Google Cloud IAM Permissions
Each version of Fix Inventory programmatically generates the specific IAM permissions it requires to collect (and optionally, manipulate) Google Cloud resources.
Service Namespace | fix_access | fix_mutate |
---|---|---|
aiplatform |
|
|
cloudfunctions |
|
|
cloudsql |
|
|
compute |
|
|
container |
|
|
file |
|
|
firestore |
|
|
pubsub |
|
|
securitycenter |
|
|
storage |
|
|
fix_access
​
https://cdn.some.engineering/fix/gcp/edge/fix_access.yaml
title: fix_access
description: Permissions required to collect resources.
stage: GA
includedPermissions:
- aiplatform.projects.locations.batchPredictionJobs.list
- aiplatform.projects.locations.customJobs.list
- aiplatform.projects.locations.datasets.list
- aiplatform.projects.locations.endpoints.list
- aiplatform.projects.locations.featureGroups.list
- aiplatform.projects.locations.featurestores.list
- aiplatform.projects.locations.hyperparameterTuningJobs.list
- aiplatform.projects.locations.indexEndpoints.list
- aiplatform.projects.locations.indexes.list
- aiplatform.projects.locations.modelDeploymentMonitoringJobs.list
- aiplatform.projects.locations.models.list
- aiplatform.projects.locations.pipelineJobs.list
- aiplatform.projects.locations.schedules.list
- aiplatform.projects.locations.tensorboards.list
- aiplatform.projects.locations.trainingPipelines.list
- aiplatform.projects.locations.tuningJobs.list
- cloudfunctions.projects.locations.functions.list
- cloudsql.backupRuns.list
- cloudsql.databases.list
- cloudsql.instances.get
- cloudsql.instances.list
- cloudsql.users.list
- compute.acceleratorTypes.list
- compute.addresses.list
- compute.autoscalers.list
- compute.backendBuckets.list
- compute.backendServices.list
- compute.commitments.list
- compute.diskTypes.list
- compute.disks.list
- compute.externalVpnGateways.list
- compute.firewalls.list
- compute.forwardingRules.list
- compute.globalOperations.list
- compute.healthChecks.list
- compute.httpHealthChecks.list
- compute.httpsHealthChecks.list
- compute.images.list
- compute.instanceGroupManagers.list
- compute.instanceGroups.list
- compute.instanceTemplates.list
- compute.instances.list
- compute.interconnectAttachments.list
- compute.interconnectLocations.list
- compute.interconnects.list
- compute.licenses.list
- compute.machineImages.list
- compute.machineTypes.list
- compute.networkEdgeSecurityServices.list
- compute.networkEndpointGroups.list
- compute.networks.list
- compute.nodeGroups.list
- compute.nodeTemplates.list
- compute.packetMirrorings.list
- compute.publicAdvertisedPrefixes.list
- compute.publicDelegatedPrefixes.list
- compute.regionHealthCheckServices.list
- compute.regionNotificationEndpoints.list
- compute.resourcePolicies.list
- compute.routers.list
- compute.routes.list
- compute.securityPolicies.list
- compute.serviceAttachments.list
- compute.snapshots.list
- compute.sslCertificates.list
- compute.sslPolicies.list
- compute.subnetworks.list
- compute.targetGrpcProxies.list
- compute.targetHttpProxies.list
- compute.targetHttpsProxies.list
- compute.targetInstances.list
- compute.targetPools.list
- compute.targetSslProxies.list
- compute.targetTcpProxies.list
- compute.targetVpnGateways.list
- compute.urlMaps.list
- compute.vpnGateways.list
- compute.vpnTunnels.list
- container.clusters.list
- container.operations.list
- file.projects.locations.backups.list
- file.projects.locations.instances.list
- file.projects.locations.instances.snapshots.list
- firestore.projects.databases.documents.list
- firestore.projects.databases.list
- firestore.projects.locations.backups.list
- pubsub.projects.snapshots.list
- pubsub.projects.subscriptions.list
- pubsub.projects.topics.list
- securitycenter.projects.sources.findings.list
- storage.buckets.list
fix_mutate
​
https://cdn.some.engineering/fix/gcp/edge/fix_mutate.yaml
title: fix_mutate
description: Permissions required to mutate resources.
stage: GA
includedPermissions:
- aiplatform.projects.locations.batchPredictionJobs.delete
- aiplatform.projects.locations.batchPredictionJobs.setLabels
- aiplatform.projects.locations.customJobs.delete
- aiplatform.projects.locations.customJobs.setLabels
- aiplatform.projects.locations.datasets.delete
- aiplatform.projects.locations.datasets.setLabels
- aiplatform.projects.locations.endpoints.delete
- aiplatform.projects.locations.endpoints.setLabels
- aiplatform.projects.locations.featureGroups.delete
- aiplatform.projects.locations.featureGroups.setLabels
- aiplatform.projects.locations.featurestores.delete
- aiplatform.projects.locations.featurestores.setLabels
- aiplatform.projects.locations.hyperparameterTuningJobs.delete
- aiplatform.projects.locations.hyperparameterTuningJobs.setLabels
- aiplatform.projects.locations.indexEndpoints.delete
- aiplatform.projects.locations.indexEndpoints.setLabels
- aiplatform.projects.locations.indexes.delete
- aiplatform.projects.locations.indexes.setLabels
- aiplatform.projects.locations.modelDeploymentMonitoringJobs.delete
- aiplatform.projects.locations.modelDeploymentMonitoringJobs.setLabels
- aiplatform.projects.locations.models.delete
- aiplatform.projects.locations.models.setLabels
- aiplatform.projects.locations.pipelineJobs.delete
- aiplatform.projects.locations.pipelineJobs.setLabels
- aiplatform.projects.locations.schedules.delete
- aiplatform.projects.locations.schedules.setLabels
- aiplatform.projects.locations.tensorboards.delete
- aiplatform.projects.locations.tensorboards.setLabels
- aiplatform.projects.locations.trainingPipelines.delete
- aiplatform.projects.locations.trainingPipelines.setLabels
- aiplatform.projects.locations.tuningJobs.delete
- aiplatform.projects.locations.tuningJobs.setLabels
- cloudfunctions.projects.locations.functions.delete
- cloudfunctions.projects.locations.functions.setLabels
- cloudsql.instances.delete
- cloudsql.instances.update
- compute.addresses.delete
- compute.autoscalers.delete
- compute.autoscalers.update
- compute.backendBuckets.delete
- compute.backendBuckets.update
- compute.backendServices.delete
- compute.backendServices.update
- compute.commitments.update
- compute.disks.delete
- compute.disks.setLabels
- compute.externalVpnGateways.delete
- compute.externalVpnGateways.setLabels
- compute.firewalls.delete
- compute.firewalls.update
- compute.forwardingRules.delete
- compute.globalOperations.delete
- compute.healthChecks.delete
- compute.healthChecks.update
- compute.httpHealthChecks.delete
- compute.httpHealthChecks.update
- compute.httpsHealthChecks.delete
- compute.httpsHealthChecks.update
- compute.images.delete
- compute.images.setLabels
- compute.instanceGroupManagers.delete
- compute.instanceGroupManagers.update
- compute.instanceGroups.delete
- compute.instanceGroups.update
- compute.instanceTemplates.delete
- compute.instances.delete
- compute.instances.setLabels
- compute.interconnectAttachments.delete
- compute.interconnectAttachments.setLabels
- compute.interconnects.delete
- compute.interconnects.setLabels
- compute.licenses.delete
- compute.machineImages.delete
- compute.networkEdgeSecurityServices.delete
- compute.networkEdgeSecurityServices.update
- compute.networkEndpointGroups.delete
- compute.networks.delete
- compute.nodeGroups.delete
- compute.nodeGroups.update
- compute.nodeTemplates.delete
- compute.packetMirrorings.delete
- compute.packetMirrorings.update
- compute.publicAdvertisedPrefixes.delete
- compute.publicAdvertisedPrefixes.update
- compute.publicDelegatedPrefixes.delete
- compute.publicDelegatedPrefixes.update
- compute.regionHealthCheckServices.delete
- compute.regionHealthCheckServices.update
- compute.regionNotificationEndpoints.delete
- compute.regionNotificationEndpoints.update
- compute.resourcePolicies.delete
- compute.resourcePolicies.update
- compute.routers.delete
- compute.routers.update
- compute.routes.delete
- compute.securityPolicies.setLabels
- compute.serviceAttachments.delete
- compute.serviceAttachments.update
- compute.snapshots.delete
- compute.snapshots.setLabels
- compute.sslCertificates.delete
- compute.sslPolicies.delete
- compute.subnetworks.delete
- compute.targetGrpcProxies.delete
- compute.targetGrpcProxies.update
- compute.targetHttpProxies.delete
- compute.targetHttpProxies.update
- compute.targetHttpsProxies.delete
- compute.targetHttpsProxies.update
- compute.targetInstances.delete
- compute.targetPools.delete
- compute.targetPools.update
- compute.targetSslProxies.delete
- compute.targetSslProxies.update
- compute.targetTcpProxies.delete
- compute.targetTcpProxies.update
- compute.targetVpnGateways.delete
- compute.urlMaps.delete
- compute.vpnGateways.delete
- compute.vpnGateways.setLabels
- compute.vpnTunnels.delete
- container.clusters.delete
- container.clusters.update
- file.projects.locations.backups.delete
- file.projects.locations.backups.setLabels
- file.projects.locations.instances.delete
- file.projects.locations.instances.setLabels
- firestore.projects.databases.delete
- firestore.projects.databases.setLabels
- firestore.projects.locations.backups.delete
- firestore.projects.locations.backups.setLabels
- pubsub.projects.snapshots.delete
- pubsub.projects.snapshots.setLabels
- pubsub.projects.subscriptions.delete
- pubsub.projects.subscriptions.setLabels
- pubsub.projects.topics.delete
- pubsub.projects.topics.setLabels
- securitycenter.projects.sources.findings.delete
- securitycenter.projects.sources.findings.setLabels
- storage.buckets.delete
- storage.buckets.update