IAM Permissions with gcloud
Creating directory '/home/student-02-14224ff2407c'.
[student-02-14224ff2407c@centos-clean ~]$ gcloud --version
Google Cloud SDK 468.0.0
alpha 2024.03.08
beta 2024.03.08
bq 2.0.101
bundled-python3-unix 3.11.8
core 2024.03.08
gcloud-crc32c 1.0.0
gsutil 5.27
[student-02-14224ff2407c@centos-clean ~]$
[student-02-14224ff2407c@centos-clean ~]$gcloud auth login
You are running on a Google Compute Engine virtual machine.
It is recommended that you use service accounts for authentication.
You can run:
$ gcloud config set account `ACCOUNT`
to switch accounts if necessary.
Your credentials may be visible to others with access to this
virtual machine. Are you sure you want to authenticate with
your personal account?
Do you want to continue (Y/n)? y
Go to the following link in your browser:
https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=32555940559.apps.googleusercontent.com&redirect_uri=https%3A%2F%2Fsdk.cloud.google.com%2Fauthcode.html&scope=openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fappengine.admin+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fsqlservice.login+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcompute+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Faccounts.reauth&state=q9tHSigKAtYCTVIaZLqS2IHRK6odDD&prompt=consent&token_usage=remote&access_type=offline&code_challenge=JZU41zluq1kwzkA9ySVvkeHL_PVQRbejLnlYFWBxWhY&code_challenge_method=S256
Enter authorization code: 4/0AeaYSHBlDcfSu1Pye3ez6zmzB5gGeDXKJ5lssZlk7dURTmbNeMUOZKNDni-HHtpmtrHyqA
You are now logged in as [student-02-14224ff2407c@qwiklabs.net].
Your current project is [qwiklabs-gcp-02-d7b2390a55a2]. You can change this setting by running:
$ gcloud config set project PROJECT_ID
[student-02-14224ff2407c@centos-clean ~]$
[student-02-14224ff2407c@centos-clean ~]$ gcloud config set compute/region europe-west4
Updated property [compute/region].
[student-02-14224ff2407c@centos-clean ~]$ gcloud config set compute/zone europe-west4-c
Updated property [compute/zone].
[student-02-14224ff2407c@centos-clean ~]$
[student-02-14224ff2407c@centos-clean ~]$ gcloud compute instances create lab-1 --zone europe-west4-c --machine-type=e2-standard-2
Created [https://www.googleapis.com/compute/v1/projects/qwiklabs-gcp-02-d7b2390a55a2/zones/europe-west4-c/instances/lab-1].
NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS
lab-1 europe-west4-c e2-standard-2 10.164.0.3 35.204.213.33 RUNNING
[student-02-14224ff2407c@centos-clean ~]$ gcloud config list
[compute]
region = europe-west4
zone = europe-west4-c
[core]
account = student-02-14224ff2407c@qwiklabs.net
disable_usage_reporting = True
project = qwiklabs-gcp-02-d7b2390a55a2
Your active configuration is: [default]
[student-02-14224ff2407c@centos-clean ~]$
[student-02-14224ff2407c@centos-clean ~]$ gcloud compute zones list
NAME REGION STATUS NEXT_MAINTENANCE TURNDOWN_DATE
us-east1-b us-east1 UP
us-east1-c us-east1 UP
us-east1-d us-east1 UP
us-east4-c us-east4 UP
us-east4-b us-east4 UP
us-east4-a us-east4 UP
us-central1-c us-central1 UP
us-central1-a us-central1 UP
us-central1-f us-central1 UP
us-central1-b us-central1 UP
us-west1-b us-west1 UP
us-west1-c us-west1 UP
us-west1-a us-west1 UP
europe-west4-a europe-west4 UP
europe-west4-b europe-west4 UP
europe-west4-c europe-west4 UP
europe-west1-b europe-west1 UP
europe-west1-d europe-west1 UP
europe-west1-c europe-west1 UP
europe-west3-c europe-west3 UP
europe-west3-a europe-west3 UP
europe-west3-b europe-west3 UP
europe-west2-c europe-west2 UP
europe-west2-b europe-west2 UP
europe-west2-a europe-west2 UP
asia-east1-b asia-east1 UP
asia-east1-a asia-east1 UP
asia-east1-c asia-east1 UP
asia-southeast1-b asia-southeast1 UP
asia-southeast1-a asia-southeast1 UP
asia-southeast1-c asia-southeast1 UP
asia-northeast1-b asia-northeast1 UP
asia-northeast1-c asia-northeast1 UP
asia-northeast1-a asia-northeast1 UP
asia-south1-c asia-south1 UP
asia-south1-b asia-south1 UP
asia-south1-a asia-south1 UP
australia-southeast1-b australia-southeast1 UP
australia-southeast1-c australia-southeast1 UP
australia-southeast1-a australia-southeast1 UP
southamerica-east1-b southamerica-east1 UP
southamerica-east1-c southamerica-east1 UP
southamerica-east1-a southamerica-east1 UP
africa-south1-a africa-south1 UP
africa-south1-b africa-south1 UP
africa-south1-c africa-south1 UP
asia-east2-a asia-east2 UP
asia-east2-b asia-east2 UP
asia-east2-c asia-east2 UP
asia-northeast2-a asia-northeast2 UP
asia-northeast2-b asia-northeast2 UP
asia-northeast2-c asia-northeast2 UP
asia-northeast3-a asia-northeast3 UP
asia-northeast3-b asia-northeast3 UP
asia-northeast3-c asia-northeast3 UP
asia-south2-a asia-south2 UP
asia-south2-b asia-south2 UP
asia-south2-c asia-south2 UP
asia-southeast2-a asia-southeast2 UP
asia-southeast2-b asia-southeast2 UP
asia-southeast2-c asia-southeast2 UP
australia-southeast2-a australia-southeast2 UP
australia-southeast2-b australia-southeast2 UP
australia-southeast2-c australia-southeast2 UP
europe-central2-a europe-central2 UP
europe-central2-b europe-central2 UP
europe-central2-c europe-central2 UP
europe-north1-a europe-north1 UP
europe-north1-b europe-north1 UP
europe-north1-c europe-north1 UP
europe-southwest1-a europe-southwest1 UP
europe-southwest1-b europe-southwest1 UP
europe-southwest1-c europe-southwest1 UP
europe-west10-a europe-west10 UP
europe-west10-b europe-west10 UP
europe-west10-c europe-west10 UP
europe-west12-a europe-west12 UP
europe-west12-b europe-west12 UP
europe-west12-c europe-west12 UP
europe-west6-a europe-west6 UP
europe-west6-b europe-west6 UP
europe-west6-c europe-west6 UP
europe-west8-a europe-west8 UP
europe-west8-b europe-west8 UP
europe-west8-c europe-west8 UP
europe-west9-a europe-west9 UP
europe-west9-b europe-west9 UP
europe-west9-c europe-west9 UP
me-central1-a me-central1 UP
me-central1-b me-central1 UP
me-central1-c me-central1 UP
me-central2-a me-central2 UP
me-central2-b me-central2 UP
me-central2-c me-central2 UP
me-west1-a me-west1 UP
me-west1-b me-west1 UP
me-west1-c me-west1 UP
northamerica-northeast1-a northamerica-northeast1 UP
northamerica-northeast1-b northamerica-northeast1 UP
northamerica-northeast1-c northamerica-northeast1 UP
northamerica-northeast2-a northamerica-northeast2 UP
northamerica-northeast2-b northamerica-northeast2 UP
northamerica-northeast2-c northamerica-northeast2 UP
southamerica-west1-a southamerica-west1 UP
southamerica-west1-b southamerica-west1 UP
southamerica-west1-c southamerica-west1 UP
us-east5-a us-east5 UP
us-east5-b us-east5 UP
us-east5-c us-east5 UP
us-south1-a us-south1 UP
us-south1-b us-south1 UP
us-south1-c us-south1 UP
us-west2-a us-west2 UP
us-west2-b us-west2 UP
us-west2-c us-west2 UP
us-west3-a us-west3 UP
us-west3-b us-west3 UP
us-west3-c us-west3 UP
us-west4-a us-west4 UP
us-west4-b us-west4 UP
us-west4-c us-west4 UP
[student-02-14224ff2407c@centos-clean ~]$
[student-02-14224ff2407c@centos-clean ~]$ gcloud config set compute/zone europe-west4-a
Updated property [compute/zone].
[student-02-14224ff2407c@centos-clean ~]$ gcloud config list
[compute]
region = europe-west4
zone = europe-west4-a
[core]
account = student-02-14224ff2407c@qwiklabs.net
disable_usage_reporting = True
project = qwiklabs-gcp-02-d7b2390a55a2
Your active configuration is: [default]
[student-02-14224ff2407c@centos-clean ~]$
[student-02-14224ff2407c@centos-clean ~]$ cat ~/.config/gcloud/configurations/config_default
[core]
account = student-02-14224ff2407c@qwiklabs.net
[compute]
region = europe-west4
zone = europe-west4-a
[student-02-14224ff2407c@centos-clean ~]$
[student-02-14224ff2407c@centos-clean ~]$ gcloud init --no-launch-browser
Welcome! This command will take you through the configuration of gcloud.
Settings from your current configuration [default] are:
compute:
region: europe-west4
zone: europe-west4-a
core:
account: student-02-14224ff2407c@qwiklabs.net
disable_usage_reporting: 'True'
project: qwiklabs-gcp-02-d7b2390a55a2
Pick configuration to use:
[1] Re-initialize this configuration [default] with new settings
[2] Create a new configuration
Please enter your numeric choice: 2
Enter configuration name. Names start with a lower case letter and contain only lower case letters a-z, digits
0-9, and hyphens '-': user2
Your current configuration has been set to: [user2]
You can skip diagnostics next time by using the following flag:
gcloud init --skip-diagnostics
Network diagnostic detects and fixes local network connection issues.
Checking network connection...done.
Reachability Check passed.
Network diagnostic passed (1/1 checks passed).
Choose the account you would like to use to perform operations for this configuration:
[1] 272357223605-compute@developer.gserviceaccount.com
[2] student-02-14224ff2407c@qwiklabs.net
[3] Log in with a new account
Please enter your numeric choice: 3
You are running on a Google Compute Engine virtual machine.
It is recommended that you use service accounts for authentication.
You can run:
$ gcloud config set account `ACCOUNT`
to switch accounts if necessary.
Your credentials may be visible to others with access to this
virtual machine. Are you sure you want to authenticate with
your personal account?
Do you want to continue (Y/n)? y
Go to the following link in your browser:
https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=32555940559.apps.googleusercontent.com&redirect_uri=https%3A%2F%2Fsdk.cloud.google.com%2Fauthcode.html&scope=openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fappengine.admin+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fsqlservice.login+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcompute+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Faccounts.reauth&state=Il0HfWYXilekWdYfQiHoRx0xSTihNV&prompt=consent&token_usage=remote&access_type=offline&code_challenge=OaW_TRIkWlkeGimdOl7eHMKptZICiIivoHCWGYFUack&code_challenge_method=S256
Enter authorization code: 4/0AeaYSHCnJCk77uqiQik77cXashc_2-_K69l76CZbbE7hrQ04QXdPPwGpvyxOn9at0fiQAg
You are logged in as: [student-04-caef576da4c3@qwiklabs.net].
Pick cloud project to use:
[1] qwiklabs-resources
[2] Enter a project ID
[3] Create a new project
Please enter numeric choice or text value (must exactly match list item): 2
Enter project ID you would like to use: qwiklabs-gcp-02-d7b2390a55a2
Your current project has been set to: [qwiklabs-gcp-02-d7b2390a55a2].
Your project default Compute Engine zone has been set to [europe-west4-c].
You can change it by running [gcloud config set compute/zone NAME].
Your project default Compute Engine region has been set to [europe-west4].
You can change it by running [gcloud config set compute/region NAME].
Created a default .boto configuration file at [/home/student-02-14224ff2407c/.boto]. See this file and
[https://cloud.google.com/storage/docs/gsutil/commands/config] for more
information about configuring Google Cloud Storage.
Your Google Cloud SDK is configured and ready to use!
* Commands that require authentication will use student-04-caef576da4c3@qwiklabs.net by default
* Commands will reference project `qwiklabs-gcp-02-d7b2390a55a2` by default
* Compute Engine commands will use region `europe-west4` by default
* Compute Engine commands will use zone `europe-west4-c` by default
Run `gcloud help config` to learn how to change individual settings
This gcloud configuration is called [user2]. You can create additional configurations if you work with multiple accounts and/or projects.
Run `gcloud topic configurations` to learn more.
Some things to try next:
* Run `gcloud --help` to see the Cloud Platform services you can interact with. And run `gcloud help COMMAND` to get help on any gcloud command.
* Run `gcloud topic --help` to learn about advanced features of the SDK like arg files and output formatting
* Run `gcloud cheat-sheet` to see a roster of go-to `gcloud` commands.
[student-02-14224ff2407c@centos-clean ~]$
[student-02-14224ff2407c@centos-clean ~]$ gcloud compute instances list
NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS
centos-clean europe-west4-c e2-medium 10.164.0.2 34.91.187.188 RUNNING
lab-1 europe-west4-c e2-standard-2 10.164.0.3 35.204.213.33 RUNNING
[student-02-14224ff2407c@centos-clean ~]$
[student-02-14224ff2407c@centos-clean ~]$ gcloud compute instances create lab-2 --zone us-east4-c --machine-type=e2-standard-2
ERROR: (gcloud.compute.instances.create) Could not fetch resource:
- Required 'compute.instances.create' permission for 'projects/qwiklabs-gcp-02-d7b2390a55a2/zones/us-east4-c/instances/lab-2'
[student-02-14224ff2407c@centos-clean ~]$
[student-02-14224ff2407c@centos-clean ~]$ gcloud config configurations activate default
Activated [default].
[student-02-14224ff2407c@centos-clean ~]$
[student-02-14224ff2407c@centos-clean ~]$ gcloud iam roles list | grep "name:"
name: roles/accessapproval.approver
name: roles/accessapproval.configEditor
name: roles/accessapproval.invalidator
name: roles/accessapproval.viewer
name: roles/accesscontextmanager.gcpAccessAdmin
name: roles/accesscontextmanager.gcpAccessReader
name: roles/accesscontextmanager.policyAdmin
name: roles/accesscontextmanager.policyEditor
name: roles/accesscontextmanager.policyReader
name: roles/accesscontextmanager.vpcScTroubleshooterViewer
name: roles/actions.Admin
name: roles/actions.Viewer
name: roles/advisorynotifications.admin
name: roles/advisorynotifications.viewer
name: roles/aiplatform.admin
name: roles/aiplatform.colabEnterpriseAdmin
name: roles/aiplatform.colabEnterpriseUser
name: roles/aiplatform.colabServiceAgent
name: roles/aiplatform.customCodeServiceAgent
name: roles/aiplatform.entityTypeOwner
name: roles/aiplatform.extensionCustomCodeServiceAgent
name: roles/aiplatform.extensionServiceAgent
name: roles/aiplatform.featurestoreAdmin
name: roles/aiplatform.featurestoreDataViewer
name: roles/aiplatform.featurestoreDataWriter
name: roles/aiplatform.featurestoreInstanceCreator
name: roles/aiplatform.featurestoreResourceViewer
name: roles/aiplatform.featurestoreUser
name: roles/aiplatform.migrator
name: roles/aiplatform.notebookExecutorUser
name: roles/aiplatform.notebookRuntimeAdmin
name: roles/aiplatform.notebookRuntimeUser
name: roles/aiplatform.notebookServiceAgent
name: roles/aiplatform.ragServiceAgent
name: roles/aiplatform.rapidevalServiceAgent
name: roles/aiplatform.reasoningEngineServiceAgent
name: roles/aiplatform.serviceAgent
name: roles/aiplatform.tensorboardWebAppUser
name: roles/aiplatform.tuningServiceAgent
name: roles/aiplatform.user
name: roles/aiplatform.viewer
name: roles/alloydb.admin
name: roles/alloydb.client
name: roles/alloydb.databaseUser
name: roles/alloydb.serviceAgent
name: roles/alloydb.viewer
name: roles/analyticshub.admin
name: roles/analyticshub.listingAdmin
name: roles/analyticshub.publisher
name: roles/analyticshub.subscriber
name: roles/analyticshub.subscriptionOwner
name: roles/analyticshub.viewer
name: roles/androidmanagement.user
name: roles/anthos.serviceAgent
name: roles/anthosaudit.serviceAgent
name: roles/anthosconfigmanagement.serviceAgent
name: roles/anthosidentityservice.serviceAgent
name: roles/anthospolicycontroller.serviceAgent
name: roles/anthosservicemesh.serviceAgent
name: roles/anthossupport.serviceAgent
name: roles/apigateway.admin
name: roles/apigateway.serviceAgent
name: roles/apigateway.viewer
name: roles/apigateway_management.serviceAgent
name: roles/apigee.admin
name: roles/apigee.analyticsAgent
name: roles/apigee.analyticsEditor
name: roles/apigee.analyticsViewer
name: roles/apigee.apiAdminV2
name: roles/apigee.apiReaderV2
name: roles/apigee.developerAdmin
name: roles/apigee.environmentAdmin
name: roles/apigee.monetizationAdmin
name: roles/apigee.portalAdmin
name: roles/apigee.readOnlyAdmin
name: roles/apigee.runtimeAgent
name: roles/apigee.securityAdmin
name: roles/apigee.securityViewer
name: roles/apigee.serviceAgent
name: roles/apigee.synchronizerManager
name: roles/apigeeconnect.Admin
name: roles/apigeeconnect.Agent
name: roles/apigeeregistry.admin
name: roles/apigeeregistry.editor
name: roles/apigeeregistry.viewer
name: roles/apigeeregistry.worker
name: roles/apihub.admin
name: roles/apihub.attributeAdmin
name: roles/apihub.editor
name: roles/apihub.pluginAdmin
name: roles/apihub.provisioningAdmin
name: roles/apihub.viewer
name: roles/appdevelopmentexperience.serviceAgent
name: roles/appengine.appAdmin
name: roles/appengine.appCreator
name: roles/appengine.appViewer
name: roles/appengine.codeViewer
name: roles/appengine.debugger
name: roles/appengine.deployer
name: roles/appengine.memcacheDataAdmin
name: roles/appengine.serviceAdmin
name: roles/appengine.serviceAgent
name: roles/appengineflex.serviceAgent
name: roles/apphub.admin
name: roles/apphub.editor
name: roles/apphub.viewer
name: roles/applianceactivation.approver
name: roles/applianceactivation.client
name: roles/applianceactivation.troubleshooter
name: roles/artifactregistry.admin
name: roles/artifactregistry.createOnPushRepoAdmin
name: roles/artifactregistry.createOnPushWriter
name: roles/artifactregistry.reader
name: roles/artifactregistry.repoAdmin
name: roles/artifactregistry.serviceAgent
name: roles/artifactregistry.writer
name: roles/assuredoss.admin
name: roles/assuredoss.projectAdmin
name: roles/assuredoss.reader
name: roles/assuredoss.user
name: roles/assuredworkloads.admin
name: roles/assuredworkloads.editor
name: roles/assuredworkloads.monitoringServiceAgent
name: roles/assuredworkloads.reader
name: roles/assuredworkloads.serviceAgent
name: roles/auditmanager.admin
name: roles/auditmanager.auditor
name: roles/auditmanager.serviceAgent
name: roles/automl.admin
name: roles/automl.editor
name: roles/automl.predictor
name: roles/automl.serviceAgent
name: roles/automl.viewer
name: roles/automlrecommendations.admin
name: roles/automlrecommendations.adminViewer
name: roles/automlrecommendations.editor
name: roles/automlrecommendations.serviceAgent
name: roles/automlrecommendations.viewer
name: roles/autoscaling.metricsWriter
name: roles/autoscaling.recommendationsReader
name: roles/autoscaling.sitesAdmin
name: roles/autoscaling.stateWriter
name: roles/axt.admin
name: roles/backupdr.admin
name: roles/backupdr.backupUser
name: roles/backupdr.cloudStorageOperator
name: roles/backupdr.computeEngineOperator
name: roles/backupdr.mountUser
name: roles/backupdr.restoreUser
name: roles/backupdr.serviceAgent
name: roles/backupdr.user
name: roles/backupdr.userv2
name: roles/backupdr.viewer
name: roles/baremetalsolution.admin
name: roles/baremetalsolution.editor
name: roles/baremetalsolution.instancesadmin
name: roles/baremetalsolution.instancesviewer
name: roles/baremetalsolution.lunsadmin
name: roles/baremetalsolution.lunsviewer
name: roles/baremetalsolution.maintenanceeventsadmin
name: roles/baremetalsolution.maintenanceeventseditor
name: roles/baremetalsolution.maintenanceeventsviewer
name: roles/baremetalsolution.networksadmin
name: roles/baremetalsolution.nfssharesadmin
name: roles/baremetalsolution.nfsshareseditor
name: roles/baremetalsolution.nfssharesviewer
name: roles/baremetalsolution.osimagesviewer
name: roles/baremetalsolution.procurementsadmin
name: roles/baremetalsolution.procurementseditor
name: roles/baremetalsolution.procurementsviewer
name: roles/baremetalsolution.serviceAgent
name: roles/baremetalsolution.storageadmin
name: roles/baremetalsolution.viewer
name: roles/baremetalsolution.volumesadmin
name: roles/baremetalsolution.volumeseditor
name: roles/baremetalsolution.volumesnapshotsadmin
name: roles/baremetalsolution.volumesnapshotseditor
name: roles/baremetalsolution.volumesnapshotsviewer
name: roles/baremetalsolution.volumessviewer
name: roles/batch.agentReporter
name: roles/batch.jobsEditor
name: roles/batch.jobsViewer
name: roles/batch.serviceAgent
name: roles/beyondcorp.admin
name: roles/beyondcorp.clientConnectorAdmin
name: roles/beyondcorp.clientConnectorServiceUser
name: roles/beyondcorp.clientConnectorViewer
name: roles/beyondcorp.partnerServiceDelegateAdmin
name: roles/beyondcorp.partnerServiceDelegateViewer
name: roles/beyondcorp.subscriptionAdmin
name: roles/beyondcorp.subscriptionViewer
name: roles/beyondcorp.viewer
name: roles/biglake.admin
name: roles/biglake.viewer
name: roles/bigquery.admin
name: roles/bigquery.connectionAdmin
name: roles/bigquery.connectionUser
name: roles/bigquery.dataEditor
name: roles/bigquery.dataOwner
name: roles/bigquery.dataViewer
name: roles/bigquery.filteredDataViewer
name: roles/bigquery.jobUser
name: roles/bigquery.metadataViewer
name: roles/bigquery.readSessionUser
name: roles/bigquery.resourceAdmin
name: roles/bigquery.resourceEditor
name: roles/bigquery.resourceViewer
name: roles/bigquery.studioAdmin
name: roles/bigquery.studioUser
name: roles/bigquery.user
name: roles/bigqueryconnection.serviceAgent
name: roles/bigquerycontinuousquery.serviceAgent
name: roles/bigquerydatapolicy.maskedReader
name: roles/bigquerydatatransfer.serviceAgent
name: roles/bigquerymigration.editor
name: roles/bigquerymigration.orchestrator
name: roles/bigquerymigration.translationUser
name: roles/bigquerymigration.viewer
name: roles/bigquerymigration.worker
name: roles/bigqueryomni.serviceAgent
name: roles/bigqueryspark.serviceAgent
name: roles/bigtable.admin
name: roles/bigtable.reader
name: roles/bigtable.user
name: roles/bigtable.viewer
name: roles/billing.admin
name: roles/billing.carbonViewer
name: roles/billing.costsManager
name: roles/billing.creator
name: roles/billing.projectManager
name: roles/billing.user
name: roles/billing.viewer
name: roles/binaryauthorization.attestorsAdmin
name: roles/binaryauthorization.attestorsEditor
name: roles/binaryauthorization.attestorsVerifier
name: roles/binaryauthorization.attestorsViewer
name: roles/binaryauthorization.policyAdmin
name: roles/binaryauthorization.policyEditor
name: roles/binaryauthorization.policyEvaluator
name: roles/binaryauthorization.policyViewer
name: roles/binaryauthorization.serviceAgent
name: roles/blockchainnodeengine.admin
name: roles/blockchainnodeengine.viewer
name: roles/browser
name: roles/capacityplanner.viewer
name: roles/carestudio.viewer
name: roles/certificatemanager.editor
name: roles/certificatemanager.owner
name: roles/certificatemanager.serviceAgent
name: roles/certificatemanager.viewer
name: roles/chat.owner
name: roles/chat.reader
name: roles/chronicle.admin
name: roles/chronicle.editor
name: roles/chronicle.limitedViewer
name: roles/chronicle.restrictedDataAccess
name: roles/chronicle.restrictedDataAccessViewer
name: roles/chronicle.serviceAgent
name: roles/chronicle.soarAdmin
name: roles/chronicle.soarServiceAgent
name: roles/chronicle.soarThreatManager
name: roles/chronicle.soarVulnerabilityManager
name: roles/chronicle.viewer
name: roles/chroniclesm.admin
name: roles/chroniclesm.viewer
name: roles/cloud.locationReader
name: roles/cloudaicompanion.user
name: roles/cloudasset.effectivePolicyServiceAgent
name: roles/cloudasset.owner
name: roles/cloudasset.serviceAgent
name: roles/cloudasset.viewer
name: roles/cloudbuild.builds.approver
name: roles/cloudbuild.builds.builder
name: roles/cloudbuild.builds.editor
name: roles/cloudbuild.builds.viewer
name: roles/cloudbuild.connectionAdmin
name: roles/cloudbuild.connectionViewer
name: roles/cloudbuild.integrationsEditor
name: roles/cloudbuild.integrationsOwner
name: roles/cloudbuild.integrationsViewer
name: roles/cloudbuild.loggingServiceAgent
name: roles/cloudbuild.readTokenAccessor
name: roles/cloudbuild.serviceAgent
name: roles/cloudbuild.tokenAccessor
name: roles/cloudbuild.workerPoolEditor
name: roles/cloudbuild.workerPoolOwner
name: roles/cloudbuild.workerPoolUser
name: roles/cloudbuild.workerPoolViewer
name: roles/cloudconfig.admin
name: roles/cloudconfig.serviceAgent
name: roles/cloudconfig.viewer
name: roles/cloudcontrolspartner.accessApprovalServiceAgent
name: roles/cloudcontrolspartner.admin
name: roles/cloudcontrolspartner.editor
name: roles/cloudcontrolspartner.ekmServiceAgent
name: roles/cloudcontrolspartner.inspectabilityReader
name: roles/cloudcontrolspartner.monitoringReader
name: roles/cloudcontrolspartner.monitoringServiceAgent
name: roles/cloudcontrolspartner.reader
name: roles/clouddebugger.agent
name: roles/clouddebugger.user
name: roles/clouddeploy.admin
name: roles/clouddeploy.approver
name: roles/clouddeploy.customTargetTypeAdmin
name: roles/clouddeploy.developer
name: roles/clouddeploy.jobRunner
name: roles/clouddeploy.operator
name: roles/clouddeploy.releaser
name: roles/clouddeploy.serviceAgent
name: roles/clouddeploy.viewer
name: roles/clouddeploymentmanager.serviceAgent
name: roles/cloudfunctions.admin
name: roles/cloudfunctions.developer
name: roles/cloudfunctions.invoker
name: roles/cloudfunctions.serviceAgent
name: roles/cloudfunctions.viewer
name: roles/cloudiot.admin
name: roles/cloudiot.deviceController
name: roles/cloudiot.editor
name: roles/cloudiot.provisioner
name: roles/cloudiot.serviceAgent
name: roles/cloudiot.viewer
name: roles/cloudjobdiscovery.admin
name: roles/cloudjobdiscovery.jobsEditor
name: roles/cloudjobdiscovery.jobsViewer
name: roles/cloudjobdiscovery.profilesEditor
name: roles/cloudjobdiscovery.profilesViewer
name: roles/cloudkms.admin
name: roles/cloudkms.cryptoKeyDecrypter
name: roles/cloudkms.cryptoKeyDecrypterViaDelegation
name: roles/cloudkms.cryptoKeyEncrypter
name: roles/cloudkms.cryptoKeyEncrypterDecrypter
name: roles/cloudkms.cryptoKeyEncrypterDecrypterViaDelegation
name: roles/cloudkms.cryptoKeyEncrypterViaDelegation
name: roles/cloudkms.cryptoOperator
name: roles/cloudkms.ekmConnectionsAdmin
name: roles/cloudkms.expertRawAesCbc
name: roles/cloudkms.expertRawAesCtr
name: roles/cloudkms.expertRawPKCS1
name: roles/cloudkms.importer
name: roles/cloudkms.orgServiceAgent
name: roles/cloudkms.protectedResourcesViewer
name: roles/cloudkms.publicKeyViewer
name: roles/cloudkms.serviceAgent
name: roles/cloudkms.signer
name: roles/cloudkms.signerVerifier
name: roles/cloudkms.verifier
name: roles/cloudkms.viewer
name: roles/cloudkmskacls.serviceAgent
name: roles/cloudmigration.inframanager
name: roles/cloudmigration.storageaccess
name: roles/cloudmigration.velostrataconnect
name: roles/cloudoptimization.admin
name: roles/cloudoptimization.editor
name: roles/cloudoptimization.serviceAgent
name: roles/cloudoptimization.viewer
name: roles/cloudprivatecatalog.consumer
name: roles/cloudprivatecatalogproducer.admin
name: roles/cloudprivatecatalogproducer.manager
name: roles/cloudprivatecatalogproducer.orgAdmin
name: roles/cloudprofiler.agent
name: roles/cloudprofiler.user
name: roles/cloudquotas.admin
name: roles/cloudquotas.viewer
name: roles/cloudscheduler.admin
name: roles/cloudscheduler.jobRunner
name: roles/cloudscheduler.serviceAgent
name: roles/cloudscheduler.viewer
name: roles/cloudsecurityscanner.editor
name: roles/cloudsecurityscanner.runner
name: roles/cloudsecurityscanner.viewer
name: roles/cloudsql.admin
name: roles/cloudsql.client
name: roles/cloudsql.editor
name: roles/cloudsql.instanceUser
name: roles/cloudsql.schemaViewer
name: roles/cloudsql.serviceAgent
name: roles/cloudsql.viewer
name: roles/cloudsupport.admin
name: roles/cloudsupport.techSupportEditor
name: roles/cloudsupport.techSupportViewer
name: roles/cloudsupport.viewer
name: roles/cloudtasks.admin
name: roles/cloudtasks.enqueuer
name: roles/cloudtasks.queueAdmin
name: roles/cloudtasks.serviceAgent
name: roles/cloudtasks.taskDeleter
name: roles/cloudtasks.taskRunner
name: roles/cloudtasks.viewer
name: roles/cloudtestservice.directAccessAdmin
name: roles/cloudtestservice.directAccessViewer
name: roles/cloudtestservice.testAdmin
name: roles/cloudtestservice.testViewer
name: roles/cloudtpu.serviceAgent
name: roles/cloudtrace.admin
name: roles/cloudtrace.agent
name: roles/cloudtrace.user
name: roles/cloudtranslate.admin
name: roles/cloudtranslate.editor
name: roles/cloudtranslate.serviceAgent
name: roles/cloudtranslate.user
name: roles/cloudtranslate.viewer
name: roles/commerceagreementpublishing.admin
name: roles/commerceagreementpublishing.viewer
name: roles/commercebusinessenablement.admin
name: roles/commercebusinessenablement.paymentConfigAdmin
name: roles/commercebusinessenablement.paymentConfigViewer
name: roles/commercebusinessenablement.rebatesAdmin
name: roles/commercebusinessenablement.rebatesViewer
name: roles/commercebusinessenablement.resellerDiscountAdmin
name: roles/commercebusinessenablement.resellerDiscountViewer
name: roles/commercebusinessenablement.viewer
name: roles/commerceoffercatalog.offersViewer
name: roles/commerceorggovernance.admin
name: roles/commerceorggovernance.user
name: roles/commerceorggovernance.viewer
name: roles/commercepricemanagement.eventsViewer
name: roles/commercepricemanagement.privateOffersAdmin
name: roles/commercepricemanagement.viewer
name: roles/commerceproducer.admin
name: roles/commerceproducer.viewer
name: roles/composer.ServiceAgentV2Ext
name: roles/composer.admin
name: roles/composer.environmentAndStorageObjectAdmin
name: roles/composer.environmentAndStorageObjectUser
name: roles/composer.environmentAndStorageObjectViewer
name: roles/composer.serviceAgent
name: roles/composer.sharedVpcAgent
name: roles/composer.user
name: roles/composer.worker
name: roles/compute.admin
name: roles/compute.futureReservationAdmin
name: roles/compute.futureReservationUser
name: roles/compute.futureReservationViewer
name: roles/compute.imageUser
name: roles/compute.instanceAdmin
name: roles/compute.instanceAdmin.v1
name: roles/compute.instanceGroupManagerServiceAgent
name: roles/compute.loadBalancerAdmin
name: roles/compute.loadBalancerServiceUser
name: roles/compute.networkAdmin
name: roles/compute.networkUser
name: roles/compute.networkViewer
name: roles/compute.orgFirewallPolicyAdmin
name: roles/compute.orgFirewallPolicyUser
name: roles/compute.orgSecurityPolicyAdmin
name: roles/compute.orgSecurityPolicyUser
name: roles/compute.orgSecurityResourceAdmin
name: roles/compute.osAdminLogin
name: roles/compute.osLogin
name: roles/compute.osLoginExternalUser
name: roles/compute.packetMirroringAdmin
name: roles/compute.packetMirroringUser
name: roles/compute.publicIpAdmin
name: roles/compute.securityAdmin
name: roles/compute.serviceAgent
name: roles/compute.soleTenantViewer
name: roles/compute.storageAdmin
name: roles/compute.viewer
name: roles/compute.xpnAdmin
name: roles/confidentialcomputing.workloadUser
name: roles/config.admin
name: roles/config.agent
name: roles/config.viewer
name: roles/connectors.admin
name: roles/connectors.customConnectorAdmin
name: roles/connectors.customConnectorViewer
name: roles/connectors.endpointAttachmentAdmin
name: roles/connectors.endpointAttachmentViewer
name: roles/connectors.eventSubscriptionAdmin
name: roles/connectors.eventSubscriptionViewer
name: roles/connectors.invoker
name: roles/connectors.listener
name: roles/connectors.managedZoneAdmin
name: roles/connectors.managedZoneViewer
name: roles/connectors.serviceAgent
name: roles/connectors.viewer
name: roles/consumerprocurement.entitlementManager
name: roles/consumerprocurement.entitlementViewer
name: roles/consumerprocurement.eventsViewer
name: roles/consumerprocurement.orderAdmin
name: roles/consumerprocurement.orderViewer
name: roles/consumerprocurement.procurementAdmin
name: roles/consumerprocurement.procurementViewer
name: roles/contactcenteraiplatform.admin
name: roles/contactcenteraiplatform.viewer
name: roles/contactcenterinsights.editor
name: roles/contactcenterinsights.serviceAgent
name: roles/contactcenterinsights.viewer
name: roles/container.admin
name: roles/container.clusterAdmin
name: roles/container.clusterViewer
name: roles/container.defaultNodeServiceAccount
name: roles/container.developer
name: roles/container.hostServiceAgentUser
name: roles/container.nodeServiceAgent
name: roles/container.serviceAgent
name: roles/container.viewer
name: roles/containeranalysis.ServiceAgent
name: roles/containeranalysis.admin
name: roles/containeranalysis.notes.attacher
name: roles/containeranalysis.notes.editor
name: roles/containeranalysis.notes.occurrences.viewer
name: roles/containeranalysis.notes.viewer
name: roles/containeranalysis.occurrences.editor
name: roles/containeranalysis.occurrences.viewer
name: roles/containerregistry.ServiceAgent
name: roles/containerscanning.ServiceAgent
name: roles/containersecurity.viewer
name: roles/containerthreatdetection.serviceAgent
name: roles/contentwarehouse.admin
name: roles/contentwarehouse.documentAdmin
name: roles/contentwarehouse.documentCreator
name: roles/contentwarehouse.documentEditor
name: roles/contentwarehouse.documentSchemaViewer
name: roles/contentwarehouse.documentViewer
name: roles/contentwarehouse.serviceAgent
name: roles/databaseinsights.eventsViewer
name: roles/databaseinsights.monitoringViewer
name: roles/databaseinsights.operationsAdmin
name: roles/databaseinsights.recommendationViewer
name: roles/databaseinsights.viewer
name: roles/datacatalog.admin
name: roles/datacatalog.categoryAdmin
name: roles/datacatalog.categoryFineGrainedReader
name: roles/datacatalog.dataSteward
name: roles/datacatalog.entryGroupCreator
name: roles/datacatalog.entryGroupOwner
name: roles/datacatalog.entryOwner
name: roles/datacatalog.entryViewer
name: roles/datacatalog.glossaryOwner
name: roles/datacatalog.glossaryUser
name: roles/datacatalog.searchAdmin
name: roles/datacatalog.tagEditor
name: roles/datacatalog.tagTemplateCreator
name: roles/datacatalog.tagTemplateOwner
name: roles/datacatalog.tagTemplateUser
name: roles/datacatalog.tagTemplateViewer
name: roles/datacatalog.viewer
name: roles/dataconnectors.connectorAdmin
name: roles/dataconnectors.connectorUser
name: roles/dataconnectors.serviceAgent
name: roles/dataflow.admin
name: roles/dataflow.developer
name: roles/dataflow.serviceAgent
name: roles/dataflow.viewer
name: roles/dataflow.worker
name: roles/dataform.admin
name: roles/dataform.codeCreator
name: roles/dataform.codeEditor
name: roles/dataform.codeOwner
name: roles/dataform.codeViewer
name: roles/dataform.editor
name: roles/dataform.serviceAgent
name: roles/dataform.viewer
name: roles/datafusion.accessor
name: roles/datafusion.admin
name: roles/datafusion.developer
name: roles/datafusion.operator
name: roles/datafusion.runner
name: roles/datafusion.serviceAgent
name: roles/datafusion.viewer
name: roles/datalabeling.admin
name: roles/datalabeling.editor
name: roles/datalabeling.serviceAgent
name: roles/datalabeling.viewer
name: roles/datalineage.admin
name: roles/datalineage.editor
name: roles/datalineage.producer
name: roles/datalineage.viewer
name: roles/datamigration.admin
name: roles/datamigration.serviceAgent
name: roles/datapipelines.admin
name: roles/datapipelines.invoker
name: roles/datapipelines.serviceAgent
name: roles/datapipelines.viewer
name: roles/dataplex.admin
name: roles/dataplex.aspectTypeOwner
name: roles/dataplex.aspectTypeUser
name: roles/dataplex.bindingAdmin
name: roles/dataplex.catalogAdmin
name: roles/dataplex.catalogEditor
name: roles/dataplex.catalogViewer
name: roles/dataplex.dataOwner
name: roles/dataplex.dataReader
name: roles/dataplex.dataScanAdmin
name: roles/dataplex.dataScanCreator
name: roles/dataplex.dataScanDataViewer
name: roles/dataplex.dataScanEditor
name: roles/dataplex.dataScanViewer
name: roles/dataplex.dataWriter
name: roles/dataplex.developer
name: roles/dataplex.editor
name: roles/dataplex.entryGroupOwner
name: roles/dataplex.entryOwner
name: roles/dataplex.entryTypeOwner
name: roles/dataplex.entryTypeUser
name: roles/dataplex.metadataReader
name: roles/dataplex.metadataWriter
name: roles/dataplex.securityAdmin
name: roles/dataplex.serviceAgent
name: roles/dataplex.storageDataOwner
name: roles/dataplex.storageDataReader
name: roles/dataplex.storageDataWriter
name: roles/dataplex.taxonomyAdmin
name: roles/dataplex.taxonomyViewer
name: roles/dataplex.viewer
name: roles/dataprep.projects.user
name: roles/dataprep.serviceAgent
name: roles/dataproc.admin
name: roles/dataproc.editor
name: roles/dataproc.hubAgent
name: roles/dataproc.serviceAgent
name: roles/dataproc.viewer
name: roles/dataproc.worker
name: roles/dataprocessing.admin
name: roles/dataprocessing.dataSourceManager
name: roles/datastore.backupSchedulesAdmin
name: roles/datastore.backupSchedulesViewer
name: roles/datastore.backupsAdmin
name: roles/datastore.backupsViewer
name: roles/datastore.importExportAdmin
name: roles/datastore.indexAdmin
name: roles/datastore.keyVisualizerViewer
name: roles/datastore.owner
name: roles/datastore.restoreAdmin
name: roles/datastore.user
name: roles/datastore.viewer
name: roles/datastream.admin
name: roles/datastream.serviceAgent
name: roles/datastream.viewer
name: roles/datastudio.admin
name: roles/datastudio.contentManager
name: roles/datastudio.contributor
name: roles/datastudio.editor
name: roles/datastudio.manager
name: roles/datastudio.serviceAgent
name: roles/datastudio.viewer
name: roles/dellemccloudonefs.admin
name: roles/dellemccloudonefs.user
name: roles/dellemccloudonefs.viewer
name: roles/deploymentmanager.editor
name: roles/deploymentmanager.typeEditor
name: roles/deploymentmanager.typeViewer
name: roles/deploymentmanager.viewer
name: roles/dialogflow.aamAdmin
name: roles/dialogflow.aamConversationalArchitect
name: roles/dialogflow.aamDialogDesigner
name: roles/dialogflow.aamLeadDialogDesigner
name: roles/dialogflow.aamViewer
name: roles/dialogflow.admin
name: roles/dialogflow.agentAssistClient
name: roles/dialogflow.client
name: roles/dialogflow.consoleAgentEditor
name: roles/dialogflow.consoleSimulatorUser
name: roles/dialogflow.consoleSmartMessagingAllowlistEditor
name: roles/dialogflow.conversationManager
name: roles/dialogflow.entityTypeAdmin
name: roles/dialogflow.environmentEditor
name: roles/dialogflow.flowEditor
name: roles/dialogflow.integrationManager
name: roles/dialogflow.intentAdmin
name: roles/dialogflow.reader
name: roles/dialogflow.serviceAgent
name: roles/dialogflow.testCaseAdmin
name: roles/dialogflow.webhookAdmin
name: roles/discoveryengine.admin
name: roles/discoveryengine.editor
name: roles/discoveryengine.serviceAgent
name: roles/discoveryengine.viewer
name: roles/dlp.admin
name: roles/dlp.analyzeRiskTemplatesEditor
name: roles/dlp.analyzeRiskTemplatesReader
name: roles/dlp.columnDataProfilesReader
name: roles/dlp.connectionsAdmin
name: roles/dlp.connectionsReader
name: roles/dlp.dataProfilesAdmin
name: roles/dlp.dataProfilesReader
name: roles/dlp.deidentifyTemplatesEditor
name: roles/dlp.deidentifyTemplatesReader
name: roles/dlp.estimatesAdmin
name: roles/dlp.inspectFindingsReader
name: roles/dlp.inspectTemplatesEditor
name: roles/dlp.inspectTemplatesReader
name: roles/dlp.jobTriggersEditor
name: roles/dlp.jobTriggersReader
name: roles/dlp.jobsEditor
name: roles/dlp.jobsReader
name: roles/dlp.orgdriver
name: roles/dlp.projectDataProfilesReader
name: roles/dlp.projectdriver
name: roles/dlp.reader
name: roles/dlp.serviceAgent
name: roles/dlp.storedInfoTypesEditor
name: roles/dlp.storedInfoTypesReader
name: roles/dlp.subscriptionsAdmin
name: roles/dlp.subscriptionsReader
name: roles/dlp.tableDataProfilesAdmin
name: roles/dlp.tableDataProfilesReader
name: roles/dlp.user
name: roles/dns.admin
name: roles/dns.peer
name: roles/dns.reader
name: roles/documentai.admin
name: roles/documentai.apiUser
name: roles/documentai.editor
name: roles/documentai.viewer
name: roles/documentaicore.serviceAgent
name: roles/domains.admin
name: roles/domains.viewer
name: roles/earthengine.admin
name: roles/earthengine.appsPublisher
name: roles/earthengine.viewer
name: roles/earthengine.writer
name: roles/edgecontainer.admin
name: roles/edgecontainer.clusterServiceAgent
name: roles/edgecontainer.machineUser
name: roles/edgecontainer.offlineCredentialUser
name: roles/edgecontainer.serviceAgent
name: roles/edgecontainer.viewer
name: roles/edgenetwork.admin
name: roles/edgenetwork.viewer
name: roles/editor
name: roles/endpoints.serviceAgent
name: roles/endpointsportal.serviceAgent
name: roles/enterpriseknowledgegraph.admin
name: roles/enterpriseknowledgegraph.editor
name: roles/enterpriseknowledgegraph.serviceAgent
name: roles/enterpriseknowledgegraph.viewer
name: roles/enterprisepurchasing.admin
name: roles/enterprisepurchasing.editor
name: roles/enterprisepurchasing.viewer
name: roles/errorreporting.admin
name: roles/errorreporting.user
name: roles/errorreporting.viewer
name: roles/errorreporting.writer
name: roles/essentialcontacts.admin
name: roles/essentialcontacts.viewer
name: roles/eventarc.admin
name: roles/eventarc.connectionPublisher
name: roles/eventarc.developer
name: roles/eventarc.eventReceiver
name: roles/eventarc.publisher
name: roles/eventarc.serviceAgent
name: roles/eventarc.viewer
name: roles/file.editor
name: roles/file.serviceAgent
name: roles/file.viewer
name: roles/financialservices.admin
name: roles/financialservices.viewer
name: roles/firebase.admin
name: roles/firebase.analyticsAdmin
name: roles/firebase.analyticsViewer
name: roles/firebase.appDistributionSdkServiceAgent
name: roles/firebase.developAdmin
name: roles/firebase.developViewer
name: roles/firebase.growthAdmin
name: roles/firebase.growthViewer
name: roles/firebase.managementServiceAgent
name: roles/firebase.qualityAdmin
name: roles/firebase.qualityViewer
name: roles/firebase.sdkAdminServiceAgent
name: roles/firebase.sdkProvisioningServiceAgent
name: roles/firebase.viewer
name: roles/firebaseabt.admin
name: roles/firebaseabt.viewer
name: roles/firebaseappcheck.admin
name: roles/firebaseappcheck.serviceAgent
name: roles/firebaseappcheck.tokenVerifier
name: roles/firebaseappcheck.viewer
name: roles/firebaseappdistro.admin
name: roles/firebaseappdistro.viewer
name: roles/firebaseauth.admin
name: roles/firebaseauth.viewer
name: roles/firebasecloudmessaging.admin
name: roles/firebasecrash.symbolMappingsAdmin
name: roles/firebasecrashlytics.admin
name: roles/firebasecrashlytics.viewer
name: roles/firebasedatabase.admin
name: roles/firebasedatabase.serviceAgent
name: roles/firebasedatabase.viewer
name: roles/firebasedynamiclinks.admin
name: roles/firebasedynamiclinks.viewer
name: roles/firebaseextensions.developer
name: roles/firebaseextensions.viewer
name: roles/firebaseextensionspublisher.extensionsAdmin
name: roles/firebaseextensionspublisher.extensionsViewer
name: roles/firebasehosting.admin
name: roles/firebasehosting.viewer
name: roles/firebaseinappmessaging.admin
name: roles/firebaseinappmessaging.viewer
name: roles/firebasemessagingcampaigns.admin
name: roles/firebasemessagingcampaigns.viewer
name: roles/firebaseml.admin
name: roles/firebaseml.serviceAgent
name: roles/firebaseml.viewer
name: roles/firebasemods.serviceAgent
name: roles/firebasenotifications.admin
name: roles/firebasenotifications.viewer
name: roles/firebaseperformance.admin
name: roles/firebaseperformance.viewer
name: roles/firebaserules.admin
name: roles/firebaserules.firestoreServiceAgent
name: roles/firebaserules.system
name: roles/firebaserules.viewer
name: roles/firebasestorage.admin
name: roles/firebasestorage.serviceAgent
name: roles/firebasestorage.viewer
name: roles/firestore.serviceAgent
name: roles/firewallinsights.serviceAgent
name: roles/fleetengine.consumerSdkUser
name: roles/fleetengine.deliveryAdmin
name: roles/fleetengine.deliveryConsumer
name: roles/fleetengine.deliveryFleetReader
name: roles/fleetengine.deliverySuperUser
name: roles/fleetengine.deliveryTrustedDriver
name: roles/fleetengine.deliveryUntrustedDriver
name: roles/fleetengine.driverSdkUser
name: roles/fleetengine.ondemandAdmin
name: roles/fleetengine.serviceAgent
name: roles/fleetengine.serviceSuperUser
name: roles/gameservices.serviceAgent
name: roles/gdchardwaremanagement.admin
name: roles/gdchardwaremanagement.operator
name: roles/gdchardwaremanagement.reader
name: roles/genomics.admin
name: roles/genomics.editor
name: roles/genomics.pipelinesRunner
name: roles/genomics.serviceAgent
name: roles/genomics.viewer
name: roles/gkebackup.admin
name: roles/gkebackup.backupAdmin
name: roles/gkebackup.delegatedBackupAdmin
name: roles/gkebackup.delegatedRestoreAdmin
name: roles/gkebackup.restoreAdmin
name: roles/gkebackup.serviceAgent
name: roles/gkebackup.viewer
name: roles/gkedataplanemanagement.warpRunServiceAgent
name: roles/gkehub.admin
name: roles/gkehub.connect
name: roles/gkehub.crossProjectServiceAgent
name: roles/gkehub.editor
name: roles/gkehub.gatewayAdmin
name: roles/gkehub.gatewayEditor
name: roles/gkehub.gatewayReader
name: roles/gkehub.scopeViewer
name: roles/gkehub.serviceAgent
name: roles/gkehub.viewer
name: roles/gkemulticloud.admin
name: roles/gkemulticloud.containerServiceAgent
name: roles/gkemulticloud.controlPlaneMachineServiceAgent
name: roles/gkemulticloud.nodePoolMachineServiceAgent
name: roles/gkemulticloud.serviceAgent
name: roles/gkemulticloud.telemetryWriter
name: roles/gkemulticloud.viewer
name: roles/gkeonprem.admin
name: roles/gkeonprem.serviceAgent
name: roles/gkeonprem.viewer
name: roles/gsuiteaddons.developer
name: roles/gsuiteaddons.reader
name: roles/gsuiteaddons.tester
name: roles/healthcare.annotationEditor
name: roles/healthcare.annotationReader
name: roles/healthcare.annotationStoreAdmin
name: roles/healthcare.annotationStoreViewer
name: roles/healthcare.attributeDefinitionEditor
name: roles/healthcare.attributeDefinitionReader
name: roles/healthcare.consentArtifactAdmin
name: roles/healthcare.consentArtifactEditor
name: roles/healthcare.consentArtifactReader
name: roles/healthcare.consentEditor
name: roles/healthcare.consentReader
name: roles/healthcare.consentStoreAdmin
name: roles/healthcare.consentStoreViewer
name: roles/healthcare.datasetAdmin
name: roles/healthcare.datasetViewer
name: roles/healthcare.dicomEditor
name: roles/healthcare.dicomStoreAdmin
name: roles/healthcare.dicomStoreViewer
name: roles/healthcare.dicomViewer
name: roles/healthcare.fhirResourceEditor
name: roles/healthcare.fhirResourceReader
name: roles/healthcare.fhirStoreAdmin
name: roles/healthcare.fhirStoreViewer
name: roles/healthcare.hl7V2Consumer
name: roles/healthcare.hl7V2Editor
name: roles/healthcare.hl7V2Ingest
name: roles/healthcare.hl7V2StoreAdmin
name: roles/healthcare.hl7V2StoreViewer
name: roles/healthcare.nlpServiceViewer
name: roles/healthcare.serviceAgent
name: roles/healthcare.userDataMappingEditor
name: roles/healthcare.userDataMappingReader
name: roles/iam.denyAdmin
name: roles/iam.denyReviewer
name: roles/iam.oauthClientAdmin
name: roles/iam.oauthClientViewer
name: roles/iam.organizationRoleAdmin
name: roles/iam.organizationRoleViewer
name: roles/iam.roleAdmin
name: roles/iam.roleViewer
name: roles/iam.securityAdmin
name: roles/iam.securityReviewer
name: roles/iam.serviceAccountAdmin
name: roles/iam.serviceAccountCreator
name: roles/iam.serviceAccountDeleter
name: roles/iam.serviceAccountKeyAdmin
name: roles/iam.serviceAccountOpenIdTokenCreator
name: roles/iam.serviceAccountTokenCreator
name: roles/iam.serviceAccountUser
name: roles/iam.serviceAccountViewer
name: roles/iam.workforcePoolAdmin
name: roles/iam.workforcePoolEditor
name: roles/iam.workforcePoolViewer
name: roles/iam.workloadIdentityPoolAdmin
name: roles/iam.workloadIdentityPoolViewer
name: roles/iam.workloadIdentityUser
name: roles/iap.admin
name: roles/iap.httpsResourceAccessor
name: roles/iap.remediatorUser
name: roles/iap.settingsAdmin
name: roles/iap.tunnelDestGroupEditor
name: roles/iap.tunnelDestGroupViewer
name: roles/iap.tunnelResourceAccessor
name: roles/identityplatform.admin
name: roles/identityplatform.viewer
name: roles/identitytoolkit.admin
name: roles/identitytoolkit.serviceAgent
name: roles/identitytoolkit.viewer
name: roles/ids.admin
name: roles/ids.viewer
name: roles/integrations.apigeeIntegrationAdminRole
name: roles/integrations.apigeeIntegrationDeployerRole
name: roles/integrations.apigeeIntegrationEditorRole
name: roles/integrations.apigeeIntegrationInvokerRole
name: roles/integrations.apigeeIntegrationsViewer
name: roles/integrations.apigeeSuspensionResolver
name: roles/integrations.certificateViewer
name: roles/integrations.integrationAdmin
name: roles/integrations.integrationDeployer
name: roles/integrations.integrationEditor
name: roles/integrations.integrationInvoker
name: roles/integrations.integrationViewer
name: roles/integrations.securityIntegrationAdmin
name: roles/integrations.serviceAgent
name: roles/integrations.sfdcInstanceAdmin
name: roles/integrations.sfdcInstanceEditor
name: roles/integrations.sfdcInstanceViewer
name: roles/integrations.suspensionResolver
name: roles/issuerswitch.accountManagerAdmin
name: roles/issuerswitch.accountManagerTransactionsAdmin
name: roles/issuerswitch.accountManagerTransactionsViewer
name: roles/issuerswitch.admin
name: roles/issuerswitch.issuerParticipantsAdmin
name: roles/issuerswitch.resolutionsAdmin
name: roles/issuerswitch.rulesAdmin
name: roles/issuerswitch.rulesViewer
name: roles/issuerswitch.transactionsViewer
name: roles/krmapihosting.admin
name: roles/krmapihosting.anthosApiEndpointServiceAgent
name: roles/krmapihosting.serviceAgent
name: roles/krmapihosting.viewer
name: roles/kubernetesmetadata.publisher
name: roles/kuberun.eventsControlPlaneServiceAgent
name: roles/kuberun.eventsDataPlaneServiceAgent
name: roles/lifesciences.admin
name: roles/lifesciences.editor
name: roles/lifesciences.serviceAgent
name: roles/lifesciences.viewer
name: roles/lifesciences.workflowsRunner
name: roles/livestream.editor
name: roles/livestream.serviceAgent
name: roles/livestream.viewer
name: roles/logging.admin
name: roles/logging.bucketWriter
name: roles/logging.configWriter
name: roles/logging.fieldAccessor
name: roles/logging.linkViewer
name: roles/logging.logWriter
name: roles/logging.privateLogViewer
name: roles/logging.serviceAgent
name: roles/logging.viewAccessor
name: roles/logging.viewer
name: roles/looker.admin
name: roles/looker.instanceUser
name: roles/looker.serviceAgent
name: roles/looker.viewer
name: roles/lookerstudio.proManager
name: roles/managedidentities.admin
name: roles/managedidentities.backupAdmin
name: roles/managedidentities.backupViewer
name: roles/managedidentities.domainAdmin
name: roles/managedidentities.domainJoin
name: roles/managedidentities.peeringAdmin
name: roles/managedidentities.peeringViewer
name: roles/managedidentities.serviceAgent
name: roles/managedidentities.viewer
name: roles/mandiant.attackSurfaceManagementEditor
name: roles/mandiant.attackSurfaceManagementViewer
name: roles/mandiant.digitalThreatMonitoringEditor
name: roles/mandiant.digitalThreatMonitoringViewer
name: roles/mandiant.expertiseOnDemandEditor
name: roles/mandiant.expertiseOnDemandViewer
name: roles/mandiant.threatIntelEditor
name: roles/mandiant.threatIntelViewer
name: roles/mandiant.validationEditor
name: roles/mandiant.validationViewer
name: roles/mapsadmin.admin
name: roles/mapsadmin.viewer
name: roles/mapsanalytics.viewer
name: roles/mapsplatformdatasets.admin
name: roles/mapsplatformdatasets.viewer
name: roles/marketplacesolutions.admin
name: roles/marketplacesolutions.editor
name: roles/marketplacesolutions.viewer
name: roles/mediaasset.serviceAgent
name: roles/memcache.admin
name: roles/memcache.editor
name: roles/memcache.serviceAgent
name: roles/memcache.viewer
name: roles/meshconfig.admin
name: roles/meshconfig.serviceAgent
name: roles/meshconfig.viewer
name: roles/meshcontrolplane.serviceAgent
name: roles/meshdataplane.serviceAgent
name: roles/metastore.admin
name: roles/metastore.editor
name: roles/metastore.federationAccessor
name: roles/metastore.metadataEditor
name: roles/metastore.metadataMutateAdmin
name: roles/metastore.metadataOperator
name: roles/metastore.metadataOwner
name: roles/metastore.metadataQueryAdmin
name: roles/metastore.metadataUser
name: roles/metastore.metadataViewer
name: roles/metastore.migrationAdmin
name: roles/metastore.serviceAgent
name: roles/metastore.user
name: roles/migrationcenter.admin
name: roles/migrationcenter.discoveryClient
name: roles/migrationcenter.discoveryClientRegistrator
name: roles/migrationcenter.serviceAgent
name: roles/migrationcenter.viewer
name: roles/ml.admin
name: roles/ml.developer
name: roles/ml.jobOwner
name: roles/ml.modelOwner
name: roles/ml.modelUser
name: roles/ml.operationOwner
name: roles/ml.serviceAgent
name: roles/ml.viewer
name: roles/monitoring.admin
name: roles/monitoring.alertPolicyEditor
name: roles/monitoring.alertPolicyViewer
name: roles/monitoring.cloudConsoleIncidentEditor
name: roles/monitoring.cloudConsoleIncidentViewer
name: roles/monitoring.dashboardEditor
name: roles/monitoring.dashboardViewer
name: roles/monitoring.editor
name: roles/monitoring.metricWriter
name: roles/monitoring.metricsScopesAdmin
name: roles/monitoring.metricsScopesViewer
name: roles/monitoring.notificationChannelEditor
name: roles/monitoring.notificationChannelViewer
name: roles/monitoring.notificationServiceAgent
name: roles/monitoring.servicesEditor
name: roles/monitoring.servicesViewer
name: roles/monitoring.snoozeEditor
name: roles/monitoring.snoozeViewer
name: roles/monitoring.uptimeCheckConfigEditor
name: roles/monitoring.uptimeCheckConfigViewer
name: roles/monitoring.viewer
name: roles/multiclusteringress.serviceAgent
name: roles/multiclustermetering.serviceAgent
name: roles/multiclusterservicediscovery.serviceAgent
name: roles/nestconsole.homeDeveloperAdmin
name: roles/nestconsole.homeDeveloperEditor
name: roles/nestconsole.homeDeveloperViewer
name: roles/netapp.admin
name: roles/netapp.viewer
name: roles/netappcloudvolumes.admin
name: roles/netappcloudvolumes.viewer
name: roles/networkactions.serviceAgent
name: roles/networkconnectivity.consumerNetworkAdmin
name: roles/networkconnectivity.groupUser
name: roles/networkconnectivity.hubAdmin
name: roles/networkconnectivity.hubViewer
name: roles/networkconnectivity.regionalEndpointAdmin
name: roles/networkconnectivity.regionalEndpointViewer
name: roles/networkconnectivity.serviceAgent
name: roles/networkconnectivity.serviceClassUser
name: roles/networkconnectivity.serviceProducerAdmin
name: roles/networkconnectivity.spokeAdmin
name: roles/networkmanagement.admin
name: roles/networkmanagement.serviceAgent
name: roles/networkmanagement.viewer
name: roles/notebooks.admin
name: roles/notebooks.legacyAdmin
name: roles/notebooks.legacyViewer
name: roles/notebooks.runner
name: roles/notebooks.serviceAgent
name: roles/notebooks.viewer
name: roles/oauthconfig.editor
name: roles/oauthconfig.viewer
name: roles/ondemandscanning.admin
name: roles/ondemandscanning.serviceAgent
name: roles/opsconfigmonitoring.resourceMetadata.viewer
name: roles/opsconfigmonitoring.resourceMetadata.writer
name: roles/orgpolicy.policyAdmin
name: roles/orgpolicy.policyViewer
name: roles/osconfig.guestPolicyAdmin
name: roles/osconfig.guestPolicyEditor
name: roles/osconfig.guestPolicyViewer
name: roles/osconfig.instanceOSPoliciesComplianceViewer
name: roles/osconfig.inventoryViewer
name: roles/osconfig.osPolicyAssignmentAdmin
name: roles/osconfig.osPolicyAssignmentEditor
name: roles/osconfig.osPolicyAssignmentReportViewer
name: roles/osconfig.osPolicyAssignmentViewer
name: roles/osconfig.patchDeploymentAdmin
name: roles/osconfig.patchDeploymentViewer
name: roles/osconfig.patchJobExecutor
name: roles/osconfig.patchJobViewer
name: roles/osconfig.projectFeatureSettingsEditor
name: roles/osconfig.projectFeatureSettingsViewer
name: roles/osconfig.serviceAgent
name: roles/osconfig.upgradeReportViewer
name: roles/osconfig.vulnerabilityReportViewer
name: roles/owner
name: roles/parallelstore.serviceAgent
name: roles/paymentsresellersubscription.partnerAdmin
name: roles/paymentsresellersubscription.partnerViewer
name: roles/paymentsresellersubscription.productViewer
name: roles/paymentsresellersubscription.promotionViewer
name: roles/paymentsresellersubscription.subscriptionEditor
name: roles/paymentsresellersubscription.subscriptionViewer
name: roles/policyanalyzer.activityAnalysisViewer
name: roles/policyremediatormanager.policyRemediatorAdmin
name: roles/policyremediatormanager.policyRemediatorReader
name: roles/policysimulator.admin
name: roles/policysimulator.orgPolicyAdmin
name: roles/privateca.admin
name: roles/privateca.auditor
name: roles/privateca.caManager
name: roles/privateca.certificateManager
name: roles/privateca.certificateRequester
name: roles/privateca.poolReader
name: roles/privateca.templateUser
name: roles/privateca.workloadCertificateRequester
name: roles/privilegedaccessmanager.admin
name: roles/privilegedaccessmanager.folderServiceAgent
name: roles/privilegedaccessmanager.organizationServiceAgent
name: roles/privilegedaccessmanager.projectServiceAgent
name: roles/privilegedaccessmanager.serviceAgent
name: roles/privilegedaccessmanager.viewer
name: roles/proximitybeacon.attachmentEditor
name: roles/proximitybeacon.attachmentPublisher
name: roles/proximitybeacon.attachmentViewer
name: roles/proximitybeacon.beaconEditor
name: roles/publicca.externalAccountKeyCreator
name: roles/pubsub.admin
name: roles/pubsub.editor
name: roles/pubsub.publisher
name: roles/pubsub.serviceAgent
name: roles/pubsub.subscriber
name: roles/pubsub.viewer
name: roles/pubsublite.admin
name: roles/pubsublite.editor
name: roles/pubsublite.publisher
name: roles/pubsublite.serviceAgent
name: roles/pubsublite.subscriber
name: roles/pubsublite.viewer
name: roles/rapidmigrationassessment.serviceAgent
name: roles/readerrevenuesubscriptionlinking.admin
name: roles/readerrevenuesubscriptionlinking.entitlementsViewer
name: roles/readerrevenuesubscriptionlinking.viewer
name: roles/recaptchaenterprise.admin
name: roles/recaptchaenterprise.agent
name: roles/recaptchaenterprise.viewer
name: roles/recommender.bigQueryCapacityCommitmentsAdmin
name: roles/recommender.bigQueryCapacityCommitmentsBillingAccountAdmin
name: roles/recommender.bigQueryCapacityCommitmentsBillingAccountViewer
name: roles/recommender.bigQueryCapacityCommitmentsProjectAdmin
name: roles/recommender.bigQueryCapacityCommitmentsProjectViewer
name: roles/recommender.bigQueryCapacityCommitmentsViewer
name: roles/recommender.bigqueryMaterializedViewAdmin
name: roles/recommender.bigqueryMaterializedViewViewer
name: roles/recommender.bigqueryPartitionClusterAdmin
name: roles/recommender.bigqueryPartitionClusterViewer
name: roles/recommender.billingAccountCudAdmin
name: roles/recommender.billingAccountCudViewer
name: roles/recommender.cloudAssetInsightsAdmin
name: roles/recommender.cloudAssetInsightsViewer
name: roles/recommender.cloudCostRecommendationAdmin
name: roles/recommender.cloudCostRecommendationViewer
name: roles/recommender.cloudDeprecationRecommendationAdmin
name: roles/recommender.cloudDeprecationRecommendationViewer
name: roles/recommender.cloudManageabilityRecommendationAdmin
name: roles/recommender.cloudManageabilityRecommendationViewer
name: roles/recommender.cloudPerformanceRecommendationAdmin
name: roles/recommender.cloudPerformanceRecommendationViewer
name: roles/recommender.cloudReliabilityRecommendationAdmin
name: roles/recommender.cloudReliabilityRecommendationViewer
name: roles/recommender.cloudSecurityRecommendationAdmin
name: roles/recommender.cloudSecurityRecommendationViewer
name: roles/recommender.cloudsqlAdmin
name: roles/recommender.cloudsqlViewer
name: roles/recommender.computeAdmin
name: roles/recommender.computeViewer
name: roles/recommender.containerDiagnosisAdmin
name: roles/recommender.containerDiagnosisViewer
name: roles/recommender.dataflowDiagnosticsAdmin
name: roles/recommender.dataflowDiagnosticsViewer
name: roles/recommender.errorReportingAdmin
name: roles/recommender.errorReportingViewer
name: roles/recommender.exporter
name: roles/recommender.firewallAdmin
name: roles/recommender.firewallViewer
name: roles/recommender.gmpAdmin
name: roles/recommender.gmpViewer
name: roles/recommender.iamAdmin
name: roles/recommender.iamViewer
name: roles/recommender.iampolicychangeriskAdmin
name: roles/recommender.iampolicychangeriskViewer
name: roles/recommender.networkAnalyzerAdmin
name: roles/recommender.networkAnalyzerCloudSqlAdmin
name: roles/recommender.networkAnalyzerCloudSqlViewer
name: roles/recommender.networkAnalyzerDynamicRouteAdmin
name: roles/recommender.networkAnalyzerDynamicRouteViewer
name: roles/recommender.networkAnalyzerGkeConnectivityAdmin
name: roles/recommender.networkAnalyzerGkeConnectivityViewer
name: roles/recommender.networkAnalyzerGkeIpAddressAdmin
name: roles/recommender.networkAnalyzerGkeIpAddressViewer
name: roles/recommender.networkAnalyzerGkeServiceAccountAdmin
name: roles/recommender.networkAnalyzerGkeServiceAccountViewer
name: roles/recommender.networkAnalyzerIpAddressAdmin
name: roles/recommender.networkAnalyzerIpAddressViewer
name: roles/recommender.networkAnalyzerLoadBalancerAdmin
name: roles/recommender.networkAnalyzerLoadBalancerViewer
name: roles/recommender.networkAnalyzerViewer
name: roles/recommender.networkAnalyzerVpcConnectivityAdmin
name: roles/recommender.networkAnalyzerVpcConnectivityViewer
name: roles/recommender.productSuggestionAdmin
name: roles/recommender.productSuggestionViewer
name: roles/recommender.projectCudAdmin
name: roles/recommender.projectCudViewer
name: roles/recommender.projectUtilAdmin
name: roles/recommender.projectUtilViewer
name: roles/recommender.recentChangeConfigAdmin
name: roles/recommender.recentchangeriskAdmin
name: roles/recommender.recentchangeriskViewer
name: roles/recommender.serviceLimitAdmin
name: roles/recommender.serviceLimitViewer
name: roles/recommender.serviceaccntchangeriskAdmin
name: roles/recommender.serviceaccntchangeriskViewer
name: roles/recommender.ucsAdmin
name: roles/recommender.ucsViewer
name: roles/recommender.viewer
name: roles/redis.admin
name: roles/redis.dbConnectionUser
name: roles/redis.editor
name: roles/redis.serviceAgent
name: roles/redis.viewer
name: roles/redisenterprisecloud.admin
name: roles/redisenterprisecloud.viewer
name: roles/remotebuildexecution.actionCacheWriter
name: roles/remotebuildexecution.artifactAdmin
name: roles/remotebuildexecution.artifactCreator
name: roles/remotebuildexecution.artifactViewer
name: roles/remotebuildexecution.configurationAdmin
name: roles/remotebuildexecution.configurationViewer
name: roles/remotebuildexecution.logstreamWriter
name: roles/remotebuildexecution.reservationAdmin
name: roles/remotebuildexecution.serviceAgent
name: roles/remotebuildexecution.worker
name: roles/resourcemanager.folderAdmin
name: roles/resourcemanager.folderCreator
name: roles/resourcemanager.folderEditor
name: roles/resourcemanager.folderIamAdmin
name: roles/resourcemanager.folderMover
name: roles/resourcemanager.folderViewer
name: roles/resourcemanager.lienModifier
name: roles/resourcemanager.organizationAdmin
name: roles/resourcemanager.organizationViewer
name: roles/resourcemanager.projectCreator
name: roles/resourcemanager.projectDeleter
name: roles/resourcemanager.projectIamAdmin
name: roles/resourcemanager.projectMover
name: roles/resourcemanager.tagAdmin
name: roles/resourcemanager.tagHoldAdmin
name: roles/resourcemanager.tagUser
name: roles/resourcemanager.tagViewer
name: roles/resourcesettings.admin
name: roles/resourcesettings.viewer
name: roles/retail.admin
name: roles/retail.editor
name: roles/retail.serviceAgent
name: roles/retail.viewer
name: roles/riscconfigs.admin
name: roles/riscconfigs.viewer
name: roles/riskmanager.admin
name: roles/riskmanager.editor
name: roles/riskmanager.reviewer
name: roles/riskmanager.serviceAgent
name: roles/riskmanager.viewer
name: roles/rma.admin
name: roles/rma.runner
name: roles/rma.viewer
name: roles/routeoptimization.serviceAgent
name: roles/run.admin
name: roles/run.developer
name: roles/run.invoker
name: roles/run.serviceAgent
name: roles/run.viewer
name: roles/runapps.developer
name: roles/runapps.operator
name: roles/runapps.serviceAgent
name: roles/runapps.viewer
name: roles/runtimeconfig.admin
name: roles/secretmanager.admin
name: roles/secretmanager.secretAccessor
name: roles/secretmanager.secretVersionAdder
name: roles/secretmanager.secretVersionManager
name: roles/secretmanager.viewer
name: roles/securedlandingzone.bqdwOrgRemediator
name: roles/securedlandingzone.bqdwProjectRemediator
name: roles/securedlandingzone.overwatchActivator
name: roles/securedlandingzone.overwatchAdmin
name: roles/securedlandingzone.overwatchViewer
name: roles/securedlandingzone.serviceAgent
name: roles/securesourcemanager.admin
name: roles/securesourcemanager.instanceAccessor
name: roles/securesourcemanager.instanceManager
name: roles/securesourcemanager.instanceOwner
name: roles/securesourcemanager.instanceRepositoryCreator
name: roles/securesourcemanager.repoAdmin
name: roles/securesourcemanager.repoCreator
name: roles/securesourcemanager.repoReader
name: roles/securesourcemanager.repoWriter
name: roles/securesourcemanager.sshKeyUser
name: roles/securitycenter.admin
name: roles/securitycenter.adminEditor
name: roles/securitycenter.adminViewer
name: roles/securitycenter.assetSecurityMarksWriter
name: roles/securitycenter.assetsDiscoveryRunner
name: roles/securitycenter.assetsViewer
name: roles/securitycenter.attackPathsViewer
name: roles/securitycenter.attackSurfaceManagementScannerServiceAgent
name: roles/securitycenter.automationServiceAgent
name: roles/securitycenter.bigQueryExportsEditor
name: roles/securitycenter.bigQueryExportsViewer
name: roles/securitycenter.complianceSnapshotsViewer
name: roles/securitycenter.controlServiceAgent
name: roles/securitycenter.externalSystemsEditor
name: roles/securitycenter.findingSecurityMarksWriter
name: roles/securitycenter.findingsBulkMuteEditor
name: roles/securitycenter.findingsEditor
name: roles/securitycenter.findingsMuteSetter
name: roles/securitycenter.findingsStateSetter
name: roles/securitycenter.findingsViewer
name: roles/securitycenter.findingsWorkflowStateSetter
name: roles/securitycenter.integrationExecutorServiceAgent
name: roles/securitycenter.muteConfigsEditor
name: roles/securitycenter.muteConfigsViewer
name: roles/securitycenter.notificationConfigEditor
name: roles/securitycenter.notificationConfigViewer
name: roles/securitycenter.notificationServiceAgent
name: roles/securitycenter.resourceValueConfigsEditor
name: roles/securitycenter.resourceValueConfigsViewer
name: roles/securitycenter.securityHealthAnalyticsCustomModulesTester
name: roles/securitycenter.securityHealthAnalyticsServiceAgent
name: roles/securitycenter.securityResponseServiceAgent
name: roles/securitycenter.serviceAgent
name: roles/securitycenter.settingsAdmin
name: roles/securitycenter.settingsEditor
name: roles/securitycenter.settingsViewer
name: roles/securitycenter.simulationsViewer
name: roles/securitycenter.sourcesAdmin
name: roles/securitycenter.sourcesEditor
name: roles/securitycenter.sourcesViewer
name: roles/securitycenter.valuedResourcesViewer
name: roles/securitycentermanagement.customModulesEditor
name: roles/securitycentermanagement.customModulesViewer
name: roles/securitycentermanagement.etdCustomModulesEditor
name: roles/securitycentermanagement.etdCustomModulesViewer
name: roles/securitycentermanagement.shaCustomModulesEditor
name: roles/securitycentermanagement.shaCustomModulesViewer
name: roles/securityposture.admin
name: roles/securityposture.postureDeployer
name: roles/securityposture.postureDeploymentsViewer
name: roles/securityposture.postureEditor
name: roles/securityposture.postureViewer
name: roles/securityposture.reportCreator
name: roles/securityposture.viewer
name: roles/serverless.serviceAgent
name: roles/servicebroker.admin
name: roles/servicebroker.operator
name: roles/serviceconsumermanagement.tenancyUnitsAdmin
name: roles/serviceconsumermanagement.tenancyUnitsViewer
name: roles/servicedirectory.admin
name: roles/servicedirectory.editor
name: roles/servicedirectory.networkAttacher
name: roles/servicedirectory.pscAuthorizedService
name: roles/servicedirectory.serviceAgent
name: roles/servicedirectory.viewer
name: roles/servicehealth.viewer
name: roles/servicemanagement.admin
name: roles/servicemanagement.configEditor
name: roles/servicemanagement.quotaAdmin
name: roles/servicemanagement.quotaViewer
name: roles/servicemanagement.reporter
name: roles/servicemanagement.serviceConsumer
name: roles/servicemanagement.serviceController
name: roles/servicenetworking.networksAdmin
name: roles/servicenetworking.serviceAgent
name: roles/servicesecurityinsights.securityInsightsViewer
name: roles/serviceusage.apiKeysAdmin
name: roles/serviceusage.apiKeysViewer
name: roles/serviceusage.serviceUsageAdmin
name: roles/serviceusage.serviceUsageConsumer
name: roles/serviceusage.serviceUsageViewer
name: roles/source.admin
name: roles/source.reader
name: roles/source.writer
name: roles/sourcerepo.serviceAgent
name: roles/spanner.admin
name: roles/spanner.backupAdmin
name: roles/spanner.backupWriter
name: roles/spanner.databaseAdmin
name: roles/spanner.databaseReader
name: roles/spanner.databaseRoleUser
name: roles/spanner.databaseUser
name: roles/spanner.fineGrainedAccessUser
name: roles/spanner.restoreAdmin
name: roles/spanner.serviceAgent
name: roles/spanner.viewer
name: roles/speakerid.admin
name: roles/speakerid.editor
name: roles/speakerid.verifier
name: roles/speakerid.viewer
name: roles/speech.admin
name: roles/speech.client
name: roles/speech.editor
name: roles/speech.serviceAgent
name: roles/stackdriver.accounts.editor
name: roles/stackdriver.accounts.viewer
name: roles/stackdriver.resourceMetadata.writer
name: roles/storage.admin
name: roles/storage.folderAdmin
name: roles/storage.hmacKeyAdmin
name: roles/storage.insightsCollectorService
name: roles/storage.legacyBucketOwner
name: roles/storage.legacyBucketReader
name: roles/storage.legacyBucketWriter
name: roles/storage.legacyObjectOwner
name: roles/storage.legacyObjectReader
name: roles/storage.objectAdmin
name: roles/storage.objectCreator
name: roles/storage.objectUser
name: roles/storage.objectViewer
name: roles/storageinsights.admin
name: roles/storageinsights.analyst
name: roles/storageinsights.serviceAgent
name: roles/storageinsights.viewer
name: roles/storagetransfer.admin
name: roles/storagetransfer.serviceAgent
name: roles/storagetransfer.transferAgent
name: roles/storagetransfer.user
name: roles/storagetransfer.viewer
name: roles/stream.admin
name: roles/stream.contentAdmin
name: roles/stream.contentBuilder
name: roles/stream.instanceAdmin
name: roles/stream.serviceAgent
name: roles/stream.viewer
name: roles/subscribewithgoogledeveloper.developer
name: roles/telcoautomation.admin
name: roles/telcoautomation.blueprintDesigner
name: roles/telcoautomation.deploymentAdmin
name: roles/telcoautomation.opsAdminTier1
name: roles/telcoautomation.opsAdminTier4
name: roles/telcoautomation.serviceOrchestrator
name: roles/timeseriesinsights.datasetsEditor
name: roles/timeseriesinsights.datasetsOwner
name: roles/timeseriesinsights.datasetsViewer
name: roles/tpu.admin
name: roles/tpu.serviceAgent
name: roles/tpu.viewer
name: roles/tpu.xpnAgent
name: roles/trafficdirector.client
name: roles/transcoder.admin
name: roles/transcoder.serviceAgent
name: roles/transcoder.viewer
name: roles/transferappliance.admin
name: roles/transferappliance.viewer
name: roles/translationhub.admin
name: roles/translationhub.portalUser
name: roles/videostitcher.admin
name: roles/videostitcher.user
name: roles/videostitcher.viewer
name: roles/viewer
name: roles/visionai.admin
name: roles/visionai.analysisEditor
name: roles/visionai.analysisViewer
name: roles/visionai.annotationEditor
name: roles/visionai.annotationViewer
name: roles/visionai.applicationEditor
name: roles/visionai.applicationViewer
name: roles/visionai.assetCreator
name: roles/visionai.assetEditor
name: roles/visionai.assetViewer
name: roles/visionai.clusterEditor
name: roles/visionai.clusterViewer
name: roles/visionai.corpusAdmin
name: roles/visionai.corpusEditor
name: roles/visionai.corpusViewer
name: roles/visionai.corpusWriter
name: roles/visionai.editor
name: roles/visionai.eventEditor
name: roles/visionai.eventViewer
name: roles/visionai.indexEndpointAdmin
name: roles/visionai.indexEndpointEditor
name: roles/visionai.indexEndpointViewer
name: roles/visionai.indexEndpointWriter
name: roles/visionai.operatorEditor
name: roles/visionai.operatorViewer
name: roles/visionai.packetReceiver
name: roles/visionai.packetSender
name: roles/visionai.processorEditor
name: roles/visionai.processorViewer
name: roles/visionai.retailcatalogEditor
name: roles/visionai.retailcatalogViewer
name: roles/visionai.retailendpointEditor
name: roles/visionai.retailendpointViewer
name: roles/visionai.seriesEditor
name: roles/visionai.seriesViewer
name: roles/visionai.serviceAgent
name: roles/visionai.streamEditor
name: roles/visionai.streamViewer
name: roles/visionai.uiStreamEditor
name: roles/visionai.uiStreamViewer
name: roles/visionai.viewer
name: roles/visualinspection.editor
name: roles/visualinspection.serviceAgent
name: roles/visualinspection.usageMetricsReporter
name: roles/visualinspection.viewer
name: roles/vmmigration.admin
name: roles/vmmigration.serviceAgent
name: roles/vmmigration.viewer
name: roles/vmwareengine.serviceAgent
name: roles/vmwareengine.vmwareengineAdmin
name: roles/vmwareengine.vmwareengineViewer
name: roles/vpcaccess.admin
name: roles/vpcaccess.serviceAgent
name: roles/vpcaccess.user
name: roles/vpcaccess.viewer
name: roles/websecurityscanner.serviceAgent
name: roles/workflows.admin
name: roles/workflows.editor
name: roles/workflows.invoker
name: roles/workflows.serviceAgent
name: roles/workflows.viewer
name: roles/workloadcertificate.admin
name: roles/workloadcertificate.registrationAdmin
name: roles/workloadcertificate.registrationViewer
name: roles/workloadcertificate.serviceAgent
name: roles/workloadcertificate.viewer
name: roles/workloadmanager.admin
name: roles/workloadmanager.deploymentAdmin
name: roles/workloadmanager.deploymentViewer
name: roles/workloadmanager.evaluationAdmin
name: roles/workloadmanager.evaluationViewer
name: roles/workloadmanager.evaluationWorker
name: roles/workloadmanager.insightWriter
name: roles/workloadmanager.serviceAgent
name: roles/workloadmanager.viewer
name: roles/workloadmanager.worker
name: roles/workstations.admin
name: roles/workstations.networkAdmin
name: roles/workstations.operationViewer
name: roles/workstations.serviceAgent
name: roles/workstations.user
name: roles/workstations.workstationCreator
[student-02-14224ff2407c@centos-clean ~]$ gcloud iam roles describe roles/compute.instanceAdmin
description: Full control of Compute Engine instance resources.
etag: AA==
includedPermissions:
- compute.acceleratorTypes.get
- compute.acceleratorTypes.list
- compute.addresses.createInternal
- compute.addresses.deleteInternal
- compute.addresses.get
- compute.addresses.list
- compute.addresses.use
- compute.addresses.useInternal
- compute.autoscalers.create
- compute.autoscalers.delete
- compute.autoscalers.get
- compute.autoscalers.list
- compute.autoscalers.update
- compute.diskTypes.get
- compute.diskTypes.list
- compute.disks.create
- compute.disks.createSnapshot
- compute.disks.delete
- compute.disks.get
- compute.disks.list
- compute.disks.resize
- compute.disks.setLabels
- compute.disks.startAsyncReplication
- compute.disks.stopAsyncReplication
- compute.disks.stopGroupAsyncReplication
- compute.disks.update
- compute.disks.use
- compute.disks.useReadOnly
- compute.globalAddresses.get
- compute.globalAddresses.list
- compute.globalAddresses.use
- compute.globalNetworkEndpointGroups.attachNetworkEndpoints
- compute.globalNetworkEndpointGroups.create
- compute.globalNetworkEndpointGroups.createTagBinding
- compute.globalNetworkEndpointGroups.delete
- compute.globalNetworkEndpointGroups.deleteTagBinding
- compute.globalNetworkEndpointGroups.detachNetworkEndpoints
- compute.globalNetworkEndpointGroups.get
- compute.globalNetworkEndpointGroups.list
- compute.globalNetworkEndpointGroups.listEffectiveTags
- compute.globalNetworkEndpointGroups.listTagBindings
- compute.globalNetworkEndpointGroups.use
- compute.globalOperations.get
- compute.globalOperations.list
- compute.images.get
- compute.images.getFromFamily
- compute.images.list
- compute.images.useReadOnly
- compute.instanceGroupManagers.create
- compute.instanceGroupManagers.createTagBinding
- compute.instanceGroupManagers.delete
- compute.instanceGroupManagers.deleteTagBinding
- compute.instanceGroupManagers.get
- compute.instanceGroupManagers.list
- compute.instanceGroupManagers.listEffectiveTags
- compute.instanceGroupManagers.listTagBindings
- compute.instanceGroupManagers.update
- compute.instanceGroupManagers.use
- compute.instanceGroups.create
- compute.instanceGroups.delete
- compute.instanceGroups.get
- compute.instanceGroups.list
- compute.instanceGroups.update
- compute.instanceGroups.use
- compute.instanceSettings.get
- compute.instanceTemplates.create
- compute.instanceTemplates.delete
- compute.instanceTemplates.get
- compute.instanceTemplates.getIamPolicy
- compute.instanceTemplates.list
- compute.instanceTemplates.setIamPolicy
- compute.instanceTemplates.useReadOnly
- compute.instances.addAccessConfig
- compute.instances.addMaintenancePolicies
- compute.instances.addResourcePolicies
- compute.instances.attachDisk
- compute.instances.create
- compute.instances.createTagBinding
- compute.instances.delete
- compute.instances.deleteAccessConfig
- compute.instances.deleteTagBinding
- compute.instances.detachDisk
- compute.instances.get
- compute.instances.getEffectiveFirewalls
- compute.instances.getGuestAttributes
- compute.instances.getIamPolicy
- compute.instances.getScreenshot
- compute.instances.getSerialPortOutput
- compute.instances.getShieldedInstanceIdentity
- compute.instances.getShieldedVmIdentity
- compute.instances.list
- compute.instances.listEffectiveTags
- compute.instances.listReferrers
- compute.instances.listTagBindings
- compute.instances.osAdminLogin
- compute.instances.osLogin
- compute.instances.pscInterfaceCreate
- compute.instances.removeMaintenancePolicies
- compute.instances.removeResourcePolicies
- compute.instances.reset
- compute.instances.resume
- compute.instances.sendDiagnosticInterrupt
- compute.instances.setDeletionProtection
- compute.instances.setDiskAutoDelete
- compute.instances.setIamPolicy
- compute.instances.setLabels
- compute.instances.setMachineResources
- compute.instances.setMachineType
- compute.instances.setMetadata
- compute.instances.setMinCpuPlatform
- compute.instances.setName
- compute.instances.setScheduling
- compute.instances.setSecurityPolicy
- compute.instances.setServiceAccount
- compute.instances.setShieldedInstanceIntegrityPolicy
- compute.instances.setShieldedVmIntegrityPolicy
- compute.instances.setTags
- compute.instances.simulateMaintenanceEvent
- compute.instances.start
- compute.instances.startWithEncryptionKey
- compute.instances.stop
- compute.instances.suspend
- compute.instances.update
- compute.instances.updateAccessConfig
- compute.instances.updateDisplayDevice
- compute.instances.updateNetworkInterface
- compute.instances.updateSecurity
- compute.instances.updateShieldedInstanceConfig
- compute.instances.updateShieldedVmConfig
- compute.instances.use
- compute.instances.useReadOnly
- compute.licenses.get
- compute.licenses.list
- compute.machineImages.create
- compute.machineImages.delete
- compute.machineImages.get
- compute.machineImages.getIamPolicy
- compute.machineImages.list
- compute.machineImages.setIamPolicy
- compute.machineImages.useReadOnly
- compute.machineTypes.get
- compute.machineTypes.list
- compute.networkEndpointGroups.attachNetworkEndpoints
- compute.networkEndpointGroups.create
- compute.networkEndpointGroups.createTagBinding
- compute.networkEndpointGroups.delete
- compute.networkEndpointGroups.deleteTagBinding
- compute.networkEndpointGroups.detachNetworkEndpoints
- compute.networkEndpointGroups.get
- compute.networkEndpointGroups.getIamPolicy
- compute.networkEndpointGroups.list
- compute.networkEndpointGroups.listEffectiveTags
- compute.networkEndpointGroups.listTagBindings
- compute.networkEndpointGroups.setIamPolicy
- compute.networkEndpointGroups.use
- compute.networks.get
- compute.networks.list
- compute.networks.listEffectiveTags
- compute.networks.listTagBindings
- compute.networks.use
- compute.networks.useExternalIp
- compute.projects.get
- compute.regionNetworkEndpointGroups.attachNetworkEndpoints
- compute.regionNetworkEndpointGroups.create
- compute.regionNetworkEndpointGroups.createTagBinding
- compute.regionNetworkEndpointGroups.delete
- compute.regionNetworkEndpointGroups.deleteTagBinding
- compute.regionNetworkEndpointGroups.detachNetworkEndpoints
- compute.regionNetworkEndpointGroups.get
- compute.regionNetworkEndpointGroups.list
- compute.regionNetworkEndpointGroups.listEffectiveTags
- compute.regionNetworkEndpointGroups.listTagBindings
- compute.regionNetworkEndpointGroups.use
- compute.regionOperations.get
- compute.regionOperations.list
- compute.regions.get
- compute.regions.list
- compute.reservations.get
- compute.reservations.list
- compute.resourcePolicies.useReadOnly
- compute.storagePools.get
- compute.storagePools.list
- compute.storagePools.use
- compute.subnetworks.get
- compute.subnetworks.list
- compute.subnetworks.listEffectiveTags
- compute.subnetworks.listTagBindings
- compute.subnetworks.use
- compute.subnetworks.useExternalIp
- compute.targetPools.get
- compute.targetPools.list
- compute.targetPools.listEffectiveTags
- compute.targetPools.listTagBindings
- compute.zoneOperations.get
- compute.zoneOperations.list
- compute.zones.get
- compute.zones.list
- resourcemanager.projects.get
- resourcemanager.projects.list
- serviceusage.quotas.get
- serviceusage.services.get
- serviceusage.services.list
name: roles/compute.instanceAdmin
stage: GA
title: Compute Instance Admin (beta)
[student-02-14224ff2407c@centos-clean ~]$
[student-02-14224ff2407c@centos-clean ~]$ gcloud config configurations activate user2
Activated [user2].
[student-02-14224ff2407c@centos-clean ~]$ echo "export PROJECTID2=qwiklabs-gcp-00-1a6421bbe68b" >> ~/.bashrc
[student-02-14224ff2407c@centos-clean ~]$ . ~/.bashrc
[student-02-14224ff2407c@centos-clean ~]$ gcloud config set project $PROJECTID2
WARNING: You do not appear to have access to project [qwiklabs-gcp-00-1a6421bbe68b] or it does not exist.
Are you sure you wish to set property [core/project] to qwiklabs-gcp-00-1a6421bbe68b?
Do you want to continue (Y/n)? y
Updated property [core/project].
[student-02-14224ff2407c@centos-clean ~]$ echo "export PROJECTID2=qwiklabs-gcp-00-1a6421bbe68b" >> ~/.bashrc
[student-02-14224ff2407c@centos-clean ~]$ . ~/.bashrc
[student-02-14224ff2407c@centos-clean ~]$ gcloud config set project $PROJECTID2
WARNING: You do not appear to have access to project [qwiklabs-gcp-00-1a6421bbe68b] or it does not exist.
Are you sure you wish to set property [core/project] to qwiklabs-gcp-00-1a6421bbe68b?
Do you want to continue (Y/n)? n
[student-02-14224ff2407c@centos-clean ~]$ gcloud config configurations activate default
Activated [default].
[student-02-14224ff2407c@centos-clean ~]$
[student-02-14224ff2407c@centos-clean ~]$ sudo yum -y install epel-release
Loaded plugins: fastestmirror
Determining fastest mirrors
epel/x86_64/metalink | 33 kB 00:00:00
* base: ftp.nluug.nl
* epel: ftp.nluug.nl
* extras: mirror.wd6.net
* updates: ftp.nluug.nl
base | 3.6 kB 00:00:00
epel | 4.7 kB 00:00:00
extras | 2.9 kB 00:00:00
google-cloud-sdk | 1.4 kB 00:00:00
google-compute-engine | 1.4 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/9): epel/x86_64/group_gz | 100 kB 00:00:00
(2/9): base/7/x86_64/group_gz | 153 kB 00:00:00
(3/9): base/7/x86_64/primary_db | 6.1 MB 00:00:00
(4/9): extras/7/x86_64/primary_db | 253 kB 00:00:00
(5/9): epel/x86_64/updateinfo | 1.0 MB 00:00:00
(6/9): epel/x86_64/primary_db | 7.0 MB 00:00:00
(7/9): google-cloud-sdk/primary | 656 kB 00:00:00
(8/9): google-compute-engine/primary | 4.0 kB 00:00:00
(9/9): updates/7/x86_64/primary_db | 26 MB 00:00:00
google-cloud-sdk 7733/7733
google-compute-engine 11/11
Package epel-release-7-14.noarch already installed and latest version
Nothing to do
[student-02-14224ff2407c@centos-clean ~]$ sudo yum -y install jq
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: ftp.nluug.nl
* epel: ftp.nluug.nl
* extras: mirror.wd6.net
* updates: ftp.nluug.nl
Resolving Dependencies
--> Running transaction check
---> Package jq.x86_64 0:1.6-2.el7 will be installed
--> Processing Dependency: libonig.so.5()(64bit) for package: jq-1.6-2.el7.x86_64
--> Running transaction check
---> Package oniguruma.x86_64 0:6.8.2-2.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===============================================================================================================
Package Arch Version Repository Size
===============================================================================================================
Installing:
jq x86_64 1.6-2.el7 epel 167 k
Installing for dependencies:
oniguruma x86_64 6.8.2-2.el7 epel 181 k
Transaction Summary
===============================================================================================================
Install 1 Package (+1 Dependent package)
Total download size: 348 k
Installed size: 1.0 M
Downloading packages:
(1/2): oniguruma-6.8.2-2.el7.x86_64.rpm | 181 kB 00:00:00
(2/2): jq-1.6-2.el7.x86_64.rpm | 167 kB 00:00:00
---------------------------------------------------------------------------------------------------------------
Total 1.3 MB/s | 348 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : oniguruma-6.8.2-2.el7.x86_64 1/2
Installing : jq-1.6-2.el7.x86_64 2/2
Verifying : oniguruma-6.8.2-2.el7.x86_64 1/2
Verifying : jq-1.6-2.el7.x86_64 2/2
Installed:
jq.x86_64 0:1.6-2.el7
Dependency Installed:
oniguruma.x86_64 0:6.8.2-2.el7
Complete!
[student-02-14224ff2407c@centos-clean ~]$ echo "export USERID2=student-04-caef576da4c3@qwiklabs.net" >> ~/.bashrc
[student-02-14224ff2407c@centos-clean ~]$ . ~/.bashrc
[student-02-14224ff2407c@centos-clean ~]$ gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=roles/viewer
Updated IAM policy for project [qwiklabs-gcp-00-1a6421bbe68b].
bindings:
- members:
- serviceAccount:qwiklabs-gcp-00-1a6421bbe68b@qwiklabs-gcp-00-1a6421bbe68b.iam.gserviceaccount.com
role: roles/bigquery.admin
- members:
- serviceAccount:624106100553@cloudbuild.gserviceaccount.com
role: roles/cloudbuild.builds.builder
- members:
- serviceAccount:service-624106100553@gcp-sa-cloudbuild.iam.gserviceaccount.com
role: roles/cloudbuild.serviceAgent
- members:
- serviceAccount:service-624106100553@compute-system.iam.gserviceaccount.com
role: roles/compute.serviceAgent
- members:
- serviceAccount:service-624106100553@container-engine-robot.iam.gserviceaccount.com
role: roles/container.serviceAgent
- members:
- serviceAccount:624106100553-compute@developer.gserviceaccount.com
- serviceAccount:624106100553@cloudservices.gserviceaccount.com
role: roles/editor
- members:
- user:student-02-14224ff2407c@qwiklabs.net
role: roles/iam.serviceAccountAdmin
- members:
- serviceAccount:admiral@qwiklabs-services-prod.iam.gserviceaccount.com
- serviceAccount:qwiklabs-gcp-00-1a6421bbe68b@qwiklabs-gcp-00-1a6421bbe68b.iam.gserviceaccount.com
- user:student-02-14224ff2407c@qwiklabs.net
role: roles/owner
- members:
- user:student-02-14224ff2407c@qwiklabs.net
role: roles/resourcemanager.projectIamAdmin
- members:
- serviceAccount:qwiklabs-gcp-00-1a6421bbe68b@qwiklabs-gcp-00-1a6421bbe68b.iam.gserviceaccount.com
role: roles/storage.admin
- members:
- user:student-02-14224ff2407c@qwiklabs.net
- user:student-04-caef576da4c3@qwiklabs.net
role: roles/viewer
etag: BwYVXGeH3pI=
version: 1
[student-02-14224ff2407c@centos-clean ~]$ gcloud config configurations activate user2
Activated [user2].
[student-02-14224ff2407c@centos-clean ~]$ gcloud config set project $PROJECTID2
Updated property [core/project].
[student-02-14224ff2407c@centos-clean ~]$
[student-02-14224ff2407c@centos-clean ~]$ gcloud compute instances list
Listed 0 items.
[student-02-14224ff2407c@centos-clean ~]$ gcloud compute instances create lab-2 --zone us-east4-c --machine-type=e2-standard-2
ERROR: (gcloud.compute.instances.create) Could not fetch resource:
- Required 'compute.instances.create' permission for 'projects/qwiklabs-gcp-00-1a6421bbe68b/zones/us-east4-c/instances/lab-2'
[student-02-14224ff2407c@centos-clean ~]$ gcloud config configurations activate default
Activated [default].
[student-02-14224ff2407c@centos-clean ~]$
[student-02-14224ff2407c@centos-clean ~]$ gcloud iam roles create devops --project $PROJECTID2 --permissions "compute.instances.create,compute.instances.delete,compute.instances.start,compute.instances.stop,compute.instances.update,compute.disks.create,compute.subnetworks.use,compute.subnetworks.useExternalIp,compute.instances.setMetadata,compute.instances.setServiceAccount"
Created role [devops].
etag: BwYVXG1SUQ0=
includedPermissions:
- compute.disks.create
- compute.instances.create
- compute.instances.delete
- compute.instances.setMetadata
- compute.instances.setServiceAccount
- compute.instances.start
- compute.instances.stop
- compute.instances.update
- compute.subnetworks.use
- compute.subnetworks.useExternalIp
name: projects/qwiklabs-gcp-00-1a6421bbe68b/roles/devops
stage: ALPHA
title: devops
[student-02-14224ff2407c@centos-clean ~]$ gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=roles/iam.serviceAccountUser
Updated IAM policy for project [qwiklabs-gcp-00-1a6421bbe68b].
bindings:
- members:
- serviceAccount:qwiklabs-gcp-00-1a6421bbe68b@qwiklabs-gcp-00-1a6421bbe68b.iam.gserviceaccount.com
role: roles/bigquery.admin
- members:
- serviceAccount:624106100553@cloudbuild.gserviceaccount.com
role: roles/cloudbuild.builds.builder
- members:
- serviceAccount:service-624106100553@gcp-sa-cloudbuild.iam.gserviceaccount.com
role: roles/cloudbuild.serviceAgent
- members:
- serviceAccount:service-624106100553@compute-system.iam.gserviceaccount.com
role: roles/compute.serviceAgent
- members:
- serviceAccount:service-624106100553@container-engine-robot.iam.gserviceaccount.com
role: roles/container.serviceAgent
- members:
- serviceAccount:624106100553-compute@developer.gserviceaccount.com
- serviceAccount:624106100553@cloudservices.gserviceaccount.com
role: roles/editor
- members:
- user:student-02-14224ff2407c@qwiklabs.net
role: roles/iam.serviceAccountAdmin
- members:
- user:student-04-caef576da4c3@qwiklabs.net
role: roles/iam.serviceAccountUser
- members:
- serviceAccount:admiral@qwiklabs-services-prod.iam.gserviceaccount.com
- serviceAccount:qwiklabs-gcp-00-1a6421bbe68b@qwiklabs-gcp-00-1a6421bbe68b.iam.gserviceaccount.com
- user:student-02-14224ff2407c@qwiklabs.net
role: roles/owner
- members:
- user:student-02-14224ff2407c@qwiklabs.net
role: roles/resourcemanager.projectIamAdmin
- members:
- serviceAccount:qwiklabs-gcp-00-1a6421bbe68b@qwiklabs-gcp-00-1a6421bbe68b.iam.gserviceaccount.com
role: roles/storage.admin
- members:
- user:student-02-14224ff2407c@qwiklabs.net
- user:student-04-caef576da4c3@qwiklabs.net
role: roles/viewer
etag: BwYVXHBshCI=
version: 1
[student-02-14224ff2407c@centos-clean ~]$
[student-02-14224ff2407c@centos-clean ~]$ gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=projects/$PROJECTID2/roles/devops
Updated IAM policy for project [qwiklabs-gcp-00-1a6421bbe68b].
bindings:
- members:
- user:student-04-caef576da4c3@qwiklabs.net
role: projects/qwiklabs-gcp-00-1a6421bbe68b/roles/devops
- members:
- serviceAccount:qwiklabs-gcp-00-1a6421bbe68b@qwiklabs-gcp-00-1a6421bbe68b.iam.gserviceaccount.com
role: roles/bigquery.admin
- members:
- serviceAccount:624106100553@cloudbuild.gserviceaccount.com
role: roles/cloudbuild.builds.builder
- members:
- serviceAccount:service-624106100553@gcp-sa-cloudbuild.iam.gserviceaccount.com
role: roles/cloudbuild.serviceAgent
- members:
- serviceAccount:service-624106100553@compute-system.iam.gserviceaccount.com
role: roles/compute.serviceAgent
- members:
- serviceAccount:service-624106100553@container-engine-robot.iam.gserviceaccount.com
role: roles/container.serviceAgent
- members:
- serviceAccount:624106100553-compute@developer.gserviceaccount.com
- serviceAccount:624106100553@cloudservices.gserviceaccount.com
role: roles/editor
- members:
- user:student-02-14224ff2407c@qwiklabs.net
role: roles/iam.serviceAccountAdmin
- members:
- user:student-04-caef576da4c3@qwiklabs.net
role: roles/iam.serviceAccountUser
- members:
- serviceAccount:admiral@qwiklabs-services-prod.iam.gserviceaccount.com
- serviceAccount:qwiklabs-gcp-00-1a6421bbe68b@qwiklabs-gcp-00-1a6421bbe68b.iam.gserviceaccount.com
- user:student-02-14224ff2407c@qwiklabs.net
role: roles/owner
- members:
- user:student-02-14224ff2407c@qwiklabs.net
role: roles/resourcemanager.projectIamAdmin
- members:
- serviceAccount:qwiklabs-gcp-00-1a6421bbe68b@qwiklabs-gcp-00-1a6421bbe68b.iam.gserviceaccount.com
role: roles/storage.admin
- members:
- user:student-02-14224ff2407c@qwiklabs.net
- user:student-04-caef576da4c3@qwiklabs.net
role: roles/viewer
etag: BwYVXHK1A-4=
version: 1
[student-02-14224ff2407c@centos-clean ~]$
[student-02-14224ff2407c@centos-clean ~]$ gcloud config configurations activate user2
Activated [user2].
[student-02-14224ff2407c@centos-clean ~]$
[student-02-14224ff2407c@centos-clean ~]$ gcloud compute instances create lab-2 --zone us-east4-c --machine-type=e2-standard-2
Created [https://www.googleapis.com/compute/v1/projects/qwiklabs-gcp-00-1a6421bbe68b/zones/us-east4-c/instances/lab-2].
NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS
lab-2 us-east4-c e2-standard-2 10.150.0.2 35.245.35.154 RUNNING
[student-02-14224ff2407c@centos-clean ~]$ gcloud compute instances list
NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS
lab-2 us-east4-c e2-standard-2 10.150.0.2 35.245.35.154 RUNNING
[student-02-14224ff2407c@centos-clean ~]$ gcloud config configurations activate default
Activated [default].
[student-02-14224ff2407c@centos-clean ~]$ gcloud config set project $PROJECTID2
Updated property [core/project].
[student-02-14224ff2407c@centos-clean ~]$ gcloud iam service-accounts create devops --display-name devops
Created service account [devops].
[student-02-14224ff2407c@centos-clean ~]$ gcloud iam service-accounts list --filter "displayName=devops"
DISPLAY NAME EMAIL DISABLED
devops devops@qwiklabs-gcp-00-1a6421bbe68b.iam.gserviceaccount.com False
[student-02-14224ff2407c@centos-clean ~]$
[student-02-14224ff2407c@centos-clean ~]$ SA=$(gcloud iam service-accounts list --format="value(email)" --filter "displayName=devops")
[student-02-14224ff2407c@centos-clean ~]$ gcloud projects add-iam-policy-binding $PROJECTID2 --member serviceAccount:$SA --role=roles/iam.serviceAccountUser
Updated IAM policy for project [qwiklabs-gcp-00-1a6421bbe68b].
bindings:
- members:
- user:student-04-caef576da4c3@qwiklabs.net
role: projects/qwiklabs-gcp-00-1a6421bbe68b/roles/devops
- members:
- serviceAccount:qwiklabs-gcp-00-1a6421bbe68b@qwiklabs-gcp-00-1a6421bbe68b.iam.gserviceaccount.com
role: roles/bigquery.admin
- members:
- serviceAccount:624106100553@cloudbuild.gserviceaccount.com
role: roles/cloudbuild.builds.builder
- members:
- serviceAccount:service-624106100553@gcp-sa-cloudbuild.iam.gserviceaccount.com
role: roles/cloudbuild.serviceAgent
- members:
- serviceAccount:service-624106100553@compute-system.iam.gserviceaccount.com
role: roles/compute.serviceAgent
- members:
- serviceAccount:service-624106100553@container-engine-robot.iam.gserviceaccount.com
role: roles/container.serviceAgent
- members:
- serviceAccount:624106100553-compute@developer.gserviceaccount.com
- serviceAccount:624106100553@cloudservices.gserviceaccount.com
role: roles/editor
- members:
- user:student-02-14224ff2407c@qwiklabs.net
role: roles/iam.serviceAccountAdmin
- members:
- serviceAccount:devops@qwiklabs-gcp-00-1a6421bbe68b.iam.gserviceaccount.com
- user:student-04-caef576da4c3@qwiklabs.net
role: roles/iam.serviceAccountUser
- members:
- serviceAccount:admiral@qwiklabs-services-prod.iam.gserviceaccount.com
- serviceAccount:qwiklabs-gcp-00-1a6421bbe68b@qwiklabs-gcp-00-1a6421bbe68b.iam.gserviceaccount.com
- user:student-02-14224ff2407c@qwiklabs.net
role: roles/owner
- members:
- user:student-02-14224ff2407c@qwiklabs.net
role: roles/resourcemanager.projectIamAdmin
- members:
- serviceAccount:qwiklabs-gcp-00-1a6421bbe68b@qwiklabs-gcp-00-1a6421bbe68b.iam.gserviceaccount.com
role: roles/storage.admin
- members:
- user:student-02-14224ff2407c@qwiklabs.net
- user:student-04-caef576da4c3@qwiklabs.net
role: roles/viewer
etag: BwYVXICIbgk=
version: 1
[student-02-14224ff2407c@centos-clean ~]$
[student-02-14224ff2407c@centos-clean ~]$ gcloud projects add-iam-policy-binding $PROJECTID2 --member serviceAccount:$SA --role=roles/compute.instanceAdmin
Updated IAM policy for project [qwiklabs-gcp-00-1a6421bbe68b].
bindings:
- members:
- user:student-04-caef576da4c3@qwiklabs.net
role: projects/qwiklabs-gcp-00-1a6421bbe68b/roles/devops
- members:
- serviceAccount:qwiklabs-gcp-00-1a6421bbe68b@qwiklabs-gcp-00-1a6421bbe68b.iam.gserviceaccount.com
role: roles/bigquery.admin
- members:
- serviceAccount:624106100553@cloudbuild.gserviceaccount.com
role: roles/cloudbuild.builds.builder
- members:
- serviceAccount:service-624106100553@gcp-sa-cloudbuild.iam.gserviceaccount.com
role: roles/cloudbuild.serviceAgent
- members:
- serviceAccount:devops@qwiklabs-gcp-00-1a6421bbe68b.iam.gserviceaccount.com
role: roles/compute.instanceAdmin
- members:
- serviceAccount:service-624106100553@compute-system.iam.gserviceaccount.com
role: roles/compute.serviceAgent
- members:
- serviceAccount:service-624106100553@container-engine-robot.iam.gserviceaccount.com
role: roles/container.serviceAgent
- members:
- serviceAccount:624106100553-compute@developer.gserviceaccount.com
- serviceAccount:624106100553@cloudservices.gserviceaccount.com
role: roles/editor
- members:
- user:student-02-14224ff2407c@qwiklabs.net
role: roles/iam.serviceAccountAdmin
- members:
- serviceAccount:devops@qwiklabs-gcp-00-1a6421bbe68b.iam.gserviceaccount.com
- user:student-04-caef576da4c3@qwiklabs.net
role: roles/iam.serviceAccountUser
- members:
- serviceAccount:admiral@qwiklabs-services-prod.iam.gserviceaccount.com
- serviceAccount:qwiklabs-gcp-00-1a6421bbe68b@qwiklabs-gcp-00-1a6421bbe68b.iam.gserviceaccount.com
- user:student-02-14224ff2407c@qwiklabs.net
role: roles/owner
- members:
- user:student-02-14224ff2407c@qwiklabs.net
role: roles/resourcemanager.projectIamAdmin
- members:
- serviceAccount:qwiklabs-gcp-00-1a6421bbe68b@qwiklabs-gcp-00-1a6421bbe68b.iam.gserviceaccount.com
role: roles/storage.admin
- members:
- user:student-02-14224ff2407c@qwiklabs.net
- user:student-04-caef576da4c3@qwiklabs.net
role: roles/viewer
etag: BwYVXIJeVFA=
version: 1
[student-02-14224ff2407c@centos-clean ~]$ gcloud compute instances create lab-3 --zone us-east4-c --machine-type=e2-standard-2 --service-account $SA --scopes "https://www.googleapis.com/auth/compute"
Created [https://www.googleapis.com/compute/v1/projects/qwiklabs-gcp-00-1a6421bbe68b/zones/us-east4-c/instances/lab-3].
NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS
lab-3 us-east4-c e2-standard-2 10.150.0.3 34.145.156.217 RUNNING
[student-02-14224ff2407c@centos-clean ~]$
[student-02-14224ff2407c@centos-clean ~]$ gcloud compute ssh lab-3 --zone us-east4-c
WARNING: The private SSH key file for gcloud does not exist.
WARNING: The public SSH key file for gcloud does not exist.
WARNING: You do not have an SSH key for gcloud.
WARNING: SSH keygen will be executed to generate a key.
This tool needs to create the directory [/home/student-02-14224ff2407c/.ssh] before being able to generate SSH
keys.
Do you want to continue (Y/n)? y
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/student-02-14224ff2407c/.ssh/google_compute_engine.
Your public key has been saved in /home/student-02-14224ff2407c/.ssh/google_compute_engine.pub.
The key fingerprint is:
SHA256:r2jlthsfzVZ+Ra+IplQ/QR4nBSJEBn/LvS1j5KI+Zkk student-02-14224ff2407c@centos-clean
The key's randomart image is:
+---[RSA 2048]----+
| .+= . ... |
| o . . . |
| . . + . .|
| o = + ..|
| S + = . o|
| Eo B B ..|
| +o.* & + .|
| .oBB = + . |
| ..=B+. |
+----[SHA256]-----+
Warning: Permanently added 'compute.8780759120182349522' (ECDSA) to the list of known hosts.
Linux lab-3 5.10.0-28-cloud-amd64 #1 SMP Debian 5.10.209-2 (2024-01-31) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Creating directory '/home/student-02-14224ff2407c'.
student-02-14224ff2407c@lab-3:~$ gcloud config list
[core]
account = devops@qwiklabs-gcp-00-1a6421bbe68b.iam.gserviceaccount.com
disable_usage_reporting = True
project = qwiklabs-gcp-00-1a6421bbe68b
Your active configuration is: [default]
student-02-14224ff2407c@lab-3:~$ gcloud compute instances list
NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS
lab-2 us-east4-c e2-standard-2 10.150.0.2 35.245.35.154 RUNNING
lab-3 us-east4-c e2-standard-2 10.150.0.3 34.145.156.217 RUNNING
student-02-14224ff2407c@lab-3:~$ history
1 gcloud config list
2 gcloud compute instances list
3 history
student-02-14224ff2407c@lab-3:~$ exit
logout
Connection to 34.145.156.217 closed.
[student-02-14224ff2407c@centos-clean ~]$
Summary
[student-02-14224ff2407c@centos-clean ~]$ history
1 gcloud --version
2 gcloud auth login
3 gcloud config set compute/region europe-west4
4 gcloud config set compute/zone europe-west4-c
5 gcloud compute instances create lab-1 --zone europe-west4-c --machine-type=e2-standard-2
6 gcloud config list
7 gcloud compute zones list
8 gcloud config set compute/zone europe-west4-a
9 gcloud config list
10 cat ~/.config/gcloud/configurations/config_default
11 gcloud init --no-launch-browser
12 gcloud compute instances list
13 gcloud compute instances create lab-2 --zone us-east4-c --machine-type=e2-standard-2
14 gcloud config configurations activate default
15 gcloud iam roles list | grep "name:"
16 gcloud iam roles describe roles/compute.instanceAdmin
17 gcloud config configurations activate user2
18 echo "export PROJECTID2=qwiklabs-gcp-00-1a6421bbe68b" >> ~/.bashrc
19 . ~/.bashrc
20 gcloud config set project $PROJECTID2
21 echo "export PROJECTID2=qwiklabs-gcp-00-1a6421bbe68b" >> ~/.bashrc
22 . ~/.bashrc
23 gcloud config set project $PROJECTID2
24 gcloud config configurations activate default
25 sudo yum -y install epel-release
26 sudo yum -y install jq
27 echo "export USERID2=student-04-caef576da4c3@qwiklabs.net" >> ~/.bashrc
28 . ~/.bashrc
29 gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=roles/viewer
30 gcloud config configurations activate user2
31 gcloud config set project $PROJECTID2
32 gcloud compute instances list
33 gcloud compute instances create lab-2 --zone us-east4-c --machine-type=e2-standard-2
34 gcloud config configurations activate default
35 gcloud iam roles create devops --project $PROJECTID2 --permissions "compute.instances.create,compute.instances.delete,compute.instances.start,compute.instances.stop,compute.instances.update,compute.disks.create,compute.subnetworks.use,compute.subnetworks.useExternalIp,compute.instances.setMetadata,compute.instances.setServiceAccount"
36 gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=roles/iam.serviceAccountUser
37 gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=projects/$PROJECTID2/roles/devops
38 gcloud config configurations activate user2
39 gcloud compute instances create lab-2 --zone us-east4-c --machine-type=e2-standard-2
40 gcloud compute instances list
41 gcloud config configurations activate default
42 gcloud config set project $PROJECTID2
43 gcloud iam service-accounts create devops --display-name devops
44 gcloud iam service-accounts list --filter "displayName=devops"
45 SA=$(gcloud iam service-accounts list --format="value(email)" --filter "displayName=devops")
46 gcloud projects add-iam-policy-binding $PROJECTID2 --member serviceAccount:$SA --role=roles/iam.serviceAccountUser
47 gcloud projects add-iam-policy-binding $PROJECTID2 --member serviceAccount:$SA --role=roles/compute.instanceAdmin
48 gcloud compute instances create lab-3 --zone us-east4-c --machine-type=e2-standard-2 --service-account $SA --scopes "https://www.googleapis.com/auth/compute"
49 gcloud compute ssh lab-3 --zone us-east4-c
50 history
[student-02-14224ff2407c@centos-clean ~]$