Support wildcard IAM permission for Deny Policy [234344090]

Assigned

Feature Request

Status Update

No update yet.

Description

di...@accenture.com

created issue #1

May 31, 2022 07:37AM

The enhancement request is to add a feature on deny policy that will allow to use wildcard in defining IAM permission

What you would like to accomplish: We followed the deny policy guide & also the permission supported under deny. Seems currently wildcard IAM permission are not supported when defining deny policy. The request is to allow support for wildcard IAM permission.

How this might work: The feature will simplify the way IAM permissions can be defined in deny policy

If applicable, reasons why alternative solutions are not sufficient: Currently the deny policy doesn't support to declare wildcard IAM permission, rather we need to fine each permission explicitly

Other information (workarounds you have tried, documentation consulted, etc): I have tried using wildcard permission but didn't work. Like using “iam.googleapis.com/” it prompted me error “INVALID_ARGUMENT: The provided deny policy contains an unsupported permission (iam.googleapis.com/roles.)”

Comments

ch...@google.com <ch...@google.com> Jun 16, 2023 04:32AM

Assigned to ch...@google.com.

ch...@google.com <ch...@google.com> #2Jun 16, 2023 06:46AM

Reassigned to gc...@google.com.

Thanks for the report. I will route this to the appropriate internal team and update this when I hear back from them.

jo...@gruposbf.com.br <jo...@gruposbf.com.br> #3Jan 26, 2024 07:31PM

One more detail, Data Layer event calls from the watch to the phone (running Android 13) do work on if the listener is in an Activity or Fragment.

ba...@google.com <ba...@google.com> Jan 29, 2024 06:24AM

Reassigned to ba...@google.com.

ba...@google.com <ba...@google.com> #4Jan 29, 2024 08:56AM

Reassigned to gc...@google.com.

Also, I'm seeing this message in the Logcat:

"2022-06-12 18:47:15.156 1841-4562/? W/PackageManager: Intent does not match component's intent filter: Intent { act=com.google.android.gms.wearable.BIND_LISTENER"

ma...@zoominfo.com <ma...@zoominfo.com> #5Aug 13, 2024 12:29PM

Experiencing the same issues, please see my other report for any useful logs:

https://issuetracker.google.com/issues/235673375

wi...@taboola.com <wi...@taboola.com> #6Dec 2, 2024 02:06PM

+1, can confirm it doesn't work on Android 13:=

2022-07-15 11:26:15.023   589-5347  PackageManager          pid-589                              W  Intent does not match component's intent filter: Intent { act=com.google.android.gms.wearable.BIND_LISTENER cmp=xxx/xxx.WatchMessageReceiver }
2022-07-15 11:26:15.023   589-5347  PackageManager          pid-589                              W  Access blocked: ComponentInfo{xxx/xxx.WatchMessageReceiver}
2022-07-15 11:26:15.023   589-5347  ActivityManager         pid-589                              W  Unable to start service Intent { act=com.google.android.gms.wearable.BIND_LISTENER cmp=xxx/xxx.WatchMessageReceiver } U=0: not found