Cloud Composer 1 befindet sich im Modus nach der Wartung. Google veröffentlicht keine weiteren Updates für Cloud Composer 1, einschließlich neuer Versionen von Airflow, Fehlerkorrekturen und Sicherheitsupdates. Wir empfehlen die Migration zu Cloud Composer 2.

Diese Seite wurde von der Cloud Translation API übersetzt.

Zugriffssteuerung mit IAM

Cloud Composer 1 | Cloud Composer 2 | Cloud Composer 3

Auf dieser Seite werden die Optionen für die Zugriffssteuerung beschrieben, die Ihnen in Cloud Composer und erklärt, wie Rollen gewährt werden.

Informationen zum Zuweisen von Rollen finden Sie unter Zugriff auf Projekte, Ordner und Organisationen verwalten.

Mit der Zugriffssteuerung für die Airflow-Benutzeroberfläche können Sie die Berechtigungen für die Airflow- und DAG-Benutzeroberfläche über die Aktivierung oder Deaktivierung des Zugriffs hinaus steuern.

Informationen zu Identity and Access Managemen in Cloud Composer

Cloud Composer verwendet die Identitäts- und Zugriffsverwaltung (IAM) zur Zugriffssteuerung.

Sie steuern den Zugriff auf verschiedene Cloud Composer-Features, indem Sie Rollen und Berechtigungen sowohl für IAM-Dienstkonten und für Nutzerkonten in Ihrem Google Cloud-Projekt.

Cloud Composer verwendet zwei Typen von IAM-Diensten Konten:

Cloud Composer-Dienst-Agent-Konto
Dienstkonto der Umgebung

Zusätzlich zu diesen beiden Arten von Dienstkonten führt der Google APIs-Dienst-Agent interne Google-Prozesse in Ihrem Namen aus.

Rollen für Cloud Composer-Dienst-Agent-Konto gewähren

Der Cloud Composer-Dienst erstellt in Ihrem Google Cloud-Projekt einen Dienst-Agenten, den Cloud Composer-Dienst-Agenten, um Ressourcen im Zusammenhang mit Cloud Composer zu verwalten.

Der Cloud Composer-Dienst-Agent wird für alle Umgebungen in Ihrem Projekt verwendet. Standardmäßig hat das Cloud Composer-Dienst-Agent-Konto nur die Rolle Cloud Composer API-Dienst-Agent. Belassen Sie diese Rolle bei diesem Dienstkonto.

Dem Dienstkonto einer Umgebung Rollen zuweisen

Wenn Sie eine Umgebung erstellen, geben Sie ein Dienstkonto an. Dieses Dienstkonto wird als Dienstkonto der Umgebung bezeichnet. Ihr verwendet der Cluster der Umgebung dieses Dienstkonto, um Pods mit unterschiedlichen Umgebungskomponenten wie Airflow-Worker und -Planer

Standardmäßig werden Cloud Composer-Umgebungen mit dem Compute Engine-Standarddienstkonto ausgeführt. Dieses Dienstkonto hat in der Regel die einfache Rolle Bearbeiter, die Folgendes enthält: mehr Berechtigungen als zum Ausführen von Cloud Composer erforderlich sind Umgebungen.

Wir empfehlen, ein nutzerverwaltetes Dienstkonto für Cloud Composer-Umgebungen einzurichten. Weisen Sie diesem Konto eine Rolle zu, die für Cloud Composer spezifisch ist. Geben Sie dieses Dienstkonto anschließend beim Erstellen neuer Umgebungen an.

Weisen Sie einem vom Nutzer verwalteten Dienstkonto, das eine Cloud Composer-Umgebung ausführt, die Rolle Composer-Worker (composer.worker) zu.

Wenn Ihre Umgebung Ressourcenstandortbeschränkungen verwendet oder PyPI installiert aus einem privaten Paketindex und gewähren dann Rolle Dienstkontonutzer (iam.serviceAccountUser) für den vom Nutzer verwaltetes Dienstkonto, das Ihre Umgebung ausführt.

Nutzern Rollen zuweisen

Um einen Umgebungsvorgang auszulösen, muss ein Nutzer ausreichende Berechtigungen haben. Wenn Sie beispielsweise eine neue Umgebung erstellen möchten, benötigen Sie die Berechtigung composer.environments.create.

Für Cloud Composer sind einzelne Berechtigungen in vordefinierten Rollen. Sie können diese Rollen Hauptkonten zuweisen.

Wenn Ihr Nutzerkonto die Rolle Projektbearbeiter hat, können Sie alle Vorgänge in der Umgebung. Diese Rolle hat jedoch umfassende Berechtigungen. Für Nutzer, die mit Umgebungen arbeiten, empfehlen wir die Verwendung von Cloud Composer-spezifischen Rollen. Auf diese Weise können Sie den Umfang der und unterschiedliche Zugriffsebenen für verschiedene Hauptkonten gewähren. Für Ein Nutzer kann beispielsweise Berechtigungen zum Erstellen, Aktualisieren, Aktualisieren und Löschen haben. Umgebungen ansehen, während ein anderer Nutzer nur Umgebungen ansehen und auf die Airflow-Weboberfläche

Abhängig von der Zugriffsebene, die Sie für Cloud Composer-Umgebungen bereitstellen möchten, gewähren Sie Hauptkonten folgende Berechtigungen.

Umgebungen und Umgebungs-Buckets verwalten

Nutzer, die Umgebungen anzeigen, erstellen, aktualisieren, upgraden und löschen, Objekte (z. B. DAG-Dateien) in den Umgebungs-Buckets verwalten, auf die Airflow-Weboberfläche zugreifen, Airflow-Befehle der Befehlszeile ausführen und DAGs über die DAG-Benutzeroberfläche ansehen und auslösen können:

Weisen Sie die Rolle Administrator für Umgebung und Storage-Objekte (composer.environmentAndStorageObjectAdmin) zu.
Gewähren Sie die Rolle Dienstkontonutzer (iam.serviceAccountUser).

Wenn Sie die Berechtigungen für einen Nutzer einschränken möchten, weisen Sie diese Rolle nur dem Dienstkonto Ihrer Umgebung zu. Weitere Informationen finden Sie unter Einzelne Rolle zuweisen oder widerrufen.
Erteilen Sie die Berechtigung iam.serviceAccounts.actAs für die Dienstkonto Ihrer Umgebung.

Umgebungen verwalten

Für einen Nutzer, der zum Anzeigen, Erstellen, Aktualisieren, Upgraden und Löschen berechtigt ist auf die Airflow-Weboberfläche zugreifen, Airflow-CLI-Befehle ausführen, Sie können DAGs über die DAG-UI ansehen und auslösen:

Weisen Sie die Rolle Composer-Administrator (composer.admin) zu.
Weisen Sie die Rolle Dienstkontonutzer (iam.serviceAccountUser) zu.

Um die Berechtigungen für einen Nutzer einzugrenzen, gewähren Sie diese Rolle nur für die Dienstkonto Ihrer Umgebung. Weitere Informationen finden Sie unter Einzelne Rolle zuweisen oder widerrufen.
Erteilen Sie die Berechtigung iam.serviceAccounts.actAs für die Dienstkonto Ihrer Umgebung.

Umgebungen ansehen und Umgebungs-Buckets verwalten

Zugriff auf Airflow-Web für Nutzer, die Umgebungen ansehen können DAGs über die DAG-UI ansehen, auslösen und Objekte in den Umgebungs-Buckets verwalten, z. B. für neue DAG-Dateien hochladen):

Weisen Sie die Rolle Umgebungsnutzer und Betrachter von Storage-Objekten (composer.environmentAndStorageObjectViewer) zu.
Gewähren Sie die Rolle Storage-Objekt-Administrator (storage.objectAdmin).

Umgebungen und Umgebungs-Buckets ansehen

Zugriff auf Airflow für einen Nutzer, der Umgebungen ansehen kann können Sie DAGs über die DAG-UI ansehen und auslösen. Objekte in Umgebungs-Buckets anzeigen, Umgebungsnutzer und Betrachter von Storage-Objekten composer.environmentAndStorageObjectViewer.

Umgebungen ansehen

Für einen Nutzer, der Umgebungen ansehen kann, können Sie DAGs aus folgenden Quellen ansehen und auslösen: DAG-UI und greifen Sie auf die Airflow-Weboberfläche zu, gewähren Sie Rolle Composer-Nutzer (composer.user)

Rollen

Role Permissions

Role	Permissions
Cloud Composer v2 API Service Agent Extension (`roles/composer.ServiceAgentV2Ext`) Cloud Composer v2 API Service Agent Extension is a supplementary role required to manage Composer v2 environments.	`iam.serviceAccounts.getIamPolicy` `iam.serviceAccounts.setIamPolicy`
Composer Administrator (`roles/composer.admin`) Provides full control of Cloud Composer resources. Lowest-level resources where you can grant this role: Project	`composer.*` `composer.dags.execute` `composer.dags.get` `composer.dags.getSourceCode` `composer.dags.list` `composer.environments.create` `composer.environments.delete` `composer.environments.executeAirflowCommand` `composer.environments.get` `composer.environments.list` `composer.environments.update` `composer.imageversions.list` `composer.operations.delete` `composer.operations.get` `composer.operations.list` `composer.userworkloadsconfigmaps.create` `composer.userworkloadsconfigmaps.delete` `composer.userworkloadsconfigmaps.get` `composer.userworkloadsconfigmaps.list` `composer.userworkloadsconfigmaps.update` `composer.userworkloadssecrets.create` `composer.userworkloadssecrets.delete` `composer.userworkloadssecrets.get` `composer.userworkloadssecrets.list` `composer.userworkloadssecrets.update` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list`
Environment and Storage Object Administrator (`roles/composer.environmentAndStorageObjectAdmin`) Provides full control of Cloud Composer resources and of the objects in all project buckets. Lowest-level resources where you can grant this role: Project	`composer.` `composer.dags.execute` `composer.dags.get` `composer.dags.getSourceCode` `composer.dags.list` `composer.environments.create` `composer.environments.delete` `composer.environments.executeAirflowCommand` `composer.environments.get` `composer.environments.list` `composer.environments.update` `composer.imageversions.list` `composer.operations.delete` `composer.operations.get` `composer.operations.list` `composer.userworkloadsconfigmaps.create` `composer.userworkloadsconfigmaps.delete` `composer.userworkloadsconfigmaps.get` `composer.userworkloadsconfigmaps.list` `composer.userworkloadsconfigmaps.update` `composer.userworkloadssecrets.create` `composer.userworkloadssecrets.delete` `composer.userworkloadssecrets.get` `composer.userworkloadssecrets.list` `composer.userworkloadssecrets.update` `orgpolicy.policy.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `storage.folders.` `storage.folders.create` `storage.folders.delete` `storage.folders.get` `storage.folders.list` `storage.folders.rename` `storage.managedFolders.create` `storage.managedFolders.delete` `storage.managedFolders.get` `storage.managedFolders.list` `storage.multipartUploads.` `storage.multipartUploads.abort` `storage.multipartUploads.create` `storage.multipartUploads.list` `storage.multipartUploads.listParts` `storage.objects.` `storage.objects.create` `storage.objects.delete` `storage.objects.get` `storage.objects.getIamPolicy` `storage.objects.list` `storage.objects.overrideUnlockedRetention` `storage.objects.restore` `storage.objects.setIamPolicy` `storage.objects.setRetention` `storage.objects.update`
Environment and Storage Object User (`roles/composer.environmentAndStorageObjectUser`) Read and use access to Cloud Composer resources and read access to Cloud Storage objects.	`composer.dags.*` `composer.dags.execute` `composer.dags.get` `composer.dags.getSourceCode` `composer.dags.list` `composer.environments.get` `composer.environments.list` `composer.imageversions.list` `composer.operations.get` `composer.operations.list` `composer.userworkloadsconfigmaps.get` `composer.userworkloadsconfigmaps.list` `composer.userworkloadssecrets.get` `composer.userworkloadssecrets.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `storage.folders.get` `storage.folders.list` `storage.managedFolders.get` `storage.managedFolders.list` `storage.objects.get` `storage.objects.list`
Environment and Storage Object Viewer (`roles/composer.environmentAndStorageObjectViewer`) Provides the permissions necessary to list and get Cloud Composer environments and operations. Provides read-only access to objects in all project buckets. Lowest-level resources where you can grant this role: Project	`composer.dags.*` `composer.dags.execute` `composer.dags.get` `composer.dags.getSourceCode` `composer.dags.list` `composer.environments.get` `composer.environments.list` `composer.imageversions.list` `composer.operations.get` `composer.operations.list` `composer.userworkloadsconfigmaps.get` `composer.userworkloadsconfigmaps.list` `composer.userworkloadssecrets.get` `composer.userworkloadssecrets.list` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `storage.folders.get` `storage.folders.list` `storage.managedFolders.get` `storage.managedFolders.list` `storage.objects.get` `storage.objects.list`
Composer Shared VPC Agent (`roles/composer.sharedVpcAgent`) Role that should be assigned to Composer Agent service account in Shared VPC host project	`compute.networkAttachments.create` `compute.networkAttachments.delete` `compute.networkAttachments.get` `compute.networkAttachments.update` `compute.networks.access` `compute.networks.addPeering` `compute.networks.get` `compute.networks.list` `compute.networks.listPeeringRoutes` `compute.networks.removePeering` `compute.networks.updatePeering` `compute.networks.use` `compute.networks.useExternalIp` `compute.projects.get` `compute.regions.` `compute.regions.get` `compute.regions.list` `compute.subnetworks.get` `compute.subnetworks.list` `compute.subnetworks.use` `compute.subnetworks.useExternalIp` `compute.zones.` `compute.zones.get` `compute.zones.list` `dns.managedZones.get` `dns.managedZones.list` `dns.networks.targetWithPeeringZone`
Composer User (`roles/composer.user`) Provides the permissions necessary to list and get Cloud Composer environments and operations. Lowest-level resources where you can grant this role: Project	`composer.dags.*` `composer.dags.execute` `composer.dags.get` `composer.dags.getSourceCode` `composer.dags.list` `composer.environments.get` `composer.environments.list` `composer.imageversions.list` `composer.operations.get` `composer.operations.list` `composer.userworkloadsconfigmaps.get` `composer.userworkloadsconfigmaps.list` `composer.userworkloadssecrets.get` `composer.userworkloadssecrets.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list`
Composer Worker (`roles/composer.worker`) Provides the permissions necessary to run a Cloud Composer environment VM. Intended for service accounts. Lowest-level resources where you can grant this role: Project	`artifactregistry.` `artifactregistry.aptartifacts.create` `artifactregistry.attachments.create` `artifactregistry.attachments.delete` `artifactregistry.attachments.get` `artifactregistry.attachments.list` `artifactregistry.dockerimages.get` `artifactregistry.dockerimages.list` `artifactregistry.files.delete` `artifactregistry.files.download` `artifactregistry.files.get` `artifactregistry.files.list` `artifactregistry.files.update` `artifactregistry.files.upload` `artifactregistry.kfpartifacts.create` `artifactregistry.locations.get` `artifactregistry.locations.list` `artifactregistry.mavenartifacts.get` `artifactregistry.mavenartifacts.list` `artifactregistry.npmpackages.get` `artifactregistry.npmpackages.list` `artifactregistry.packages.delete` `artifactregistry.packages.get` `artifactregistry.packages.list` `artifactregistry.packages.update` `artifactregistry.projectsettings.get` `artifactregistry.projectsettings.update` `artifactregistry.pythonpackages.get` `artifactregistry.pythonpackages.list` `artifactregistry.repositories.create` `artifactregistry.repositories.createOnPush` `artifactregistry.repositories.createTagBinding` `artifactregistry.repositories.delete` `artifactregistry.repositories.deleteArtifacts` `artifactregistry.repositories.deleteTagBinding` `artifactregistry.repositories.downloadArtifacts` `artifactregistry.repositories.get` `artifactregistry.repositories.getIamPolicy` `artifactregistry.repositories.list` `artifactregistry.repositories.listEffectiveTags` `artifactregistry.repositories.listTagBindings` `artifactregistry.repositories.readViaVirtualRepository` `artifactregistry.repositories.setIamPolicy` `artifactregistry.repositories.update` `artifactregistry.repositories.uploadArtifacts` `artifactregistry.rules.create` `artifactregistry.rules.delete` `artifactregistry.rules.get` `artifactregistry.rules.list` `artifactregistry.rules.update` `artifactregistry.tags.create` `artifactregistry.tags.delete` `artifactregistry.tags.get` `artifactregistry.tags.list` `artifactregistry.tags.update` `artifactregistry.versions.delete` `artifactregistry.versions.get` `artifactregistry.versions.list` `artifactregistry.versions.update` `artifactregistry.yumartifacts.create` `cloudbuild.builds.create` `cloudbuild.builds.get` `cloudbuild.builds.list` `cloudbuild.builds.update` `cloudbuild.operations.` `cloudbuild.operations.get` `cloudbuild.operations.list` `cloudbuild.workerpools.use` `composer.environments.get` `container.` `container.apiServices.create` `container.apiServices.delete` `container.apiServices.get` `container.apiServices.getStatus` `container.apiServices.list` `container.apiServices.update` `container.apiServices.updateStatus` `container.auditSinks.create` `container.auditSinks.delete` `container.auditSinks.get` `container.auditSinks.list` `container.auditSinks.update` `container.backendConfigs.create` `container.backendConfigs.delete` `container.backendConfigs.get` `container.backendConfigs.list` `container.backendConfigs.update` `container.bindings.create` `container.bindings.delete` `container.bindings.get` `container.bindings.list` `container.bindings.update` `container.certificateSigningRequests.approve` `container.certificateSigningRequests.create` `container.certificateSigningRequests.delete` `container.certificateSigningRequests.get` `container.certificateSigningRequests.getStatus` `container.certificateSigningRequests.list` `container.certificateSigningRequests.update` `container.certificateSigningRequests.updateStatus` `container.clusterRoleBindings.create` `container.clusterRoleBindings.delete` `container.clusterRoleBindings.get` `container.clusterRoleBindings.list` `container.clusterRoleBindings.update` `container.clusterRoles.bind` `container.clusterRoles.create` `container.clusterRoles.delete` `container.clusterRoles.escalate` `container.clusterRoles.get` `container.clusterRoles.list` `container.clusterRoles.update` `container.clusters.connect` `container.clusters.create` `container.clusters.createTagBinding` `container.clusters.delete` `container.clusters.deleteTagBinding` `container.clusters.get` `container.clusters.getCredentials` `container.clusters.impersonate` `container.clusters.list` `container.clusters.listEffectiveTags` `container.clusters.listTagBindings` `container.clusters.update` `container.componentStatuses.get` `container.componentStatuses.list` `container.configMaps.create` `container.configMaps.delete` `container.configMaps.get` `container.configMaps.list` `container.configMaps.update` `container.controllerRevisions.create` `container.controllerRevisions.delete` `container.controllerRevisions.get` `container.controllerRevisions.list` `container.controllerRevisions.update` `container.cronJobs.create` `container.cronJobs.delete` `container.cronJobs.get` `container.cronJobs.getStatus` `container.cronJobs.list` `container.cronJobs.update` `container.cronJobs.updateStatus` `container.csiDrivers.create` `container.csiDrivers.delete` `container.csiDrivers.get` `container.csiDrivers.list` `container.csiDrivers.update` `container.csiNodeInfos.create` `container.csiNodeInfos.delete` `container.csiNodeInfos.get` `container.csiNodeInfos.list` `container.csiNodeInfos.update` `container.csiNodes.create` `container.csiNodes.delete` `container.csiNodes.get` `container.csiNodes.list` `container.csiNodes.update` `container.customResourceDefinitions.create` `container.customResourceDefinitions.delete` `container.customResourceDefinitions.get` `container.customResourceDefinitions.getStatus` `container.customResourceDefinitions.list` `container.customResourceDefinitions.update` `container.customResourceDefinitions.updateStatus` `container.daemonSets.create` `container.daemonSets.delete` `container.daemonSets.get` `container.daemonSets.getStatus` `container.daemonSets.list` `container.daemonSets.update` `container.daemonSets.updateStatus` `container.deployments.create` `container.deployments.delete` `container.deployments.get` `container.deployments.getScale` `container.deployments.getStatus` `container.deployments.list` `container.deployments.rollback` `container.deployments.update` `container.deployments.updateScale` `container.deployments.updateStatus` `container.endpointSlices.create` `container.endpointSlices.delete` `container.endpointSlices.get` `container.endpointSlices.list` `container.endpointSlices.update` `container.endpoints.create` `container.endpoints.delete` `container.endpoints.get` `container.endpoints.list` `container.endpoints.update` `container.events.create` `container.events.delete` `container.events.get` `container.events.list` `container.events.update` `container.frontendConfigs.create` `container.frontendConfigs.delete` `container.frontendConfigs.get` `container.frontendConfigs.list` `container.frontendConfigs.update` `container.horizontalPodAutoscalers.create` `container.horizontalPodAutoscalers.delete` `container.horizontalPodAutoscalers.get` `container.horizontalPodAutoscalers.getStatus` `container.horizontalPodAutoscalers.list` `container.horizontalPodAutoscalers.update` `container.horizontalPodAutoscalers.updateStatus` `container.hostServiceAgent.use` `container.ingresses.create` `container.ingresses.delete` `container.ingresses.get` `container.ingresses.getStatus` `container.ingresses.list` `container.ingresses.update` `container.ingresses.updateStatus` `container.initializerConfigurations.create` `container.initializerConfigurations.delete` `container.initializerConfigurations.get` `container.initializerConfigurations.list` `container.initializerConfigurations.update` `container.jobs.create` `container.jobs.delete` `container.jobs.get` `container.jobs.getStatus` `container.jobs.list` `container.jobs.update` `container.jobs.updateStatus` `container.leases.create` `container.leases.delete` `container.leases.get` `container.leases.list` `container.leases.update` `container.limitRanges.create` `container.limitRanges.delete` `container.limitRanges.get` `container.limitRanges.list` `container.limitRanges.update` `container.localSubjectAccessReviews.create` `container.localSubjectAccessReviews.list` `container.managedCertificates.create` `container.managedCertificates.delete` `container.managedCertificates.get` `container.managedCertificates.list` `container.managedCertificates.update` `container.mutatingWebhookConfigurations.create` `container.mutatingWebhookConfigurations.delete` `container.mutatingWebhookConfigurations.get` `container.mutatingWebhookConfigurations.list` `container.mutatingWebhookConfigurations.update` `container.namespaces.create` `container.namespaces.delete` `container.namespaces.finalize` `container.namespaces.get` `container.namespaces.getStatus` `container.namespaces.list` `container.namespaces.update` `container.namespaces.updateStatus` `container.networkPolicies.create` `container.networkPolicies.delete` `container.networkPolicies.get` `container.networkPolicies.list` `container.networkPolicies.update` `container.nodes.create` `container.nodes.delete` `container.nodes.get` `container.nodes.getStatus` `container.nodes.list` `container.nodes.proxy` `container.nodes.update` `container.nodes.updateStatus` `container.operations.get` `container.operations.list` `container.persistentVolumeClaims.create` `container.persistentVolumeClaims.delete` `container.persistentVolumeClaims.get` `container.persistentVolumeClaims.getStatus` `container.persistentVolumeClaims.list` `container.persistentVolumeClaims.update` `container.persistentVolumeClaims.updateStatus` `container.persistentVolumes.create` `container.persistentVolumes.delete` `container.persistentVolumes.get` `container.persistentVolumes.getStatus` `container.persistentVolumes.list` `container.persistentVolumes.update` `container.persistentVolumes.updateStatus` `container.petSets.create` `container.petSets.delete` `container.petSets.get` `container.petSets.list` `container.petSets.update` `container.petSets.updateStatus` `container.podDisruptionBudgets.create` `container.podDisruptionBudgets.delete` `container.podDisruptionBudgets.get` `container.podDisruptionBudgets.getStatus` `container.podDisruptionBudgets.list` `container.podDisruptionBudgets.update` `container.podDisruptionBudgets.updateStatus` `container.podPresets.create` `container.podPresets.delete` `container.podPresets.get` `container.podPresets.list` `container.podPresets.update` `container.podSecurityPolicies.create` `container.podSecurityPolicies.delete` `container.podSecurityPolicies.get` `container.podSecurityPolicies.list` `container.podSecurityPolicies.update` `container.podSecurityPolicies.use` `container.podTemplates.create` `container.podTemplates.delete` `container.podTemplates.get` `container.podTemplates.list` `container.podTemplates.update` `container.pods.attach` `container.pods.create` `container.pods.delete` `container.pods.evict` `container.pods.exec` `container.pods.get` `container.pods.getLogs` `container.pods.getStatus` `container.pods.initialize` `container.pods.list` `container.pods.portForward` `container.pods.proxy` `container.pods.update` `container.pods.updateStatus` `container.priorityClasses.create` `container.priorityClasses.delete` `container.priorityClasses.get` `container.priorityClasses.list` `container.priorityClasses.update` `container.replicaSets.create` `container.replicaSets.delete` `container.replicaSets.get` `container.replicaSets.getScale` `container.replicaSets.getStatus` `container.replicaSets.list` `container.replicaSets.update` `container.replicaSets.updateScale` `container.replicaSets.updateStatus` `container.replicationControllers.create` `container.replicationControllers.delete` `container.replicationControllers.get` `container.replicationControllers.getScale` `container.replicationControllers.getStatus` `container.replicationControllers.list` `container.replicationControllers.update` `container.replicationControllers.updateScale` `container.replicationControllers.updateStatus` `container.resourceQuotas.create` `container.resourceQuotas.delete` `container.resourceQuotas.get` `container.resourceQuotas.getStatus` `container.resourceQuotas.list` `container.resourceQuotas.update` `container.resourceQuotas.updateStatus` `container.roleBindings.create` `container.roleBindings.delete` `container.roleBindings.get` `container.roleBindings.list` `container.roleBindings.update` `container.roles.bind` `container.roles.create` `container.roles.delete` `container.roles.escalate` `container.roles.get` `container.roles.list` `container.roles.update` `container.runtimeClasses.create` `container.runtimeClasses.delete` `container.runtimeClasses.get` `container.runtimeClasses.list` `container.runtimeClasses.update` `container.scheduledJobs.create` `container.scheduledJobs.delete` `container.scheduledJobs.get` `container.scheduledJobs.list` `container.scheduledJobs.update` `container.scheduledJobs.updateStatus` `container.secrets.create` `container.secrets.delete` `container.secrets.get` `container.secrets.list` `container.secrets.update` `container.selfSubjectAccessReviews.create` `container.selfSubjectAccessReviews.list` `container.selfSubjectRulesReviews.create` `container.serviceAccounts.create` `container.serviceAccounts.createToken` `container.serviceAccounts.delete` `container.serviceAccounts.get` `container.serviceAccounts.list` `container.serviceAccounts.update` `container.services.create` `container.services.delete` `container.services.get` `container.services.getStatus` `container.services.list` `container.services.proxy` `container.services.update` `container.services.updateStatus` `container.statefulSets.create` `container.statefulSets.delete` `container.statefulSets.get` `container.statefulSets.getScale` `container.statefulSets.getStatus` `container.statefulSets.list` `container.statefulSets.update` `container.statefulSets.updateScale` `container.statefulSets.updateStatus` `container.storageClasses.create` `container.storageClasses.delete` `container.storageClasses.get` `container.storageClasses.list` `container.storageClasses.update` `container.storageStates.create` `container.storageStates.delete` `container.storageStates.get` `container.storageStates.getStatus` `container.storageStates.list` `container.storageStates.update` `container.storageStates.updateStatus` `container.storageVersionMigrations.create` `container.storageVersionMigrations.delete` `container.storageVersionMigrations.get` `container.storageVersionMigrations.getStatus` `container.storageVersionMigrations.list` `container.storageVersionMigrations.update` `container.storageVersionMigrations.updateStatus` `container.subjectAccessReviews.create` `container.subjectAccessReviews.list` `container.thirdPartyObjects.create` `container.thirdPartyObjects.delete` `container.thirdPartyObjects.get` `container.thirdPartyObjects.list` `container.thirdPartyObjects.update` `container.thirdPartyResources.create` `container.thirdPartyResources.delete` `container.thirdPartyResources.get` `container.thirdPartyResources.list` `container.thirdPartyResources.update` `container.tokenReviews.create` `container.updateInfos.create` `container.updateInfos.delete` `container.updateInfos.get` `container.updateInfos.list` `container.updateInfos.update` `container.validatingWebhookConfigurations.create` `container.validatingWebhookConfigurations.delete` `container.validatingWebhookConfigurations.get` `container.validatingWebhookConfigurations.list` `container.validatingWebhookConfigurations.update` `container.volumeAttachments.create` `container.volumeAttachments.delete` `container.volumeAttachments.get` `container.volumeAttachments.getStatus` `container.volumeAttachments.list` `container.volumeAttachments.update` `container.volumeAttachments.updateStatus` `container.volumeSnapshotClasses.create` `container.volumeSnapshotClasses.delete` `container.volumeSnapshotClasses.get` `container.volumeSnapshotClasses.list` `container.volumeSnapshotClasses.update` `container.volumeSnapshotContents.create` `container.volumeSnapshotContents.delete` `container.volumeSnapshotContents.get` `container.volumeSnapshotContents.getStatus` `container.volumeSnapshotContents.list` `container.volumeSnapshotContents.update` `container.volumeSnapshotContents.updateStatus` `container.volumeSnapshots.create` `container.volumeSnapshots.delete` `container.volumeSnapshots.get` `container.volumeSnapshots.getStatus` `container.volumeSnapshots.list` `container.volumeSnapshots.update` `container.volumeSnapshots.updateStatus` `containeranalysis.occurrences.create` `containeranalysis.occurrences.delete` `containeranalysis.occurrences.get` `containeranalysis.occurrences.list` `containeranalysis.occurrences.update` `datalineage.events.create` `datalineage.processes.create` `datalineage.processes.get` `datalineage.processes.update` `datalineage.runs.create` `datalineage.runs.get` `datalineage.runs.update` `logging.logEntries.create` `logging.logEntries.list` `logging.logEntries.route` `logging.views.access` `monitoring.metricDescriptors.create` `monitoring.metricDescriptors.get` `monitoring.metricDescriptors.list` `monitoring.monitoredResourceDescriptors.` `monitoring.monitoredResourceDescriptors.get` `monitoring.monitoredResourceDescriptors.list` `monitoring.timeSeries.` `monitoring.timeSeries.create` `monitoring.timeSeries.list` `orgpolicy.policy.get` `pubsub.schemas.attach` `pubsub.schemas.commit` `pubsub.schemas.create` `pubsub.schemas.delete` `pubsub.schemas.get` `pubsub.schemas.list` `pubsub.schemas.listRevisions` `pubsub.schemas.rollback` `pubsub.schemas.validate` `pubsub.snapshots.create` `pubsub.snapshots.delete` `pubsub.snapshots.get` `pubsub.snapshots.list` `pubsub.snapshots.seek` `pubsub.snapshots.update` `pubsub.subscriptions.consume` `pubsub.subscriptions.create` `pubsub.subscriptions.delete` `pubsub.subscriptions.get` `pubsub.subscriptions.list` `pubsub.subscriptions.update` `pubsub.topics.attachSubscription` `pubsub.topics.create` `pubsub.topics.delete` `pubsub.topics.detachSubscription` `pubsub.topics.get` `pubsub.topics.list` `pubsub.topics.publish` `pubsub.topics.update` `pubsub.topics.updateTag` `recommender.containerDiagnosisInsights.` `recommender.containerDiagnosisInsights.get` `recommender.containerDiagnosisInsights.list` `recommender.containerDiagnosisInsights.update` `recommender.containerDiagnosisRecommendations.` `recommender.containerDiagnosisRecommendations.get` `recommender.containerDiagnosisRecommendations.list` `recommender.containerDiagnosisRecommendations.update` `recommender.locations.` `recommender.locations.get` `recommender.locations.list` `recommender.networkAnalyzerGkeConnectivityInsights.` `recommender.networkAnalyzerGkeConnectivityInsights.get` `recommender.networkAnalyzerGkeConnectivityInsights.list` `recommender.networkAnalyzerGkeConnectivityInsights.update` `recommender.networkAnalyzerGkeIpAddressInsights.` `recommender.networkAnalyzerGkeIpAddressInsights.get` `recommender.networkAnalyzerGkeIpAddressInsights.list` `recommender.networkAnalyzerGkeIpAddressInsights.update` `remotebuildexecution.blobs.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `source.repos.get` `source.repos.list` `storage.buckets.create` `storage.buckets.get` `storage.buckets.list` `storage.folders.` `storage.folders.create` `storage.folders.delete` `storage.folders.get` `storage.folders.list` `storage.folders.rename` `storage.managedFolders.create` `storage.managedFolders.delete` `storage.managedFolders.get` `storage.managedFolders.list` `storage.multipartUploads.` `storage.multipartUploads.abort` `storage.multipartUploads.create` `storage.multipartUploads.list` `storage.multipartUploads.listParts` `storage.objects.*` `storage.objects.create` `storage.objects.delete` `storage.objects.get` `storage.objects.getIamPolicy` `storage.objects.list` `storage.objects.overrideUnlockedRetention` `storage.objects.restore` `storage.objects.setIamPolicy` `storage.objects.setRetention` `storage.objects.update`

Cloud Composer v2 API Service Agent Extension

(roles/composer.ServiceAgentV2Ext)

Cloud Composer v2 API Service Agent Extension is a supplementary role required to manage Composer v2 environments.

iam.serviceAccounts.getIamPolicy

iam.serviceAccounts.setIamPolicy

Composer Administrator

(roles/composer.admin)

Provides full control of Cloud Composer resources.

Lowest-level resources where you can grant this role:

Project

composer.*

composer.dags.execute
composer.dags.get
composer.dags.getSourceCode
composer.dags.list
composer.environments.create
composer.environments.delete
composer.environments.executeAirflowCommand
composer.environments.get
composer.environments.list
composer.environments.update
composer.imageversions.list
composer.operations.delete
composer.operations.get
composer.operations.list
composer.userworkloadsconfigmaps.create
composer.userworkloadsconfigmaps.delete
composer.userworkloadsconfigmaps.get
composer.userworkloadsconfigmaps.list
composer.userworkloadsconfigmaps.update
composer.userworkloadssecrets.create
composer.userworkloadssecrets.delete
composer.userworkloadssecrets.get
composer.userworkloadssecrets.list
composer.userworkloadssecrets.update

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Environment and Storage Object Administrator

(roles/composer.environmentAndStorageObjectAdmin)

Provides full control of Cloud Composer resources and of the objects in all project buckets.

Lowest-level resources where you can grant this role:

Project

composer.*

composer.dags.execute
composer.dags.get
composer.dags.getSourceCode
composer.dags.list
composer.environments.create
composer.environments.delete
composer.environments.executeAirflowCommand
composer.environments.get
composer.environments.list
composer.environments.update
composer.imageversions.list
composer.operations.delete
composer.operations.get
composer.operations.list
composer.userworkloadsconfigmaps.create
composer.userworkloadsconfigmaps.delete
composer.userworkloadsconfigmaps.get
composer.userworkloadsconfigmaps.list
composer.userworkloadsconfigmaps.update
composer.userworkloadssecrets.create
composer.userworkloadssecrets.delete
composer.userworkloadssecrets.get
composer.userworkloadssecrets.list
composer.userworkloadssecrets.update

orgpolicy.policy.get

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

storage.folders.*

storage.folders.create
storage.folders.delete
storage.folders.get
storage.folders.list
storage.folders.rename

storage.managedFolders.create

storage.managedFolders.delete

storage.managedFolders.get

storage.managedFolders.list

storage.multipartUploads.*

storage.multipartUploads.abort
storage.multipartUploads.create
storage.multipartUploads.list
storage.multipartUploads.listParts

storage.objects.*

storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.getIamPolicy
storage.objects.list
storage.objects.overrideUnlockedRetention
storage.objects.restore
storage.objects.setIamPolicy
storage.objects.setRetention
storage.objects.update

Environment and Storage Object User

(roles/composer.environmentAndStorageObjectUser)

Read and use access to Cloud Composer resources and read access to Cloud Storage objects.

composer.dags.*

composer.dags.execute
composer.dags.get
composer.dags.getSourceCode
composer.dags.list

composer.environments.get

composer.environments.list

composer.imageversions.list

composer.operations.get

composer.operations.list

composer.userworkloadsconfigmaps.get

composer.userworkloadsconfigmaps.list

composer.userworkloadssecrets.get

composer.userworkloadssecrets.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

storage.folders.get

storage.folders.list

storage.managedFolders.get

storage.managedFolders.list

storage.objects.get

storage.objects.list

Environment and Storage Object Viewer

(roles/composer.environmentAndStorageObjectViewer)

Provides the permissions necessary to list and get Cloud Composer environments and operations. Provides read-only access to objects in all project buckets.

Lowest-level resources where you can grant this role:

Project

composer.dags.*

composer.dags.execute
composer.dags.get
composer.dags.getSourceCode
composer.dags.list

composer.environments.get

composer.environments.list

composer.imageversions.list

composer.operations.get

composer.operations.list

composer.userworkloadsconfigmaps.get

composer.userworkloadsconfigmaps.list

composer.userworkloadssecrets.get

composer.userworkloadssecrets.list

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

storage.folders.get

storage.folders.list

storage.managedFolders.get

storage.managedFolders.list

storage.objects.get

storage.objects.list

Composer Shared VPC Agent

(roles/composer.sharedVpcAgent)

Role that should be assigned to Composer Agent service account in Shared VPC host project

compute.networkAttachments.create

compute.networkAttachments.delete

compute.networkAttachments.get

compute.networkAttachments.update

compute.networks.access

compute.networks.addPeering

compute.networks.get

compute.networks.list

compute.networks.listPeeringRoutes

compute.networks.removePeering

compute.networks.updatePeering

compute.networks.use

compute.networks.useExternalIp

compute.projects.get

compute.regions.*

compute.regions.get
compute.regions.list

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.use

compute.subnetworks.useExternalIp

compute.zones.*

compute.zones.get
compute.zones.list

dns.managedZones.get

dns.managedZones.list

dns.networks.targetWithPeeringZone

Composer User

(roles/composer.user)

Provides the permissions necessary to list and get Cloud Composer environments and operations.

Lowest-level resources where you can grant this role:

Project

composer.dags.*

composer.dags.execute
composer.dags.get
composer.dags.getSourceCode
composer.dags.list

composer.environments.get

composer.environments.list

composer.imageversions.list

composer.operations.get

composer.operations.list

composer.userworkloadsconfigmaps.get

composer.userworkloadsconfigmaps.list

composer.userworkloadssecrets.get

composer.userworkloadssecrets.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

Composer Worker

(roles/composer.worker)

Provides the permissions necessary to run a Cloud Composer environment VM. Intended for service accounts.

Lowest-level resources where you can grant this role:

Project

artifactregistry.*

artifactregistry.aptartifacts.create
artifactregistry.attachments.create
artifactregistry.attachments.delete
artifactregistry.attachments.get
artifactregistry.attachments.list
artifactregistry.dockerimages.get
artifactregistry.dockerimages.list
artifactregistry.files.delete
artifactregistry.files.download
artifactregistry.files.get
artifactregistry.files.list
artifactregistry.files.update
artifactregistry.files.upload
artifactregistry.kfpartifacts.create
artifactregistry.locations.get
artifactregistry.locations.list
artifactregistry.mavenartifacts.get
artifactregistry.mavenartifacts.list
artifactregistry.npmpackages.get
artifactregistry.npmpackages.list
artifactregistry.packages.delete
artifactregistry.packages.get
artifactregistry.packages.list
artifactregistry.packages.update
artifactregistry.projectsettings.get
artifactregistry.projectsettings.update
artifactregistry.pythonpackages.get
artifactregistry.pythonpackages.list
artifactregistry.repositories.create
artifactregistry.repositories.createOnPush
artifactregistry.repositories.createTagBinding
artifactregistry.repositories.delete
artifactregistry.repositories.deleteArtifacts
artifactregistry.repositories.deleteTagBinding
artifactregistry.repositories.downloadArtifacts
artifactregistry.repositories.get
artifactregistry.repositories.getIamPolicy
artifactregistry.repositories.list
artifactregistry.repositories.listEffectiveTags
artifactregistry.repositories.listTagBindings
artifactregistry.repositories.readViaVirtualRepository
artifactregistry.repositories.setIamPolicy
artifactregistry.repositories.update
artifactregistry.repositories.uploadArtifacts
artifactregistry.rules.create
artifactregistry.rules.delete
artifactregistry.rules.get
artifactregistry.rules.list
artifactregistry.rules.update
artifactregistry.tags.create
artifactregistry.tags.delete
artifactregistry.tags.get
artifactregistry.tags.list
artifactregistry.tags.update
artifactregistry.versions.delete
artifactregistry.versions.get
artifactregistry.versions.list
artifactregistry.versions.update
artifactregistry.yumartifacts.create

cloudbuild.builds.create

cloudbuild.builds.get

cloudbuild.builds.list

cloudbuild.builds.update

cloudbuild.operations.*

cloudbuild.operations.get
cloudbuild.operations.list

cloudbuild.workerpools.use

composer.environments.get

container.*

container.apiServices.create
container.apiServices.delete
container.apiServices.get
container.apiServices.getStatus
container.apiServices.list
container.apiServices.update
container.apiServices.updateStatus
container.auditSinks.create
container.auditSinks.delete
container.auditSinks.get
container.auditSinks.list
container.auditSinks.update
container.backendConfigs.create
container.backendConfigs.delete
container.backendConfigs.get
container.backendConfigs.list
container.backendConfigs.update
container.bindings.create
container.bindings.delete
container.bindings.get
container.bindings.list
container.bindings.update
container.certificateSigningRequests.approve
container.certificateSigningRequests.create
container.certificateSigningRequests.delete
container.certificateSigningRequests.get
container.certificateSigningRequests.getStatus
container.certificateSigningRequests.list
container.certificateSigningRequests.update
container.certificateSigningRequests.updateStatus
container.clusterRoleBindings.create
container.clusterRoleBindings.delete
container.clusterRoleBindings.get
container.clusterRoleBindings.list
container.clusterRoleBindings.update
container.clusterRoles.bind
container.clusterRoles.create
container.clusterRoles.delete
container.clusterRoles.escalate
container.clusterRoles.get
container.clusterRoles.list
container.clusterRoles.update
container.clusters.connect
container.clusters.create
container.clusters.createTagBinding
container.clusters.delete
container.clusters.deleteTagBinding
container.clusters.get
container.clusters.getCredentials
container.clusters.impersonate
container.clusters.list
container.clusters.listEffectiveTags
container.clusters.listTagBindings
container.clusters.update
container.componentStatuses.get
container.componentStatuses.list
container.configMaps.create
container.configMaps.delete
container.configMaps.get
container.configMaps.list
container.configMaps.update
container.controllerRevisions.create
container.controllerRevisions.delete
container.controllerRevisions.get
container.controllerRevisions.list
container.controllerRevisions.update
container.cronJobs.create
container.cronJobs.delete
container.cronJobs.get
container.cronJobs.getStatus
container.cronJobs.list
container.cronJobs.update
container.cronJobs.updateStatus
container.csiDrivers.create
container.csiDrivers.delete
container.csiDrivers.get
container.csiDrivers.list
container.csiDrivers.update
container.csiNodeInfos.create
container.csiNodeInfos.delete
container.csiNodeInfos.get
container.csiNodeInfos.list
container.csiNodeInfos.update
container.csiNodes.create
container.csiNodes.delete
container.csiNodes.get
container.csiNodes.list
container.csiNodes.update
container.customResourceDefinitions.create
container.customResourceDefinitions.delete
container.customResourceDefinitions.get
container.customResourceDefinitions.getStatus
container.customResourceDefinitions.list
container.customResourceDefinitions.update
container.customResourceDefinitions.updateStatus
container.daemonSets.create
container.daemonSets.delete
container.daemonSets.get
container.daemonSets.getStatus
container.daemonSets.list
container.daemonSets.update
container.daemonSets.updateStatus
container.deployments.create
container.deployments.delete
container.deployments.get
container.deployments.getScale
container.deployments.getStatus
container.deployments.list
container.deployments.rollback
container.deployments.update
container.deployments.updateScale
container.deployments.updateStatus
container.endpointSlices.create
container.endpointSlices.delete
container.endpointSlices.get
container.endpointSlices.list
container.endpointSlices.update
container.endpoints.create
container.endpoints.delete
container.endpoints.get
container.endpoints.list
container.endpoints.update
container.events.create
container.events.delete
container.events.get
container.events.list
container.events.update
container.frontendConfigs.create
container.frontendConfigs.delete
container.frontendConfigs.get
container.frontendConfigs.list
container.frontendConfigs.update
container.horizontalPodAutoscalers.create
container.horizontalPodAutoscalers.delete
container.horizontalPodAutoscalers.get
container.horizontalPodAutoscalers.getStatus
container.horizontalPodAutoscalers.list
container.horizontalPodAutoscalers.update
container.horizontalPodAutoscalers.updateStatus
container.hostServiceAgent.use
container.ingresses.create
container.ingresses.delete
container.ingresses.get
container.ingresses.getStatus
container.ingresses.list
container.ingresses.update
container.ingresses.updateStatus
container.initializerConfigurations.create
container.initializerConfigurations.delete
container.initializerConfigurations.get
container.initializerConfigurations.list
container.initializerConfigurations.update
container.jobs.create
container.jobs.delete
container.jobs.get
container.jobs.getStatus
container.jobs.list
container.jobs.update
container.jobs.updateStatus
container.leases.create
container.leases.delete
container.leases.get
container.leases.list
container.leases.update
container.limitRanges.create
container.limitRanges.delete
container.limitRanges.get
container.limitRanges.list
container.limitRanges.update
container.localSubjectAccessReviews.create
container.localSubjectAccessReviews.list
container.managedCertificates.create
container.managedCertificates.delete
container.managedCertificates.get
container.managedCertificates.list
container.managedCertificates.update
container.mutatingWebhookConfigurations.create
container.mutatingWebhookConfigurations.delete
container.mutatingWebhookConfigurations.get
container.mutatingWebhookConfigurations.list
container.mutatingWebhookConfigurations.update
container.namespaces.create
container.namespaces.delete
container.namespaces.finalize
container.namespaces.get
container.namespaces.getStatus
container.namespaces.list
container.namespaces.update
container.namespaces.updateStatus
container.networkPolicies.create
container.networkPolicies.delete
container.networkPolicies.get
container.networkPolicies.list
container.networkPolicies.update
container.nodes.create
container.nodes.delete
container.nodes.get
container.nodes.getStatus
container.nodes.list
container.nodes.proxy
container.nodes.update
container.nodes.updateStatus
container.operations.get
container.operations.list
container.persistentVolumeClaims.create
container.persistentVolumeClaims.delete
container.persistentVolumeClaims.get
container.persistentVolumeClaims.getStatus
container.persistentVolumeClaims.list
container.persistentVolumeClaims.update
container.persistentVolumeClaims.updateStatus
container.persistentVolumes.create
container.persistentVolumes.delete
container.persistentVolumes.get
container.persistentVolumes.getStatus
container.persistentVolumes.list
container.persistentVolumes.update
container.persistentVolumes.updateStatus
container.petSets.create
container.petSets.delete
container.petSets.get
container.petSets.list
container.petSets.update
container.petSets.updateStatus
container.podDisruptionBudgets.create
container.podDisruptionBudgets.delete
container.podDisruptionBudgets.get
container.podDisruptionBudgets.getStatus
container.podDisruptionBudgets.list
container.podDisruptionBudgets.update
container.podDisruptionBudgets.updateStatus
container.podPresets.create
container.podPresets.delete
container.podPresets.get
container.podPresets.list
container.podPresets.update
container.podSecurityPolicies.create
container.podSecurityPolicies.delete
container.podSecurityPolicies.get
container.podSecurityPolicies.list
container.podSecurityPolicies.update
container.podSecurityPolicies.use
container.podTemplates.create
container.podTemplates.delete
container.podTemplates.get
container.podTemplates.list
container.podTemplates.update
container.pods.attach
container.pods.create
container.pods.delete
container.pods.evict
container.pods.exec
container.pods.get
container.pods.getLogs
container.pods.getStatus
container.pods.initialize
container.pods.list
container.pods.portForward
container.pods.proxy
container.pods.update
container.pods.updateStatus
container.priorityClasses.create
container.priorityClasses.delete
container.priorityClasses.get
container.priorityClasses.list
container.priorityClasses.update
container.replicaSets.create
container.replicaSets.delete
container.replicaSets.get
container.replicaSets.getScale
container.replicaSets.getStatus
container.replicaSets.list
container.replicaSets.update
container.replicaSets.updateScale
container.replicaSets.updateStatus
container.replicationControllers.create
container.replicationControllers.delete
container.replicationControllers.get
container.replicationControllers.getScale
container.replicationControllers.getStatus
container.replicationControllers.list
container.replicationControllers.update
container.replicationControllers.updateScale
container.replicationControllers.updateStatus
container.resourceQuotas.create
container.resourceQuotas.delete
container.resourceQuotas.get
container.resourceQuotas.getStatus
container.resourceQuotas.list
container.resourceQuotas.update
container.resourceQuotas.updateStatus
container.roleBindings.create
container.roleBindings.delete
container.roleBindings.get
container.roleBindings.list
container.roleBindings.update
container.roles.bind
container.roles.create
container.roles.delete
container.roles.escalate
container.roles.get
container.roles.list
container.roles.update
container.runtimeClasses.create
container.runtimeClasses.delete
container.runtimeClasses.get
container.runtimeClasses.list
container.runtimeClasses.update
container.scheduledJobs.create
container.scheduledJobs.delete
container.scheduledJobs.get
container.scheduledJobs.list
container.scheduledJobs.update
container.scheduledJobs.updateStatus
container.secrets.create
container.secrets.delete
container.secrets.get
container.secrets.list
container.secrets.update
container.selfSubjectAccessReviews.create
container.selfSubjectAccessReviews.list
container.selfSubjectRulesReviews.create
container.serviceAccounts.create
container.serviceAccounts.createToken
container.serviceAccounts.delete
container.serviceAccounts.get
container.serviceAccounts.list
container.serviceAccounts.update
container.services.create
container.services.delete
container.services.get
container.services.getStatus
container.services.list
container.services.proxy
container.services.update
container.services.updateStatus
container.statefulSets.create
container.statefulSets.delete
container.statefulSets.get
container.statefulSets.getScale
container.statefulSets.getStatus
container.statefulSets.list
container.statefulSets.update
container.statefulSets.updateScale
container.statefulSets.updateStatus
container.storageClasses.create
container.storageClasses.delete
container.storageClasses.get
container.storageClasses.list
container.storageClasses.update
container.storageStates.create
container.storageStates.delete
container.storageStates.get
container.storageStates.getStatus
container.storageStates.list
container.storageStates.update
container.storageStates.updateStatus
container.storageVersionMigrations.create
container.storageVersionMigrations.delete
container.storageVersionMigrations.get
container.storageVersionMigrations.getStatus
container.storageVersionMigrations.list
container.storageVersionMigrations.update
container.storageVersionMigrations.updateStatus
container.subjectAccessReviews.create
container.subjectAccessReviews.list
container.thirdPartyObjects.create
container.thirdPartyObjects.delete
container.thirdPartyObjects.get
container.thirdPartyObjects.list
container.thirdPartyObjects.update
container.thirdPartyResources.create
container.thirdPartyResources.delete
container.thirdPartyResources.get
container.thirdPartyResources.list
container.thirdPartyResources.update
container.tokenReviews.create
container.updateInfos.create
container.updateInfos.delete
container.updateInfos.get
container.updateInfos.list
container.updateInfos.update
container.validatingWebhookConfigurations.create
container.validatingWebhookConfigurations.delete
container.validatingWebhookConfigurations.get
container.validatingWebhookConfigurations.list
container.validatingWebhookConfigurations.update
container.volumeAttachments.create
container.volumeAttachments.delete
container.volumeAttachments.get
container.volumeAttachments.getStatus
container.volumeAttachments.list
container.volumeAttachments.update
container.volumeAttachments.updateStatus
container.volumeSnapshotClasses.create
container.volumeSnapshotClasses.delete
container.volumeSnapshotClasses.get
container.volumeSnapshotClasses.list
container.volumeSnapshotClasses.update
container.volumeSnapshotContents.create
container.volumeSnapshotContents.delete
container.volumeSnapshotContents.get
container.volumeSnapshotContents.getStatus
container.volumeSnapshotContents.list
container.volumeSnapshotContents.update
container.volumeSnapshotContents.updateStatus
container.volumeSnapshots.create
container.volumeSnapshots.delete
container.volumeSnapshots.get
container.volumeSnapshots.getStatus
container.volumeSnapshots.list
container.volumeSnapshots.update
container.volumeSnapshots.updateStatus

containeranalysis.occurrences.create

containeranalysis.occurrences.delete

containeranalysis.occurrences.get

containeranalysis.occurrences.list

containeranalysis.occurrences.update

datalineage.events.create

datalineage.processes.create

datalineage.processes.get

datalineage.processes.update

datalineage.runs.create

datalineage.runs.get

datalineage.runs.update

logging.logEntries.create

logging.logEntries.list

logging.logEntries.route

logging.views.access

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list

monitoring.timeSeries.*

monitoring.timeSeries.create
monitoring.timeSeries.list

orgpolicy.policy.get

pubsub.schemas.attach

pubsub.schemas.commit

pubsub.schemas.create

pubsub.schemas.delete

pubsub.schemas.get

pubsub.schemas.list

pubsub.schemas.listRevisions

pubsub.schemas.rollback

pubsub.schemas.validate

pubsub.snapshots.create

pubsub.snapshots.delete

pubsub.snapshots.get

pubsub.snapshots.list

pubsub.snapshots.seek

pubsub.snapshots.update

pubsub.subscriptions.consume

pubsub.subscriptions.create

pubsub.subscriptions.delete

pubsub.subscriptions.get

pubsub.subscriptions.list

pubsub.subscriptions.update

pubsub.topics.attachSubscription

pubsub.topics.create

pubsub.topics.delete

pubsub.topics.detachSubscription

pubsub.topics.get

pubsub.topics.list

pubsub.topics.publish

pubsub.topics.update

pubsub.topics.updateTag

recommender.containerDiagnosisInsights.*

recommender.containerDiagnosisInsights.get
recommender.containerDiagnosisInsights.list
recommender.containerDiagnosisInsights.update

recommender.containerDiagnosisRecommendations.*

recommender.containerDiagnosisRecommendations.get
recommender.containerDiagnosisRecommendations.list
recommender.containerDiagnosisRecommendations.update

recommender.locations.*

recommender.locations.get
recommender.locations.list

recommender.networkAnalyzerGkeConnectivityInsights.*

recommender.networkAnalyzerGkeConnectivityInsights.get
recommender.networkAnalyzerGkeConnectivityInsights.list
recommender.networkAnalyzerGkeConnectivityInsights.update

recommender.networkAnalyzerGkeIpAddressInsights.*

recommender.networkAnalyzerGkeIpAddressInsights.get
recommender.networkAnalyzerGkeIpAddressInsights.list
recommender.networkAnalyzerGkeIpAddressInsights.update

remotebuildexecution.blobs.get

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

source.repos.get

source.repos.list

storage.buckets.create

storage.buckets.get

storage.buckets.list

storage.folders.*

storage.folders.create
storage.folders.delete
storage.folders.get
storage.folders.list
storage.folders.rename

storage.managedFolders.create

storage.managedFolders.delete

storage.managedFolders.get

storage.managedFolders.list

storage.multipartUploads.*

storage.multipartUploads.abort
storage.multipartUploads.create
storage.multipartUploads.list
storage.multipartUploads.listParts

storage.objects.*

storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.getIamPolicy
storage.objects.list
storage.objects.overrideUnlockedRetention
storage.objects.restore
storage.objects.setIamPolicy
storage.objects.setRetention
storage.objects.update

Rollen für Dienst-Agents

Rolle Berechtigungen

Rolle	Berechtigungen
Cloud Composer API-Dienst-Agent (`roles/composer.serviceAgent`) Der Cloud Composer API-Dienst-Agent kann Umgebungen verwalten. Warnung: Weisen Sie Dienst-Agent-Rollen nur Hauptkonten zu, die Dienst-Agenten sind.	`appengine.applications.get` `appengine.applications.listRuntimes` `appengine.applications.update` `appengine.instances.` `appengine.instances.delete` `appengine.instances.enableDebug` `appengine.instances.get` `appengine.instances.list` `appengine.memcache.addKey` `appengine.memcache.flush` `appengine.memcache.get` `appengine.memcache.update` `appengine.operations.` `appengine.operations.get` `appengine.operations.list` `appengine.runtimes.actAsAdmin` `appengine.services.` `appengine.services.delete` `appengine.services.get` `appengine.services.list` `appengine.services.update` `appengine.versions.create` `appengine.versions.delete` `appengine.versions.get` `appengine.versions.list` `appengine.versions.update` `artifactregistry.repositories.create` `artifactregistry.repositories.delete` `artifactregistry.repositories.get` `artifactregistry.repositories.list` `artifactregistry.repositories.update` `cloudaicompanion.entitlements.get` `cloudnotifications.activities.list` `cloudsql.` `cloudsql.backupRuns.create` `cloudsql.backupRuns.delete` `cloudsql.backupRuns.get` `cloudsql.backupRuns.list` `cloudsql.databases.create` `cloudsql.databases.delete` `cloudsql.databases.get` `cloudsql.databases.list` `cloudsql.databases.update` `cloudsql.instances.addServerCa` `cloudsql.instances.addServerCertificate` `cloudsql.instances.clone` `cloudsql.instances.connect` `cloudsql.instances.create` `cloudsql.instances.createTagBinding` `cloudsql.instances.delete` `cloudsql.instances.deleteTagBinding` `cloudsql.instances.demoteMaster` `cloudsql.instances.executeSql` `cloudsql.instances.export` `cloudsql.instances.failover` `cloudsql.instances.get` `cloudsql.instances.getDiskShrinkConfig` `cloudsql.instances.import` `cloudsql.instances.list` `cloudsql.instances.listEffectiveTags` `cloudsql.instances.listServerCas` `cloudsql.instances.listServerCertificates` `cloudsql.instances.listTagBindings` `cloudsql.instances.login` `cloudsql.instances.migrate` `cloudsql.instances.performDiskShrink` `cloudsql.instances.promoteReplica` `cloudsql.instances.reencrypt` `cloudsql.instances.resetReplicaSize` `cloudsql.instances.resetSslConfig` `cloudsql.instances.restart` `cloudsql.instances.restoreBackup` `cloudsql.instances.rotateServerCa` `cloudsql.instances.rotateServerCertificate` `cloudsql.instances.startReplica` `cloudsql.instances.stopReplica` `cloudsql.instances.truncateLog` `cloudsql.instances.update` `cloudsql.schemas.view` `cloudsql.sslCerts.create` `cloudsql.sslCerts.delete` `cloudsql.sslCerts.get` `cloudsql.sslCerts.list` `cloudsql.users.create` `cloudsql.users.delete` `cloudsql.users.get` `cloudsql.users.list` `cloudsql.users.update` `composer.dags.get` `composer.environments.get` `compute.acceleratorTypes.` `compute.acceleratorTypes.get` `compute.acceleratorTypes.list` `compute.addresses.` `compute.addresses.create` `compute.addresses.createInternal` `compute.addresses.createTagBinding` `compute.addresses.delete` `compute.addresses.deleteInternal` `compute.addresses.deleteTagBinding` `compute.addresses.get` `compute.addresses.list` `compute.addresses.listEffectiveTags` `compute.addresses.listTagBindings` `compute.addresses.setLabels` `compute.addresses.use` `compute.addresses.useInternal` `compute.autoscalers.` `compute.autoscalers.create` `compute.autoscalers.delete` `compute.autoscalers.get` `compute.autoscalers.list` `compute.autoscalers.update` `compute.backendBuckets.` `compute.backendBuckets.addSignedUrlKey` `compute.backendBuckets.create` `compute.backendBuckets.createTagBinding` `compute.backendBuckets.delete` `compute.backendBuckets.deleteSignedUrlKey` `compute.backendBuckets.deleteTagBinding` `compute.backendBuckets.get` `compute.backendBuckets.getIamPolicy` `compute.backendBuckets.list` `compute.backendBuckets.listEffectiveTags` `compute.backendBuckets.listTagBindings` `compute.backendBuckets.setIamPolicy` `compute.backendBuckets.setSecurityPolicy` `compute.backendBuckets.update` `compute.backendBuckets.use` `compute.backendServices.` `compute.backendServices.addSignedUrlKey` `compute.backendServices.create` `compute.backendServices.createTagBinding` `compute.backendServices.delete` `compute.backendServices.deleteSignedUrlKey` `compute.backendServices.deleteTagBinding` `compute.backendServices.get` `compute.backendServices.getIamPolicy` `compute.backendServices.list` `compute.backendServices.listEffectiveTags` `compute.backendServices.listTagBindings` `compute.backendServices.setIamPolicy` `compute.backendServices.setSecurityPolicy` `compute.backendServices.update` `compute.backendServices.use` `compute.diskTypes.` `compute.diskTypes.get` `compute.diskTypes.list` `compute.disks.` `compute.disks.addResourcePolicies` `compute.disks.create` `compute.disks.createSnapshot` `compute.disks.createTagBinding` `compute.disks.delete` `compute.disks.deleteTagBinding` `compute.disks.get` `compute.disks.getIamPolicy` `compute.disks.list` `compute.disks.listEffectiveTags` `compute.disks.listTagBindings` `compute.disks.removeResourcePolicies` `compute.disks.resize` `compute.disks.setIamPolicy` `compute.disks.setLabels` `compute.disks.startAsyncReplication` `compute.disks.stopAsyncReplication` `compute.disks.stopGroupAsyncReplication` `compute.disks.update` `compute.disks.use` `compute.disks.useReadOnly` `compute.externalVpnGateways.` `compute.externalVpnGateways.create` `compute.externalVpnGateways.createTagBinding` `compute.externalVpnGateways.delete` `compute.externalVpnGateways.deleteTagBinding` `compute.externalVpnGateways.get` `compute.externalVpnGateways.list` `compute.externalVpnGateways.listEffectiveTags` `compute.externalVpnGateways.listTagBindings` `compute.externalVpnGateways.setLabels` `compute.externalVpnGateways.use` `compute.firewallPolicies.get` `compute.firewallPolicies.list` `compute.firewallPolicies.listEffectiveTags` `compute.firewallPolicies.listTagBindings` `compute.firewallPolicies.use` `compute.firewalls.get` `compute.firewalls.list` `compute.firewalls.listEffectiveTags` `compute.firewalls.listTagBindings` `compute.forwardingRules.` `compute.forwardingRules.create` `compute.forwardingRules.createTagBinding` `compute.forwardingRules.delete` `compute.forwardingRules.deleteTagBinding` `compute.forwardingRules.get` `compute.forwardingRules.list` `compute.forwardingRules.listEffectiveTags` `compute.forwardingRules.listTagBindings` `compute.forwardingRules.pscCreate` `compute.forwardingRules.pscDelete` `compute.forwardingRules.pscSetLabels` `compute.forwardingRules.pscSetTarget` `compute.forwardingRules.pscUpdate` `compute.forwardingRules.setLabels` `compute.forwardingRules.setTarget` `compute.forwardingRules.update` `compute.forwardingRules.use` `compute.globalAddresses.` `compute.globalAddresses.create` `compute.globalAddresses.createInternal` `compute.globalAddresses.createTagBinding` `compute.globalAddresses.delete` `compute.globalAddresses.deleteInternal` `compute.globalAddresses.deleteTagBinding` `compute.globalAddresses.get` `compute.globalAddresses.list` `compute.globalAddresses.listEffectiveTags` `compute.globalAddresses.listTagBindings` `compute.globalAddresses.setLabels` `compute.globalAddresses.use` `compute.globalForwardingRules.` `compute.globalForwardingRules.create` `compute.globalForwardingRules.createTagBinding` `compute.globalForwardingRules.delete` `compute.globalForwardingRules.deleteTagBinding` `compute.globalForwardingRules.get` `compute.globalForwardingRules.list` `compute.globalForwardingRules.listEffectiveTags` `compute.globalForwardingRules.listTagBindings` `compute.globalForwardingRules.pscCreate` `compute.globalForwardingRules.pscDelete` `compute.globalForwardingRules.pscGet` `compute.globalForwardingRules.pscSetLabels` `compute.globalForwardingRules.pscSetTarget` `compute.globalForwardingRules.pscUpdate` `compute.globalForwardingRules.setLabels` `compute.globalForwardingRules.setTarget` `compute.globalForwardingRules.update` `compute.globalNetworkEndpointGroups.` `compute.globalNetworkEndpointGroups.attachNetworkEndpoints` `compute.globalNetworkEndpointGroups.create` `compute.globalNetworkEndpointGroups.createTagBinding` `compute.globalNetworkEndpointGroups.delete` `compute.globalNetworkEndpointGroups.deleteTagBinding` `compute.globalNetworkEndpointGroups.detachNetworkEndpoints` `compute.globalNetworkEndpointGroups.get` `compute.globalNetworkEndpointGroups.list` `compute.globalNetworkEndpointGroups.listEffectiveTags` `compute.globalNetworkEndpointGroups.listTagBindings` `compute.globalNetworkEndpointGroups.use` `compute.globalOperations.get` `compute.globalOperations.list` `compute.globalPublicDelegatedPrefixes.delete` `compute.globalPublicDelegatedPrefixes.get` `compute.globalPublicDelegatedPrefixes.list` `compute.globalPublicDelegatedPrefixes.updatePolicy` `compute.healthChecks.` `compute.healthChecks.create` `compute.healthChecks.createTagBinding` `compute.healthChecks.delete` `compute.healthChecks.deleteTagBinding` `compute.healthChecks.get` `compute.healthChecks.list` `compute.healthChecks.listEffectiveTags` `compute.healthChecks.listTagBindings` `compute.healthChecks.update` `compute.healthChecks.use` `compute.healthChecks.useReadOnly` `compute.httpHealthChecks.` `compute.httpHealthChecks.create` `compute.httpHealthChecks.createTagBinding` `compute.httpHealthChecks.delete` `compute.httpHealthChecks.deleteTagBinding` `compute.httpHealthChecks.get` `compute.httpHealthChecks.list` `compute.httpHealthChecks.listEffectiveTags` `compute.httpHealthChecks.listTagBindings` `compute.httpHealthChecks.update` `compute.httpHealthChecks.use` `compute.httpHealthChecks.useReadOnly` `compute.httpsHealthChecks.` `compute.httpsHealthChecks.create` `compute.httpsHealthChecks.createTagBinding` `compute.httpsHealthChecks.delete` `compute.httpsHealthChecks.deleteTagBinding` `compute.httpsHealthChecks.get` `compute.httpsHealthChecks.list` `compute.httpsHealthChecks.listEffectiveTags` `compute.httpsHealthChecks.listTagBindings` `compute.httpsHealthChecks.update` `compute.httpsHealthChecks.use` `compute.httpsHealthChecks.useReadOnly` `compute.images.` `compute.images.create` `compute.images.createTagBinding` `compute.images.delete` `compute.images.deleteTagBinding` `compute.images.deprecate` `compute.images.get` `compute.images.getFromFamily` `compute.images.getIamPolicy` `compute.images.list` `compute.images.listEffectiveTags` `compute.images.listTagBindings` `compute.images.setIamPolicy` `compute.images.setLabels` `compute.images.update` `compute.images.useReadOnly` `compute.instanceGroupManagers.` `compute.instanceGroupManagers.create` `compute.instanceGroupManagers.createTagBinding` `compute.instanceGroupManagers.delete` `compute.instanceGroupManagers.deleteTagBinding` `compute.instanceGroupManagers.get` `compute.instanceGroupManagers.list` `compute.instanceGroupManagers.listEffectiveTags` `compute.instanceGroupManagers.listTagBindings` `compute.instanceGroupManagers.update` `compute.instanceGroupManagers.use` `compute.instanceGroups.` `compute.instanceGroups.create` `compute.instanceGroups.createTagBinding` `compute.instanceGroups.delete` `compute.instanceGroups.deleteTagBinding` `compute.instanceGroups.get` `compute.instanceGroups.list` `compute.instanceGroups.listEffectiveTags` `compute.instanceGroups.listTagBindings` `compute.instanceGroups.update` `compute.instanceGroups.use` `compute.instanceSettings.` `compute.instanceSettings.get` `compute.instanceSettings.update` `compute.instanceTemplates.` `compute.instanceTemplates.create` `compute.instanceTemplates.delete` `compute.instanceTemplates.get` `compute.instanceTemplates.getIamPolicy` `compute.instanceTemplates.list` `compute.instanceTemplates.setIamPolicy` `compute.instanceTemplates.useReadOnly` `compute.instances.` `compute.instances.addAccessConfig` `compute.instances.addResourcePolicies` `compute.instances.attachDisk` `compute.instances.create` `compute.instances.createTagBinding` `compute.instances.delete` `compute.instances.deleteAccessConfig` `compute.instances.deleteTagBinding` `compute.instances.detachDisk` `compute.instances.get` `compute.instances.getEffectiveFirewalls` `compute.instances.getGuestAttributes` `compute.instances.getIamPolicy` `compute.instances.getScreenshot` `compute.instances.getSerialPortOutput` `compute.instances.getShieldedInstanceIdentity` `compute.instances.getShieldedVmIdentity` `compute.instances.list` `compute.instances.listEffectiveTags` `compute.instances.listReferrers` `compute.instances.listTagBindings` `compute.instances.osAdminLogin` `compute.instances.osLogin` `compute.instances.pscInterfaceCreate` `compute.instances.removeResourcePolicies` `compute.instances.reset` `compute.instances.resume` `compute.instances.sendDiagnosticInterrupt` `compute.instances.setDeletionProtection` `compute.instances.setDiskAutoDelete` `compute.instances.setIamPolicy` `compute.instances.setLabels` `compute.instances.setMachineResources` `compute.instances.setMachineType` `compute.instances.setMetadata` `compute.instances.setMinCpuPlatform` `compute.instances.setName` `compute.instances.setScheduling` `compute.instances.setSecurityPolicy` `compute.instances.setServiceAccount` `compute.instances.setShieldedInstanceIntegrityPolicy` `compute.instances.setShieldedVmIntegrityPolicy` `compute.instances.setTags` `compute.instances.simulateMaintenanceEvent` `compute.instances.start` `compute.instances.startWithEncryptionKey` `compute.instances.stop` `compute.instances.suspend` `compute.instances.update` `compute.instances.updateAccessConfig` `compute.instances.updateDisplayDevice` `compute.instances.updateNetworkInterface` `compute.instances.updateSecurity` `compute.instances.updateShieldedInstanceConfig` `compute.instances.updateShieldedVmConfig` `compute.instances.use` `compute.instances.useReadOnly` `compute.instantSnapshots.` `compute.instantSnapshots.create` `compute.instantSnapshots.delete` `compute.instantSnapshots.export` `compute.instantSnapshots.get` `compute.instantSnapshots.getIamPolicy` `compute.instantSnapshots.list` `compute.instantSnapshots.setIamPolicy` `compute.instantSnapshots.setLabels` `compute.instantSnapshots.useReadOnly` `compute.interconnectAttachments.` `compute.interconnectAttachments.create` `compute.interconnectAttachments.createTagBinding` `compute.interconnectAttachments.delete` `compute.interconnectAttachments.deleteTagBinding` `compute.interconnectAttachments.get` `compute.interconnectAttachments.list` `compute.interconnectAttachments.listEffectiveTags` `compute.interconnectAttachments.listTagBindings` `compute.interconnectAttachments.setLabels` `compute.interconnectAttachments.update` `compute.interconnectAttachments.use` `compute.interconnectLocations.` `compute.interconnectLocations.get` `compute.interconnectLocations.list` `compute.interconnectRemoteLocations.` `compute.interconnectRemoteLocations.get` `compute.interconnectRemoteLocations.list` `compute.interconnects.` `compute.interconnects.create` `compute.interconnects.createTagBinding` `compute.interconnects.delete` `compute.interconnects.deleteTagBinding` `compute.interconnects.get` `compute.interconnects.getMacsecConfig` `compute.interconnects.list` `compute.interconnects.listEffectiveTags` `compute.interconnects.listTagBindings` `compute.interconnects.setLabels` `compute.interconnects.update` `compute.interconnects.use` `compute.licenseCodes.` `compute.licenseCodes.get` `compute.licenseCodes.getIamPolicy` `compute.licenseCodes.list` `compute.licenseCodes.setIamPolicy` `compute.licenseCodes.update` `compute.licenses.` `compute.licenses.create` `compute.licenses.delete` `compute.licenses.get` `compute.licenses.getIamPolicy` `compute.licenses.list` `compute.licenses.setIamPolicy` `compute.machineImages.` `compute.machineImages.create` `compute.machineImages.delete` `compute.machineImages.get` `compute.machineImages.getIamPolicy` `compute.machineImages.list` `compute.machineImages.setIamPolicy` `compute.machineImages.useReadOnly` `compute.machineTypes.` `compute.machineTypes.get` `compute.machineTypes.list` `compute.networkAttachments.` `compute.networkAttachments.create` `compute.networkAttachments.createTagBinding` `compute.networkAttachments.delete` `compute.networkAttachments.deleteTagBinding` `compute.networkAttachments.get` `compute.networkAttachments.getIamPolicy` `compute.networkAttachments.list` `compute.networkAttachments.listEffectiveTags` `compute.networkAttachments.listTagBindings` `compute.networkAttachments.setIamPolicy` `compute.networkAttachments.update` `compute.networkEndpointGroups.` `compute.networkEndpointGroups.attachNetworkEndpoints` `compute.networkEndpointGroups.create` `compute.networkEndpointGroups.createTagBinding` `compute.networkEndpointGroups.delete` `compute.networkEndpointGroups.deleteTagBinding` `compute.networkEndpointGroups.detachNetworkEndpoints` `compute.networkEndpointGroups.get` `compute.networkEndpointGroups.list` `compute.networkEndpointGroups.listEffectiveTags` `compute.networkEndpointGroups.listTagBindings` `compute.networkEndpointGroups.use` `compute.networks.` `compute.networks.access` `compute.networks.addPeering` `compute.networks.create` `compute.networks.createTagBinding` `compute.networks.delete` `compute.networks.deleteTagBinding` `compute.networks.get` `compute.networks.getEffectiveFirewalls` `compute.networks.getRegionEffectiveFirewalls` `compute.networks.list` `compute.networks.listEffectiveTags` `compute.networks.listPeeringRoutes` `compute.networks.listTagBindings` `compute.networks.mirror` `compute.networks.removePeering` `compute.networks.setFirewallPolicy` `compute.networks.switchToCustomMode` `compute.networks.update` `compute.networks.updatePeering` `compute.networks.updatePolicy` `compute.networks.use` `compute.networks.useExternalIp` `compute.packetMirrorings.get` `compute.packetMirrorings.list` `compute.packetMirrorings.listEffectiveTags` `compute.packetMirrorings.listTagBindings` `compute.projects.get` `compute.projects.setCommonInstanceMetadata` `compute.publicDelegatedPrefixes.delete` `compute.publicDelegatedPrefixes.get` `compute.publicDelegatedPrefixes.list` `compute.publicDelegatedPrefixes.listEffectiveTags` `compute.publicDelegatedPrefixes.listTagBindings` `compute.publicDelegatedPrefixes.update` `compute.publicDelegatedPrefixes.updatePolicy` `compute.regionBackendServices.` `compute.regionBackendServices.create` `compute.regionBackendServices.createTagBinding` `compute.regionBackendServices.delete` `compute.regionBackendServices.deleteTagBinding` `compute.regionBackendServices.get` `compute.regionBackendServices.getIamPolicy` `compute.regionBackendServices.list` `compute.regionBackendServices.listEffectiveTags` `compute.regionBackendServices.listTagBindings` `compute.regionBackendServices.setIamPolicy` `compute.regionBackendServices.setSecurityPolicy` `compute.regionBackendServices.update` `compute.regionBackendServices.use` `compute.regionFirewallPolicies.get` `compute.regionFirewallPolicies.list` `compute.regionFirewallPolicies.listEffectiveTags` `compute.regionFirewallPolicies.listTagBindings` `compute.regionFirewallPolicies.use` `compute.regionHealthCheckServices.` `compute.regionHealthCheckServices.create` `compute.regionHealthCheckServices.delete` `compute.regionHealthCheckServices.get` `compute.regionHealthCheckServices.list` `compute.regionHealthCheckServices.update` `compute.regionHealthCheckServices.use` `compute.regionHealthChecks.` `compute.regionHealthChecks.create` `compute.regionHealthChecks.createTagBinding` `compute.regionHealthChecks.delete` `compute.regionHealthChecks.deleteTagBinding` `compute.regionHealthChecks.get` `compute.regionHealthChecks.list` `compute.regionHealthChecks.listEffectiveTags` `compute.regionHealthChecks.listTagBindings` `compute.regionHealthChecks.update` `compute.regionHealthChecks.use` `compute.regionHealthChecks.useReadOnly` `compute.regionNetworkEndpointGroups.` `compute.regionNetworkEndpointGroups.attachNetworkEndpoints` `compute.regionNetworkEndpointGroups.create` `compute.regionNetworkEndpointGroups.createTagBinding` `compute.regionNetworkEndpointGroups.delete` `compute.regionNetworkEndpointGroups.deleteTagBinding` `compute.regionNetworkEndpointGroups.detachNetworkEndpoints` `compute.regionNetworkEndpointGroups.get` `compute.regionNetworkEndpointGroups.list` `compute.regionNetworkEndpointGroups.listEffectiveTags` `compute.regionNetworkEndpointGroups.listTagBindings` `compute.regionNetworkEndpointGroups.use` `compute.regionNotificationEndpoints.` `compute.regionNotificationEndpoints.create` `compute.regionNotificationEndpoints.delete` `compute.regionNotificationEndpoints.get` `compute.regionNotificationEndpoints.list` `compute.regionNotificationEndpoints.update` `compute.regionNotificationEndpoints.use` `compute.regionOperations.get` `compute.regionOperations.list` `compute.regionSecurityPolicies.get` `compute.regionSecurityPolicies.list` `compute.regionSecurityPolicies.listEffectiveTags` `compute.regionSecurityPolicies.listTagBindings` `compute.regionSecurityPolicies.use` `compute.regionSslCertificates.get` `compute.regionSslCertificates.list` `compute.regionSslCertificates.listEffectiveTags` `compute.regionSslCertificates.listTagBindings` `compute.regionSslPolicies.` `compute.regionSslPolicies.create` `compute.regionSslPolicies.createTagBinding` `compute.regionSslPolicies.delete` `compute.regionSslPolicies.deleteTagBinding` `compute.regionSslPolicies.get` `compute.regionSslPolicies.list` `compute.regionSslPolicies.listAvailableFeatures` `compute.regionSslPolicies.listEffectiveTags` `compute.regionSslPolicies.listTagBindings` `compute.regionSslPolicies.update` `compute.regionSslPolicies.use` `compute.regionTargetHttpProxies.` `compute.regionTargetHttpProxies.create` `compute.regionTargetHttpProxies.createTagBinding` `compute.regionTargetHttpProxies.delete` `compute.regionTargetHttpProxies.deleteTagBinding` `compute.regionTargetHttpProxies.get` `compute.regionTargetHttpProxies.list` `compute.regionTargetHttpProxies.listEffectiveTags` `compute.regionTargetHttpProxies.listTagBindings` `compute.regionTargetHttpProxies.setUrlMap` `compute.regionTargetHttpProxies.use` `compute.regionTargetHttpsProxies.` `compute.regionTargetHttpsProxies.create` `compute.regionTargetHttpsProxies.createTagBinding` `compute.regionTargetHttpsProxies.delete` `compute.regionTargetHttpsProxies.deleteTagBinding` `compute.regionTargetHttpsProxies.get` `compute.regionTargetHttpsProxies.list` `compute.regionTargetHttpsProxies.listEffectiveTags` `compute.regionTargetHttpsProxies.listTagBindings` `compute.regionTargetHttpsProxies.setSslCertificates` `compute.regionTargetHttpsProxies.setUrlMap` `compute.regionTargetHttpsProxies.update` `compute.regionTargetHttpsProxies.use` `compute.regionTargetTcpProxies.` `compute.regionTargetTcpProxies.create` `compute.regionTargetTcpProxies.createTagBinding` `compute.regionTargetTcpProxies.delete` `compute.regionTargetTcpProxies.deleteTagBinding` `compute.regionTargetTcpProxies.get` `compute.regionTargetTcpProxies.list` `compute.regionTargetTcpProxies.listEffectiveTags` `compute.regionTargetTcpProxies.listTagBindings` `compute.regionTargetTcpProxies.use` `compute.regionUrlMaps.` `compute.regionUrlMaps.create` `compute.regionUrlMaps.createTagBinding` `compute.regionUrlMaps.delete` `compute.regionUrlMaps.deleteTagBinding` `compute.regionUrlMaps.get` `compute.regionUrlMaps.invalidateCache` `compute.regionUrlMaps.list` `compute.regionUrlMaps.listEffectiveTags` `compute.regionUrlMaps.listTagBindings` `compute.regionUrlMaps.update` `compute.regionUrlMaps.use` `compute.regionUrlMaps.validate` `compute.regions.` `compute.regions.get` `compute.regions.list` `compute.reservations.get` `compute.reservations.list` `compute.resourcePolicies.` `compute.resourcePolicies.create` `compute.resourcePolicies.delete` `compute.resourcePolicies.get` `compute.resourcePolicies.getIamPolicy` `compute.resourcePolicies.list` `compute.resourcePolicies.setIamPolicy` `compute.resourcePolicies.update` `compute.resourcePolicies.use` `compute.resourcePolicies.useReadOnly` `compute.routers.` `compute.routers.create` `compute.routers.createTagBinding` `compute.routers.delete` `compute.routers.deleteRoutePolicy` `compute.routers.deleteTagBinding` `compute.routers.get` `compute.routers.getRoutePolicy` `compute.routers.list` `compute.routers.listBgpRoutes` `compute.routers.listEffectiveTags` `compute.routers.listRoutePolicies` `compute.routers.listTagBindings` `compute.routers.update` `compute.routers.updateRoutePolicy` `compute.routers.use` `compute.routes.` `compute.routes.create` `compute.routes.createTagBinding` `compute.routes.delete` `compute.routes.deleteTagBinding` `compute.routes.get` `compute.routes.list` `compute.routes.listEffectiveTags` `compute.routes.listTagBindings` `compute.securityPolicies.get` `compute.securityPolicies.list` `compute.securityPolicies.listEffectiveTags` `compute.securityPolicies.listTagBindings` `compute.securityPolicies.use` `compute.serviceAttachments.` `compute.serviceAttachments.create` `compute.serviceAttachments.createTagBinding` `compute.serviceAttachments.delete` `compute.serviceAttachments.deleteTagBinding` `compute.serviceAttachments.get` `compute.serviceAttachments.getIamPolicy` `compute.serviceAttachments.list` `compute.serviceAttachments.listEffectiveTags` `compute.serviceAttachments.listTagBindings` `compute.serviceAttachments.setIamPolicy` `compute.serviceAttachments.update` `compute.serviceAttachments.use` `compute.snapshots.` `compute.snapshots.create` `compute.snapshots.createTagBinding` `compute.snapshots.delete` `compute.snapshots.deleteTagBinding` `compute.snapshots.get` `compute.snapshots.getIamPolicy` `compute.snapshots.list` `compute.snapshots.listEffectiveTags` `compute.snapshots.listTagBindings` `compute.snapshots.setIamPolicy` `compute.snapshots.setLabels` `compute.snapshots.useReadOnly` `compute.sslCertificates.get` `compute.sslCertificates.list` `compute.sslCertificates.listEffectiveTags` `compute.sslCertificates.listTagBindings` `compute.sslPolicies.` `compute.sslPolicies.create` `compute.sslPolicies.createTagBinding` `compute.sslPolicies.delete` `compute.sslPolicies.deleteTagBinding` `compute.sslPolicies.get` `compute.sslPolicies.list` `compute.sslPolicies.listAvailableFeatures` `compute.sslPolicies.listEffectiveTags` `compute.sslPolicies.listTagBindings` `compute.sslPolicies.update` `compute.sslPolicies.use` `compute.storagePools.get` `compute.storagePools.list` `compute.storagePools.use` `compute.subnetworks.` `compute.subnetworks.create` `compute.subnetworks.createTagBinding` `compute.subnetworks.delete` `compute.subnetworks.deleteTagBinding` `compute.subnetworks.expandIpCidrRange` `compute.subnetworks.get` `compute.subnetworks.getIamPolicy` `compute.subnetworks.list` `compute.subnetworks.listEffectiveTags` `compute.subnetworks.listTagBindings` `compute.subnetworks.mirror` `compute.subnetworks.setIamPolicy` `compute.subnetworks.setPrivateIpGoogleAccess` `compute.subnetworks.update` `compute.subnetworks.use` `compute.subnetworks.useExternalIp` `compute.targetGrpcProxies.` `compute.targetGrpcProxies.create` `compute.targetGrpcProxies.createTagBinding` `compute.targetGrpcProxies.delete` `compute.targetGrpcProxies.deleteTagBinding` `compute.targetGrpcProxies.get` `compute.targetGrpcProxies.list` `compute.targetGrpcProxies.listEffectiveTags` `compute.targetGrpcProxies.listTagBindings` `compute.targetGrpcProxies.update` `compute.targetGrpcProxies.use` `compute.targetHttpProxies.` `compute.targetHttpProxies.create` `compute.targetHttpProxies.createTagBinding` `compute.targetHttpProxies.delete` `compute.targetHttpProxies.deleteTagBinding` `compute.targetHttpProxies.get` `compute.targetHttpProxies.list` `compute.targetHttpProxies.listEffectiveTags` `compute.targetHttpProxies.listTagBindings` `compute.targetHttpProxies.setUrlMap` `compute.targetHttpProxies.update` `compute.targetHttpProxies.use` `compute.targetHttpsProxies.` `compute.targetHttpsProxies.create` `compute.targetHttpsProxies.createTagBinding` `compute.targetHttpsProxies.delete` `compute.targetHttpsProxies.deleteTagBinding` `compute.targetHttpsProxies.get` `compute.targetHttpsProxies.list` `compute.targetHttpsProxies.listEffectiveTags` `compute.targetHttpsProxies.listTagBindings` `compute.targetHttpsProxies.setCertificateMap` `compute.targetHttpsProxies.setQuicOverride` `compute.targetHttpsProxies.setSslCertificates` `compute.targetHttpsProxies.setSslPolicy` `compute.targetHttpsProxies.setUrlMap` `compute.targetHttpsProxies.update` `compute.targetHttpsProxies.use` `compute.targetInstances.` `compute.targetInstances.create` `compute.targetInstances.createTagBinding` `compute.targetInstances.delete` `compute.targetInstances.deleteTagBinding` `compute.targetInstances.get` `compute.targetInstances.list` `compute.targetInstances.listEffectiveTags` `compute.targetInstances.listTagBindings` `compute.targetInstances.setSecurityPolicy` `compute.targetInstances.use` `compute.targetPools.` `compute.targetPools.addHealthCheck` `compute.targetPools.addInstance` `compute.targetPools.create` `compute.targetPools.createTagBinding` `compute.targetPools.delete` `compute.targetPools.deleteTagBinding` `compute.targetPools.get` `compute.targetPools.list` `compute.targetPools.listEffectiveTags` `compute.targetPools.listTagBindings` `compute.targetPools.removeHealthCheck` `compute.targetPools.removeInstance` `compute.targetPools.setSecurityPolicy` `compute.targetPools.update` `compute.targetPools.use` `compute.targetSslProxies.` `compute.targetSslProxies.create` `compute.targetSslProxies.createTagBinding` `compute.targetSslProxies.delete` `compute.targetSslProxies.deleteTagBinding` `compute.targetSslProxies.get` `compute.targetSslProxies.list` `compute.targetSslProxies.listEffectiveTags` `compute.targetSslProxies.listTagBindings` `compute.targetSslProxies.setBackendService` `compute.targetSslProxies.setCertificateMap` `compute.targetSslProxies.setProxyHeader` `compute.targetSslProxies.setSslCertificates` `compute.targetSslProxies.setSslPolicy` `compute.targetSslProxies.update` `compute.targetSslProxies.use` `compute.targetTcpProxies.` `compute.targetTcpProxies.create` `compute.targetTcpProxies.createTagBinding` `compute.targetTcpProxies.delete` `compute.targetTcpProxies.deleteTagBinding` `compute.targetTcpProxies.get` `compute.targetTcpProxies.list` `compute.targetTcpProxies.listEffectiveTags` `compute.targetTcpProxies.listTagBindings` `compute.targetTcpProxies.update` `compute.targetTcpProxies.use` `compute.targetVpnGateways.` `compute.targetVpnGateways.create` `compute.targetVpnGateways.createTagBinding` `compute.targetVpnGateways.delete` `compute.targetVpnGateways.deleteTagBinding` `compute.targetVpnGateways.get` `compute.targetVpnGateways.list` `compute.targetVpnGateways.listEffectiveTags` `compute.targetVpnGateways.listTagBindings` `compute.targetVpnGateways.setLabels` `compute.targetVpnGateways.use` `compute.urlMaps.` `compute.urlMaps.create` `compute.urlMaps.createTagBinding` `compute.urlMaps.delete` `compute.urlMaps.deleteTagBinding` `compute.urlMaps.get` `compute.urlMaps.invalidateCache` `compute.urlMaps.list` `compute.urlMaps.listEffectiveTags` `compute.urlMaps.listTagBindings` `compute.urlMaps.update` `compute.urlMaps.use` `compute.urlMaps.validate` `compute.vpnGateways.` `compute.vpnGateways.create` `compute.vpnGateways.createTagBinding` `compute.vpnGateways.delete` `compute.vpnGateways.deleteTagBinding` `compute.vpnGateways.get` `compute.vpnGateways.list` `compute.vpnGateways.listEffectiveTags` `compute.vpnGateways.listTagBindings` `compute.vpnGateways.setLabels` `compute.vpnGateways.use` `compute.vpnTunnels.` `compute.vpnTunnels.create` `compute.vpnTunnels.createTagBinding` `compute.vpnTunnels.delete` `compute.vpnTunnels.deleteTagBinding` `compute.vpnTunnels.get` `compute.vpnTunnels.list` `compute.vpnTunnels.listEffectiveTags` `compute.vpnTunnels.listTagBindings` `compute.vpnTunnels.setLabels` `compute.zoneOperations.get` `compute.zoneOperations.list` `compute.zones.` `compute.zones.get` `compute.zones.list` `container.` `container.apiServices.create` `container.apiServices.delete` `container.apiServices.get` `container.apiServices.getStatus` `container.apiServices.list` `container.apiServices.update` `container.apiServices.updateStatus` `container.auditSinks.create` `container.auditSinks.delete` `container.auditSinks.get` `container.auditSinks.list` `container.auditSinks.update` `container.backendConfigs.create` `container.backendConfigs.delete` `container.backendConfigs.get` `container.backendConfigs.list` `container.backendConfigs.update` `container.bindings.create` `container.bindings.delete` `container.bindings.get` `container.bindings.list` `container.bindings.update` `container.certificateSigningRequests.approve` `container.certificateSigningRequests.create` `container.certificateSigningRequests.delete` `container.certificateSigningRequests.get` `container.certificateSigningRequests.getStatus` `container.certificateSigningRequests.list` `container.certificateSigningRequests.update` `container.certificateSigningRequests.updateStatus` `container.clusterRoleBindings.create` `container.clusterRoleBindings.delete` `container.clusterRoleBindings.get` `container.clusterRoleBindings.list` `container.clusterRoleBindings.update` `container.clusterRoles.bind` `container.clusterRoles.create` `container.clusterRoles.delete` `container.clusterRoles.escalate` `container.clusterRoles.get` `container.clusterRoles.list` `container.clusterRoles.update` `container.clusters.connect` `container.clusters.create` `container.clusters.createTagBinding` `container.clusters.delete` `container.clusters.deleteTagBinding` `container.clusters.get` `container.clusters.getCredentials` `container.clusters.impersonate` `container.clusters.list` `container.clusters.listEffectiveTags` `container.clusters.listTagBindings` `container.clusters.update` `container.componentStatuses.get` `container.componentStatuses.list` `container.configMaps.create` `container.configMaps.delete` `container.configMaps.get` `container.configMaps.list` `container.configMaps.update` `container.controllerRevisions.create` `container.controllerRevisions.delete` `container.controllerRevisions.get` `container.controllerRevisions.list` `container.controllerRevisions.update` `container.cronJobs.create` `container.cronJobs.delete` `container.cronJobs.get` `container.cronJobs.getStatus` `container.cronJobs.list` `container.cronJobs.update` `container.cronJobs.updateStatus` `container.csiDrivers.create` `container.csiDrivers.delete` `container.csiDrivers.get` `container.csiDrivers.list` `container.csiDrivers.update` `container.csiNodeInfos.create` `container.csiNodeInfos.delete` `container.csiNodeInfos.get` `container.csiNodeInfos.list` `container.csiNodeInfos.update` `container.csiNodes.create` `container.csiNodes.delete` `container.csiNodes.get` `container.csiNodes.list` `container.csiNodes.update` `container.customResourceDefinitions.create` `container.customResourceDefinitions.delete` `container.customResourceDefinitions.get` `container.customResourceDefinitions.getStatus` `container.customResourceDefinitions.list` `container.customResourceDefinitions.update` `container.customResourceDefinitions.updateStatus` `container.daemonSets.create` `container.daemonSets.delete` `container.daemonSets.get` `container.daemonSets.getStatus` `container.daemonSets.list` `container.daemonSets.update` `container.daemonSets.updateStatus` `container.deployments.create` `container.deployments.delete` `container.deployments.get` `container.deployments.getScale` `container.deployments.getStatus` `container.deployments.list` `container.deployments.rollback` `container.deployments.update` `container.deployments.updateScale` `container.deployments.updateStatus` `container.endpointSlices.create` `container.endpointSlices.delete` `container.endpointSlices.get` `container.endpointSlices.list` `container.endpointSlices.update` `container.endpoints.create` `container.endpoints.delete` `container.endpoints.get` `container.endpoints.list` `container.endpoints.update` `container.events.create` `container.events.delete` `container.events.get` `container.events.list` `container.events.update` `container.frontendConfigs.create` `container.frontendConfigs.delete` `container.frontendConfigs.get` `container.frontendConfigs.list` `container.frontendConfigs.update` `container.horizontalPodAutoscalers.create` `container.horizontalPodAutoscalers.delete` `container.horizontalPodAutoscalers.get` `container.horizontalPodAutoscalers.getStatus` `container.horizontalPodAutoscalers.list` `container.horizontalPodAutoscalers.update` `container.horizontalPodAutoscalers.updateStatus` `container.hostServiceAgent.use` `container.ingresses.create` `container.ingresses.delete` `container.ingresses.get` `container.ingresses.getStatus` `container.ingresses.list` `container.ingresses.update` `container.ingresses.updateStatus` `container.initializerConfigurations.create` `container.initializerConfigurations.delete` `container.initializerConfigurations.get` `container.initializerConfigurations.list` `container.initializerConfigurations.update` `container.jobs.create` `container.jobs.delete` `container.jobs.get` `container.jobs.getStatus` `container.jobs.list` `container.jobs.update` `container.jobs.updateStatus` `container.leases.create` `container.leases.delete` `container.leases.get` `container.leases.list` `container.leases.update` `container.limitRanges.create` `container.limitRanges.delete` `container.limitRanges.get` `container.limitRanges.list` `container.limitRanges.update` `container.localSubjectAccessReviews.create` `container.localSubjectAccessReviews.list` `container.managedCertificates.create` `container.managedCertificates.delete` `container.managedCertificates.get` `container.managedCertificates.list` `container.managedCertificates.update` `container.mutatingWebhookConfigurations.create` `container.mutatingWebhookConfigurations.delete` `container.mutatingWebhookConfigurations.get` `container.mutatingWebhookConfigurations.list` `container.mutatingWebhookConfigurations.update` `container.namespaces.create` `container.namespaces.delete` `container.namespaces.finalize` `container.namespaces.get` `container.namespaces.getStatus` `container.namespaces.list` `container.namespaces.update` `container.namespaces.updateStatus` `container.networkPolicies.create` `container.networkPolicies.delete` `container.networkPolicies.get` `container.networkPolicies.list` `container.networkPolicies.update` `container.nodes.create` `container.nodes.delete` `container.nodes.get` `container.nodes.getStatus` `container.nodes.list` `container.nodes.proxy` `container.nodes.update` `container.nodes.updateStatus` `container.operations.get` `container.operations.list` `container.persistentVolumeClaims.create` `container.persistentVolumeClaims.delete` `container.persistentVolumeClaims.get` `container.persistentVolumeClaims.getStatus` `container.persistentVolumeClaims.list` `container.persistentVolumeClaims.update` `container.persistentVolumeClaims.updateStatus` `container.persistentVolumes.create` `container.persistentVolumes.delete` `container.persistentVolumes.get` `container.persistentVolumes.getStatus` `container.persistentVolumes.list` `container.persistentVolumes.update` `container.persistentVolumes.updateStatus` `container.petSets.create` `container.petSets.delete` `container.petSets.get` `container.petSets.list` `container.petSets.update` `container.petSets.updateStatus` `container.podDisruptionBudgets.create` `container.podDisruptionBudgets.delete` `container.podDisruptionBudgets.get` `container.podDisruptionBudgets.getStatus` `container.podDisruptionBudgets.list` `container.podDisruptionBudgets.update` `container.podDisruptionBudgets.updateStatus` `container.podPresets.create` `container.podPresets.delete` `container.podPresets.get` `container.podPresets.list` `container.podPresets.update` `container.podSecurityPolicies.create` `container.podSecurityPolicies.delete` `container.podSecurityPolicies.get` `container.podSecurityPolicies.list` `container.podSecurityPolicies.update` `container.podSecurityPolicies.use` `container.podTemplates.create` `container.podTemplates.delete` `container.podTemplates.get` `container.podTemplates.list` `container.podTemplates.update` `container.pods.attach` `container.pods.create` `container.pods.delete` `container.pods.evict` `container.pods.exec` `container.pods.get` `container.pods.getLogs` `container.pods.getStatus` `container.pods.initialize` `container.pods.list` `container.pods.portForward` `container.pods.proxy` `container.pods.update` `container.pods.updateStatus` `container.priorityClasses.create` `container.priorityClasses.delete` `container.priorityClasses.get` `container.priorityClasses.list` `container.priorityClasses.update` `container.replicaSets.create` `container.replicaSets.delete` `container.replicaSets.get` `container.replicaSets.getScale` `container.replicaSets.getStatus` `container.replicaSets.list` `container.replicaSets.update` `container.replicaSets.updateScale` `container.replicaSets.updateStatus` `container.replicationControllers.create` `container.replicationControllers.delete` `container.replicationControllers.get` `container.replicationControllers.getScale` `container.replicationControllers.getStatus` `container.replicationControllers.list` `container.replicationControllers.update` `container.replicationControllers.updateScale` `container.replicationControllers.updateStatus` `container.resourceQuotas.create` `container.resourceQuotas.delete` `container.resourceQuotas.get` `container.resourceQuotas.getStatus` `container.resourceQuotas.list` `container.resourceQuotas.update` `container.resourceQuotas.updateStatus` `container.roleBindings.create` `container.roleBindings.delete` `container.roleBindings.get` `container.roleBindings.list` `container.roleBindings.update` `container.roles.bind` `container.roles.create` `container.roles.delete` `container.roles.escalate` `container.roles.get` `container.roles.list` `container.roles.update` `container.runtimeClasses.create` `container.runtimeClasses.delete` `container.runtimeClasses.get` `container.runtimeClasses.list` `container.runtimeClasses.update` `container.scheduledJobs.create` `container.scheduledJobs.delete` `container.scheduledJobs.get` `container.scheduledJobs.list` `container.scheduledJobs.update` `container.scheduledJobs.updateStatus` `container.secrets.create` `container.secrets.delete` `container.secrets.get` `container.secrets.list` `container.secrets.update` `container.selfSubjectAccessReviews.create` `container.selfSubjectAccessReviews.list` `container.selfSubjectRulesReviews.create` `container.serviceAccounts.create` `container.serviceAccounts.createToken` `container.serviceAccounts.delete` `container.serviceAccounts.get` `container.serviceAccounts.list` `container.serviceAccounts.update` `container.services.create` `container.services.delete` `container.services.get` `container.services.getStatus` `container.services.list` `container.services.proxy` `container.services.update` `container.services.updateStatus` `container.statefulSets.create` `container.statefulSets.delete` `container.statefulSets.get` `container.statefulSets.getScale` `container.statefulSets.getStatus` `container.statefulSets.list` `container.statefulSets.update` `container.statefulSets.updateScale` `container.statefulSets.updateStatus` `container.storageClasses.create` `container.storageClasses.delete` `container.storageClasses.get` `container.storageClasses.list` `container.storageClasses.update` `container.storageStates.create` `container.storageStates.delete` `container.storageStates.get` `container.storageStates.getStatus` `container.storageStates.list` `container.storageStates.update` `container.storageStates.updateStatus` `container.storageVersionMigrations.create` `container.storageVersionMigrations.delete` `container.storageVersionMigrations.get` `container.storageVersionMigrations.getStatus` `container.storageVersionMigrations.list` `container.storageVersionMigrations.update` `container.storageVersionMigrations.updateStatus` `container.subjectAccessReviews.create` `container.subjectAccessReviews.list` `container.thirdPartyObjects.create` `container.thirdPartyObjects.delete` `container.thirdPartyObjects.get` `container.thirdPartyObjects.list` `container.thirdPartyObjects.update` `container.thirdPartyResources.create` `container.thirdPartyResources.delete` `container.thirdPartyResources.get` `container.thirdPartyResources.list` `container.thirdPartyResources.update` `container.tokenReviews.create` `container.updateInfos.create` `container.updateInfos.delete` `container.updateInfos.get` `container.updateInfos.list` `container.updateInfos.update` `container.validatingWebhookConfigurations.create` `container.validatingWebhookConfigurations.delete` `container.validatingWebhookConfigurations.get` `container.validatingWebhookConfigurations.list` `container.validatingWebhookConfigurations.update` `container.volumeAttachments.create` `container.volumeAttachments.delete` `container.volumeAttachments.get` `container.volumeAttachments.getStatus` `container.volumeAttachments.list` `container.volumeAttachments.update` `container.volumeAttachments.updateStatus` `container.volumeSnapshotClasses.create` `container.volumeSnapshotClasses.delete` `container.volumeSnapshotClasses.get` `container.volumeSnapshotClasses.list` `container.volumeSnapshotClasses.update` `container.volumeSnapshotContents.create` `container.volumeSnapshotContents.delete` `container.volumeSnapshotContents.get` `container.volumeSnapshotContents.getStatus` `container.volumeSnapshotContents.list` `container.volumeSnapshotContents.update` `container.volumeSnapshotContents.updateStatus` `container.volumeSnapshots.create` `container.volumeSnapshots.delete` `container.volumeSnapshots.get` `container.volumeSnapshots.getStatus` `container.volumeSnapshots.list` `container.volumeSnapshots.update` `container.volumeSnapshots.updateStatus` `deploymentmanager.compositeTypes.` `deploymentmanager.compositeTypes.create` `deploymentmanager.compositeTypes.delete` `deploymentmanager.compositeTypes.get` `deploymentmanager.compositeTypes.list` `deploymentmanager.compositeTypes.update` `deploymentmanager.deployments.cancelPreview` `deploymentmanager.deployments.create` `deploymentmanager.deployments.delete` `deploymentmanager.deployments.get` `deploymentmanager.deployments.list` `deploymentmanager.deployments.stop` `deploymentmanager.deployments.update` `deploymentmanager.manifests.` `deploymentmanager.manifests.get` `deploymentmanager.manifests.list` `deploymentmanager.operations.` `deploymentmanager.operations.get` `deploymentmanager.operations.list` `deploymentmanager.resources.` `deploymentmanager.resources.get` `deploymentmanager.resources.list` `deploymentmanager.typeProviders.` `deploymentmanager.typeProviders.create` `deploymentmanager.typeProviders.delete` `deploymentmanager.typeProviders.get` `deploymentmanager.typeProviders.getType` `deploymentmanager.typeProviders.list` `deploymentmanager.typeProviders.listTypes` `deploymentmanager.typeProviders.update` `deploymentmanager.types.` `deploymentmanager.types.create` `deploymentmanager.types.delete` `deploymentmanager.types.get` `deploymentmanager.types.list` `deploymentmanager.types.update` `dns.managedZones.get` `dns.managedZones.list` `dns.networks.targetWithPeeringZone` `firebase.projects.get` `iam.serviceAccounts.actAs` `iam.serviceAccounts.get` `iam.serviceAccounts.getAccessToken` `iam.serviceAccounts.getOpenIdToken` `iam.serviceAccounts.list` `logging.buckets.create` `logging.buckets.createTagBinding` `logging.buckets.delete` `logging.buckets.deleteTagBinding` `logging.buckets.get` `logging.buckets.list` `logging.buckets.listEffectiveTags` `logging.buckets.listTagBindings` `logging.buckets.undelete` `logging.buckets.update` `logging.exclusions.` `logging.exclusions.create` `logging.exclusions.delete` `logging.exclusions.get` `logging.exclusions.list` `logging.exclusions.update` `logging.links.` `logging.links.create` `logging.links.delete` `logging.links.get` `logging.links.list` `logging.locations.` `logging.locations.get` `logging.locations.list` `logging.logEntries.create` `logging.logEntries.route` `logging.logMetrics.` `logging.logMetrics.create` `logging.logMetrics.delete` `logging.logMetrics.get` `logging.logMetrics.list` `logging.logMetrics.update` `logging.logServiceIndexes.list` `logging.logServices.list` `logging.logs.list` `logging.notificationRules.` `logging.notificationRules.create` `logging.notificationRules.delete` `logging.notificationRules.get` `logging.notificationRules.list` `logging.notificationRules.update` `logging.operations.` `logging.operations.cancel` `logging.operations.get` `logging.operations.list` `logging.settings.` `logging.settings.get` `logging.settings.update` `logging.sinks.` `logging.sinks.create` `logging.sinks.delete` `logging.sinks.get` `logging.sinks.list` `logging.sinks.update` `logging.sqlAlerts.` `logging.sqlAlerts.create` `logging.sqlAlerts.update` `logging.views.create` `logging.views.delete` `logging.views.get` `logging.views.getIamPolicy` `logging.views.list` `logging.views.update` `monitoring.alertPolicies.get` `monitoring.alertPolicies.list` `monitoring.dashboards.get` `monitoring.dashboards.list` `monitoring.groups.get` `monitoring.groups.list` `monitoring.metricDescriptors.create` `monitoring.metricDescriptors.get` `monitoring.metricDescriptors.list` `monitoring.monitoredResourceDescriptors.` `monitoring.monitoredResourceDescriptors.get` `monitoring.monitoredResourceDescriptors.list` `monitoring.notificationChannelDescriptors.` `monitoring.notificationChannelDescriptors.get` `monitoring.notificationChannelDescriptors.list` `monitoring.notificationChannels.get` `monitoring.notificationChannels.list` `monitoring.services.get` `monitoring.services.list` `monitoring.slos.get` `monitoring.slos.list` `monitoring.snoozes.get` `monitoring.snoozes.list` `monitoring.timeSeries.` `monitoring.timeSeries.create` `monitoring.timeSeries.list` `monitoring.uptimeCheckConfigs.get` `monitoring.uptimeCheckConfigs.list` `networkconnectivity.internalRanges.` `networkconnectivity.internalRanges.create` `networkconnectivity.internalRanges.delete` `networkconnectivity.internalRanges.get` `networkconnectivity.internalRanges.getIamPolicy` `networkconnectivity.internalRanges.list` `networkconnectivity.internalRanges.setIamPolicy` `networkconnectivity.internalRanges.update` `networkconnectivity.locations.` `networkconnectivity.locations.get` `networkconnectivity.locations.list` `networkconnectivity.operations.` `networkconnectivity.operations.cancel` `networkconnectivity.operations.delete` `networkconnectivity.operations.get` `networkconnectivity.operations.list` `networkconnectivity.policyBasedRoutes.` `networkconnectivity.policyBasedRoutes.create` `networkconnectivity.policyBasedRoutes.delete` `networkconnectivity.policyBasedRoutes.get` `networkconnectivity.policyBasedRoutes.getIamPolicy` `networkconnectivity.policyBasedRoutes.list` `networkconnectivity.policyBasedRoutes.setIamPolicy` `networkconnectivity.regionalEndpoints.` `networkconnectivity.regionalEndpoints.create` `networkconnectivity.regionalEndpoints.delete` `networkconnectivity.regionalEndpoints.get` `networkconnectivity.regionalEndpoints.list` `networkconnectivity.serviceClasses.` `networkconnectivity.serviceClasses.create` `networkconnectivity.serviceClasses.delete` `networkconnectivity.serviceClasses.get` `networkconnectivity.serviceClasses.list` `networkconnectivity.serviceClasses.update` `networkconnectivity.serviceClasses.use` `networkconnectivity.serviceConnectionMaps.` `networkconnectivity.serviceConnectionMaps.create` `networkconnectivity.serviceConnectionMaps.delete` `networkconnectivity.serviceConnectionMaps.get` `networkconnectivity.serviceConnectionMaps.list` `networkconnectivity.serviceConnectionMaps.update` `networkconnectivity.serviceConnectionPolicies.` `networkconnectivity.serviceConnectionPolicies.create` `networkconnectivity.serviceConnectionPolicies.delete` `networkconnectivity.serviceConnectionPolicies.get` `networkconnectivity.serviceConnectionPolicies.list` `networkconnectivity.serviceConnectionPolicies.update` `networkmanagement.connectivitytests.get` `networkmanagement.connectivitytests.list` `networksecurity.addressGroups.` `networksecurity.addressGroups.create` `networksecurity.addressGroups.delete` `networksecurity.addressGroups.get` `networksecurity.addressGroups.getIamPolicy` `networksecurity.addressGroups.list` `networksecurity.addressGroups.setIamPolicy` `networksecurity.addressGroups.update` `networksecurity.addressGroups.use` `networksecurity.authorizationPolicies.` `networksecurity.authorizationPolicies.create` `networksecurity.authorizationPolicies.delete` `networksecurity.authorizationPolicies.get` `networksecurity.authorizationPolicies.getIamPolicy` `networksecurity.authorizationPolicies.list` `networksecurity.authorizationPolicies.setIamPolicy` `networksecurity.authorizationPolicies.update` `networksecurity.authorizationPolicies.use` `networksecurity.authzPolicies.` `networksecurity.authzPolicies.create` `networksecurity.authzPolicies.delete` `networksecurity.authzPolicies.get` `networksecurity.authzPolicies.getIamPolicy` `networksecurity.authzPolicies.list` `networksecurity.authzPolicies.setIamPolicy` `networksecurity.authzPolicies.update` `networksecurity.clientTlsPolicies.` `networksecurity.clientTlsPolicies.create` `networksecurity.clientTlsPolicies.delete` `networksecurity.clientTlsPolicies.get` `networksecurity.clientTlsPolicies.getIamPolicy` `networksecurity.clientTlsPolicies.list` `networksecurity.clientTlsPolicies.setIamPolicy` `networksecurity.clientTlsPolicies.update` `networksecurity.clientTlsPolicies.use` `networksecurity.firewallEndpointAssociations.` `networksecurity.firewallEndpointAssociations.create` `networksecurity.firewallEndpointAssociations.delete` `networksecurity.firewallEndpointAssociations.get` `networksecurity.firewallEndpointAssociations.list` `networksecurity.firewallEndpointAssociations.update` `networksecurity.firewallEndpoints.` `networksecurity.firewallEndpoints.create` `networksecurity.firewallEndpoints.delete` `networksecurity.firewallEndpoints.get` `networksecurity.firewallEndpoints.list` `networksecurity.firewallEndpoints.update` `networksecurity.firewallEndpoints.use` `networksecurity.gatewaySecurityPolicies.` `networksecurity.gatewaySecurityPolicies.create` `networksecurity.gatewaySecurityPolicies.delete` `networksecurity.gatewaySecurityPolicies.get` `networksecurity.gatewaySecurityPolicies.list` `networksecurity.gatewaySecurityPolicies.update` `networksecurity.gatewaySecurityPolicies.use` `networksecurity.gatewaySecurityPolicyRules.` `networksecurity.gatewaySecurityPolicyRules.create` `networksecurity.gatewaySecurityPolicyRules.delete` `networksecurity.gatewaySecurityPolicyRules.get` `networksecurity.gatewaySecurityPolicyRules.list` `networksecurity.gatewaySecurityPolicyRules.update` `networksecurity.gatewaySecurityPolicyRules.use` `networksecurity.locations.` `networksecurity.locations.get` `networksecurity.locations.list` `networksecurity.operations.` `networksecurity.operations.cancel` `networksecurity.operations.delete` `networksecurity.operations.get` `networksecurity.operations.list` `networksecurity.securityProfileGroups.` `networksecurity.securityProfileGroups.create` `networksecurity.securityProfileGroups.delete` `networksecurity.securityProfileGroups.get` `networksecurity.securityProfileGroups.list` `networksecurity.securityProfileGroups.update` `networksecurity.securityProfileGroups.use` `networksecurity.securityProfiles.` `networksecurity.securityProfiles.create` `networksecurity.securityProfiles.delete` `networksecurity.securityProfiles.get` `networksecurity.securityProfiles.list` `networksecurity.securityProfiles.update` `networksecurity.securityProfiles.use` `networksecurity.serverTlsPolicies.` `networksecurity.serverTlsPolicies.create` `networksecurity.serverTlsPolicies.delete` `networksecurity.serverTlsPolicies.get` `networksecurity.serverTlsPolicies.getIamPolicy` `networksecurity.serverTlsPolicies.list` `networksecurity.serverTlsPolicies.setIamPolicy` `networksecurity.serverTlsPolicies.update` `networksecurity.serverTlsPolicies.use` `networksecurity.tlsInspectionPolicies.` `networksecurity.tlsInspectionPolicies.create` `networksecurity.tlsInspectionPolicies.delete` `networksecurity.tlsInspectionPolicies.get` `networksecurity.tlsInspectionPolicies.list` `networksecurity.tlsInspectionPolicies.update` `networksecurity.tlsInspectionPolicies.use` `networksecurity.urlLists.` `networksecurity.urlLists.create` `networksecurity.urlLists.delete` `networksecurity.urlLists.get` `networksecurity.urlLists.list` `networksecurity.urlLists.update` `networksecurity.urlLists.use` `networkservices.` `networkservices.authzExtensions.create` `networkservices.authzExtensions.delete` `networkservices.authzExtensions.get` `networkservices.authzExtensions.list` `networkservices.authzExtensions.update` `networkservices.authzExtensions.use` `networkservices.endpointPolicies.create` `networkservices.endpointPolicies.delete` `networkservices.endpointPolicies.get` `networkservices.endpointPolicies.list` `networkservices.endpointPolicies.update` `networkservices.gateways.create` `networkservices.gateways.delete` `networkservices.gateways.get` `networkservices.gateways.list` `networkservices.gateways.update` `networkservices.gateways.use` `networkservices.grpcRoutes.create` `networkservices.grpcRoutes.delete` `networkservices.grpcRoutes.get` `networkservices.grpcRoutes.list` `networkservices.grpcRoutes.update` `networkservices.httpFilters.create` `networkservices.httpFilters.delete` `networkservices.httpFilters.get` `networkservices.httpFilters.list` `networkservices.httpFilters.update` `networkservices.httpRoutes.create` `networkservices.httpRoutes.delete` `networkservices.httpRoutes.get` `networkservices.httpRoutes.list` `networkservices.httpRoutes.update` `networkservices.httpfilters.create` `networkservices.httpfilters.delete` `networkservices.httpfilters.get` `networkservices.httpfilters.getIamPolicy` `networkservices.httpfilters.list` `networkservices.httpfilters.setIamPolicy` `networkservices.httpfilters.update` `networkservices.httpfilters.use` `networkservices.lbRouteExtensions.create` `networkservices.lbRouteExtensions.delete` `networkservices.lbRouteExtensions.get` `networkservices.lbRouteExtensions.list` `networkservices.lbRouteExtensions.update` `networkservices.lbTrafficExtensions.create` `networkservices.lbTrafficExtensions.delete` `networkservices.lbTrafficExtensions.get` `networkservices.lbTrafficExtensions.list` `networkservices.lbTrafficExtensions.update` `networkservices.locations.get` `networkservices.locations.list` `networkservices.meshes.create` `networkservices.meshes.delete` `networkservices.meshes.get` `networkservices.meshes.list` `networkservices.meshes.update` `networkservices.meshes.use` `networkservices.operations.cancel` `networkservices.operations.delete` `networkservices.operations.get` `networkservices.operations.list` `networkservices.route_views.get` `networkservices.route_views.list` `networkservices.serviceBindings.create` `networkservices.serviceBindings.delete` `networkservices.serviceBindings.get` `networkservices.serviceBindings.list` `networkservices.serviceBindings.update` `networkservices.serviceLbPolicies.create` `networkservices.serviceLbPolicies.delete` `networkservices.serviceLbPolicies.get` `networkservices.serviceLbPolicies.list` `networkservices.serviceLbPolicies.update` `networkservices.tcpRoutes.create` `networkservices.tcpRoutes.delete` `networkservices.tcpRoutes.get` `networkservices.tcpRoutes.list` `networkservices.tcpRoutes.update` `networkservices.tlsRoutes.create` `networkservices.tlsRoutes.delete` `networkservices.tlsRoutes.get` `networkservices.tlsRoutes.list` `networkservices.tlsRoutes.update` `observability.scopes.get` `opsconfigmonitoring.resourceMetadata.list` `orgpolicy.policy.get` `pubsub.` `pubsub.schemas.attach` `pubsub.schemas.commit` `pubsub.schemas.create` `pubsub.schemas.delete` `pubsub.schemas.get` `pubsub.schemas.getIamPolicy` `pubsub.schemas.list` `pubsub.schemas.listRevisions` `pubsub.schemas.rollback` `pubsub.schemas.setIamPolicy` `pubsub.schemas.validate` `pubsub.snapshots.create` `pubsub.snapshots.delete` `pubsub.snapshots.get` `pubsub.snapshots.getIamPolicy` `pubsub.snapshots.list` `pubsub.snapshots.seek` `pubsub.snapshots.setIamPolicy` `pubsub.snapshots.update` `pubsub.subscriptions.consume` `pubsub.subscriptions.create` `pubsub.subscriptions.delete` `pubsub.subscriptions.get` `pubsub.subscriptions.getIamPolicy` `pubsub.subscriptions.list` `pubsub.subscriptions.setIamPolicy` `pubsub.subscriptions.update` `pubsub.topics.attachSubscription` `pubsub.topics.create` `pubsub.topics.delete` `pubsub.topics.detachSubscription` `pubsub.topics.get` `pubsub.topics.getIamPolicy` `pubsub.topics.list` `pubsub.topics.publish` `pubsub.topics.setIamPolicy` `pubsub.topics.update` `pubsub.topics.updateTag` `recommender.cloudsqlIdleInstanceRecommendations.` `recommender.cloudsqlIdleInstanceRecommendations.get` `recommender.cloudsqlIdleInstanceRecommendations.list` `recommender.cloudsqlIdleInstanceRecommendations.update` `recommender.cloudsqlInstanceActivityInsights.` `recommender.cloudsqlInstanceActivityInsights.get` `recommender.cloudsqlInstanceActivityInsights.list` `recommender.cloudsqlInstanceActivityInsights.update` `recommender.cloudsqlInstanceCpuUsageInsights.` `recommender.cloudsqlInstanceCpuUsageInsights.get` `recommender.cloudsqlInstanceCpuUsageInsights.list` `recommender.cloudsqlInstanceCpuUsageInsights.update` `recommender.cloudsqlInstanceDiskUsageTrendInsights.` `recommender.cloudsqlInstanceDiskUsageTrendInsights.get` `recommender.cloudsqlInstanceDiskUsageTrendInsights.list` `recommender.cloudsqlInstanceDiskUsageTrendInsights.update` `recommender.cloudsqlInstanceMemoryUsageInsights.` `recommender.cloudsqlInstanceMemoryUsageInsights.get` `recommender.cloudsqlInstanceMemoryUsageInsights.list` `recommender.cloudsqlInstanceMemoryUsageInsights.update` `recommender.cloudsqlInstanceOomProbabilityInsights.` `recommender.cloudsqlInstanceOomProbabilityInsights.get` `recommender.cloudsqlInstanceOomProbabilityInsights.list` `recommender.cloudsqlInstanceOomProbabilityInsights.update` `recommender.cloudsqlInstanceOutOfDiskRecommendations.` `recommender.cloudsqlInstanceOutOfDiskRecommendations.get` `recommender.cloudsqlInstanceOutOfDiskRecommendations.list` `recommender.cloudsqlInstanceOutOfDiskRecommendations.update` `recommender.cloudsqlInstancePerformanceInsights.` `recommender.cloudsqlInstancePerformanceInsights.get` `recommender.cloudsqlInstancePerformanceInsights.list` `recommender.cloudsqlInstancePerformanceInsights.update` `recommender.cloudsqlInstancePerformanceRecommendations.` `recommender.cloudsqlInstancePerformanceRecommendations.get` `recommender.cloudsqlInstancePerformanceRecommendations.list` `recommender.cloudsqlInstancePerformanceRecommendations.update` `recommender.cloudsqlInstanceReliabilityInsights.` `recommender.cloudsqlInstanceReliabilityInsights.get` `recommender.cloudsqlInstanceReliabilityInsights.list` `recommender.cloudsqlInstanceReliabilityInsights.update` `recommender.cloudsqlInstanceReliabilityRecommendations.` `recommender.cloudsqlInstanceReliabilityRecommendations.get` `recommender.cloudsqlInstanceReliabilityRecommendations.list` `recommender.cloudsqlInstanceReliabilityRecommendations.update` `recommender.cloudsqlInstanceSecurityInsights.` `recommender.cloudsqlInstanceSecurityInsights.get` `recommender.cloudsqlInstanceSecurityInsights.list` `recommender.cloudsqlInstanceSecurityInsights.update` `recommender.cloudsqlInstanceSecurityRecommendations.` `recommender.cloudsqlInstanceSecurityRecommendations.get` `recommender.cloudsqlInstanceSecurityRecommendations.list` `recommender.cloudsqlInstanceSecurityRecommendations.update` `recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.` `recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.get` `recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.list` `recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.update` `recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.` `recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.get` `recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.list` `recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.update` `recommender.cloudsqlOverprovisionedInstanceRecommendations.` `recommender.cloudsqlOverprovisionedInstanceRecommendations.get` `recommender.cloudsqlOverprovisionedInstanceRecommendations.list` `recommender.cloudsqlOverprovisionedInstanceRecommendations.update` `recommender.cloudsqlUnderProvisionedInstanceRecommendations.` `recommender.cloudsqlUnderProvisionedInstanceRecommendations.get` `recommender.cloudsqlUnderProvisionedInstanceRecommendations.list` `recommender.cloudsqlUnderProvisionedInstanceRecommendations.update` `recommender.containerDiagnosisInsights.` `recommender.containerDiagnosisInsights.get` `recommender.containerDiagnosisInsights.list` `recommender.containerDiagnosisInsights.update` `recommender.containerDiagnosisRecommendations.` `recommender.containerDiagnosisRecommendations.get` `recommender.containerDiagnosisRecommendations.list` `recommender.containerDiagnosisRecommendations.update` `recommender.iamPolicyInsights.` `recommender.iamPolicyInsights.get` `recommender.iamPolicyInsights.list` `recommender.iamPolicyInsights.update` `recommender.iamPolicyRecommendations.` `recommender.iamPolicyRecommendations.get` `recommender.iamPolicyRecommendations.list` `recommender.iamPolicyRecommendations.update` `recommender.locations.` `recommender.locations.get` `recommender.locations.list` `recommender.networkAnalyzerGkeConnectivityInsights.` `recommender.networkAnalyzerGkeConnectivityInsights.get` `recommender.networkAnalyzerGkeConnectivityInsights.list` `recommender.networkAnalyzerGkeConnectivityInsights.update` `recommender.networkAnalyzerGkeIpAddressInsights.` `recommender.networkAnalyzerGkeIpAddressInsights.get` `recommender.networkAnalyzerGkeIpAddressInsights.list` `recommender.networkAnalyzerGkeIpAddressInsights.update` `recommender.storageBucketSoftDeleteInsights.` `recommender.storageBucketSoftDeleteInsights.get` `recommender.storageBucketSoftDeleteInsights.list` `recommender.storageBucketSoftDeleteInsights.update` `recommender.storageBucketSoftDeleteRecommendations.` `recommender.storageBucketSoftDeleteRecommendations.get` `recommender.storageBucketSoftDeleteRecommendations.list` `recommender.storageBucketSoftDeleteRecommendations.update` `resourcemanager.hierarchyNodes.listEffectiveTags` `resourcemanager.projects.get` `resourcemanager.projects.getIamPolicy` `resourcemanager.projects.list` `servicedirectory.namespaces.create` `servicedirectory.namespaces.delete` `servicedirectory.services.create` `servicedirectory.services.delete` `servicenetworking.operations.get` `servicenetworking.services.addPeering` `servicenetworking.services.createPeeredDnsDomain` `servicenetworking.services.deleteConnection` `servicenetworking.services.deletePeeredDnsDomain` `servicenetworking.services.disableVpcServiceControls` `servicenetworking.services.enableVpcServiceControls` `servicenetworking.services.get` `servicenetworking.services.listPeeredDnsDomains` `serviceusage.quotas.get` `serviceusage.services.get` `serviceusage.services.list` `stackdriver.projects.get` `stackdriver.resourceMetadata.list` `storage.anywhereCaches.` `storage.anywhereCaches.create` `storage.anywhereCaches.disable` `storage.anywhereCaches.get` `storage.anywhereCaches.list` `storage.anywhereCaches.pause` `storage.anywhereCaches.resume` `storage.anywhereCaches.update` `storage.bucketOperations.` `storage.bucketOperations.cancel` `storage.bucketOperations.get` `storage.bucketOperations.list` `storage.buckets.` `storage.buckets.create` `storage.buckets.createTagBinding` `storage.buckets.delete` `storage.buckets.deleteTagBinding` `storage.buckets.enableObjectRetention` `storage.buckets.get` `storage.buckets.getIamPolicy` `storage.buckets.getObjectInsights` `storage.buckets.list` `storage.buckets.listEffectiveTags` `storage.buckets.listTagBindings` `storage.buckets.restore` `storage.buckets.setIamPolicy` `storage.buckets.update` `storage.folders.` `storage.folders.create` `storage.folders.delete` `storage.folders.get` `storage.folders.list` `storage.folders.rename` `storage.managedFolders.` `storage.managedFolders.create` `storage.managedFolders.delete` `storage.managedFolders.get` `storage.managedFolders.getIamPolicy` `storage.managedFolders.list` `storage.managedFolders.setIamPolicy` `storage.managementHubs.` `storage.managementHubs.get` `storage.managementHubs.update` `storage.multipartUploads.` `storage.multipartUploads.abort` `storage.multipartUploads.create` `storage.multipartUploads.list` `storage.multipartUploads.listParts` `storage.objects.` `storage.objects.create` `storage.objects.delete` `storage.objects.get` `storage.objects.getIamPolicy` `storage.objects.list` `storage.objects.overrideUnlockedRetention` `storage.objects.restore` `storage.objects.setIamPolicy` `storage.objects.setRetention` `storage.objects.update` `trafficdirector.` `trafficdirector.networks.getConfigs` `trafficdirector.networks.reportMetrics`

Cloud Composer API-Dienst-Agent

(roles/composer.serviceAgent)

Der Cloud Composer API-Dienst-Agent kann Umgebungen verwalten.

appengine.applications.get

appengine.applications.listRuntimes

appengine.applications.update

appengine.instances.*

appengine.instances.delete
appengine.instances.enableDebug
appengine.instances.get
appengine.instances.list

appengine.memcache.addKey

appengine.memcache.flush

appengine.memcache.get

appengine.memcache.update

appengine.operations.*

appengine.operations.get
appengine.operations.list

appengine.runtimes.actAsAdmin

appengine.services.*

appengine.services.delete
appengine.services.get
appengine.services.list
appengine.services.update

appengine.versions.create

appengine.versions.delete

appengine.versions.get

appengine.versions.list

appengine.versions.update

artifactregistry.repositories.create

artifactregistry.repositories.delete

artifactregistry.repositories.get

artifactregistry.repositories.list

artifactregistry.repositories.update

cloudaicompanion.entitlements.get

cloudnotifications.activities.list

cloudsql.*

cloudsql.backupRuns.create
cloudsql.backupRuns.delete
cloudsql.backupRuns.get
cloudsql.backupRuns.list
cloudsql.databases.create
cloudsql.databases.delete
cloudsql.databases.get
cloudsql.databases.list
cloudsql.databases.update
cloudsql.instances.addServerCa
cloudsql.instances.addServerCertificate
cloudsql.instances.clone
cloudsql.instances.connect
cloudsql.instances.create
cloudsql.instances.createTagBinding
cloudsql.instances.delete
cloudsql.instances.deleteTagBinding
cloudsql.instances.demoteMaster
cloudsql.instances.executeSql
cloudsql.instances.export
cloudsql.instances.failover
cloudsql.instances.get
cloudsql.instances.getDiskShrinkConfig
cloudsql.instances.import
cloudsql.instances.list
cloudsql.instances.listEffectiveTags
cloudsql.instances.listServerCas
cloudsql.instances.listServerCertificates
cloudsql.instances.listTagBindings
cloudsql.instances.login
cloudsql.instances.migrate
cloudsql.instances.performDiskShrink
cloudsql.instances.promoteReplica
cloudsql.instances.reencrypt
cloudsql.instances.resetReplicaSize
cloudsql.instances.resetSslConfig
cloudsql.instances.restart
cloudsql.instances.restoreBackup
cloudsql.instances.rotateServerCa
cloudsql.instances.rotateServerCertificate
cloudsql.instances.startReplica
cloudsql.instances.stopReplica
cloudsql.instances.truncateLog
cloudsql.instances.update
cloudsql.schemas.view
cloudsql.sslCerts.create
cloudsql.sslCerts.delete
cloudsql.sslCerts.get
cloudsql.sslCerts.list
cloudsql.users.create
cloudsql.users.delete
cloudsql.users.get
cloudsql.users.list
cloudsql.users.update

composer.dags.get

composer.environments.get

compute.acceleratorTypes.*

compute.acceleratorTypes.get
compute.acceleratorTypes.list

compute.addresses.*

compute.addresses.create
compute.addresses.createInternal
compute.addresses.createTagBinding
compute.addresses.delete
compute.addresses.deleteInternal
compute.addresses.deleteTagBinding
compute.addresses.get
compute.addresses.list
compute.addresses.listEffectiveTags
compute.addresses.listTagBindings
compute.addresses.setLabels
compute.addresses.use
compute.addresses.useInternal

compute.autoscalers.*

compute.autoscalers.create
compute.autoscalers.delete
compute.autoscalers.get
compute.autoscalers.list
compute.autoscalers.update

compute.backendBuckets.*

compute.backendBuckets.addSignedUrlKey
compute.backendBuckets.create
compute.backendBuckets.createTagBinding
compute.backendBuckets.delete
compute.backendBuckets.deleteSignedUrlKey
compute.backendBuckets.deleteTagBinding
compute.backendBuckets.get
compute.backendBuckets.getIamPolicy
compute.backendBuckets.list
compute.backendBuckets.listEffectiveTags
compute.backendBuckets.listTagBindings
compute.backendBuckets.setIamPolicy
compute.backendBuckets.setSecurityPolicy
compute.backendBuckets.update
compute.backendBuckets.use

compute.backendServices.*

compute.backendServices.addSignedUrlKey
compute.backendServices.create
compute.backendServices.createTagBinding
compute.backendServices.delete
compute.backendServices.deleteSignedUrlKey
compute.backendServices.deleteTagBinding
compute.backendServices.get
compute.backendServices.getIamPolicy
compute.backendServices.list
compute.backendServices.listEffectiveTags
compute.backendServices.listTagBindings
compute.backendServices.setIamPolicy
compute.backendServices.setSecurityPolicy
compute.backendServices.update
compute.backendServices.use

compute.diskTypes.*

compute.diskTypes.get
compute.diskTypes.list

compute.disks.*

compute.disks.addResourcePolicies
compute.disks.create
compute.disks.createSnapshot
compute.disks.createTagBinding
compute.disks.delete
compute.disks.deleteTagBinding
compute.disks.get
compute.disks.getIamPolicy
compute.disks.list
compute.disks.listEffectiveTags
compute.disks.listTagBindings
compute.disks.removeResourcePolicies
compute.disks.resize
compute.disks.setIamPolicy
compute.disks.setLabels
compute.disks.startAsyncReplication
compute.disks.stopAsyncReplication
compute.disks.stopGroupAsyncReplication
compute.disks.update
compute.disks.use
compute.disks.useReadOnly

compute.externalVpnGateways.*

compute.externalVpnGateways.create
compute.externalVpnGateways.createTagBinding
compute.externalVpnGateways.delete
compute.externalVpnGateways.deleteTagBinding
compute.externalVpnGateways.get
compute.externalVpnGateways.list
compute.externalVpnGateways.listEffectiveTags
compute.externalVpnGateways.listTagBindings
compute.externalVpnGateways.setLabels
compute.externalVpnGateways.use

compute.firewallPolicies.get

compute.firewallPolicies.list

compute.firewallPolicies.listEffectiveTags

compute.firewallPolicies.listTagBindings

compute.firewallPolicies.use

compute.firewalls.get

compute.firewalls.list

compute.firewalls.listEffectiveTags

compute.firewalls.listTagBindings

compute.forwardingRules.*

compute.forwardingRules.create
compute.forwardingRules.createTagBinding
compute.forwardingRules.delete
compute.forwardingRules.deleteTagBinding
compute.forwardingRules.get
compute.forwardingRules.list
compute.forwardingRules.listEffectiveTags
compute.forwardingRules.listTagBindings
compute.forwardingRules.pscCreate
compute.forwardingRules.pscDelete
compute.forwardingRules.pscSetLabels
compute.forwardingRules.pscSetTarget
compute.forwardingRules.pscUpdate
compute.forwardingRules.setLabels
compute.forwardingRules.setTarget
compute.forwardingRules.update
compute.forwardingRules.use

compute.globalAddresses.*

compute.globalAddresses.create
compute.globalAddresses.createInternal
compute.globalAddresses.createTagBinding
compute.globalAddresses.delete
compute.globalAddresses.deleteInternal
compute.globalAddresses.deleteTagBinding
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalAddresses.listEffectiveTags
compute.globalAddresses.listTagBindings
compute.globalAddresses.setLabels
compute.globalAddresses.use

compute.globalForwardingRules.*

compute.globalForwardingRules.create
compute.globalForwardingRules.createTagBinding
compute.globalForwardingRules.delete
compute.globalForwardingRules.deleteTagBinding
compute.globalForwardingRules.get
compute.globalForwardingRules.list
compute.globalForwardingRules.listEffectiveTags
compute.globalForwardingRules.listTagBindings
compute.globalForwardingRules.pscCreate
compute.globalForwardingRules.pscDelete
compute.globalForwardingRules.pscGet
compute.globalForwardingRules.pscSetLabels
compute.globalForwardingRules.pscSetTarget
compute.globalForwardingRules.pscUpdate
compute.globalForwardingRules.setLabels
compute.globalForwardingRules.setTarget
compute.globalForwardingRules.update

compute.globalNetworkEndpointGroups.*

compute.globalNetworkEndpointGroups.attachNetworkEndpoints
compute.globalNetworkEndpointGroups.create
compute.globalNetworkEndpointGroups.createTagBinding
compute.globalNetworkEndpointGroups.delete
compute.globalNetworkEndpointGroups.deleteTagBinding
compute.globalNetworkEndpointGroups.detachNetworkEndpoints
compute.globalNetworkEndpointGroups.get
compute.globalNetworkEndpointGroups.list
compute.globalNetworkEndpointGroups.listEffectiveTags
compute.globalNetworkEndpointGroups.listTagBindings
compute.globalNetworkEndpointGroups.use

compute.globalOperations.get

compute.globalOperations.list

compute.globalPublicDelegatedPrefixes.delete

compute.globalPublicDelegatedPrefixes.get

compute.globalPublicDelegatedPrefixes.list

compute.globalPublicDelegatedPrefixes.updatePolicy

compute.healthChecks.*

compute.healthChecks.create
compute.healthChecks.createTagBinding
compute.healthChecks.delete
compute.healthChecks.deleteTagBinding
compute.healthChecks.get
compute.healthChecks.list
compute.healthChecks.listEffectiveTags
compute.healthChecks.listTagBindings
compute.healthChecks.update
compute.healthChecks.use
compute.healthChecks.useReadOnly

compute.httpHealthChecks.*

compute.httpHealthChecks.create
compute.httpHealthChecks.createTagBinding
compute.httpHealthChecks.delete
compute.httpHealthChecks.deleteTagBinding
compute.httpHealthChecks.get
compute.httpHealthChecks.list
compute.httpHealthChecks.listEffectiveTags
compute.httpHealthChecks.listTagBindings
compute.httpHealthChecks.update
compute.httpHealthChecks.use
compute.httpHealthChecks.useReadOnly

compute.httpsHealthChecks.*

compute.httpsHealthChecks.create
compute.httpsHealthChecks.createTagBinding
compute.httpsHealthChecks.delete
compute.httpsHealthChecks.deleteTagBinding
compute.httpsHealthChecks.get
compute.httpsHealthChecks.list
compute.httpsHealthChecks.listEffectiveTags
compute.httpsHealthChecks.listTagBindings
compute.httpsHealthChecks.update
compute.httpsHealthChecks.use
compute.httpsHealthChecks.useReadOnly

compute.images.*

compute.images.create
compute.images.createTagBinding
compute.images.delete
compute.images.deleteTagBinding
compute.images.deprecate
compute.images.get
compute.images.getFromFamily
compute.images.getIamPolicy
compute.images.list
compute.images.listEffectiveTags
compute.images.listTagBindings
compute.images.setIamPolicy
compute.images.setLabels
compute.images.update
compute.images.useReadOnly

compute.instanceGroupManagers.*

compute.instanceGroupManagers.create
compute.instanceGroupManagers.createTagBinding
compute.instanceGroupManagers.delete
compute.instanceGroupManagers.deleteTagBinding
compute.instanceGroupManagers.get
compute.instanceGroupManagers.list
compute.instanceGroupManagers.listEffectiveTags
compute.instanceGroupManagers.listTagBindings
compute.instanceGroupManagers.update
compute.instanceGroupManagers.use

compute.instanceGroups.*

compute.instanceGroups.create
compute.instanceGroups.createTagBinding
compute.instanceGroups.delete
compute.instanceGroups.deleteTagBinding
compute.instanceGroups.get
compute.instanceGroups.list
compute.instanceGroups.listEffectiveTags
compute.instanceGroups.listTagBindings
compute.instanceGroups.update
compute.instanceGroups.use

compute.instanceSettings.*

compute.instanceSettings.get
compute.instanceSettings.update

compute.instanceTemplates.*

compute.instanceTemplates.create
compute.instanceTemplates.delete
compute.instanceTemplates.get
compute.instanceTemplates.getIamPolicy
compute.instanceTemplates.list
compute.instanceTemplates.setIamPolicy
compute.instanceTemplates.useReadOnly

compute.instances.*

compute.instances.addAccessConfig
compute.instances.addResourcePolicies
compute.instances.attachDisk
compute.instances.create
compute.instances.createTagBinding
compute.instances.delete
compute.instances.deleteAccessConfig
compute.instances.deleteTagBinding
compute.instances.detachDisk
compute.instances.get
compute.instances.getEffectiveFirewalls
compute.instances.getGuestAttributes
compute.instances.getIamPolicy
compute.instances.getScreenshot
compute.instances.getSerialPortOutput
compute.instances.getShieldedInstanceIdentity
compute.instances.getShieldedVmIdentity
compute.instances.list
compute.instances.listEffectiveTags
compute.instances.listReferrers
compute.instances.listTagBindings
compute.instances.osAdminLogin
compute.instances.osLogin
compute.instances.pscInterfaceCreate
compute.instances.removeResourcePolicies
compute.instances.reset
compute.instances.resume
compute.instances.sendDiagnosticInterrupt
compute.instances.setDeletionProtection
compute.instances.setDiskAutoDelete
compute.instances.setIamPolicy
compute.instances.setLabels
compute.instances.setMachineResources
compute.instances.setMachineType
compute.instances.setMetadata
compute.instances.setMinCpuPlatform
compute.instances.setName
compute.instances.setScheduling
compute.instances.setSecurityPolicy
compute.instances.setServiceAccount
compute.instances.setShieldedInstanceIntegrityPolicy
compute.instances.setShieldedVmIntegrityPolicy
compute.instances.setTags
compute.instances.simulateMaintenanceEvent
compute.instances.start
compute.instances.startWithEncryptionKey
compute.instances.stop
compute.instances.suspend
compute.instances.update
compute.instances.updateAccessConfig
compute.instances.updateDisplayDevice
compute.instances.updateNetworkInterface
compute.instances.updateSecurity
compute.instances.updateShieldedInstanceConfig
compute.instances.updateShieldedVmConfig
compute.instances.use
compute.instances.useReadOnly

compute.instantSnapshots.*

compute.instantSnapshots.create
compute.instantSnapshots.delete
compute.instantSnapshots.export
compute.instantSnapshots.get
compute.instantSnapshots.getIamPolicy
compute.instantSnapshots.list
compute.instantSnapshots.setIamPolicy
compute.instantSnapshots.setLabels
compute.instantSnapshots.useReadOnly

compute.interconnectAttachments.*

compute.interconnectAttachments.create
compute.interconnectAttachments.createTagBinding
compute.interconnectAttachments.delete
compute.interconnectAttachments.deleteTagBinding
compute.interconnectAttachments.get
compute.interconnectAttachments.list
compute.interconnectAttachments.listEffectiveTags
compute.interconnectAttachments.listTagBindings
compute.interconnectAttachments.setLabels
compute.interconnectAttachments.update
compute.interconnectAttachments.use

compute.interconnectLocations.*

compute.interconnectLocations.get
compute.interconnectLocations.list

compute.interconnectRemoteLocations.*

compute.interconnectRemoteLocations.get
compute.interconnectRemoteLocations.list

compute.interconnects.*

compute.interconnects.create
compute.interconnects.createTagBinding
compute.interconnects.delete
compute.interconnects.deleteTagBinding
compute.interconnects.get
compute.interconnects.getMacsecConfig
compute.interconnects.list
compute.interconnects.listEffectiveTags
compute.interconnects.listTagBindings
compute.interconnects.setLabels
compute.interconnects.update
compute.interconnects.use

compute.licenseCodes.*

compute.licenseCodes.get
compute.licenseCodes.getIamPolicy
compute.licenseCodes.list
compute.licenseCodes.setIamPolicy
compute.licenseCodes.update

compute.licenses.*

compute.licenses.create
compute.licenses.delete
compute.licenses.get
compute.licenses.getIamPolicy
compute.licenses.list
compute.licenses.setIamPolicy

compute.machineImages.*

compute.machineImages.create
compute.machineImages.delete
compute.machineImages.get
compute.machineImages.getIamPolicy
compute.machineImages.list
compute.machineImages.setIamPolicy
compute.machineImages.useReadOnly

compute.machineTypes.*

compute.machineTypes.get
compute.machineTypes.list

compute.networkAttachments.*

compute.networkAttachments.create
compute.networkAttachments.createTagBinding
compute.networkAttachments.delete
compute.networkAttachments.deleteTagBinding
compute.networkAttachments.get
compute.networkAttachments.getIamPolicy
compute.networkAttachments.list
compute.networkAttachments.listEffectiveTags
compute.networkAttachments.listTagBindings
compute.networkAttachments.setIamPolicy
compute.networkAttachments.update

compute.networkEndpointGroups.*

compute.networkEndpointGroups.attachNetworkEndpoints
compute.networkEndpointGroups.create
compute.networkEndpointGroups.createTagBinding
compute.networkEndpointGroups.delete
compute.networkEndpointGroups.deleteTagBinding
compute.networkEndpointGroups.detachNetworkEndpoints
compute.networkEndpointGroups.get
compute.networkEndpointGroups.list
compute.networkEndpointGroups.listEffectiveTags
compute.networkEndpointGroups.listTagBindings
compute.networkEndpointGroups.use

compute.networks.*

compute.networks.access
compute.networks.addPeering
compute.networks.create
compute.networks.createTagBinding
compute.networks.delete
compute.networks.deleteTagBinding
compute.networks.get
compute.networks.getEffectiveFirewalls
compute.networks.getRegionEffectiveFirewalls
compute.networks.list
compute.networks.listEffectiveTags
compute.networks.listPeeringRoutes
compute.networks.listTagBindings
compute.networks.mirror
compute.networks.removePeering
compute.networks.setFirewallPolicy
compute.networks.switchToCustomMode
compute.networks.update
compute.networks.updatePeering
compute.networks.updatePolicy
compute.networks.use
compute.networks.useExternalIp

compute.packetMirrorings.get

compute.packetMirrorings.list

compute.packetMirrorings.listEffectiveTags

compute.packetMirrorings.listTagBindings

compute.projects.get

compute.projects.setCommonInstanceMetadata

compute.publicDelegatedPrefixes.delete

compute.publicDelegatedPrefixes.get

compute.publicDelegatedPrefixes.list

compute.publicDelegatedPrefixes.listEffectiveTags

compute.publicDelegatedPrefixes.listTagBindings

compute.publicDelegatedPrefixes.update

compute.publicDelegatedPrefixes.updatePolicy

compute.regionBackendServices.*

compute.regionBackendServices.create
compute.regionBackendServices.createTagBinding
compute.regionBackendServices.delete
compute.regionBackendServices.deleteTagBinding
compute.regionBackendServices.get
compute.regionBackendServices.getIamPolicy
compute.regionBackendServices.list
compute.regionBackendServices.listEffectiveTags
compute.regionBackendServices.listTagBindings
compute.regionBackendServices.setIamPolicy
compute.regionBackendServices.setSecurityPolicy
compute.regionBackendServices.update
compute.regionBackendServices.use

compute.regionFirewallPolicies.get

compute.regionFirewallPolicies.list

compute.regionFirewallPolicies.listEffectiveTags

compute.regionFirewallPolicies.listTagBindings

compute.regionFirewallPolicies.use

compute.regionHealthCheckServices.*

compute.regionHealthCheckServices.create
compute.regionHealthCheckServices.delete
compute.regionHealthCheckServices.get
compute.regionHealthCheckServices.list
compute.regionHealthCheckServices.update
compute.regionHealthCheckServices.use

compute.regionHealthChecks.*

compute.regionHealthChecks.create
compute.regionHealthChecks.createTagBinding
compute.regionHealthChecks.delete
compute.regionHealthChecks.deleteTagBinding
compute.regionHealthChecks.get
compute.regionHealthChecks.list
compute.regionHealthChecks.listEffectiveTags
compute.regionHealthChecks.listTagBindings
compute.regionHealthChecks.update
compute.regionHealthChecks.use
compute.regionHealthChecks.useReadOnly

compute.regionNetworkEndpointGroups.*

compute.regionNetworkEndpointGroups.attachNetworkEndpoints
compute.regionNetworkEndpointGroups.create
compute.regionNetworkEndpointGroups.createTagBinding
compute.regionNetworkEndpointGroups.delete
compute.regionNetworkEndpointGroups.deleteTagBinding
compute.regionNetworkEndpointGroups.detachNetworkEndpoints
compute.regionNetworkEndpointGroups.get
compute.regionNetworkEndpointGroups.list
compute.regionNetworkEndpointGroups.listEffectiveTags
compute.regionNetworkEndpointGroups.listTagBindings
compute.regionNetworkEndpointGroups.use

compute.regionNotificationEndpoints.*

compute.regionNotificationEndpoints.create
compute.regionNotificationEndpoints.delete
compute.regionNotificationEndpoints.get
compute.regionNotificationEndpoints.list
compute.regionNotificationEndpoints.update
compute.regionNotificationEndpoints.use

compute.regionOperations.get

compute.regionOperations.list

compute.regionSecurityPolicies.get

compute.regionSecurityPolicies.list

compute.regionSecurityPolicies.listEffectiveTags

compute.regionSecurityPolicies.listTagBindings

compute.regionSecurityPolicies.use

compute.regionSslCertificates.get

compute.regionSslCertificates.list

compute.regionSslCertificates.listEffectiveTags

compute.regionSslCertificates.listTagBindings

compute.regionSslPolicies.*

compute.regionSslPolicies.create
compute.regionSslPolicies.createTagBinding
compute.regionSslPolicies.delete
compute.regionSslPolicies.deleteTagBinding
compute.regionSslPolicies.get
compute.regionSslPolicies.list
compute.regionSslPolicies.listAvailableFeatures
compute.regionSslPolicies.listEffectiveTags
compute.regionSslPolicies.listTagBindings
compute.regionSslPolicies.update
compute.regionSslPolicies.use

compute.regionTargetHttpProxies.*

compute.regionTargetHttpProxies.create
compute.regionTargetHttpProxies.createTagBinding
compute.regionTargetHttpProxies.delete
compute.regionTargetHttpProxies.deleteTagBinding
compute.regionTargetHttpProxies.get
compute.regionTargetHttpProxies.list
compute.regionTargetHttpProxies.listEffectiveTags
compute.regionTargetHttpProxies.listTagBindings
compute.regionTargetHttpProxies.setUrlMap
compute.regionTargetHttpProxies.use

compute.regionTargetHttpsProxies.*

compute.regionTargetHttpsProxies.create
compute.regionTargetHttpsProxies.createTagBinding
compute.regionTargetHttpsProxies.delete
compute.regionTargetHttpsProxies.deleteTagBinding
compute.regionTargetHttpsProxies.get
compute.regionTargetHttpsProxies.list
compute.regionTargetHttpsProxies.listEffectiveTags
compute.regionTargetHttpsProxies.listTagBindings
compute.regionTargetHttpsProxies.setSslCertificates
compute.regionTargetHttpsProxies.setUrlMap
compute.regionTargetHttpsProxies.update
compute.regionTargetHttpsProxies.use

compute.regionTargetTcpProxies.*

compute.regionTargetTcpProxies.create
compute.regionTargetTcpProxies.createTagBinding
compute.regionTargetTcpProxies.delete
compute.regionTargetTcpProxies.deleteTagBinding
compute.regionTargetTcpProxies.get
compute.regionTargetTcpProxies.list
compute.regionTargetTcpProxies.listEffectiveTags
compute.regionTargetTcpProxies.listTagBindings
compute.regionTargetTcpProxies.use

compute.regionUrlMaps.*

compute.regionUrlMaps.create
compute.regionUrlMaps.createTagBinding
compute.regionUrlMaps.delete
compute.regionUrlMaps.deleteTagBinding
compute.regionUrlMaps.get
compute.regionUrlMaps.invalidateCache
compute.regionUrlMaps.list
compute.regionUrlMaps.listEffectiveTags
compute.regionUrlMaps.listTagBindings
compute.regionUrlMaps.update
compute.regionUrlMaps.use
compute.regionUrlMaps.validate

compute.regions.*

compute.regions.get
compute.regions.list

compute.reservations.get

compute.reservations.list

compute.resourcePolicies.*

compute.resourcePolicies.create
compute.resourcePolicies.delete
compute.resourcePolicies.get
compute.resourcePolicies.getIamPolicy
compute.resourcePolicies.list
compute.resourcePolicies.setIamPolicy
compute.resourcePolicies.update
compute.resourcePolicies.use
compute.resourcePolicies.useReadOnly

compute.routers.*

compute.routers.create
compute.routers.createTagBinding
compute.routers.delete
compute.routers.deleteRoutePolicy
compute.routers.deleteTagBinding
compute.routers.get
compute.routers.getRoutePolicy
compute.routers.list
compute.routers.listBgpRoutes
compute.routers.listEffectiveTags
compute.routers.listRoutePolicies
compute.routers.listTagBindings
compute.routers.update
compute.routers.updateRoutePolicy
compute.routers.use

compute.routes.*

compute.routes.create
compute.routes.createTagBinding
compute.routes.delete
compute.routes.deleteTagBinding
compute.routes.get
compute.routes.list
compute.routes.listEffectiveTags
compute.routes.listTagBindings

compute.securityPolicies.get

compute.securityPolicies.list

compute.securityPolicies.listEffectiveTags

compute.securityPolicies.listTagBindings

compute.securityPolicies.use

compute.serviceAttachments.*

compute.serviceAttachments.create
compute.serviceAttachments.createTagBinding
compute.serviceAttachments.delete
compute.serviceAttachments.deleteTagBinding
compute.serviceAttachments.get
compute.serviceAttachments.getIamPolicy
compute.serviceAttachments.list
compute.serviceAttachments.listEffectiveTags
compute.serviceAttachments.listTagBindings
compute.serviceAttachments.setIamPolicy
compute.serviceAttachments.update
compute.serviceAttachments.use

compute.snapshots.*

compute.snapshots.create
compute.snapshots.createTagBinding
compute.snapshots.delete
compute.snapshots.deleteTagBinding
compute.snapshots.get
compute.snapshots.getIamPolicy
compute.snapshots.list
compute.snapshots.listEffectiveTags
compute.snapshots.listTagBindings
compute.snapshots.setIamPolicy
compute.snapshots.setLabels
compute.snapshots.useReadOnly

compute.sslCertificates.get

compute.sslCertificates.list

compute.sslCertificates.listEffectiveTags

compute.sslCertificates.listTagBindings

compute.sslPolicies.*

compute.sslPolicies.create
compute.sslPolicies.createTagBinding
compute.sslPolicies.delete
compute.sslPolicies.deleteTagBinding
compute.sslPolicies.get
compute.sslPolicies.list
compute.sslPolicies.listAvailableFeatures
compute.sslPolicies.listEffectiveTags
compute.sslPolicies.listTagBindings
compute.sslPolicies.update
compute.sslPolicies.use

compute.storagePools.get

compute.storagePools.list

compute.storagePools.use

compute.subnetworks.*

compute.subnetworks.create
compute.subnetworks.createTagBinding
compute.subnetworks.delete
compute.subnetworks.deleteTagBinding
compute.subnetworks.expandIpCidrRange
compute.subnetworks.get
compute.subnetworks.getIamPolicy
compute.subnetworks.list
compute.subnetworks.listEffectiveTags
compute.subnetworks.listTagBindings
compute.subnetworks.mirror
compute.subnetworks.setIamPolicy
compute.subnetworks.setPrivateIpGoogleAccess
compute.subnetworks.update
compute.subnetworks.use
compute.subnetworks.useExternalIp

compute.targetGrpcProxies.*

compute.targetGrpcProxies.create
compute.targetGrpcProxies.createTagBinding
compute.targetGrpcProxies.delete
compute.targetGrpcProxies.deleteTagBinding
compute.targetGrpcProxies.get
compute.targetGrpcProxies.list
compute.targetGrpcProxies.listEffectiveTags
compute.targetGrpcProxies.listTagBindings
compute.targetGrpcProxies.update
compute.targetGrpcProxies.use

compute.targetHttpProxies.*

compute.targetHttpProxies.create
compute.targetHttpProxies.createTagBinding
compute.targetHttpProxies.delete
compute.targetHttpProxies.deleteTagBinding
compute.targetHttpProxies.get
compute.targetHttpProxies.list
compute.targetHttpProxies.listEffectiveTags
compute.targetHttpProxies.listTagBindings
compute.targetHttpProxies.setUrlMap
compute.targetHttpProxies.update
compute.targetHttpProxies.use

compute.targetHttpsProxies.*

compute.targetHttpsProxies.create
compute.targetHttpsProxies.createTagBinding
compute.targetHttpsProxies.delete
compute.targetHttpsProxies.deleteTagBinding
compute.targetHttpsProxies.get
compute.targetHttpsProxies.list
compute.targetHttpsProxies.listEffectiveTags
compute.targetHttpsProxies.listTagBindings
compute.targetHttpsProxies.setCertificateMap
compute.targetHttpsProxies.setQuicOverride
compute.targetHttpsProxies.setSslCertificates
compute.targetHttpsProxies.setSslPolicy
compute.targetHttpsProxies.setUrlMap
compute.targetHttpsProxies.update
compute.targetHttpsProxies.use

compute.targetInstances.*

compute.targetInstances.create
compute.targetInstances.createTagBinding
compute.targetInstances.delete
compute.targetInstances.deleteTagBinding
compute.targetInstances.get
compute.targetInstances.list
compute.targetInstances.listEffectiveTags
compute.targetInstances.listTagBindings
compute.targetInstances.setSecurityPolicy
compute.targetInstances.use

compute.targetPools.*

compute.targetPools.addHealthCheck
compute.targetPools.addInstance
compute.targetPools.create
compute.targetPools.createTagBinding
compute.targetPools.delete
compute.targetPools.deleteTagBinding
compute.targetPools.get
compute.targetPools.list
compute.targetPools.listEffectiveTags
compute.targetPools.listTagBindings
compute.targetPools.removeHealthCheck
compute.targetPools.removeInstance
compute.targetPools.setSecurityPolicy
compute.targetPools.update
compute.targetPools.use

compute.targetSslProxies.*

compute.targetSslProxies.create
compute.targetSslProxies.createTagBinding
compute.targetSslProxies.delete
compute.targetSslProxies.deleteTagBinding
compute.targetSslProxies.get
compute.targetSslProxies.list
compute.targetSslProxies.listEffectiveTags
compute.targetSslProxies.listTagBindings
compute.targetSslProxies.setBackendService
compute.targetSslProxies.setCertificateMap
compute.targetSslProxies.setProxyHeader
compute.targetSslProxies.setSslCertificates
compute.targetSslProxies.setSslPolicy
compute.targetSslProxies.update
compute.targetSslProxies.use

compute.targetTcpProxies.*

compute.targetTcpProxies.create
compute.targetTcpProxies.createTagBinding
compute.targetTcpProxies.delete
compute.targetTcpProxies.deleteTagBinding
compute.targetTcpProxies.get
compute.targetTcpProxies.list
compute.targetTcpProxies.listEffectiveTags
compute.targetTcpProxies.listTagBindings
compute.targetTcpProxies.update
compute.targetTcpProxies.use

compute.targetVpnGateways.*

compute.targetVpnGateways.create
compute.targetVpnGateways.createTagBinding
compute.targetVpnGateways.delete
compute.targetVpnGateways.deleteTagBinding
compute.targetVpnGateways.get
compute.targetVpnGateways.list
compute.targetVpnGateways.listEffectiveTags
compute.targetVpnGateways.listTagBindings
compute.targetVpnGateways.setLabels
compute.targetVpnGateways.use

compute.urlMaps.*

compute.urlMaps.create
compute.urlMaps.createTagBinding
compute.urlMaps.delete
compute.urlMaps.deleteTagBinding
compute.urlMaps.get
compute.urlMaps.invalidateCache
compute.urlMaps.list
compute.urlMaps.listEffectiveTags
compute.urlMaps.listTagBindings
compute.urlMaps.update
compute.urlMaps.use
compute.urlMaps.validate

compute.vpnGateways.*

compute.vpnGateways.create
compute.vpnGateways.createTagBinding
compute.vpnGateways.delete
compute.vpnGateways.deleteTagBinding
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnGateways.listEffectiveTags
compute.vpnGateways.listTagBindings
compute.vpnGateways.setLabels
compute.vpnGateways.use

compute.vpnTunnels.*

compute.vpnTunnels.create
compute.vpnTunnels.createTagBinding
compute.vpnTunnels.delete
compute.vpnTunnels.deleteTagBinding
compute.vpnTunnels.get
compute.vpnTunnels.list
compute.vpnTunnels.listEffectiveTags
compute.vpnTunnels.listTagBindings
compute.vpnTunnels.setLabels

compute.zoneOperations.get

compute.zoneOperations.list

compute.zones.*

compute.zones.get
compute.zones.list

container.*

container.apiServices.create
container.apiServices.delete
container.apiServices.get
container.apiServices.getStatus
container.apiServices.list
container.apiServices.update
container.apiServices.updateStatus
container.auditSinks.create
container.auditSinks.delete
container.auditSinks.get
container.auditSinks.list
container.auditSinks.update
container.backendConfigs.create
container.backendConfigs.delete
container.backendConfigs.get
container.backendConfigs.list
container.backendConfigs.update
container.bindings.create
container.bindings.delete
container.bindings.get
container.bindings.list
container.bindings.update
container.certificateSigningRequests.approve
container.certificateSigningRequests.create
container.certificateSigningRequests.delete
container.certificateSigningRequests.get
container.certificateSigningRequests.getStatus
container.certificateSigningRequests.list
container.certificateSigningRequests.update
container.certificateSigningRequests.updateStatus
container.clusterRoleBindings.create
container.clusterRoleBindings.delete
container.clusterRoleBindings.get
container.clusterRoleBindings.list
container.clusterRoleBindings.update
container.clusterRoles.bind
container.clusterRoles.create
container.clusterRoles.delete
container.clusterRoles.escalate
container.clusterRoles.get
container.clusterRoles.list
container.clusterRoles.update
container.clusters.connect
container.clusters.create
container.clusters.createTagBinding
container.clusters.delete
container.clusters.deleteTagBinding
container.clusters.get
container.clusters.getCredentials
container.clusters.impersonate
container.clusters.list
container.clusters.listEffectiveTags
container.clusters.listTagBindings
container.clusters.update
container.componentStatuses.get
container.componentStatuses.list
container.configMaps.create
container.configMaps.delete
container.configMaps.get
container.configMaps.list
container.configMaps.update
container.controllerRevisions.create
container.controllerRevisions.delete
container.controllerRevisions.get
container.controllerRevisions.list
container.controllerRevisions.update
container.cronJobs.create
container.cronJobs.delete
container.cronJobs.get
container.cronJobs.getStatus
container.cronJobs.list
container.cronJobs.update
container.cronJobs.updateStatus
container.csiDrivers.create
container.csiDrivers.delete
container.csiDrivers.get
container.csiDrivers.list
container.csiDrivers.update
container.csiNodeInfos.create
container.csiNodeInfos.delete
container.csiNodeInfos.get
container.csiNodeInfos.list
container.csiNodeInfos.update
container.csiNodes.create
container.csiNodes.delete
container.csiNodes.get
container.csiNodes.list
container.csiNodes.update
container.customResourceDefinitions.create
container.customResourceDefinitions.delete
container.customResourceDefinitions.get
container.customResourceDefinitions.getStatus
container.customResourceDefinitions.list
container.customResourceDefinitions.update
container.customResourceDefinitions.updateStatus
container.daemonSets.create
container.daemonSets.delete
container.daemonSets.get
container.daemonSets.getStatus
container.daemonSets.list
container.daemonSets.update
container.daemonSets.updateStatus
container.deployments.create
container.deployments.delete
container.deployments.get
container.deployments.getScale
container.deployments.getStatus
container.deployments.list
container.deployments.rollback
container.deployments.update
container.deployments.updateScale
container.deployments.updateStatus
container.endpointSlices.create
container.endpointSlices.delete
container.endpointSlices.get
container.endpointSlices.list
container.endpointSlices.update
container.endpoints.create
container.endpoints.delete
container.endpoints.get
container.endpoints.list
container.endpoints.update
container.events.create
container.events.delete
container.events.get
container.events.list
container.events.update
container.frontendConfigs.create
container.frontendConfigs.delete
container.frontendConfigs.get
container.frontendConfigs.list
container.frontendConfigs.update
container.horizontalPodAutoscalers.create
container.horizontalPodAutoscalers.delete
container.horizontalPodAutoscalers.get
container.horizontalPodAutoscalers.getStatus
container.horizontalPodAutoscalers.list
container.horizontalPodAutoscalers.update
container.horizontalPodAutoscalers.updateStatus
container.hostServiceAgent.use
container.ingresses.create
container.ingresses.delete
container.ingresses.get
container.ingresses.getStatus
container.ingresses.list
container.ingresses.update
container.ingresses.updateStatus
container.initializerConfigurations.create
container.initializerConfigurations.delete
container.initializerConfigurations.get
container.initializerConfigurations.list
container.initializerConfigurations.update
container.jobs.create
container.jobs.delete
container.jobs.get
container.jobs.getStatus
container.jobs.list
container.jobs.update
container.jobs.updateStatus
container.leases.create
container.leases.delete
container.leases.get
container.leases.list
container.leases.update
container.limitRanges.create
container.limitRanges.delete
container.limitRanges.get
container.limitRanges.list
container.limitRanges.update
container.localSubjectAccessReviews.create
container.localSubjectAccessReviews.list
container.managedCertificates.create
container.managedCertificates.delete
container.managedCertificates.get
container.managedCertificates.list
container.managedCertificates.update
container.mutatingWebhookConfigurations.create
container.mutatingWebhookConfigurations.delete
container.mutatingWebhookConfigurations.get
container.mutatingWebhookConfigurations.list
container.mutatingWebhookConfigurations.update
container.namespaces.create
container.namespaces.delete
container.namespaces.finalize
container.namespaces.get
container.namespaces.getStatus
container.namespaces.list
container.namespaces.update
container.namespaces.updateStatus
container.networkPolicies.create
container.networkPolicies.delete
container.networkPolicies.get
container.networkPolicies.list
container.networkPolicies.update
container.nodes.create
container.nodes.delete
container.nodes.get
container.nodes.getStatus
container.nodes.list
container.nodes.proxy
container.nodes.update
container.nodes.updateStatus
container.operations.get
container.operations.list
container.persistentVolumeClaims.create
container.persistentVolumeClaims.delete
container.persistentVolumeClaims.get
container.persistentVolumeClaims.getStatus
container.persistentVolumeClaims.list
container.persistentVolumeClaims.update
container.persistentVolumeClaims.updateStatus
container.persistentVolumes.create
container.persistentVolumes.delete
container.persistentVolumes.get
container.persistentVolumes.getStatus
container.persistentVolumes.list
container.persistentVolumes.update
container.persistentVolumes.updateStatus
container.petSets.create
container.petSets.delete
container.petSets.get
container.petSets.list
container.petSets.update
container.petSets.updateStatus
container.podDisruptionBudgets.create
container.podDisruptionBudgets.delete
container.podDisruptionBudgets.get
container.podDisruptionBudgets.getStatus
container.podDisruptionBudgets.list
container.podDisruptionBudgets.update
container.podDisruptionBudgets.updateStatus
container.podPresets.create
container.podPresets.delete
container.podPresets.get
container.podPresets.list
container.podPresets.update
container.podSecurityPolicies.create
container.podSecurityPolicies.delete
container.podSecurityPolicies.get
container.podSecurityPolicies.list
container.podSecurityPolicies.update
container.podSecurityPolicies.use
container.podTemplates.create
container.podTemplates.delete
container.podTemplates.get
container.podTemplates.list
container.podTemplates.update
container.pods.attach
container.pods.create
container.pods.delete
container.pods.evict
container.pods.exec
container.pods.get
container.pods.getLogs
container.pods.getStatus
container.pods.initialize
container.pods.list
container.pods.portForward
container.pods.proxy
container.pods.update
container.pods.updateStatus
container.priorityClasses.create
container.priorityClasses.delete
container.priorityClasses.get
container.priorityClasses.list
container.priorityClasses.update
container.replicaSets.create
container.replicaSets.delete
container.replicaSets.get
container.replicaSets.getScale
container.replicaSets.getStatus
container.replicaSets.list
container.replicaSets.update
container.replicaSets.updateScale
container.replicaSets.updateStatus
container.replicationControllers.create
container.replicationControllers.delete
container.replicationControllers.get
container.replicationControllers.getScale
container.replicationControllers.getStatus
container.replicationControllers.list
container.replicationControllers.update
container.replicationControllers.updateScale
container.replicationControllers.updateStatus
container.resourceQuotas.create
container.resourceQuotas.delete
container.resourceQuotas.get
container.resourceQuotas.getStatus
container.resourceQuotas.list
container.resourceQuotas.update
container.resourceQuotas.updateStatus
container.roleBindings.create
container.roleBindings.delete
container.roleBindings.get
container.roleBindings.list
container.roleBindings.update
container.roles.bind
container.roles.create
container.roles.delete
container.roles.escalate
container.roles.get
container.roles.list
container.roles.update
container.runtimeClasses.create
container.runtimeClasses.delete
container.runtimeClasses.get
container.runtimeClasses.list
container.runtimeClasses.update
container.scheduledJobs.create
container.scheduledJobs.delete
container.scheduledJobs.get
container.scheduledJobs.list
container.scheduledJobs.update
container.scheduledJobs.updateStatus
container.secrets.create
container.secrets.delete
container.secrets.get
container.secrets.list
container.secrets.update
container.selfSubjectAccessReviews.create
container.selfSubjectAccessReviews.list
container.selfSubjectRulesReviews.create
container.serviceAccounts.create
container.serviceAccounts.createToken
container.serviceAccounts.delete
container.serviceAccounts.get
container.serviceAccounts.list
container.serviceAccounts.update
container.services.create
container.services.delete
container.services.get
container.services.getStatus
container.services.list
container.services.proxy
container.services.update
container.services.updateStatus
container.statefulSets.create
container.statefulSets.delete
container.statefulSets.get
container.statefulSets.getScale
container.statefulSets.getStatus
container.statefulSets.list
container.statefulSets.update
container.statefulSets.updateScale
container.statefulSets.updateStatus
container.storageClasses.create
container.storageClasses.delete
container.storageClasses.get
container.storageClasses.list
container.storageClasses.update
container.storageStates.create
container.storageStates.delete
container.storageStates.get
container.storageStates.getStatus
container.storageStates.list
container.storageStates.update
container.storageStates.updateStatus
container.storageVersionMigrations.create
container.storageVersionMigrations.delete
container.storageVersionMigrations.get
container.storageVersionMigrations.getStatus
container.storageVersionMigrations.list
container.storageVersionMigrations.update
container.storageVersionMigrations.updateStatus
container.subjectAccessReviews.create
container.subjectAccessReviews.list
container.thirdPartyObjects.create
container.thirdPartyObjects.delete
container.thirdPartyObjects.get
container.thirdPartyObjects.list
container.thirdPartyObjects.update
container.thirdPartyResources.create
container.thirdPartyResources.delete
container.thirdPartyResources.get
container.thirdPartyResources.list
container.thirdPartyResources.update
container.tokenReviews.create
container.updateInfos.create
container.updateInfos.delete
container.updateInfos.get
container.updateInfos.list
container.updateInfos.update
container.validatingWebhookConfigurations.create
container.validatingWebhookConfigurations.delete
container.validatingWebhookConfigurations.get
container.validatingWebhookConfigurations.list
container.validatingWebhookConfigurations.update
container.volumeAttachments.create
container.volumeAttachments.delete
container.volumeAttachments.get
container.volumeAttachments.getStatus
container.volumeAttachments.list
container.volumeAttachments.update
container.volumeAttachments.updateStatus
container.volumeSnapshotClasses.create
container.volumeSnapshotClasses.delete
container.volumeSnapshotClasses.get
container.volumeSnapshotClasses.list
container.volumeSnapshotClasses.update
container.volumeSnapshotContents.create
container.volumeSnapshotContents.delete
container.volumeSnapshotContents.get
container.volumeSnapshotContents.getStatus
container.volumeSnapshotContents.list
container.volumeSnapshotContents.update
container.volumeSnapshotContents.updateStatus
container.volumeSnapshots.create
container.volumeSnapshots.delete
container.volumeSnapshots.get
container.volumeSnapshots.getStatus
container.volumeSnapshots.list
container.volumeSnapshots.update
container.volumeSnapshots.updateStatus

deploymentmanager.compositeTypes.*

deploymentmanager.compositeTypes.create
deploymentmanager.compositeTypes.delete
deploymentmanager.compositeTypes.get
deploymentmanager.compositeTypes.list
deploymentmanager.compositeTypes.update

deploymentmanager.deployments.cancelPreview

deploymentmanager.deployments.create

deploymentmanager.deployments.delete

deploymentmanager.deployments.get

deploymentmanager.deployments.list

deploymentmanager.deployments.stop

deploymentmanager.deployments.update

deploymentmanager.manifests.*

deploymentmanager.manifests.get
deploymentmanager.manifests.list

deploymentmanager.operations.*

deploymentmanager.operations.get
deploymentmanager.operations.list

deploymentmanager.resources.*

deploymentmanager.resources.get
deploymentmanager.resources.list

deploymentmanager.typeProviders.*

deploymentmanager.typeProviders.create
deploymentmanager.typeProviders.delete
deploymentmanager.typeProviders.get
deploymentmanager.typeProviders.getType
deploymentmanager.typeProviders.list
deploymentmanager.typeProviders.listTypes
deploymentmanager.typeProviders.update

deploymentmanager.types.*

deploymentmanager.types.create
deploymentmanager.types.delete
deploymentmanager.types.get
deploymentmanager.types.list
deploymentmanager.types.update

dns.managedZones.get

dns.managedZones.list

dns.networks.targetWithPeeringZone

firebase.projects.get

iam.serviceAccounts.actAs

iam.serviceAccounts.get

iam.serviceAccounts.getAccessToken

iam.serviceAccounts.getOpenIdToken

iam.serviceAccounts.list

logging.buckets.create

logging.buckets.createTagBinding

logging.buckets.delete

logging.buckets.deleteTagBinding

logging.buckets.get

logging.buckets.list

logging.buckets.listEffectiveTags

logging.buckets.listTagBindings

logging.buckets.undelete

logging.buckets.update

logging.exclusions.*

logging.exclusions.create
logging.exclusions.delete
logging.exclusions.get
logging.exclusions.list
logging.exclusions.update

logging.links.*

logging.links.create
logging.links.delete
logging.links.get
logging.links.list

logging.locations.*

logging.locations.get
logging.locations.list

logging.logEntries.create

logging.logEntries.route

logging.logMetrics.*

logging.logMetrics.create
logging.logMetrics.delete
logging.logMetrics.get
logging.logMetrics.list
logging.logMetrics.update

logging.logServiceIndexes.list

logging.logServices.list

logging.logs.list

logging.notificationRules.*

logging.notificationRules.create
logging.notificationRules.delete
logging.notificationRules.get
logging.notificationRules.list
logging.notificationRules.update

logging.operations.*

logging.operations.cancel
logging.operations.get
logging.operations.list

logging.settings.*

logging.settings.get
logging.settings.update

logging.sinks.*

logging.sinks.create
logging.sinks.delete
logging.sinks.get
logging.sinks.list
logging.sinks.update

logging.sqlAlerts.*

logging.sqlAlerts.create
logging.sqlAlerts.update

logging.views.create

logging.views.delete

logging.views.get

logging.views.getIamPolicy

logging.views.list

logging.views.update

monitoring.alertPolicies.get

monitoring.alertPolicies.list

monitoring.dashboards.get

monitoring.dashboards.list

monitoring.groups.get

monitoring.groups.list

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list

monitoring.notificationChannelDescriptors.*

monitoring.notificationChannelDescriptors.get
monitoring.notificationChannelDescriptors.list

monitoring.notificationChannels.get

monitoring.notificationChannels.list

monitoring.services.get

monitoring.services.list

monitoring.slos.get

monitoring.slos.list

monitoring.snoozes.get

monitoring.snoozes.list

monitoring.timeSeries.*

monitoring.timeSeries.create
monitoring.timeSeries.list

monitoring.uptimeCheckConfigs.get

monitoring.uptimeCheckConfigs.list

networkconnectivity.internalRanges.*

networkconnectivity.internalRanges.create
networkconnectivity.internalRanges.delete
networkconnectivity.internalRanges.get
networkconnectivity.internalRanges.getIamPolicy
networkconnectivity.internalRanges.list
networkconnectivity.internalRanges.setIamPolicy
networkconnectivity.internalRanges.update

networkconnectivity.locations.*

networkconnectivity.locations.get
networkconnectivity.locations.list

networkconnectivity.operations.*

networkconnectivity.operations.cancel
networkconnectivity.operations.delete
networkconnectivity.operations.get
networkconnectivity.operations.list

networkconnectivity.policyBasedRoutes.*

networkconnectivity.policyBasedRoutes.create
networkconnectivity.policyBasedRoutes.delete
networkconnectivity.policyBasedRoutes.get
networkconnectivity.policyBasedRoutes.getIamPolicy
networkconnectivity.policyBasedRoutes.list
networkconnectivity.policyBasedRoutes.setIamPolicy

networkconnectivity.regionalEndpoints.*

networkconnectivity.regionalEndpoints.create
networkconnectivity.regionalEndpoints.delete
networkconnectivity.regionalEndpoints.get
networkconnectivity.regionalEndpoints.list

networkconnectivity.serviceClasses.*

networkconnectivity.serviceClasses.create
networkconnectivity.serviceClasses.delete
networkconnectivity.serviceClasses.get
networkconnectivity.serviceClasses.list
networkconnectivity.serviceClasses.update
networkconnectivity.serviceClasses.use

networkconnectivity.serviceConnectionMaps.*

networkconnectivity.serviceConnectionMaps.create
networkconnectivity.serviceConnectionMaps.delete
networkconnectivity.serviceConnectionMaps.get
networkconnectivity.serviceConnectionMaps.list
networkconnectivity.serviceConnectionMaps.update

networkconnectivity.serviceConnectionPolicies.*

networkconnectivity.serviceConnectionPolicies.create
networkconnectivity.serviceConnectionPolicies.delete
networkconnectivity.serviceConnectionPolicies.get
networkconnectivity.serviceConnectionPolicies.list
networkconnectivity.serviceConnectionPolicies.update

networkmanagement.connectivitytests.get

networkmanagement.connectivitytests.list

networksecurity.addressGroups.*

networksecurity.addressGroups.create
networksecurity.addressGroups.delete
networksecurity.addressGroups.get
networksecurity.addressGroups.getIamPolicy
networksecurity.addressGroups.list
networksecurity.addressGroups.setIamPolicy
networksecurity.addressGroups.update
networksecurity.addressGroups.use

networksecurity.authorizationPolicies.*

networksecurity.authorizationPolicies.create
networksecurity.authorizationPolicies.delete
networksecurity.authorizationPolicies.get
networksecurity.authorizationPolicies.getIamPolicy
networksecurity.authorizationPolicies.list
networksecurity.authorizationPolicies.setIamPolicy
networksecurity.authorizationPolicies.update
networksecurity.authorizationPolicies.use

networksecurity.authzPolicies.*

networksecurity.authzPolicies.create
networksecurity.authzPolicies.delete
networksecurity.authzPolicies.get
networksecurity.authzPolicies.getIamPolicy
networksecurity.authzPolicies.list
networksecurity.authzPolicies.setIamPolicy
networksecurity.authzPolicies.update

networksecurity.clientTlsPolicies.*

networksecurity.clientTlsPolicies.create
networksecurity.clientTlsPolicies.delete
networksecurity.clientTlsPolicies.get
networksecurity.clientTlsPolicies.getIamPolicy
networksecurity.clientTlsPolicies.list
networksecurity.clientTlsPolicies.setIamPolicy
networksecurity.clientTlsPolicies.update
networksecurity.clientTlsPolicies.use

networksecurity.firewallEndpointAssociations.*

networksecurity.firewallEndpointAssociations.create
networksecurity.firewallEndpointAssociations.delete
networksecurity.firewallEndpointAssociations.get
networksecurity.firewallEndpointAssociations.list
networksecurity.firewallEndpointAssociations.update

networksecurity.firewallEndpoints.*

networksecurity.firewallEndpoints.create
networksecurity.firewallEndpoints.delete
networksecurity.firewallEndpoints.get
networksecurity.firewallEndpoints.list
networksecurity.firewallEndpoints.update
networksecurity.firewallEndpoints.use

networksecurity.gatewaySecurityPolicies.*

networksecurity.gatewaySecurityPolicies.create
networksecurity.gatewaySecurityPolicies.delete
networksecurity.gatewaySecurityPolicies.get
networksecurity.gatewaySecurityPolicies.list
networksecurity.gatewaySecurityPolicies.update
networksecurity.gatewaySecurityPolicies.use

networksecurity.gatewaySecurityPolicyRules.*

networksecurity.gatewaySecurityPolicyRules.create
networksecurity.gatewaySecurityPolicyRules.delete
networksecurity.gatewaySecurityPolicyRules.get
networksecurity.gatewaySecurityPolicyRules.list
networksecurity.gatewaySecurityPolicyRules.update
networksecurity.gatewaySecurityPolicyRules.use

networksecurity.locations.*

networksecurity.locations.get
networksecurity.locations.list

networksecurity.operations.*

networksecurity.operations.cancel
networksecurity.operations.delete
networksecurity.operations.get
networksecurity.operations.list

networksecurity.securityProfileGroups.*

networksecurity.securityProfileGroups.create
networksecurity.securityProfileGroups.delete
networksecurity.securityProfileGroups.get
networksecurity.securityProfileGroups.list
networksecurity.securityProfileGroups.update
networksecurity.securityProfileGroups.use

networksecurity.securityProfiles.*

networksecurity.securityProfiles.create
networksecurity.securityProfiles.delete
networksecurity.securityProfiles.get
networksecurity.securityProfiles.list
networksecurity.securityProfiles.update
networksecurity.securityProfiles.use

networksecurity.serverTlsPolicies.*

networksecurity.serverTlsPolicies.create
networksecurity.serverTlsPolicies.delete
networksecurity.serverTlsPolicies.get
networksecurity.serverTlsPolicies.getIamPolicy
networksecurity.serverTlsPolicies.list
networksecurity.serverTlsPolicies.setIamPolicy
networksecurity.serverTlsPolicies.update
networksecurity.serverTlsPolicies.use

networksecurity.tlsInspectionPolicies.*

networksecurity.tlsInspectionPolicies.create
networksecurity.tlsInspectionPolicies.delete
networksecurity.tlsInspectionPolicies.get
networksecurity.tlsInspectionPolicies.list
networksecurity.tlsInspectionPolicies.update
networksecurity.tlsInspectionPolicies.use

networksecurity.urlLists.*

networksecurity.urlLists.create
networksecurity.urlLists.delete
networksecurity.urlLists.get
networksecurity.urlLists.list
networksecurity.urlLists.update
networksecurity.urlLists.use

networkservices.*

networkservices.authzExtensions.create
networkservices.authzExtensions.delete
networkservices.authzExtensions.get
networkservices.authzExtensions.list
networkservices.authzExtensions.update
networkservices.authzExtensions.use
networkservices.endpointPolicies.create
networkservices.endpointPolicies.delete
networkservices.endpointPolicies.get
networkservices.endpointPolicies.list
networkservices.endpointPolicies.update
networkservices.gateways.create
networkservices.gateways.delete
networkservices.gateways.get
networkservices.gateways.list
networkservices.gateways.update
networkservices.gateways.use
networkservices.grpcRoutes.create
networkservices.grpcRoutes.delete
networkservices.grpcRoutes.get
networkservices.grpcRoutes.list
networkservices.grpcRoutes.update
networkservices.httpFilters.create
networkservices.httpFilters.delete
networkservices.httpFilters.get
networkservices.httpFilters.list
networkservices.httpFilters.update
networkservices.httpRoutes.create
networkservices.httpRoutes.delete
networkservices.httpRoutes.get
networkservices.httpRoutes.list
networkservices.httpRoutes.update
networkservices.httpfilters.create
networkservices.httpfilters.delete
networkservices.httpfilters.get
networkservices.httpfilters.getIamPolicy
networkservices.httpfilters.list
networkservices.httpfilters.setIamPolicy
networkservices.httpfilters.update
networkservices.httpfilters.use
networkservices.lbRouteExtensions.create
networkservices.lbRouteExtensions.delete
networkservices.lbRouteExtensions.get
networkservices.lbRouteExtensions.list
networkservices.lbRouteExtensions.update
networkservices.lbTrafficExtensions.create
networkservices.lbTrafficExtensions.delete
networkservices.lbTrafficExtensions.get
networkservices.lbTrafficExtensions.list
networkservices.lbTrafficExtensions.update
networkservices.locations.get
networkservices.locations.list
networkservices.meshes.create
networkservices.meshes.delete
networkservices.meshes.get
networkservices.meshes.list
networkservices.meshes.update
networkservices.meshes.use
networkservices.operations.cancel
networkservices.operations.delete
networkservices.operations.get
networkservices.operations.list
networkservices.route_views.get
networkservices.route_views.list
networkservices.serviceBindings.create
networkservices.serviceBindings.delete
networkservices.serviceBindings.get
networkservices.serviceBindings.list
networkservices.serviceBindings.update
networkservices.serviceLbPolicies.create
networkservices.serviceLbPolicies.delete
networkservices.serviceLbPolicies.get
networkservices.serviceLbPolicies.list
networkservices.serviceLbPolicies.update
networkservices.tcpRoutes.create
networkservices.tcpRoutes.delete
networkservices.tcpRoutes.get
networkservices.tcpRoutes.list
networkservices.tcpRoutes.update
networkservices.tlsRoutes.create
networkservices.tlsRoutes.delete
networkservices.tlsRoutes.get
networkservices.tlsRoutes.list
networkservices.tlsRoutes.update

observability.scopes.get

opsconfigmonitoring.resourceMetadata.list

orgpolicy.policy.get

pubsub.*

pubsub.schemas.attach
pubsub.schemas.commit
pubsub.schemas.create
pubsub.schemas.delete
pubsub.schemas.get
pubsub.schemas.getIamPolicy
pubsub.schemas.list
pubsub.schemas.listRevisions
pubsub.schemas.rollback
pubsub.schemas.setIamPolicy
pubsub.schemas.validate
pubsub.snapshots.create
pubsub.snapshots.delete
pubsub.snapshots.get
pubsub.snapshots.getIamPolicy
pubsub.snapshots.list
pubsub.snapshots.seek
pubsub.snapshots.setIamPolicy
pubsub.snapshots.update
pubsub.subscriptions.consume
pubsub.subscriptions.create
pubsub.subscriptions.delete
pubsub.subscriptions.get
pubsub.subscriptions.getIamPolicy
pubsub.subscriptions.list
pubsub.subscriptions.setIamPolicy
pubsub.subscriptions.update
pubsub.topics.attachSubscription
pubsub.topics.create
pubsub.topics.delete
pubsub.topics.detachSubscription
pubsub.topics.get
pubsub.topics.getIamPolicy
pubsub.topics.list
pubsub.topics.publish
pubsub.topics.setIamPolicy
pubsub.topics.update
pubsub.topics.updateTag

recommender.cloudsqlIdleInstanceRecommendations.*

recommender.cloudsqlIdleInstanceRecommendations.get
recommender.cloudsqlIdleInstanceRecommendations.list
recommender.cloudsqlIdleInstanceRecommendations.update

recommender.cloudsqlInstanceActivityInsights.*

recommender.cloudsqlInstanceActivityInsights.get
recommender.cloudsqlInstanceActivityInsights.list
recommender.cloudsqlInstanceActivityInsights.update

recommender.cloudsqlInstanceCpuUsageInsights.*

recommender.cloudsqlInstanceCpuUsageInsights.get
recommender.cloudsqlInstanceCpuUsageInsights.list
recommender.cloudsqlInstanceCpuUsageInsights.update

recommender.cloudsqlInstanceDiskUsageTrendInsights.*

recommender.cloudsqlInstanceDiskUsageTrendInsights.get
recommender.cloudsqlInstanceDiskUsageTrendInsights.list
recommender.cloudsqlInstanceDiskUsageTrendInsights.update

recommender.cloudsqlInstanceMemoryUsageInsights.*

recommender.cloudsqlInstanceMemoryUsageInsights.get
recommender.cloudsqlInstanceMemoryUsageInsights.list
recommender.cloudsqlInstanceMemoryUsageInsights.update

recommender.cloudsqlInstanceOomProbabilityInsights.*

recommender.cloudsqlInstanceOomProbabilityInsights.get
recommender.cloudsqlInstanceOomProbabilityInsights.list
recommender.cloudsqlInstanceOomProbabilityInsights.update

recommender.cloudsqlInstanceOutOfDiskRecommendations.*

recommender.cloudsqlInstanceOutOfDiskRecommendations.get
recommender.cloudsqlInstanceOutOfDiskRecommendations.list
recommender.cloudsqlInstanceOutOfDiskRecommendations.update

recommender.cloudsqlInstancePerformanceInsights.*

recommender.cloudsqlInstancePerformanceInsights.get
recommender.cloudsqlInstancePerformanceInsights.list
recommender.cloudsqlInstancePerformanceInsights.update

recommender.cloudsqlInstancePerformanceRecommendations.*

recommender.cloudsqlInstancePerformanceRecommendations.get
recommender.cloudsqlInstancePerformanceRecommendations.list
recommender.cloudsqlInstancePerformanceRecommendations.update

recommender.cloudsqlInstanceReliabilityInsights.*

recommender.cloudsqlInstanceReliabilityInsights.get
recommender.cloudsqlInstanceReliabilityInsights.list
recommender.cloudsqlInstanceReliabilityInsights.update

recommender.cloudsqlInstanceReliabilityRecommendations.*

recommender.cloudsqlInstanceReliabilityRecommendations.get
recommender.cloudsqlInstanceReliabilityRecommendations.list
recommender.cloudsqlInstanceReliabilityRecommendations.update

recommender.cloudsqlInstanceSecurityInsights.*

recommender.cloudsqlInstanceSecurityInsights.get
recommender.cloudsqlInstanceSecurityInsights.list
recommender.cloudsqlInstanceSecurityInsights.update

recommender.cloudsqlInstanceSecurityRecommendations.*

recommender.cloudsqlInstanceSecurityRecommendations.get
recommender.cloudsqlInstanceSecurityRecommendations.list
recommender.cloudsqlInstanceSecurityRecommendations.update

recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.*

recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.get
recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.list
recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.update

recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.*

recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.get
recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.list
recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.update

recommender.cloudsqlOverprovisionedInstanceRecommendations.*

recommender.cloudsqlOverprovisionedInstanceRecommendations.get
recommender.cloudsqlOverprovisionedInstanceRecommendations.list
recommender.cloudsqlOverprovisionedInstanceRecommendations.update

recommender.cloudsqlUnderProvisionedInstanceRecommendations.*

recommender.cloudsqlUnderProvisionedInstanceRecommendations.get
recommender.cloudsqlUnderProvisionedInstanceRecommendations.list
recommender.cloudsqlUnderProvisionedInstanceRecommendations.update

recommender.containerDiagnosisInsights.*

recommender.containerDiagnosisInsights.get
recommender.containerDiagnosisInsights.list
recommender.containerDiagnosisInsights.update

recommender.containerDiagnosisRecommendations.*

recommender.containerDiagnosisRecommendations.get
recommender.containerDiagnosisRecommendations.list
recommender.containerDiagnosisRecommendations.update

recommender.iamPolicyInsights.*

recommender.iamPolicyInsights.get
recommender.iamPolicyInsights.list
recommender.iamPolicyInsights.update

recommender.iamPolicyRecommendations.*

recommender.iamPolicyRecommendations.get
recommender.iamPolicyRecommendations.list
recommender.iamPolicyRecommendations.update

recommender.locations.*

recommender.locations.get
recommender.locations.list

recommender.networkAnalyzerGkeConnectivityInsights.*

recommender.networkAnalyzerGkeConnectivityInsights.get
recommender.networkAnalyzerGkeConnectivityInsights.list
recommender.networkAnalyzerGkeConnectivityInsights.update

recommender.networkAnalyzerGkeIpAddressInsights.*

recommender.networkAnalyzerGkeIpAddressInsights.get
recommender.networkAnalyzerGkeIpAddressInsights.list
recommender.networkAnalyzerGkeIpAddressInsights.update

recommender.storageBucketSoftDeleteInsights.*

recommender.storageBucketSoftDeleteInsights.get
recommender.storageBucketSoftDeleteInsights.list
recommender.storageBucketSoftDeleteInsights.update

recommender.storageBucketSoftDeleteRecommendations.*

recommender.storageBucketSoftDeleteRecommendations.get
recommender.storageBucketSoftDeleteRecommendations.list
recommender.storageBucketSoftDeleteRecommendations.update

resourcemanager.hierarchyNodes.listEffectiveTags

resourcemanager.projects.get

resourcemanager.projects.getIamPolicy

resourcemanager.projects.list

servicedirectory.namespaces.create

servicedirectory.namespaces.delete

servicedirectory.services.create

servicedirectory.services.delete

servicenetworking.operations.get

servicenetworking.services.addPeering

servicenetworking.services.createPeeredDnsDomain

servicenetworking.services.deleteConnection

servicenetworking.services.deletePeeredDnsDomain

servicenetworking.services.disableVpcServiceControls

servicenetworking.services.enableVpcServiceControls

servicenetworking.services.get

servicenetworking.services.listPeeredDnsDomains

serviceusage.quotas.get

serviceusage.services.get

serviceusage.services.list

stackdriver.projects.get

stackdriver.resourceMetadata.list

storage.anywhereCaches.*

storage.anywhereCaches.create
storage.anywhereCaches.disable
storage.anywhereCaches.get
storage.anywhereCaches.list
storage.anywhereCaches.pause
storage.anywhereCaches.resume
storage.anywhereCaches.update

storage.bucketOperations.*

storage.bucketOperations.cancel
storage.bucketOperations.get
storage.bucketOperations.list

storage.buckets.*

storage.buckets.create
storage.buckets.createTagBinding
storage.buckets.delete
storage.buckets.deleteTagBinding
storage.buckets.enableObjectRetention
storage.buckets.get
storage.buckets.getIamPolicy
storage.buckets.getObjectInsights
storage.buckets.list
storage.buckets.listEffectiveTags
storage.buckets.listTagBindings
storage.buckets.restore
storage.buckets.setIamPolicy
storage.buckets.update

storage.folders.*

storage.folders.create
storage.folders.delete
storage.folders.get
storage.folders.list
storage.folders.rename

storage.managedFolders.*

storage.managedFolders.create
storage.managedFolders.delete
storage.managedFolders.get
storage.managedFolders.getIamPolicy
storage.managedFolders.list
storage.managedFolders.setIamPolicy

storage.managementHubs.*

storage.managementHubs.get
storage.managementHubs.update

storage.multipartUploads.*

storage.multipartUploads.abort
storage.multipartUploads.create
storage.multipartUploads.list
storage.multipartUploads.listParts

storage.objects.*

storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.getIamPolicy
storage.objects.list
storage.objects.overrideUnlockedRetention
storage.objects.restore
storage.objects.setIamPolicy
storage.objects.setRetention
storage.objects.update

trafficdirector.*

trafficdirector.networks.getConfigs
trafficdirector.networks.reportMetrics

Einfache Rollen

Einfache Rollen funktionieren mit Cloud Composer so:

Inhaber (owner): Ermöglicht die vollständige Kontrolle über Cloud Composer-Ressourcen.
Bearbeiter (editor): ermöglicht die vollständige Kontrolle über Cloud Composer-Ressourcen.
Betrachter (viewer): Ermöglicht es Nutzern, Listen und Cloud Composer-Ressourcen.

Weitere Informationen finden Sie in der Referenz zu einfachen und vordefinierten IAM-Rollen. Informationen zu einfachen Rollen und Cloud Composer-Berechtigungen enthalten sind.

Berechtigungen für API-Methoden

In der folgenden Tabelle sind die Berechtigungen aufgeführt, die erforderlich sind, um die einzelnen Methoden in der Cloud Composer API aufrufen oder um Aufgaben mit Google Cloud-Tools ausführen zu können, die die API verwenden (z. B. die Google Cloud Console oder die Google Cloud-Befehlszeile).

Methode	Berechtigung
`environments.create`	`composer.environments.create` und `iam.serviceAccounts.actAs` für das Dienstkonto der Umgebung.
`environments.delete`	`composer.environments.delete`
`environments.get`	`composer.environments.get`
`environments.list`	`composer.environments.list`
`environments.update`	`composer.environments.update`
`environments.executeAirflowCommand`	`composer.environment.executeairflowcommand`
`environments.stopAirflowCommand`	`composer.environment.executeairflowcommand`
`environments.pollAirflowCommand`	`composer.environment.executeairflowcommand`
`operations.delete`	`composer.operations.delete`
`operations.get`	`composer.operations.get`
`operations.list`	`composer.operations.list`

Berechtigungen zur Verwendung der gcloud CLI mit Umgebungen

Zur Verwendung von gcloud mit Cloud Composer-Umgebungen benötigen Sie folgende Berechtigungen:

composer.environments.get
container.clusters.get
container.clusters.list
container.clusters.getCredentials

Wenn Sie Umgebungen oder Umgebungs-Buckets mit gcloud composer-Befehlen verwalten möchten, benötigen Sie außerdem eine Rolle mit ausreichenden Berechtigungen.

Wenn Sie Airflow-Befehlszeilenbefehle ausführen möchten, benötigen Sie die folgenden zusätzlichen Berechtigungen:

container.namespaces.list
container.pods.get
container.pods.list
container.pods.exec

Berechtigungen für die Arbeit mit DAGs in der Google Cloud Console

Die folgenden Berechtigungen decken die Arbeit mit DAGs über die Google Cloud Console ab, über die DAG-UI:

Berechtigung	Beschreibung
`composer.dags.list`	Rufen Sie die Liste der DAGs auf der Seite „Umgebungsdetails“ auf.
`composer.dags.get`	Auf der DAG-Detailseite finden Sie detaillierte Informationen zu DAGs, DAG-Ausführungen und Aufgaben.
`composer.dags.getSourceCode`	Rufen Sie den Quellcode von DAGs auf der DAG-Detailseite ab.
`composer.dags.execute`	DAGs über die DAG-Detailseite pausieren, fortsetzen und auslösen.

Mit der Zugriffssteuerung der Airflow-Benutzeroberfläche können Sie DAG-Berechtigungen für Nutzerkonten weiter steuern. Für die DAG-UI ist beides erforderlich IAM- und Airflow-UI-Zugriffssteuerungsberechtigungen zum Zulassen eines für einen DAG. Gleichzeitig validiert die Airflow-UI den Nutzerzugriff nur gegen Airflow-UI-Zugriffssteuerungsberechtigungen, das Überspringen IAM-Berechtigungen

Wenn ein Nutzer beispielsweise die Berechtigung composer.dags.execute und die Airflow-Rolle Viewer hat, kann er keine DAGs über die Google Cloud Console auslösen. Das Gegenteil ist der Fall, wenn Nutzende composer.dags.list hat, kann dieser Nutzer die Liste der DAGs weiterhin aufrufen. auf der Airflow-UI.

Lese- und Schreibzugriff auf Umgebungs-Buckets und Artifact Registry-Repositories

Nutzer mit Lese-/Schreibzugriff auf die folgenden Komponenten:

Bucket der Cloud Composer-Umgebung
Artifact Registry-Repositories mit Container-Images, die verwendet werden von: Airflow-Komponenten, GKEPodOperator oder GKEStartPodOperator

können eigene Versionen von DAGs oder Container-Images in einer Umgebung bereitstellen, auch ohne explizite Cloud Composer-Berechtigungen. Diese DAGs oder Images können später mit den Berechtigungen des Dienstkontos der Cloud Composer-Umgebung in der Umgebung ausgeführt werden.

Diese Nutzer können also implizit mit den Berechtigungen der Dienstkonto für die Cloud Composer-Umgebung.

EMPFEHLUNG

Berechtigungen und Rollen für freigegebene VPC-Netzwerke

Für die Verwendung von freigegebenen VPC-Netzwerken sind zusätzliche Rollen und Berechtigungen für Dienstkonten in Dienst- und Hostprojekten erforderlich. Weitere Informationen zum Konfigurieren dieser Rollen und Berechtigungen finden Sie unter Freigegebene VPC-Netzwerke konfigurieren.

Dienstkonto aus einem anderen Projekt verwenden

Wenn Sie möchten, dass eine Cloud Composer-Umgebung in einem Projekt ein nutzerverwaltetes Dienstkonto aus einem anderen Projekt verwendet, konfigurieren Sie das nutzerverwaltete Dienstkonto so:

Die Organisationsrichtlinie des Projekts, in dem sich Ihr nutzerverwaltetes Dienstkonto befindet, muss den Identitätswechsel für Dienstkonten über Projekte hinweg zulassen.
Aktivieren Sie die Composer API in dem Projekt, in dem sich Ihr nutzerverwaltetes Dienstkonto befindet. Für warum das erforderlich ist, Wo werden Dienstkonten erstellt?
Weisen Sie IAM-Rollen wie in der folgenden Tabelle beschrieben zu.
Erstellen Sie die Umgebung mit einem projektübergreifenden Dienstkonto. Sie können die Google Cloud CLI, die API oder Terraform verwenden. In der Google Cloud Console kann kein Dienstkonto aus einem anderen Projekt ausgewählt werden.

In der folgenden Tabelle werden die erforderlichen IAM-Rollen und Hauptkonten für Ihr vom Nutzer verwaltetes Dienstkonto.

Projekt	Ressource	Hauptkonto	Rolle
Projekt, in dem sich Ihr vom Nutzer verwaltetes Dienstkonto befindet	Ihr vom Nutzer verwaltetes Dienstkonto	Cloud Composer-Dienst-Agent-Konto des Projekts, in dem sich Ihre Umgebung befindet (`service-SERVICE_PROJECT_NUMBER@cloudcomposer-accounts.iam.gserviceaccount.com`).	Dienstkontonutzer (`iam.serviceAccountUser`)
(Nur Cloud Composer 2) Projekt, in dem sich Ihr nutzerverwaltetes Dienstkonto befindet	Ihr vom Nutzer verwaltetes Dienstkonto	Cloud Composer-Dienst-Agent-Konto des Projekts, in dem sich Ihre Umgebung befindet (`service-SERVICE_PROJECT_NUMBER@cloudcomposer-accounts.iam.gserviceaccount.com`).	Dienst-Agent-Erweiterung für Cloud Composer v2 API (`roles/composer.ServiceAgentV2Ext`): Weitere Informationen zur Verwendung dieser Rolle finden Sie unter Rollen für Cloud Composer-Dienst-Agent-Konto gewähren.
Projekt, in dem sich Ihr vom Nutzer verwaltetes Dienstkonto befindet	Ihr vom Nutzer verwaltetes Dienstkonto	Kubernetes Engine-Dienst-Agent des Projekts, in dem sich Ihre Umgebung befindet (`service-SERVICE_PROJECT_NUMBER@container-engine-robot.iam.gserviceaccount.com`)	Dienstkontonutzer (`iam.serviceAccountUser`)
Projekt, in dem sich Ihr vom Nutzer verwaltetes Dienstkonto befindet	Ihr vom Nutzer verwaltetes Dienstkonto	Google APIs-Dienst-Agent des Projekts, in dem sich Ihre Umgebung befindet (`SERVICE_PROJECT_NUMBER@cloudservices.gserviceaccount.com`)	Dienstkontonutzer (`iam.serviceAccountUser`)
Projekt, in dem sich Ihr vom Nutzer verwaltetes Dienstkonto befindet	Ihr vom Nutzer verwaltetes Dienstkonto	Compute Engine-Dienst-Agent des Projekts, in dem sich Ihre Umgebung befindet (`service-SERVICE_PROJECT_NUMBER@compute-system.iam.gserviceaccount.com`)	Ersteller von Dienstkonto-Token (`roles/iam.serviceAccountTokenCreator`)
Projekt, in dem sich Ihre Umgebung befindet	Projekt	Ihr vom Nutzer verwaltetes Dienstkonto	Weisen Sie Ihrem nutzerverwalteten Dienstkonto die erforderlichen Rollen zu, wie unter Einem nutzerverwalteten Dienstkonto Rollen zuweisen beschrieben. Bei einer öffentlichen IP-Konfiguration benötigt Ihr nutzerverwaltetes Dienstkonto beispielsweise die Rolle Composer Worker.

Zugriffssteuerung mit IAM

Informationen zu Identity and Access Managemen in Cloud Composer

Rollen für Cloud Composer-Dienst-Agent-Konto gewähren

Dem Dienstkonto einer Umgebung Rollen zuweisen

Nutzern Rollen zuweisen

Umgebungen und Umgebungs-Buckets verwalten

Umgebungen verwalten

Umgebungen ansehen und Umgebungs-Buckets verwalten

Umgebungen und Umgebungs-Buckets ansehen

Umgebungen ansehen

Rollen

Cloud Composer v2 API Service Agent Extension

Composer Administrator

Environment and Storage Object Administrator

Environment and Storage Object User

Environment and Storage Object Viewer

Composer Shared VPC Agent

Composer User

Composer Worker

Rollen für Dienst-Agents

Cloud Composer API-Dienst-Agent

Einfache Rollen

Berechtigungen für API-Methoden

Berechtigungen zur Verwendung der gcloud CLI mit Umgebungen

Berechtigungen für die Arbeit mit DAGs in der Google Cloud Console

Lese- und Schreibzugriff auf Umgebungs-Buckets und Artifact Registry-Repositories

Berechtigungen und Rollen für freigegebene VPC-Netzwerke

Dienstkonto aus einem anderen Projekt verwenden

Nächste Schritte