Assigned
Status Update
No update yet.
Comments
ba...@google.com
ma...@google.com
Hello,
Thank you for reaching out. I'm going to create an internal feature request. Please keep in mind that this feature request has to be analyzed and considered by the product team and I can't provide you ETA for it to be delivered. However, you can keep track of the status by following this thread.
Description
Please provide as much information as possible. At least, this should include a description of your issue and steps to reproduce the problem. If possible please provide a summary of what steps or workarounds you have already tried, and any docs or articles you found (un)helpful.
Problem you have encountered: According to the IAM Deny Policy documentation [1], the IAM v2 permissions are required. Permission provided via IAM v1 is easy to maintain in a programmatic way. We can extract them by listing permission from specific role (eg: *gcloud iam roles describe roles/viewer*) or list testable permissions (eg: *gcloud iam list-testable-permissions
What you expected to happen: The customer would like to have a command to retrieve all IAM v2 permissions list automatically and if possible for specific services. They would also like to know the difference between v1 and v2 for IAM and if they can expect that at some point all permissions will be supported by Deny policies
Steps to reproduce: N/A
Other information (workarounds you have tried, documentation consulted, etc):
Public References:
[1]
[2]
[3]