-
Notifications
You must be signed in to change notification settings - Fork 25
/
iris-custom-role.yaml
50 lines (50 loc) · 1.53 KB
/
iris-custom-role.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
title: "Iris3 Custom Role"
description: >
Permissions needed by the custom role used by the Iris App Engine app's service account.
A nondefault name for this role can be passed as env variable IRIS_CUSTOM_ROLE
into the deployment and uninstall scripts.
# TODO Each Python plugin class should expose these and we should pull it from there,to have the info in one place.
#
# TODO: Not clear that `setTags` is really needed.
stage: "GA"
includedPermissions:
- bigquery.datasets.get
- bigquery.datasets.update
- bigquery.tables.get
- bigquery.tables.list
- bigquery.tables.update
- bigquery.tables.delete
- cloudsql.instances.get
- cloudsql.instances.list
- cloudsql.instances.update
- compute.instances.get
- compute.instances.list
- compute.instances.setLabels
- compute.instances.setTags
- compute.projects.get
- compute.regions.get
- compute.regions.list
- compute.zones.get
- compute.zones.list
- compute.disks.list
- compute.disks.get
- compute.disks.setLabels
- compute.snapshots.list
- compute.snapshots.get
- compute.snapshots.setLabels
- pubsub.topics.get
- pubsub.topics.list
- pubsub.topics.update
- pubsub.topics.updateTag
- pubsub.subscriptions.get
- pubsub.subscriptions.list
- pubsub.subscriptions.update
- resourcemanager.folders.get
- resourcemanager.folders.list
- resourcemanager.organizations.get
- resourcemanager.projects.get
- resourcemanager.projects.list
- serviceusage.services.list
- storage.buckets.get
- storage.buckets.list
- storage.buckets.update