelConnections.getIamPolicy + - eventarc.channelConnections.list + - eventarc.channels.getIamPolicy + - eventarc.channels.list - eventarc.locations.list - eventarc.operations.list + - eventarc.providers.list - eventarc.triggers.getIamPolicy - eventarc.triggers.list - fcmdata.deliverydata.list @@ -772,6 +1494,7 @@ includedPermissions: - file.snapshots.list - firebase.clients.list - firebase.links.list + - firebase.playLinks.list - firebaseabt.experiments.list - firebaseappdistro.groups.list - firebaseappdistro.releases.list @@ -784,14 +1507,17 @@ includedPermissions: - firebaseextensions.configs.list - firebasehosting.sites.list - firebaseinappmessaging.campaigns.list + - firebasemessagingcampaigns.campaigns.list - firebaseml.compressionjobs.list - firebaseml.models.list - firebaseml.modelversions.list - firebasenotifications.messages.list - - firebasepredictions.predictions.list - firebaserules.releases.list - firebaserules.rulesets.list - firebasestorage.buckets.list + - fleetengine.deliveryvehicles.list + - fleetengine.tasks.list + - fleetengine.vehicles.list - gameservices.gameServerClusters.list - gameservices.gameServerConfigs.list - gameservices.gameServerDeployments.list @@ -801,12 +1527,37 @@ includedPermissions: - genomics.datasets.getIamPolicy - genomics.datasets.list - genomics.operations.list + - gkebackup.backupPlans.getIamPolicy + - gkebackup.backupPlans.list + - gkebackup.backups.list + - gkebackup.locations.list + - gkebackup.operations.list + - gkebackup.restorePlans.getIamPolicy + - gkebackup.restorePlans.list + - gkebackup.restores.list + - gkebackup.volumeBackups.list + - gkebackup.volumeRestores.list + - gkemulticloud.attachedClusters.list - gkemulticloud.awsClusters.list - gkemulticloud.awsNodePools.list - gkemulticloud.azureClients.list - gkemulticloud.azureClusters.list - gkemulticloud.azureNodePools.list - gkemulticloud.operations.list + - gkeonprem.bareMetalAdminClusters.getIamPolicy + - gkeonprem.bareMetalAdminClusters.list + - gkeonprem.bareMetalClusters.getIamPolicy + - gkeonprem.bareMetalClusters.list + - gkeonprem.bareMetalNodePools.getIamPolicy + - gkeonprem.bareMetalNodePools.list + - gkeonprem.locations.list + - gkeonprem.operations.list + - gkeonprem.vmwareAdminClusters.getIamPolicy + - gkeonprem.vmwareAdminClusters.list + - gkeonprem.vmwareClusters.getIamPolicy + - gkeonprem.vmwareClusters.list + - gkeonprem.vmwareNodePools.getIamPolicy + - gkeonprem.vmwareNodePools.list - gsuiteaddons.deployments.list - healthcare.annotationStores.getIamPolicy - healthcare.annotationStores.list @@ -828,6 +1579,12 @@ includedPermissions: - healthcare.locations.list - healthcare.operations.list - healthcare.userDataMappings.list + - iam.denypolicies.list + - iam.googleapis.com/workforcePoolProviderKeys.list + - iam.googleapis.com/workforcePoolProviders.list + - iam.googleapis.com/workforcePools.getIamPolicy + - iam.googleapis.com/workforcePools.list + - iam.googleapis.com/workloadIdentityPoolProviderKeys.list - iam.googleapis.com/workloadIdentityPoolProviders.list - iam.googleapis.com/workloadIdentityPools.list - iam.roles.get @@ -837,19 +1594,54 @@ includedPermissions: - iam.serviceAccounts.getIamPolicy - iam.serviceAccounts.list - iap.tunnel.getIamPolicy + - iap.tunnelDestGroups.getIamPolicy + - iap.tunnelDestGroups.list - iap.tunnelInstances.getIamPolicy + - iap.tunnelLocations.getIamPolicy - iap.tunnelZones.getIamPolicy - iap.web.getIamPolicy - iap.webServiceVersions.getIamPolicy - iap.webServices.getIamPolicy - iap.webTypes.getIamPolicy + - identitytoolkit.tenants.getIamPolicy + - identitytoolkit.tenants.list + - ids.endpoints.getIamPolicy + - ids.endpoints.list + - ids.locations.list + - ids.operations.list - integrations.apigeeAuthConfigs.list + - integrations.apigeeCertificates.list - integrations.apigeeExecutions.list - integrations.apigeeIntegrationVers.list - integrations.apigeeIntegrations.list - integrations.apigeeSfdcChannels.list - integrations.apigeeSfdcInstances.list - integrations.apigeeSuspensions.list + - integrations.authConfigs.list + - integrations.certificates.list + - integrations.executions.list + - integrations.integrationVersions.list + - integrations.integrations.list + - integrations.securityAuthConfigs.list + - integrations.securityExecutions.list + - integrations.securityIntegTempVers.list + - integrations.securityIntegrationVers.list + - integrations.securityIntegrations.list + - integrations.sfdcChannels.list + - integrations.sfdcInstances.list + - integrations.suspensions.list + - issuerswitch.complaintTransactions.list + - issuerswitch.financialTransactions.list + - issuerswitch.mandateTransactions.list + - issuerswitch.metadataTransactions.list + - issuerswitch.operations.list + - issuerswitch.ruleMetadata.list + - issuerswitch.ruleMetadataValues.list + - issuerswitch.rules.list + - krmapihosting.krmApiHosts.getIamPolicy + - krmapihosting.krmApiHosts.list + - krmapihosting.locations.list + - krmapihosting.operations.list - lifesciences.operations.list - livestream.channels.list - livestream.events.list @@ -860,6 +1652,8 @@ includedPermissions: - logging.buckets.list - logging.exclusions.get - logging.exclusions.list + - logging.links.get + - logging.links.list - logging.locations.get - logging.locations.list - logging.logEntries.list @@ -880,6 +1674,8 @@ includedPermissions: - logging.usage.get - logging.views.get - logging.views.list + - managedidentities.backups.getIamPolicy + - managedidentities.backups.list - managedidentities.domains.getIamPolicy - managedidentities.domains.list - managedidentities.locations.list @@ -887,15 +1683,33 @@ includedPermissions: - managedidentities.peerings.getIamPolicy - managedidentities.peerings.list - managedidentities.sqlintegrations.list + - mapsadmin.clientMaps.list + - mapsadmin.clientStyleSheetSnapshots.list + - mapsadmin.clientStyles.list + - mapsadmin.styleSnapshots.list + - mapsplatformdatasets.datasets.list - memcache.instances.list - memcache.locations.list - memcache.operations.list + - metastore.backups.getIamPolicy - metastore.backups.list + - metastore.databases.getIamPolicy + - metastore.databases.list + - metastore.federations.getIamPolicy + - metastore.federations.list - metastore.imports.list - metastore.locations.list - metastore.operations.list - metastore.services.getIamPolicy - metastore.services.list + - metastore.tables.getIamPolicy + - metastore.tables.list + - migrationcenter.assets.list + - migrationcenter.groups.list + - migrationcenter.importJobs.list + - migrationcenter.locations.list + - migrationcenter.operations.list + - migrationcenter.sources.list - ml.jobs.getIamPolicy - ml.jobs.list - ml.locations.list @@ -926,13 +1740,19 @@ includedPermissions: - monitoring.services.list - monitoring.slos.get - monitoring.slos.list + - monitoring.snoozes.get + - monitoring.snoozes.list - monitoring.timeSeries.list - monitoring.uptimeCheckConfigs.get - monitoring.uptimeCheckConfigs.list - networkconnectivity.hubs.getIamPolicy - networkconnectivity.hubs.list + - networkconnectivity.internalRanges.getIamPolicy + - networkconnectivity.internalRanges.list - networkconnectivity.locations.list - networkconnectivity.operations.list + - networkconnectivity.policyBasedRoutes.getIamPolicy + - networkconnectivity.policyBasedRoutes.list - networkconnectivity.spokes.getIamPolicy - networkconnectivity.spokes.list - networkmanagement.connectivitytests.getIamPolicy @@ -951,12 +1771,23 @@ includedPermissions: - networkservices.endpointConfigSelectors.list - networkservices.endpointPolicies.getIamPolicy - networkservices.endpointPolicies.list + - networkservices.gateways.list + - networkservices.grpcRoutes.getIamPolicy + - networkservices.grpcRoutes.list - networkservices.httpFilters.getIamPolicy - networkservices.httpFilters.list + - networkservices.httpRoutes.getIamPolicy + - networkservices.httpRoutes.list - networkservices.httpfilters.getIamPolicy - networkservices.httpfilters.list - networkservices.locations.list + - networkservices.meshes.getIamPolicy + - networkservices.meshes.list - networkservices.operations.list + - networkservices.serviceBindings.list + - networkservices.tcpRoutes.getIamPolicy + - networkservices.tcpRoutes.list + - networkservices.tlsRoutes.list - notebooks.environments.getIamPolicy - notebooks.environments.list - notebooks.executions.getIamPolicy @@ -971,10 +1802,15 @@ includedPermissions: - notebooks.schedules.list - ondemandscanning.operations.list - opsconfigmonitoring.resourceMetadata.list + - orgpolicy.constraints.list + - orgpolicy.customConstraints.get + - orgpolicy.customConstraints.list + - orgpolicy.policies.list - orgpolicy.policy.get - osconfig.guestPolicies.list - osconfig.instanceOSPoliciesCompliances.list - osconfig.inventories.list + - osconfig.osPolicyAssignmentReports.list - osconfig.osPolicyAssignments.list - osconfig.patchDeployments.list - osconfig.patchJobs.list @@ -1005,6 +1841,7 @@ includedPermissions: - pubsub.schemas.get - pubsub.schemas.getIamPolicy - pubsub.schemas.list + - pubsub.schemas.listRevisions - pubsub.snapshots.get - pubsub.snapshots.getIamPolicy - pubsub.snapshots.list @@ -1019,10 +1856,29 @@ includedPermissions: - pubsublite.subscriptions.list - pubsublite.topics.list - recaptchaenterprise.keys.list + - recaptchaenterprise.relatedaccountgroupmemberships.list + - recaptchaenterprise.relatedaccountgroups.list + - recommender.bigqueryCapacityCommitmentsInsights.list + - recommender.bigqueryCapacityCommitmentsRecommendations.list + - recommender.bigqueryPartitionClusterRecommendations.list + - recommender.bigqueryTableStatsInsights.list - recommender.cloudAssetInsights.get - recommender.cloudAssetInsights.list + - recommender.cloudsqlIdleInstanceRecommendations.list + - recommender.cloudsqlInstanceActivityInsights.list + - recommender.cloudsqlInstanceCpuUsageInsights.list - recommender.cloudsqlInstanceDiskUsageTrendInsights.list + - recommender.cloudsqlInstanceMemoryUsageInsights.list + - recommender.cloudsqlInstanceOomProbabilityInsights.list - recommender.cloudsqlInstanceOutOfDiskRecommendations.list + - recommender.cloudsqlInstancePerformanceInsights.list + - recommender.cloudsqlInstancePerformanceRecommendations.list + - recommender.cloudsqlInstanceSecurityInsights.list + - recommender.cloudsqlInstanceSecurityRecommendations.list + - recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.list + - recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.list + - recommender.cloudsqlOverprovisionedInstanceRecommendations.list + - recommender.cloudsqlUnderProvisionedInstanceRecommendations.list - recommender.commitmentUtilizationInsights.list - recommender.computeAddressIdleResourceInsights.list - recommender.computeAddressIdleResourceRecommendations.list @@ -1031,9 +1887,34 @@ includedPermissions: - recommender.computeFirewallInsights.list - recommender.computeImageIdleResourceInsights.list - recommender.computeImageIdleResourceRecommendations.list + - recommender.computeInstanceCpuUsageInsights.list + - recommender.computeInstanceCpuUsagePredictionInsights.list + - recommender.computeInstanceCpuUsageTrendInsights.list + - recommender.computeInstanceGroupManagerCpuUsageInsights.list + - recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.list + - recommender.computeInstanceGroupManagerCpuUsageTrendInsights.list - recommender.computeInstanceGroupManagerMachineTypeRecommendations.list + - recommender.computeInstanceGroupManagerMemoryUsageInsights.list + - recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.list - recommender.computeInstanceIdleResourceRecommendations.list - recommender.computeInstanceMachineTypeRecommendations.list + - recommender.computeInstanceMemoryUsageInsights.list + - recommender.computeInstanceMemoryUsagePredictionInsights.list + - recommender.computeInstanceNetworkThroughputInsights.list + - recommender.containerDiagnosisInsights.list + - recommender.containerDiagnosisRecommendations.list + - recommender.costInsights.list + - recommender.dataflowDiagnosticsInsights.list + - recommender.errorReportingInsights.list + - recommender.errorReportingRecommendations.list + - recommender.gmpGuidedExperienceInsights.list + - recommender.gmpGuidedExperienceRecommendations.list + - recommender.gmpProjectManagementInsights.list + - recommender.gmpProjectManagementRecommendations.list + - recommender.gmpProjectProductSuggestionsInsights.list + - recommender.gmpProjectProductSuggestionsRecommendations.list + - recommender.gmpProjectQuotaInsights.list + - recommender.gmpProjectQuotaRecommendations.list - recommender.iamPolicyInsights.list - recommender.iamPolicyLateralMovementInsights.list - recommender.iamPolicyRecommendations.list @@ -1044,8 +1925,27 @@ includedPermissions: - recommender.loggingProductSuggestionContainerRecommendations.list - recommender.monitoringProductSuggestionComputeInsights.list - recommender.monitoringProductSuggestionComputeRecommendations.list + - recommender.networkAnalyzerCloudSqlInsights.list + - recommender.networkAnalyzerDynamicRouteInsights.list + - recommender.networkAnalyzerGkeConnectivityInsights.list + - recommender.networkAnalyzerGkeIpAddressInsights.list + - recommender.networkAnalyzerIpAddressInsights.list + - recommender.networkAnalyzerLoadBalancerInsights.list + - recommender.networkAnalyzerVpcConnectivityInsights.list - recommender.resourcemanagerProjectUtilizationInsights.list - recommender.resourcemanagerProjectUtilizationRecommendations.list + - recommender.resourcemanagerServiceLimitInsights.list + - recommender.resourcemanagerServiceLimitRecommendations.list + - recommender.runServiceIdentityInsights.get + - recommender.runServiceIdentityInsights.list + - recommender.runServiceIdentityRecommendations.get + - recommender.runServiceIdentityRecommendations.list + - recommender.runServiceSecurityInsights.get + - recommender.runServiceSecurityInsights.list + - recommender.runServiceSecurityRecommendations.get + - recommender.runServiceSecurityRecommendations.list + - recommender.spendBasedCommitmentInsights.list + - recommender.spendBasedCommitmentRecommendations.list - recommender.usageCommitmentRecommendations.list - redis.instances.list - redis.locations.list @@ -1061,20 +1961,35 @@ includedPermissions: - resourcemanager.projects.get - resourcemanager.projects.getIamPolicy - resourcemanager.projects.list + - resourcemanager.tagHolds.list - resourcemanager.tagKeys.getIamPolicy - resourcemanager.tagKeys.list - resourcemanager.tagValues.getIamPolicy - resourcemanager.tagValues.list - resourcesettings.settings.list - retail.catalogs.list + - retail.controls.list + - retail.models.list - retail.operations.list - retail.products.list + - retail.servingConfigs.list + - riskmanager.controlScoreBreakdowns.list - riskmanager.operations.list - riskmanager.policies.list - riskmanager.reports.list + - rma.collectors.list + - rma.locations.list + - rma.operations.list - run.configurations.get - run.configurations.list + - run.executions.get + - run.executions.list + - run.jobs.get + - run.jobs.getIamPolicy + - run.jobs.list - run.locations.list + - run.operations.get + - run.operations.list - run.revisions.get - run.revisions.list - run.routes.get @@ -1082,6 +1997,14 @@ includedPermissions: - run.services.get - run.services.getIamPolicy - run.services.list + - run.services.listEffectiveTags + - run.services.listTagBindings + - run.tasks.get + - run.tasks.list + - runapps.applications.list + - runapps.deployments.list + - runapps.locations.list + - runapps.operations.list - runtimeconfig.configs.getIamPolicy - runtimeconfig.configs.list - runtimeconfig.operations.list @@ -1096,8 +2019,12 @@ includedPermissions: - secretmanager.secrets.list - secretmanager.versions.get - secretmanager.versions.list + - securedlandingzone.overwatches.list - securitycenter.assets.list + - securitycenter.bigQueryExports.list + - securitycenter.effectivesecurityhealthanalyticscustommodules.list - securitycenter.findings.list + - securitycenter.muteconfigs.list - securitycenter.notificationconfig.list - securitycenter.sources.getIamPolicy - securitycenter.sources.list @@ -1120,6 +2047,9 @@ includedPermissions: - servicemanagement.services.getIamPolicy - servicemanagement.services.list - servicenetworking.operations.list + - servicesecurityinsights.clusterSecurityInfo.list + - servicesecurityinsights.securityInfo.list + - servicesecurityinsights.workloadPolicies.list - serviceusage.operations.get - serviceusage.operations.list - serviceusage.quotas.get @@ -1131,16 +2061,22 @@ includedPermissions: - spanner.backups.getIamPolicy - spanner.backups.list - spanner.databaseOperations.list + - spanner.databaseRoles.list - spanner.databases.getIamPolicy - spanner.databases.list + - spanner.instanceConfigOperations.list - spanner.instanceConfigs.list - spanner.instanceOperations.list - spanner.instances.getIamPolicy - spanner.instances.list - spanner.sessions.list - speech.customClasses.list + - speech.locations.list + - speech.operations.list - speech.phraseSets.list + - speech.recognizers.list - stackdriver.projects.get + - stackdriver.resourceMetadata.list - storage.buckets.get - storage.buckets.getIamPolicy - storage.buckets.list @@ -1148,17 +2084,62 @@ includedPermissions: - storage.multipartUploads.list - storage.objects.getIamPolicy - storage.objects.list + - storageinsights.locations.list + - storageinsights.operations.list + - storageinsights.reportConfigs.list + - storageinsights.reportDetails.list - storagetransfer.agentpools.list - storagetransfer.jobs.list - storagetransfer.operations.list + - stream.locations.list + - stream.operations.list + - stream.streamContents.list + - stream.streamInstances.list + - timeseriesinsights.datasets.list + - timeseriesinsights.locations.list - tpu.acceleratortypes.list - tpu.locations.list - tpu.nodes.list - tpu.operations.list + - tpu.runtimeversions.list - tpu.tensorflowversions.list - transcoder.jobTemplates.list - transcoder.jobs.list + - transferappliance.appliances.list + - transferappliance.locations.list + - transferappliance.operations.list + - transferappliance.orders.list + - transferappliance.savedAddresses.list - translationhub.portals.list + - videostitcher.cdnKeys.list + - videostitcher.liveAdTagDetails.list + - videostitcher.slates.list + - videostitcher.vodAdTagDetails.list + - videostitcher.vodStitchDetails.list + - visionai.analyses.getIamPolicy + - visionai.analyses.list + - visionai.annotations.list + - visionai.applications.list + - visionai.assets.list + - visionai.clusters.getIamPolicy + - visionai.clusters.list + - visionai.corpora.list + - visionai.dataSchemas.list + - visionai.drafts.list + - visionai.events.getIamPolicy + - visionai.events.list + - visionai.instances.list + - visionai.locations.list + - visionai.operations.list + - visionai.operators.getIamPolicy + - visionai.operators.list + - visionai.processors.list + - visionai.searchConfigs.list + - visionai.series.getIamPolicy + - visionai.series.list + - visionai.streams.getIamPolicy + - visionai.streams.list + - visionai.uistreams.list - visualinspection.annotationSets.list - visualinspection.annotationSpecs.list - visualinspection.annotations.list @@ -1179,17 +2160,43 @@ includedPermissions: - vmmigration.locations.list - vmmigration.migratingVms.list - vmmigration.operations.list + - vmmigration.replicationCycles.list - vmmigration.sources.list - vmmigration.targets.list - vmmigration.utilizationReports.list + - vmwareengine.clusters.getIamPolicy + - vmwareengine.clusters.list + - vmwareengine.hcxActivationKeys.getIamPolicy + - vmwareengine.hcxActivationKeys.list + - vmwareengine.locations.list + - vmwareengine.networkPolicies.list + - vmwareengine.nodeTypes.list + - vmwareengine.operations.list + - vmwareengine.privateClouds.getIamPolicy + - vmwareengine.privateClouds.list + - vmwareengine.subnets.list + - vmwareengine.vmwareEngineNetworks.list - vpcaccess.connectors.list - vpcaccess.locations.list - vpcaccess.operations.list - workflows.executions.list - workflows.locations.list - workflows.operations.list - - workflows.workflows.getIamPolicy - workflows.workflows.list + - workloadcertificate.locations.list + - workloadcertificate.operations.list + - workloadcertificate.workloadRegistrations.list + - workloadmanager.evaluations.list + - workloadmanager.executions.list + - workloadmanager.locations.list + - workloadmanager.operations.list + - workloadmanager.results.list + - workloadmanager.rules.list + - workstations.workstationClusters.list + - workstations.workstationConfigs.getIamPolicy + - workstations.workstationConfigs.list + - workstations.workstations.getIamPolicy + - workstations.workstations.list name: audit.viewer stage: GA title: Audit Viewer diff --git a/infra/gcp/bash/roles/container.deployer.yaml b/infra/gcp/bash/roles/container.deployer.yaml index dc6b32924e8..9d901f6e5ba 100644 --- a/infra/gcp/bash/roles/container.deployer.yaml +++ b/infra/gcp/bash/roles/container.deployer.yaml @@ -1,4 +1,4 @@ -# DO NOT EDIT. Generated by generate-role-yaml.sh from ./roles/specs/container.deployer.yaml +# DO NOT EDIT. Generated by generate-role-yaml.sh from infra/gcp/bash/roles/specs/container.deployer.yaml description: null includedPermissions: @@ -42,8 +42,13 @@ includedPermissions: - container.clusterRoles.get - container.clusterRoles.list - container.clusterRoles.update + - container.clusters.createTagBinding + - container.clusters.deleteTagBinding - container.clusters.get + - container.clusters.impersonate - container.clusters.list + - container.clusters.listEffectiveTags + - container.clusters.listTagBindings - container.componentStatuses.get - container.componentStatuses.list - container.configMaps.create @@ -398,6 +403,20 @@ includedPermissions: - container.volumeSnapshots.list - container.volumeSnapshots.update - container.volumeSnapshots.updateStatus + - recommender.containerDiagnosisInsights.get + - recommender.containerDiagnosisInsights.list + - recommender.containerDiagnosisInsights.update + - recommender.containerDiagnosisRecommendations.get + - recommender.containerDiagnosisRecommendations.list + - recommender.containerDiagnosisRecommendations.update + - recommender.locations.get + - recommender.locations.list + - recommender.networkAnalyzerGkeConnectivityInsights.get + - recommender.networkAnalyzerGkeConnectivityInsights.list + - recommender.networkAnalyzerGkeConnectivityInsights.update + - recommender.networkAnalyzerGkeIpAddressInsights.get + - recommender.networkAnalyzerGkeIpAddressInsights.list + - recommender.networkAnalyzerGkeIpAddressInsights.update - resourcemanager.projects.get - resourcemanager.projects.list name: container.deployer diff --git a/infra/gcp/bash/roles/iam.serviceAccountLister.yaml b/infra/gcp/bash/roles/iam.serviceAccountLister.yaml index 436bc44b8c9..bae21e01616 100644 --- a/infra/gcp/bash/roles/iam.serviceAccountLister.yaml +++ b/infra/gcp/bash/roles/iam.serviceAccountLister.yaml @@ -1,4 +1,4 @@ -# DO NOT EDIT. Generated by generate-role-yaml.sh from ./roles/specs/iam.serviceAccountLister.yaml +# DO NOT EDIT. Generated by generate-role-yaml.sh from infra/gcp/bash/roles/specs/iam.serviceAccountLister.yaml description: Can list ServiceAccounts includedPermissions: diff --git a/infra/gcp/bash/roles/organization.admin.yaml b/infra/gcp/bash/roles/organization.admin.yaml index bfcc55b65e1..bf7ff851254 100644 --- a/infra/gcp/bash/roles/organization.admin.yaml +++ b/infra/gcp/bash/roles/organization.admin.yaml @@ -1,4 +1,4 @@ -# DO NOT EDIT. Generated by generate-role-yaml.sh from ./roles/specs/organization.admin.yaml +# DO NOT EDIT. Generated by generate-role-yaml.sh from infra/gcp/bash/roles/specs/organization.admin.yaml description: Access to administer all resources belonging to the organization includedPermissions: @@ -18,6 +18,8 @@ includedPermissions: - billing.credits.list - billing.resourceAssociations.create - billing.resourceAssociations.list + - orgpolicy.constraints.list + - orgpolicy.policies.list - orgpolicy.policy.get - resourcemanager.folders.create - resourcemanager.folders.delete @@ -44,6 +46,7 @@ includedPermissions: - storage.buckets.get - storage.buckets.getIamPolicy - storage.buckets.list + - storage.buckets.listEffectiveTags - storage.buckets.listTagBindings - storage.buckets.setIamPolicy - storage.buckets.update diff --git a/infra/gcp/bash/roles/prow.viewer.yaml b/infra/gcp/bash/roles/prow.viewer.yaml index cd95dc4bb1b..8e806855459 100644 --- a/infra/gcp/bash/roles/prow.viewer.yaml +++ b/infra/gcp/bash/roles/prow.viewer.yaml @@ -1,4 +1,4 @@ -# DO NOT EDIT. Generated by generate-role-yaml.sh from ./roles/specs/prow.viewer.yaml +# DO NOT EDIT. Generated by generate-role-yaml.sh from infra/gcp/bash/roles/specs/prow.viewer.yaml description: View access to services for troubleshooting prow includedPermissions: @@ -10,6 +10,7 @@ includedPermissions: - compute.autoscalers.get - compute.autoscalers.list - compute.backendBuckets.get + - compute.backendBuckets.getIamPolicy - compute.backendBuckets.list - compute.backendServices.get - compute.backendServices.getIamPolicy @@ -21,6 +22,8 @@ includedPermissions: - compute.disks.get - compute.disks.getIamPolicy - compute.disks.list + - compute.disks.listEffectiveTags + - compute.disks.listTagBindings - compute.externalVpnGateways.get - compute.externalVpnGateways.list - compute.firewallPolicies.get @@ -52,6 +55,8 @@ includedPermissions: - compute.images.getFromFamily - compute.images.getIamPolicy - compute.images.list + - compute.images.listEffectiveTags + - compute.images.listTagBindings - compute.instanceGroupManagers.get - compute.instanceGroupManagers.list - compute.instanceGroups.get @@ -68,7 +73,9 @@ includedPermissions: - compute.instances.getShieldedInstanceIdentity - compute.instances.getShieldedVmIdentity - compute.instances.list + - compute.instances.listEffectiveTags - compute.instances.listReferrers + - compute.instances.listTagBindings - compute.interconnectAttachments.get - compute.interconnectAttachments.list - compute.interconnectLocations.get @@ -89,11 +96,16 @@ includedPermissions: - compute.maintenancePolicies.get - compute.maintenancePolicies.getIamPolicy - compute.maintenancePolicies.list + - compute.networkAttachments.get + - compute.networkAttachments.list + - compute.networkEdgeSecurityServices.get + - compute.networkEdgeSecurityServices.list - compute.networkEndpointGroups.get - compute.networkEndpointGroups.getIamPolicy - compute.networkEndpointGroups.list - compute.networks.get - compute.networks.getEffectiveFirewalls + - compute.networks.getRegionEffectiveFirewalls - compute.networks.list - compute.networks.listPeeringRoutes - compute.nodeGroups.get @@ -105,6 +117,8 @@ includedPermissions: - compute.nodeTypes.get - compute.nodeTypes.list - compute.organizations.listAssociations + - compute.packetMirrorings.get + - compute.packetMirrorings.list - compute.projects.get - compute.publicAdvertisedPrefixes.get - compute.publicAdvertisedPrefixes.list @@ -113,6 +127,9 @@ includedPermissions: - compute.regionBackendServices.get - compute.regionBackendServices.getIamPolicy - compute.regionBackendServices.list + - compute.regionFirewallPolicies.get + - compute.regionFirewallPolicies.getIamPolicy + - compute.regionFirewallPolicies.list - compute.regionHealthCheckServices.get - compute.regionHealthCheckServices.list - compute.regionHealthChecks.get @@ -124,12 +141,19 @@ includedPermissions: - compute.regionOperations.get - compute.regionOperations.getIamPolicy - compute.regionOperations.list + - compute.regionSecurityPolicies.get + - compute.regionSecurityPolicies.list - compute.regionSslCertificates.get - compute.regionSslCertificates.list + - compute.regionSslPolicies.get + - compute.regionSslPolicies.list + - compute.regionSslPolicies.listAvailableFeatures - compute.regionTargetHttpProxies.get - compute.regionTargetHttpProxies.list - compute.regionTargetHttpsProxies.get - compute.regionTargetHttpsProxies.list + - compute.regionTargetTcpProxies.get + - compute.regionTargetTcpProxies.list - compute.regionUrlMaps.get - compute.regionUrlMaps.list - compute.regionUrlMaps.validate @@ -138,6 +162,7 @@ includedPermissions: - compute.reservations.get - compute.reservations.list - compute.resourcePolicies.get + - compute.resourcePolicies.getIamPolicy - compute.resourcePolicies.list - compute.routers.get - compute.routers.list @@ -147,10 +172,13 @@ includedPermissions: - compute.securityPolicies.getIamPolicy - compute.securityPolicies.list - compute.serviceAttachments.get + - compute.serviceAttachments.getIamPolicy - compute.serviceAttachments.list - compute.snapshots.get - compute.snapshots.getIamPolicy - compute.snapshots.list + - compute.snapshots.listEffectiveTags + - compute.snapshots.listTagBindings - compute.sslCertificates.get - compute.sslCertificates.list - compute.sslPolicies.get @@ -348,6 +376,8 @@ includedPermissions: - logging.buckets.list - logging.exclusions.get - logging.exclusions.list + - logging.links.get + - logging.links.list - logging.locations.get - logging.locations.list - logging.logEntries.list @@ -389,12 +419,15 @@ includedPermissions: - monitoring.services.list - monitoring.slos.get - monitoring.slos.list + - monitoring.snoozes.get + - monitoring.snoozes.list - monitoring.timeSeries.list - monitoring.uptimeCheckConfigs.get - monitoring.uptimeCheckConfigs.list - opsconfigmonitoring.resourceMetadata.list - pubsub.schemas.get - pubsub.schemas.list + - pubsub.schemas.listRevisions - pubsub.schemas.validate - pubsub.snapshots.get - pubsub.snapshots.list @@ -402,6 +435,16 @@ includedPermissions: - pubsub.subscriptions.list - pubsub.topics.get - pubsub.topics.list + - recommender.containerDiagnosisInsights.get + - recommender.containerDiagnosisInsights.list + - recommender.containerDiagnosisRecommendations.get + - recommender.containerDiagnosisRecommendations.list + - recommender.locations.get + - recommender.locations.list + - recommender.networkAnalyzerGkeConnectivityInsights.get + - recommender.networkAnalyzerGkeConnectivityInsights.list + - recommender.networkAnalyzerGkeIpAddressInsights.get + - recommender.networkAnalyzerGkeIpAddressInsights.list - resourcemanager.folders.get - resourcemanager.folders.list - resourcemanager.organizations.get @@ -419,6 +462,7 @@ includedPermissions: - serviceusage.services.get - serviceusage.services.list - stackdriver.projects.get + - stackdriver.resourceMetadata.list - storage.buckets.get - storage.buckets.getIamPolicy - storage.buckets.list diff --git a/infra/gcp/bash/roles/secretmanager.secretLister.yaml b/infra/gcp/bash/roles/secretmanager.secretLister.yaml index 6580a90f580..15baa98ca55 100644 --- a/infra/gcp/bash/roles/secretmanager.secretLister.yaml +++ b/infra/gcp/bash/roles/secretmanager.secretLister.yaml @@ -1,4 +1,4 @@ -# DO NOT EDIT. Generated by generate-role-yaml.sh from ./roles/specs/secretmanager.secretLister.yaml +# DO NOT EDIT. Generated by generate-role-yaml.sh from infra/gcp/bash/roles/specs/secretmanager.secretLister.yaml description: Allows viewing and listing Secret Manager secret resources includedPermissions: