roles/config.agent
Required permissions to make Cloud Infrastructure Manager work with the user-specified service account
Cloud Infrastructure Manager Agent
['cloudbuild.connections.list', 'cloudbuild.repositories.accessReadToken', 'cloudbuild.repositories.list', 'cloudquotas.quotas.get', 'config.artifacts.import', 'config.deployments.deleteState', 'config.deployments.getLock', 'config.deployments.getState', 'config.deployments.updateState', 'config.previews.upload', 'config.revisions.getState', 'logging.logEntries.create', 'monitoring.timeSeries.list', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.buckets.list', 'storage.buckets.update', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions
BETA
roles/configdelivery.configDeliveryViewer
Grants read access to all Config Delivery resources. Lets users view existing fleet packages and resource bundles, but they will not be able to make any changes.
ConfigDelivery Viewer
['configdelivery.fleetPackages.get', 'configdelivery.fleetPackages.list', 'configdelivery.locations.get', 'configdelivery.locations.list', 'configdelivery.operations.get', 'configdelivery.operations.list', 'configdelivery.releases.get', 'configdelivery.releases.list', 'configdelivery.resourceBundles.get', 'configdelivery.resourceBundles.list', 'configdelivery.rollouts.get', 'configdelivery.rollouts.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/config.viewer
Read-only access to Cloud Infrastructure Manager resources.
Cloud Infrastructure Manager Viewer
['config.deployments.get', 'config.deployments.getIamPolicy', 'config.deployments.list', 'config.locations.get', 'config.locations.list', 'config.operations.get', 'config.operations.list', 'config.previews.get', 'config.previews.list', 'config.resources.get', 'config.resources.list', 'config.revisions.get', 'config.revisions.list', 'config.terraformversions.get', 'config.terraformversions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/config.admin
Full access to Cloud Infrastructure Manager resources.
Cloud Infrastructure Manager Admin
['config.artifacts.import', 'config.deployments.create', 'config.deployments.delete', 'config.deployments.deleteState', 'config.deployments.get', 'config.deployments.getIamPolicy', 'config.deployments.getLock', 'config.deployments.getState', 'config.deployments.list', 'config.deployments.lock', 'config.deployments.setIamPolicy', 'config.deployments.unlock', 'config.deployments.update', 'config.deployments.updateState', 'config.locations.get', 'config.locations.list', 'config.operations.cancel', 'config.operations.delete', 'config.operations.get', 'config.operations.list', 'config.previews.create', 'config.previews.delete', 'config.previews.export', 'config.previews.get', 'config.previews.list', 'config.previews.upload', 'config.resourcechanges.get', 'config.resourcechanges.list', 'config.resourcedrifts.get', 'config.resourcedrifts.list', 'config.resources.get', 'config.resources.list', 'config.revisions.get', 'config.revisions.getState', 'config.revisions.list', 'config.terraformversions.get', 'config.terraformversions.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/configdelivery.resourceBundlePublisher
Grants read and write permissions to Config Delivery ResourceBundles and Releases.
Config Delivery Resource Bundle Publisher
['configdelivery.locations.get', 'configdelivery.locations.list', 'configdelivery.operations.get', 'configdelivery.operations.list', 'configdelivery.releases.create', 'configdelivery.releases.get', 'configdelivery.releases.list', 'configdelivery.releases.update', 'configdelivery.resourceBundles.create', 'configdelivery.resourceBundles.get', 'configdelivery.resourceBundles.list', 'configdelivery.resourceBundles.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/configdelivery.serviceAgent
Gives the Config Delivery service account permission to manage resources
Config Delivery Service Agent
['artifactregistry.dockerimages.get', 'artifactregistry.dockerimages.list', 'artifactregistry.projectsettings.get', 'artifactregistry.repositories.create', 'artifactregistry.repositories.downloadArtifacts', 'artifactregistry.repositories.get', 'artifactregistry.repositories.getIamPolicy', 'artifactregistry.repositories.list', 'artifactregistry.repositories.listEffectiveTags', 'artifactregistry.repositories.listTagBindings', 'artifactregistry.repositories.setIamPolicy', 'artifactregistry.repositories.uploadArtifacts', 'artifactregistry.tags.create', 'artifactregistry.tags.delete', 'artifactregistry.tags.get', 'artifactregistry.tags.list', 'artifactregistry.tags.update', 'artifactregistry.versions.delete', 'artifactregistry.versions.get', 'artifactregistry.versions.list', 'cloudbuild.builds.create', 'cloudbuild.builds.get', 'cloudbuild.builds.list', 'cloudbuild.builds.update', 'cloudbuild.repositories.get', 'container.customResourceDefinitions.get', 'container.customResourceDefinitions.list', 'container.serviceAccounts.get', 'container.serviceAccounts.list', 'container.thirdPartyObjects.create', 'container.thirdPartyObjects.delete', 'container.thirdPartyObjects.get', 'container.thirdPartyObjects.list', 'container.thirdPartyObjects.update', 'gkehub.gateway.delete', 'gkehub.gateway.generateCredentials', 'gkehub.gateway.get', 'gkehub.gateway.patch', 'gkehub.gateway.post', 'gkehub.gateway.put', 'gkehub.memberships.get', 'iam.serviceAccounts.actAs']
Copy Permissions
GA
roles/configdelivery.configDeliveryAdmin
Grants full access to all Config Delivery resources. Lets users create, remove and manage fleet packages and resource bundles.
ConfigDelivery Admin
['configdelivery.fleetPackages.create', 'configdelivery.fleetPackages.delete', 'configdelivery.fleetPackages.get', 'configdelivery.fleetPackages.list', 'configdelivery.fleetPackages.update', 'configdelivery.locations.get', 'configdelivery.locations.list', 'configdelivery.operations.cancel', 'configdelivery.operations.delete', 'configdelivery.operations.get', 'configdelivery.operations.list', 'configdelivery.releases.create', 'configdelivery.releases.delete', 'configdelivery.releases.get', 'configdelivery.releases.list', 'configdelivery.releases.update', 'configdelivery.resourceBundles.create', 'configdelivery.resourceBundles.delete', 'configdelivery.resourceBundles.get', 'configdelivery.resourceBundles.list', 'configdelivery.resourceBundles.update', 'configdelivery.rollouts.abort', 'configdelivery.rollouts.get', 'configdelivery.rollouts.list', 'configdelivery.rollouts.resume', 'configdelivery.rollouts.suspend', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA