From a53113f0772e7086dd00a96a00b56bac964df1b8 Mon Sep 17 00:00:00 2001 From: robertocolella Date: Tue, 15 Oct 2024 15:55:16 +0200 Subject: [PATCH 1/2] modified: .gitignore new file: pr/Dockerfile new file: pr/ec2.tf new file: pr/log4j.yaml new file: pr/pom.xml new file: pr/prisma-cloud-gcp-terraform-1728940260.tf.json --- .gitignore | 3 +- pr/Dockerfile | 10 + pr/ec2.tf | 83 ++ pr/log4j.yaml | 47 + pr/pom.xml | 54 + ...sma-cloud-gcp-terraform-1728940260.tf.json | 1177 +++++++++++++++++ 6 files changed, 1373 insertions(+), 1 deletion(-) create mode 100644 pr/Dockerfile create mode 100644 pr/ec2.tf create mode 100644 pr/log4j.yaml create mode 100644 pr/pom.xml create mode 100644 pr/prisma-cloud-gcp-terraform-1728940260.tf.json diff --git a/.gitignore b/.gitignore index 49bc72c58..95d2b2cf3 100644 --- a/.gitignore +++ b/.gitignore @@ -4,4 +4,5 @@ # Ignore coverage reports /coverage -.idea \ No newline at end of file +.idea +.DS_Store diff --git a/pr/Dockerfile b/pr/Dockerfile new file mode 100644 index 000000000..f7950a635 --- /dev/null +++ b/pr/Dockerfile @@ -0,0 +1,10 @@ +FROM alpine:3.16.3 + +COPY . /usr/src/poc +WORKDIR /usr/src/poc +RUN mvn clean && mvn package +USER m3 +HEALTHCHECK CMD curl --fail http://localhost:3000 || exit 1 + + +CMD ["java", "-jar", "/usr/src/poc/target/log4j-rce-1.0-SNAPSHOT-jar-with-dependencies.jar"] \ No newline at end of file diff --git a/pr/ec2.tf b/pr/ec2.tf new file mode 100644 index 000000000..e14fbfb87 --- /dev/null +++ b/pr/ec2.tf @@ -0,0 +1,83 @@ +provider "aws" { + region = "us-west-2" +} + +resource "aws_instance" "example" { + ami = "encrypted_ami_id" + instance_type = "t2.micro" + key_name = "example_keypair" + subnet_id = "example_subnet_id" + vpc_security_group_ids = ["example_security_group_id"] + associate_public_ip_address = false + + iam_instance_profile { + name = "example" + } + + root_block_device { + encrypted = true + } + + launch_template { + id = aws_launch_template.example.id + } + + metadata_options { + http_endpoint = "enabled" + http_tokens = "required" + } +} + +resource "aws_launch_template" "example" { + name = "example" + + user_data = < index.html + nohup python -m SimpleHTTPServer 80 & + export access_key = "AKIAIOSFODNN7EXAMAAA" + export secret_key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMAAAKEY" + EOF + + root_block_device { + volume_type = "gp2" + volume_size = 10 + encrypted = false + } + + ebs_block_device { + device_name = "/dev/xvdf" + volume_type = "gp2" + volume_size = 10 + encrypted = true + } + + iam_instance_profile { + name = "example" + } + + metadata_options { + http_endpoint = "enabled" + http_tokens = "required" + } + + image_id = "encrypted_ami_id" + instance_type = "t2.micro" +} + +resource "aws_db_instance" "default" { +#checkov:skip=CKV_AWS_129: No need for logs + allocated_storage = 10 + db_name = "mydb" + engine = "mysql" + engine_version = "5.7" + instance_class = "db.t3.micro" + username = "foo" + password = "foobarbaz123123h@rse123@" + parameter_group_name = "default.mysql5.7" + skip_final_snapshot = true + publicly_accessible = true + monitoring_interval = true + auto_minor_version_upgrade = true + multi_az = true +} \ No newline at end of file diff --git a/pr/log4j.yaml b/pr/log4j.yaml new file mode 100644 index 000000000..c9b396838 --- /dev/null +++ b/pr/log4j.yaml @@ -0,0 +1,47 @@ +apiVersion: v1 +kind: Pod +metadata: + name: privileged-pod + namespace: my-namespace +spec: + automountServiceAccountToken: false + securityContext: + seccompProfile: + type: RuntimeDefault + containers: + - name: bad-pod + image: alpine@sha256:3d426b0bfc36 + imagePullPolicy: Always + resources: + limits: + memory: "128Mi" + cpu: "0.5" + requests: + memory: "64Mi" + cpu: "0.5" + livenessProbe: + httpGet: + path: /index.html + port: 80 + initialDelaySeconds: 15 + periodSeconds: 30 + timeoutSeconds: 5 + failureThreshold: 3 + securityContext: + privileged: true + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 20000 + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readinessProbe: + httpGet: + path: /index.html + port: 80 + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 2 + successThreshold: 1 + failureThreshold: 3 \ No newline at end of file diff --git a/pr/pom.xml b/pr/pom.xml new file mode 100644 index 000000000..d62d380c5 --- /dev/null +++ b/pr/pom.xml @@ -0,0 +1,54 @@ + + + 4.0.0 + + org.example + log4j-rce + 1.0-SNAPSHOT + jar + + + + org.apache.logging.log4j + log4j-core + 2.14.1 + + + + + org.apache.logging.log4j + log4j-api + 2.14.1 + + + + + + + + maven-assembly-plugin + + + + MyExample + + + + jar-with-dependencies + + + + + make-assembly + package + + single + + + + + + + diff --git a/pr/prisma-cloud-gcp-terraform-1728940260.tf.json b/pr/prisma-cloud-gcp-terraform-1728940260.tf.json new file mode 100644 index 000000000..cb8e01ea6 --- /dev/null +++ b/pr/prisma-cloud-gcp-terraform-1728940260.tf.json @@ -0,0 +1,1177 @@ +{ + "output": { + "user_instruction": { + "value": "Successfully Configured !!\n\n What to do next ?\n\t1. Please download the file ${local_file.key.filename}\n\nUse the downloaded JSON file and Proceed at Prisma Cloud UI" + } + }, + "provider": { + "random": {}, + "google": {} + }, + "resource": { + "random_string": { + "unique_id": { + "special": false, + "length": 5, + "min_lower": 5 + } + }, + "google_service_account": { + "prisma_cloud_service_account": { + "account_id": "prisma-cloud-serv-${random_string.unique_id.result}", + "project": "${var.project_id}", + "display_name": "Prisma Cloud Service Account" + } + }, + "google_organization_iam_custom_role": { + "prisma_cloud_organization_custom_role": { + "role_id": "prismaCloudViewer${random_string.unique_id.result}", + "org_id": "${var.org_id}", + "permissions": "${var.org_iam_policy_custom_role_permissions}", + "description": "This is a custom role created for Prisma Cloud. Contains granular additional permission which is not covered by built-in roles", + "title": "Prisma Cloud Viewer ${random_string.unique_id.result}" + } + }, + "google_service_account_key": { + "prisma_cloud_service_account_key": { + "service_account_id": "${google_service_account.prisma_cloud_service_account.name}" + } + }, + "google_project_service": { + "project_apis": { + "service": "${var.project_services[count.index]}", + "disable_on_destroy": false, + "count": "${length(var.project_services)}", + "project": "${var.project_id}" + }, + "org_onboarding_apis": { + "service": "${var.org_services[count.index]}", + "count": "${length(var.org_services)}", + "project": "${var.project_id}" + } + }, + "local_file": { + "key": { + "filename": "${var.project_id}-${random_string.unique_id.result}.json", + "content": "${base64decode(google_service_account_key.prisma_cloud_service_account_key.private_key)}" + } + }, + "google_organization_iam_member": { + "bind_custom_role_to_org_iam_policy": { + "role": "organizations/${var.org_id}/roles/${google_organization_iam_custom_role.prisma_cloud_organization_custom_role.role_id}", + "org_id": "${var.org_id}", + "member": "serviceAccount:${google_service_account.prisma_cloud_service_account.email}" + }, + "bind_managed_roles_to_org_iam_policy": { + "role": "${var.org_iam_policy_managed_roles[count.index]}", + "org_id": "${var.org_id}", + "count": "${length(var.org_iam_policy_managed_roles)}", + "member": "serviceAccount:${google_service_account.prisma_cloud_service_account.email}" + } + } + }, + "variable": { + "project_id": { + "type": "string" + }, + "org_id": { + "default": "123", + "type": "string" + }, + "org_iam_policy_managed_roles": { + "default": [ + "roles/cloudfunctions.viewer", + "roles/container.clusterViewer", + "roles/iam.organizationRoleViewer", + "roles/resourcemanager.folderViewer", + "roles/storage.objectViewer", + "roles/viewer" + ], + "type": "list" + }, + "org_iam_policy_custom_role_permissions": { + "default": [ + "accessapproval.settings.get", + "accesscontextmanager.accessLevels.list", + "accesscontextmanager.accessPolicies.list", + "accesscontextmanager.policies.list", + "accesscontextmanager.servicePerimeters.list", + "aiplatform.batchPredictionJobs.list", + "aiplatform.customJobs.list", + "aiplatform.datasets.list", + "aiplatform.deploymentResourcePools.list", + "aiplatform.endpoints.list", + "aiplatform.entityTypes.getIamPolicy", + "aiplatform.entityTypes.list", + "aiplatform.featureGroups.list", + "aiplatform.featureOnlineStores.list", + "aiplatform.featurestores.getIamPolicy", + "aiplatform.featurestores.list", + "aiplatform.hyperparameterTuningJobs.list", + "aiplatform.indexEndpoints.list", + "aiplatform.indexes.list", + "aiplatform.metadataStores.list", + "aiplatform.modelDeploymentMonitoringJobs.list", + "aiplatform.models.list", + "aiplatform.nasJobs.list", + "aiplatform.notebookRuntimeTemplates.getIamPolicy", + "aiplatform.notebookRuntimeTemplates.list", + "aiplatform.notebookRuntimes.list", + "aiplatform.persistentResources.list", + "aiplatform.pipelineJobs.list", + "aiplatform.specialistPools.list", + "aiplatform.studies.list", + "aiplatform.tensorboards.list", + "aiplatform.trainingPipelines.list", + "aiplatform.tuningJobs.list", + "alloydb.backups.list", + "alloydb.clusters.list", + "alloydb.instances.list", + "alloydb.users.list", + "analyticshub.dataExchanges.list", + "analyticshub.listings.getIamPolicy", + "analyticshub.listings.list", + "apigateway.gateways.get", + "apigateway.gateways.getIamPolicy", + "apigateway.gateways.list", + "apigee.apiproducts.get", + "apigee.apiproducts.list", + "apigee.datacollectors.list", + "apigee.datastores.list", + "apigee.deployments.list", + "apigee.envgroups.list", + "apigee.environments.get", + "apigee.environments.getIamPolicy", + "apigee.hostsecurityreports.list", + "apigee.instanceattachments.list", + "apigee.instances.list", + "apigee.organizations.get", + "apigee.organizations.list", + "apigee.proxies.get", + "apigee.proxies.list", + "apigee.reports.list", + "apigee.securityProfiles.list", + "apigee.sharedflows.get", + "apigee.sharedflows.list", + "apikeys.keys.get", + "apikeys.keys.list", + "appengine.applications.get", + "artifactregistry.locations.list", + "artifactregistry.repositories.getIamPolicy", + "artifactregistry.repositories.list", + "autoscaling.sites.getIamPolicy", + "autoscaling.sites.readRecommendations", + "backupdr.managementServers.getIamPolicy", + "backupdr.managementServers.list", + "baremetalsolution.instances.list", + "baremetalsolution.luns.list", + "baremetalsolution.networks.list", + "baremetalsolution.nfsshares.list", + "baremetalsolution.volumes.list", + "batch.jobs.list", + "bigquery.bireservations.get", + "bigquery.capacityCommitments.get", + "bigquery.capacityCommitments.list", + "bigquery.config.get", + "bigquery.connections.get", + "bigquery.connections.getIamPolicy", + "bigquery.connections.list", + "bigquery.dataPolicies.get", + "bigquery.dataPolicies.getIamPolicy", + "bigquery.dataPolicies.list", + "bigquery.datasets.get", + "bigquery.datasets.getIamPolicy", + "bigquery.datasets.listTagBindings", + "bigquery.jobs.get", + "bigquery.jobs.list", + "bigquery.jobs.listExecutionMetadata", + "bigquery.models.getData", + "bigquery.models.getMetadata", + "bigquery.models.list", + "bigquery.readsessions.getData", + "bigquery.reservationAssignments.list", + "bigquery.reservations.get", + "bigquery.reservations.list", + "bigquery.routines.get", + "bigquery.routines.list", + "bigquery.rowAccessPolicies.getIamPolicy", + "bigquery.rowAccessPolicies.list", + "bigquery.savedqueries.get", + "bigquery.savedqueries.list", + "bigquery.tables.get", + "bigquery.tables.getIamPolicy", + "bigquery.transfers.get", + "bigtable.appProfiles.get", + "bigtable.appProfiles.list", + "bigtable.backups.getIamPolicy", + "bigtable.backups.list", + "bigtable.clusters.get", + "bigtable.clusters.list", + "bigtable.instances.get", + "bigtable.instances.getIamPolicy", + "bigtable.instances.list", + "bigtable.tables.get", + "bigtable.tables.getIamPolicy", + "bigtable.tables.list", + "binaryauthorization.attestors.getIamPolicy", + "binaryauthorization.attestors.list", + "binaryauthorization.policy.get", + "binaryauthorization.policy.getIamPolicy", + "certificatemanager.certissuanceconfigs.list", + "certificatemanager.certmaps.list", + "certificatemanager.certs.list", + "certificatemanager.dnsauthorizations.list", + "certificatemanager.locations.list", + "clientauthconfig.brands.list", + "clientauthconfig.clients.listWithSecrets", + "cloudbuild.builds.get", + "cloudbuild.builds.list", + "cloudbuild.integrations.list", + "cloudbuild.workerpools.list", + "cloudconfig.configs.get", + "clouddeploy.config.get", + "clouddeploy.deliveryPipelines.getIamPolicy", + "clouddeploy.deliveryPipelines.list", + "clouddeploy.locations.list", + "clouddeploy.targets.getIamPolicy", + "clouddeploy.targets.list", + "cloudfunctions.functions.get", + "cloudfunctions.functions.getIamPolicy", + "cloudfunctions.functions.list", + "cloudfunctions.locations.get", + "cloudfunctions.locations.list", + "cloudfunctions.operations.get", + "cloudfunctions.operations.list", + "cloudfunctions.runtimes.list", + "cloudkms.cryptoKeyVersions.get", + "cloudkms.cryptoKeyVersions.list", + "cloudkms.cryptoKeys.get", + "cloudkms.cryptoKeys.getIamPolicy", + "cloudkms.cryptoKeys.list", + "cloudkms.ekmConnections.get", + "cloudkms.ekmConnections.getIamPolicy", + "cloudkms.ekmConnections.list", + "cloudkms.importJobs.get", + "cloudkms.importJobs.getIamPolicy", + "cloudkms.importJobs.list", + "cloudkms.keyRings.get", + "cloudkms.keyRings.getIamPolicy", + "cloudkms.keyRings.list", + "cloudkms.keyRings.listEffectiveTags", + "cloudkms.keyRings.listTagBindings", + "cloudkms.locations.generateRandomBytes", + "cloudkms.locations.get", + "cloudkms.locations.list", + "cloudscheduler.jobs.get", + "cloudscheduler.jobs.list", + "cloudscheduler.locations.get", + "cloudscheduler.locations.list", + "cloudsecurityscanner.scans.list", + "cloudsql.backupRuns.get", + "cloudsql.backupRuns.list", + "cloudsql.databases.get", + "cloudsql.databases.list", + "cloudsql.instances.get", + "cloudsql.instances.list", + "cloudsql.instances.listEffectiveTags", + "cloudsql.instances.listServerCas", + "cloudsql.instances.listTagBindings", + "cloudsql.sslCerts.get", + "cloudsql.sslCerts.list", + "cloudsql.users.get", + "cloudsql.users.list", + "cloudsupport.techCases.list", + "cloudtasks.locations.list", + "cloudtasks.queues.list", + "cloudtasks.tasks.list", + "cloudtranslate.customModels.list", + "cloudtranslate.datasets.list", + "cloudtranslate.glossaries.list", + "cloudtranslate.locations.list", + "composer.environments.get", + "composer.environments.list", + "composer.imageversions.list", + "compute.acceleratorTypes.get", + "compute.acceleratorTypes.list", + "compute.addresses.get", + "compute.addresses.list", + "compute.autoscalers.get", + "compute.autoscalers.list", + "compute.backendBuckets.get", + "compute.backendBuckets.getIamPolicy", + "compute.backendBuckets.list", + "compute.backendServices.get", + "compute.backendServices.getIamPolicy", + "compute.backendServices.list", + "compute.commitments.get", + "compute.commitments.list", + "compute.diskTypes.get", + "compute.diskTypes.list", + "compute.disks.createSnapshot", + "compute.disks.get", + "compute.disks.getIamPolicy", + "compute.disks.list", + "compute.disks.listEffectiveTags", + "compute.disks.listTagBindings", + "compute.disks.useReadOnly", + "compute.externalVpnGateways.get", + "compute.externalVpnGateways.list", + "compute.firewallPolicies.get", + "compute.firewallPolicies.getIamPolicy", + "compute.firewallPolicies.list", + "compute.firewalls.get", + "compute.firewalls.list", + "compute.forwardingRules.get", + "compute.forwardingRules.list", + "compute.globalAddresses.get", + "compute.globalAddresses.list", + "compute.globalForwardingRules.get", + "compute.globalForwardingRules.list", + "compute.globalForwardingRules.pscGet", + "compute.globalNetworkEndpointGroups.get", + "compute.globalNetworkEndpointGroups.list", + "compute.globalOperations.get", + "compute.globalOperations.getIamPolicy", + "compute.globalOperations.list", + "compute.globalPublicDelegatedPrefixes.get", + "compute.globalPublicDelegatedPrefixes.list", + "compute.healthChecks.get", + "compute.healthChecks.list", + "compute.healthChecks.useReadOnly", + "compute.httpHealthChecks.get", + "compute.httpHealthChecks.list", + "compute.httpHealthChecks.useReadOnly", + "compute.httpsHealthChecks.get", + "compute.httpsHealthChecks.list", + "compute.httpsHealthChecks.useReadOnly", + "compute.images.get", + "compute.images.getFromFamily", + "compute.images.getIamPolicy", + "compute.images.list", + "compute.images.listEffectiveTags", + "compute.images.listTagBindings", + "compute.images.useReadOnly", + "compute.instanceGroupManagers.get", + "compute.instanceGroupManagers.list", + "compute.instanceGroups.get", + "compute.instanceGroups.list", + "compute.instanceTemplates.get", + "compute.instanceTemplates.getIamPolicy", + "compute.instanceTemplates.list", + "compute.instanceTemplates.useReadOnly", + "compute.instances.get", + "compute.instances.getEffectiveFirewalls", + "compute.instances.getGuestAttributes", + "compute.instances.getIamPolicy", + "compute.instances.getScreenshot", + "compute.instances.getSerialPortOutput", + "compute.instances.getShieldedInstanceIdentity", + "compute.instances.getShieldedVmIdentity", + "compute.instances.list", + "compute.instances.listEffectiveTags", + "compute.instances.listReferrers", + "compute.instances.listTagBindings", + "compute.instances.useReadOnly", + "compute.interconnectAttachments.get", + "compute.interconnectAttachments.list", + "compute.interconnectLocations.get", + "compute.interconnectLocations.list", + "compute.interconnects.get", + "compute.interconnects.list", + "compute.licenseCodes.get", + "compute.licenseCodes.getIamPolicy", + "compute.licenseCodes.list", + "compute.licenses.get", + "compute.licenses.getIamPolicy", + "compute.licenses.list", + "compute.machineImages.get", + "compute.machineImages.getIamPolicy", + "compute.machineImages.list", + "compute.machineImages.useReadOnly", + "compute.machineTypes.get", + "compute.machineTypes.list", + "compute.maintenancePolicies.get", + "compute.maintenancePolicies.getIamPolicy", + "compute.maintenancePolicies.list", + "compute.networkAttachments.get", + "compute.networkAttachments.list", + "compute.networkEdgeSecurityServices.get", + "compute.networkEdgeSecurityServices.list", + "compute.networkEndpointGroups.get", + "compute.networkEndpointGroups.getIamPolicy", + "compute.networkEndpointGroups.list", + "compute.networks.get", + "compute.networks.getEffectiveFirewalls", + "compute.networks.getRegionEffectiveFirewalls", + "compute.networks.list", + "compute.networks.listPeeringRoutes", + "compute.nodeGroups.get", + "compute.nodeGroups.getIamPolicy", + "compute.nodeGroups.list", + "compute.nodeTemplates.get", + "compute.nodeTemplates.getIamPolicy", + "compute.nodeTemplates.list", + "compute.nodeTypes.get", + "compute.nodeTypes.list", + "compute.organizations.listAssociations", + "compute.packetMirrorings.get", + "compute.packetMirrorings.list", + "compute.projects.get", + "compute.publicAdvertisedPrefixes.get", + "compute.publicAdvertisedPrefixes.list", + "compute.publicDelegatedPrefixes.get", + "compute.publicDelegatedPrefixes.list", + "compute.regionBackendServices.get", + "compute.regionBackendServices.getIamPolicy", + "compute.regionBackendServices.list", + "compute.regionFirewallPolicies.get", + "compute.regionFirewallPolicies.getIamPolicy", + "compute.regionFirewallPolicies.list", + "compute.regionHealthCheckServices.get", + "compute.regionHealthCheckServices.list", + "compute.regionHealthChecks.get", + "compute.regionHealthChecks.list", + "compute.regionHealthChecks.useReadOnly", + "compute.regionNetworkEndpointGroups.get", + "compute.regionNetworkEndpointGroups.list", + "compute.regionNotificationEndpoints.get", + "compute.regionNotificationEndpoints.list", + "compute.regionOperations.get", + "compute.regionOperations.getIamPolicy", + "compute.regionOperations.list", + "compute.regionSecurityPolicies.get", + "compute.regionSecurityPolicies.list", + "compute.regionSslCertificates.get", + "compute.regionSslCertificates.list", + "compute.regionSslPolicies.get", + "compute.regionSslPolicies.list", + "compute.regionSslPolicies.listAvailableFeatures", + "compute.regionTargetHttpProxies.get", + "compute.regionTargetHttpProxies.list", + "compute.regionTargetHttpsProxies.get", + "compute.regionTargetHttpsProxies.list", + "compute.regionTargetTcpProxies.get", + "compute.regionTargetTcpProxies.list", + "compute.regionUrlMaps.get", + "compute.regionUrlMaps.list", + "compute.regions.get", + "compute.regions.list", + "compute.reservations.get", + "compute.reservations.getIamPolicy", + "compute.reservations.list", + "compute.resourcePolicies.get", + "compute.resourcePolicies.getIamPolicy", + "compute.resourcePolicies.list", + "compute.routers.get", + "compute.routers.list", + "compute.routes.get", + "compute.routes.list", + "compute.securityPolicies.get", + "compute.securityPolicies.getIamPolicy", + "compute.securityPolicies.list", + "compute.serviceAttachments.get", + "compute.serviceAttachments.getIamPolicy", + "compute.serviceAttachments.list", + "compute.snapshots.get", + "compute.snapshots.getIamPolicy", + "compute.snapshots.list", + "compute.snapshots.listEffectiveTags", + "compute.snapshots.listTagBindings", + "compute.sslCertificates.get", + "compute.sslCertificates.list", + "compute.sslPolicies.get", + "compute.sslPolicies.list", + "compute.sslPolicies.listAvailableFeatures", + "compute.subnetworks.get", + "compute.subnetworks.getIamPolicy", + "compute.subnetworks.list", + "compute.targetGrpcProxies.get", + "compute.targetGrpcProxies.list", + "compute.targetHttpProxies.get", + "compute.targetHttpProxies.list", + "compute.targetHttpsProxies.get", + "compute.targetHttpsProxies.list", + "compute.targetInstances.get", + "compute.targetInstances.list", + "compute.targetPools.get", + "compute.targetPools.list", + "compute.targetSslProxies.get", + "compute.targetSslProxies.list", + "compute.targetTcpProxies.get", + "compute.targetTcpProxies.list", + "compute.targetVpnGateways.get", + "compute.targetVpnGateways.list", + "compute.urlMaps.get", + "compute.urlMaps.list", + "compute.vpnGateways.get", + "compute.vpnGateways.list", + "compute.vpnTunnels.get", + "compute.vpnTunnels.list", + "compute.zoneOperations.get", + "compute.zoneOperations.getIamPolicy", + "compute.zoneOperations.list", + "compute.zones.get", + "compute.zones.list", + "container.apiServices.get", + "container.apiServices.getStatus", + "container.apiServices.list", + "container.auditSinks.get", + "container.auditSinks.list", + "container.backendConfigs.get", + "container.backendConfigs.list", + "container.bindings.get", + "container.bindings.list", + "container.certificateSigningRequests.get", + "container.certificateSigningRequests.getStatus", + "container.certificateSigningRequests.list", + "container.clusterRoleBindings.get", + "container.clusterRoleBindings.list", + "container.clusterRoles.get", + "container.clusterRoles.list", + "container.clusters.get", + "container.clusters.getCredentials", + "container.clusters.list", + "container.clusters.listEffectiveTags", + "container.clusters.listTagBindings", + "container.componentStatuses.get", + "container.componentStatuses.list", + "container.configMaps.get", + "container.configMaps.list", + "container.controllerRevisions.get", + "container.controllerRevisions.list", + "container.cronJobs.get", + "container.cronJobs.getStatus", + "container.cronJobs.list", + "container.csiDrivers.get", + "container.csiDrivers.list", + "container.csiNodeInfos.get", + "container.csiNodeInfos.list", + "container.csiNodes.get", + "container.csiNodes.list", + "container.customResourceDefinitions.get", + "container.customResourceDefinitions.getStatus", + "container.customResourceDefinitions.list", + "container.daemonSets.get", + "container.daemonSets.getStatus", + "container.daemonSets.list", + "container.deployments.get", + "container.deployments.getStatus", + "container.deployments.list", + "container.endpointSlices.get", + "container.endpointSlices.list", + "container.endpoints.get", + "container.endpoints.list", + "container.events.get", + "container.events.list", + "container.frontendConfigs.get", + "container.frontendConfigs.list", + "container.horizontalPodAutoscalers.get", + "container.horizontalPodAutoscalers.getStatus", + "container.horizontalPodAutoscalers.list", + "container.ingresses.get", + "container.ingresses.getStatus", + "container.ingresses.list", + "container.initializerConfigurations.get", + "container.initializerConfigurations.list", + "container.jobs.get", + "container.jobs.getStatus", + "container.jobs.list", + "container.leases.get", + "container.leases.list", + "container.limitRanges.get", + "container.limitRanges.list", + "container.localSubjectAccessReviews.list", + "container.managedCertificates.get", + "container.managedCertificates.list", + "container.mutatingWebhookConfigurations.get", + "container.mutatingWebhookConfigurations.list", + "container.namespaces.get", + "container.namespaces.getStatus", + "container.namespaces.list", + "container.networkPolicies.get", + "container.networkPolicies.list", + "container.nodes.get", + "container.nodes.getStatus", + "container.nodes.list", + "container.operations.get", + "container.operations.list", + "container.persistentVolumeClaims.get", + "container.persistentVolumeClaims.getStatus", + "container.persistentVolumeClaims.list", + "container.persistentVolumes.get", + "container.persistentVolumes.getStatus", + "container.persistentVolumes.list", + "container.petSets.get", + "container.petSets.list", + "container.podDisruptionBudgets.get", + "container.podDisruptionBudgets.getStatus", + "container.podDisruptionBudgets.list", + "container.podPresets.get", + "container.podPresets.list", + "container.podSecurityPolicies.get", + "container.podSecurityPolicies.list", + "container.podTemplates.get", + "container.podTemplates.list", + "container.pods.get", + "container.pods.getLogs", + "container.pods.getStatus", + "container.pods.list", + "container.priorityClasses.get", + "container.priorityClasses.list", + "container.replicaSets.get", + "container.replicaSets.getScale", + "container.replicaSets.getStatus", + "container.replicaSets.list", + "container.replicationControllers.get", + "container.replicationControllers.getScale", + "container.replicationControllers.getStatus", + "container.replicationControllers.list", + "container.resourceQuotas.get", + "container.resourceQuotas.getStatus", + "container.resourceQuotas.list", + "container.roleBindings.get", + "container.roleBindings.list", + "container.roles.get", + "container.roles.list", + "container.runtimeClasses.get", + "container.runtimeClasses.list", + "container.scheduledJobs.get", + "container.scheduledJobs.list", + "container.selfSubjectAccessReviews.list", + "container.serviceAccounts.get", + "container.serviceAccounts.list", + "container.services.get", + "container.services.getStatus", + "container.services.list", + "container.statefulSets.get", + "container.statefulSets.getScale", + "container.statefulSets.getStatus", + "container.statefulSets.list", + "container.storageClasses.get", + "container.storageClasses.list", + "container.storageStates.get", + "container.storageStates.getStatus", + "container.storageStates.list", + "container.storageVersionMigrations.get", + "container.storageVersionMigrations.getStatus", + "container.storageVersionMigrations.list", + "container.subjectAccessReviews.list", + "container.thirdPartyObjects.get", + "container.thirdPartyObjects.list", + "container.thirdPartyResources.get", + "container.thirdPartyResources.list", + "container.updateInfos.get", + "container.updateInfos.list", + "container.validatingWebhookConfigurations.get", + "container.validatingWebhookConfigurations.list", + "container.volumeAttachments.get", + "container.volumeAttachments.getStatus", + "container.volumeAttachments.list", + "container.volumeSnapshotClasses.get", + "container.volumeSnapshotClasses.list", + "container.volumeSnapshotContents.get", + "container.volumeSnapshotContents.getStatus", + "container.volumeSnapshotContents.list", + "container.volumeSnapshots.get", + "container.volumeSnapshots.getStatus", + "container.volumeSnapshots.list", + "containeranalysis.occurrences.list", + "datacatalog.entryGroups.get", + "datacatalog.entryGroups.getIamPolicy", + "datacatalog.entryGroups.list", + "datacatalog.taxonomies.get", + "datacatalog.taxonomies.getIamPolicy", + "datacatalog.taxonomies.list", + "datafusion.instances.getIamPolicy", + "datafusion.instances.list", + "datamigration.connectionprofiles.getIamPolicy", + "datamigration.connectionprofiles.list", + "datamigration.conversionworkspaces.getIamPolicy", + "datamigration.conversionworkspaces.list", + "datamigration.migrationjobs.getIamPolicy", + "datamigration.migrationjobs.list", + "datamigration.privateconnections.getIamPolicy", + "datamigration.privateconnections.list", + "dataplex.assetActions.list", + "dataplex.assets.getIamPolicy", + "dataplex.assets.list", + "dataplex.content.getIamPolicy", + "dataplex.content.list", + "dataplex.entities.list", + "dataplex.environments.getIamPolicy", + "dataplex.environments.list", + "dataplex.lakeActions.list", + "dataplex.lakes.getIamPolicy", + "dataplex.lakes.list", + "dataplex.tasks.getIamPolicy", + "dataplex.tasks.list", + "dataplex.zoneActions.list", + "dataplex.zones.getIamPolicy", + "dataplex.zones.list", + "dataproc.agents.get", + "dataproc.agents.list", + "dataproc.autoscalingPolicies.get", + "dataproc.autoscalingPolicies.getIamPolicy", + "dataproc.autoscalingPolicies.list", + "dataproc.batches.get", + "dataproc.batches.list", + "dataproc.clusters.get", + "dataproc.clusters.getIamPolicy", + "dataproc.clusters.list", + "dataproc.jobs.get", + "dataproc.jobs.getIamPolicy", + "dataproc.jobs.list", + "dataproc.operations.get", + "dataproc.operations.getIamPolicy", + "dataproc.operations.list", + "dataproc.tasks.listInvalidatedLeases", + "dataproc.workflowTemplates.get", + "dataproc.workflowTemplates.getIamPolicy", + "dataproc.workflowTemplates.list", + "dataprocessing.datasources.get", + "dataprocessing.datasources.list", + "dataprocessing.featurecontrols.list", + "dataprocessing.groupcontrols.get", + "dataprocessing.groupcontrols.list", + "datastore.databases.list", + "datastore.indexes.list", + "datastream.connectionProfiles.list", + "datastream.locations.list", + "datastream.privateConnections.list", + "datastream.streams.list", + "deploymentmanager.deployments.getIamPolicy", + "deploymentmanager.deployments.list", + "deploymentmanager.manifests.list", + "dlp.deidentifyTemplates.list", + "dlp.inspectTemplates.list", + "dlp.jobTriggers.list", + "dlp.storedInfoTypes.list", + "dns.changes.get", + "dns.changes.list", + "dns.dnsKeys.get", + "dns.dnsKeys.list", + "dns.managedZoneOperations.get", + "dns.managedZoneOperations.list", + "dns.managedZones.get", + "dns.managedZones.getIamPolicy", + "dns.managedZones.list", + "dns.policies.get", + "dns.policies.getIamPolicy", + "dns.policies.list", + "dns.projects.get", + "dns.resourceRecordSets.get", + "dns.resourceRecordSets.list", + "dns.responsePolicies.get", + "dns.responsePolicies.list", + "dns.responsePolicyRules.get", + "dns.responsePolicyRules.list", + "essentialcontacts.contacts.list", + "eventarc.channelConnections.get", + "eventarc.channelConnections.getIamPolicy", + "eventarc.channelConnections.list", + "eventarc.channels.get", + "eventarc.channels.getIamPolicy", + "eventarc.channels.list", + "eventarc.googleChannelConfigs.get", + "eventarc.locations.get", + "eventarc.locations.list", + "eventarc.operations.get", + "eventarc.operations.list", + "eventarc.providers.get", + "eventarc.providers.list", + "eventarc.triggers.get", + "eventarc.triggers.getIamPolicy", + "eventarc.triggers.list", + "file.backups.list", + "file.instances.list", + "file.snapshots.list", + "firebaseappdistro.testers.list", + "firebaseauth.configs.get", + "firebaseauth.users.get", + "firebasedatabase.instances.list", + "firebasedatabase.instances.update", + "firebasehosting.sites.get", + "firebaserules.releases.list", + "firebaserules.rulesets.get", + "firebaserules.rulesets.list", + "gkehub.features.getIamPolicy", + "gkehub.features.list", + "gkehub.locations.list", + "gkehub.memberships.getIamPolicy", + "gkehub.memberships.list", + "healthcare.datasets.get", + "healthcare.datasets.getIamPolicy", + "healthcare.datasets.list", + "healthcare.locations.list", + "iam.denypolicies.get", + "iam.denypolicies.list", + "iam.googleapis.com/workforcePoolProviders.get", + "iam.googleapis.com/workforcePoolProviders.list", + "iam.googleapis.com/workforcePools.get", + "iam.googleapis.com/workforcePools.getIamPolicy", + "iam.googleapis.com/workforcePools.list", + "iam.googleapis.com/workloadIdentityPoolProviders.get", + "iam.googleapis.com/workloadIdentityPoolProviders.list", + "iam.googleapis.com/workloadIdentityPools.get", + "iam.googleapis.com/workloadIdentityPools.list", + "iam.roles.get", + "iam.roles.list", + "iam.serviceAccountKeys.get", + "iam.serviceAccountKeys.list", + "iam.serviceAccounts.get", + "iam.serviceAccounts.getIamPolicy", + "iam.serviceAccounts.list", + "iam.workloadIdentityPoolProviders.list", + "iam.workloadIdentityPools.list", + "identitytoolkit.tenants.get", + "identitytoolkit.tenants.getIamPolicy", + "identitytoolkit.tenants.list", + "integrations.integrationVersions.list", + "integrations.integrations.list", + "logging.buckets.get", + "logging.buckets.list", + "logging.cmekSettings.get", + "logging.exclusions.get", + "logging.exclusions.list", + "logging.links.get", + "logging.links.list", + "logging.locations.get", + "logging.locations.list", + "logging.logEntries.list", + "logging.logMetrics.get", + "logging.logMetrics.list", + "logging.logServiceIndexes.list", + "logging.logServices.list", + "logging.logs.list", + "logging.notificationRules.get", + "logging.notificationRules.list", + "logging.operations.get", + "logging.operations.list", + "logging.queries.get", + "logging.queries.list", + "logging.queries.listShared", + "logging.sinks.get", + "logging.sinks.list", + "logging.usage.get", + "logging.views.access", + "logging.views.get", + "logging.views.list", + "logging.views.listLogs", + "logging.views.listResourceKeys", + "logging.views.listResourceValues", + "looker.instances.get", + "looker.instances.list", + "managedidentities.domains.get", + "managedidentities.domains.getIamPolicy", + "managedidentities.domains.list", + "managedidentities.sqlintegrations.list", + "memcache.instances.list", + "memcache.locations.list", + "metastore.federations.getIamPolicy", + "metastore.federations.list", + "metastore.locations.list", + "metastore.services.getIamPolicy", + "metastore.services.list", + "ml.jobs.get", + "ml.jobs.getIamPolicy", + "ml.jobs.list", + "ml.models.getIamPolicy", + "ml.models.list", + "monitoring.alertPolicies.get", + "monitoring.alertPolicies.list", + "monitoring.dashboards.get", + "monitoring.dashboards.list", + "monitoring.groups.get", + "monitoring.groups.list", + "monitoring.metricDescriptors.get", + "monitoring.metricDescriptors.list", + "monitoring.monitoredResourceDescriptors.get", + "monitoring.monitoredResourceDescriptors.list", + "monitoring.notificationChannelDescriptors.get", + "monitoring.notificationChannelDescriptors.list", + "monitoring.notificationChannels.get", + "monitoring.notificationChannels.list", + "monitoring.publicWidgets.get", + "monitoring.publicWidgets.list", + "monitoring.services.get", + "monitoring.services.list", + "monitoring.slos.get", + "monitoring.slos.list", + "monitoring.snoozes.list", + "monitoring.timeSeries.list", + "monitoring.uptimeCheckConfigs.get", + "monitoring.uptimeCheckConfigs.list", + "networkconnectivity.hubs.getIamPolicy", + "networkconnectivity.hubs.list", + "networkconnectivity.locations.list", + "networkconnectivity.spokes.getIamPolicy", + "networkconnectivity.spokes.list", + "networksecurity.authorizationPolicies.getIamPolicy", + "networksecurity.authorizationPolicies.list", + "networksecurity.clientTlsPolicies.getIamPolicy", + "networksecurity.clientTlsPolicies.list", + "networksecurity.gatewaySecurityPolicies.list", + "networksecurity.gatewaySecurityPolicyRules.list", + "networksecurity.serverTlsPolicies.getIamPolicy", + "networksecurity.serverTlsPolicies.list", + "networksecurity.urlLists.list", + "networkservices.gateways.list", + "networkservices.grpcRoutes.list", + "networkservices.httpRoutes.list", + "networkservices.locations.list", + "networkservices.tcpRoutes.list", + "networkservices.tlsRoutes.list", + "notebooks.environments.list", + "notebooks.instances.checkUpgradability", + "notebooks.instances.getHealth", + "notebooks.instances.getIamPolicy", + "notebooks.instances.list", + "notebooks.locations.list", + "notebooks.runtimes.list", + "notebooks.schedules.list", + "orgpolicy.constraints.list", + "orgpolicy.policy.get", + "policyanalyzer.serviceAccountLastAuthenticationActivities.query", + "privateca.caPools.getIamPolicy", + "privateca.caPools.list", + "privateca.certificateAuthorities.list", + "privateca.certificateRevocationLists.getIamPolicy", + "privateca.certificateRevocationLists.list", + "privateca.certificateTemplates.getIamPolicy", + "privateca.certificateTemplates.list", + "privateca.certificates.list", + "privateca.locations.list", + "pubsub.schemas.get", + "pubsub.schemas.getIamPolicy", + "pubsub.schemas.list", + "pubsub.snapshots.get", + "pubsub.snapshots.list", + "pubsub.snapshots.seek", + "pubsub.subscriptions.get", + "pubsub.subscriptions.getIamPolicy", + "pubsub.subscriptions.list", + "pubsub.topics.get", + "pubsub.topics.getIamPolicy", + "pubsub.topics.list", + "recaptchaenterprise.keys.list", + "recommender.computeFirewallInsights.list", + "recommender.iamPolicyLateralMovementInsights.list", + "recommender.iamPolicyRecommendations.list", + "recommender.iamServiceAccountInsights.list", + "recommender.locations.get", + "recommender.locations.list", + "recommender.runServiceIdentityInsights.get", + "recommender.runServiceIdentityInsights.list", + "recommender.runServiceIdentityRecommendations.get", + "recommender.runServiceIdentityRecommendations.list", + "recommender.runServiceSecurityInsights.get", + "recommender.runServiceSecurityInsights.list", + "recommender.runServiceSecurityRecommendations.get", + "recommender.runServiceSecurityRecommendations.list", + "redis.instances.get", + "redis.instances.list", + "redis.locations.get", + "redis.locations.list", + "redis.operations.get", + "redis.operations.list", + "remotebuildexecution.blobs.get", + "resourcemanager.folders.get", + "resourcemanager.folders.getIamPolicy", + "resourcemanager.hierarchyNodes.listEffectiveTags", + "resourcemanager.hierarchyNodes.listTagBindings", + "resourcemanager.organizations.getIamPolicy", + "resourcemanager.projects.get", + "resourcemanager.projects.getIamPolicy", + "resourcemanager.projects.list", + "resourcemanager.tagHolds.list", + "resourcemanager.tagKeys.get", + "resourcemanager.tagKeys.getIamPolicy", + "resourcemanager.tagKeys.list", + "resourcemanager.tagValues.get", + "resourcemanager.tagValues.getIamPolicy", + "resourcemanager.tagValues.list", + "run.configurations.get", + "run.configurations.list", + "run.executions.get", + "run.executions.list", + "run.jobs.get", + "run.jobs.getIamPolicy", + "run.jobs.list", + "run.locations.list", + "run.operations.get", + "run.operations.list", + "run.revisions.get", + "run.revisions.list", + "run.routes.get", + "run.routes.list", + "run.services.get", + "run.services.getIamPolicy", + "run.services.list", + "run.services.listEffectiveTags", + "run.services.listTagBindings", + "run.tasks.get", + "run.tasks.list", + "secretmanager.secrets.getIamPolicy", + "secretmanager.secrets.list", + "secretmanager.versions.list", + "securitycenter.muteconfigs.list", + "securitycenter.notificationconfig.list", + "securitycenter.organizationsettings.get", + "securitycenter.sources.list", + "servicedirectory.endpoints.list", + "servicedirectory.namespaces.getIamPolicy", + "servicedirectory.namespaces.list", + "servicedirectory.services.getIamPolicy", + "servicedirectory.services.list", + "serviceusage.quotas.get", + "serviceusage.services.get", + "serviceusage.services.list", + "serviceusage.services.use", + "source.repos.getIamPolicy", + "source.repos.list", + "spanner.backups.getIamPolicy", + "spanner.backups.list", + "spanner.databases.getIamPolicy", + "spanner.databases.list", + "spanner.instanceConfigs.list", + "spanner.instances.getIamPolicy", + "spanner.instances.list", + "speech.customClasses.list", + "speech.phraseSets.list", + "storage.buckets.get", + "storage.buckets.getIamPolicy", + "storage.buckets.list", + "storage.buckets.listEffectiveTags", + "storage.buckets.listTagBindings", + "storage.hmacKeys.get", + "storage.hmacKeys.list", + "storage.objects.get", + "storage.objects.list", + "storagetransfer.agentpools.list", + "storagetransfer.jobs.list", + "vmwareengine.clusters.getIamPolicy", + "vmwareengine.clusters.list", + "vmwareengine.hcxActivationKeys.getIamPolicy", + "vmwareengine.hcxActivationKeys.list", + "vmwareengine.locations.list", + "vmwareengine.networkPolicies.list", + "vmwareengine.privateClouds.getIamPolicy", + "vmwareengine.subnets.list", + "vmwareengine.vmwareEngineNetworks.list", + "vpcaccess.connectors.list", + "vpcaccess.locations.list", + "workflows.locations.list", + "workflows.workflows.list", + "workstations.workstationClusters.list", + "workstations.workstationConfigs.getIamPolicy", + "workstations.workstationConfigs.list", + "workstations.workstations.getIamPolicy", + "workstations.workstations.list" + ], + "type": "list" + }, + "org_services": { + "default": [ + "accesscontextmanager.googleapis.com" + ], + "type": "list" + }, + "project_services": { + "default": [ + "accessapproval.googleapis.com", + "aiplatform.googleapis.com", + "alloydb.googleapis.com", + "analyticshub.googleapis.com", + "apigateway.googleapis.com", + "apigee.googleapis.com", + "apikeys.googleapis.com", + "appengine.googleapis.com", + "artifactregistry.googleapis.com", + "biglake.googleapis.com", + "bigquery.googleapis.com", + "bigquerydatatransfer.googleapis.com", + "bigtableadmin.googleapis.com", + "binaryauthorization.googleapis.com", + "certificatemanager.googleapis.com", + "cloudasset.googleapis.com", + "cloudbilling.googleapis.com", + "cloudbuild.googleapis.com", + "clouddeploy.googleapis.com", + "cloudfunctions.googleapis.com", + "cloudkms.googleapis.com", + "cloudresourcemanager.googleapis.com", + "cloudsupport.googleapis.com", + "cloudtasks.googleapis.com", + "composer.googleapis.com", + "compute.googleapis.com", + "container.googleapis.com", + "containeranalysis.googleapis.com", + "datacatalog.googleapis.com", + "datafusion.googleapis.com", + "datamigration.googleapis.com", + "dataplex.googleapis.com", + "dataproc.googleapis.com", + "datastore.googleapis.com", + "datastream.googleapis.com", + "deploymentmanager.googleapis.com", + "dlp.googleapis.com", + "dns.googleapis.com", + "domains.googleapis.com", + "essentialcontacts.googleapis.com", + "eventarc.googleapis.com", + "file.googleapis.com", + "firebaseappdistribution.googleapis.com", + "firebasehosting.googleapis.com", + "firebaseremoteconfig.googleapis.com", + "firebaserules.googleapis.com", + "firestore.googleapis.com", + "gkehub.googleapis.com", + "healthcare.googleapis.com", + "iam.googleapis.com", + "iap.googleapis.com", + "identitytoolkit.googleapis.com", + "logging.googleapis.com", + "managedidentities.googleapis.com", + "memcache.googleapis.com", + "metastore.googleapis.com", + "ml.googleapis.com", + "monitoring.googleapis.com", + "networkconnectivity.googleapis.com", + "networksecurity.googleapis.com", + "networkservices.googleapis.com", + "notebooks.googleapis.com", + "orgpolicy.googleapis.com", + "policyanalyzer.googleapis.com", + "privateca.googleapis.com", + "pubsub.googleapis.com", + "recaptchaenterprise.googleapis.com", + "recommender.googleapis.com", + "redis.googleapis.com", + "run.googleapis.com", + "secretmanager.googleapis.com", + "securitycenter.googleapis.com", + "servicedirectory.googleapis.com", + "serviceusage.googleapis.com", + "spanner.googleapis.com", + "speech.googleapis.com", + "sql-component.googleapis.com", + "storage-component.googleapis.com", + "storagetransfer.googleapis.com", + "translate.googleapis.com", + "vmwareengine.googleapis.com", + "vpcaccess.googleapis.com", + "websecurityscanner.googleapis.com", + "workflows.googleapis.com", + "workstations.googleapis.com" + ], + "type": "list" + } + }, + "terraform": { + "required_providers": { + "random": "~> 3.1", + "google-beta": "~> 3.90", + "google": "~> 3.90" + } + } +} \ No newline at end of file From 1ba7d023baad4d70d0370babee6c64ea8383944b Mon Sep 17 00:00:00 2001 From: robertocolella Date: Tue, 15 Oct 2024 17:54:07 +0200 Subject: [PATCH 2/2] deleted: pr/prisma-cloud-gcp-terraform-1728940260.tf.json --- ...sma-cloud-gcp-terraform-1728940260.tf.json | 1177 ----------------- 1 file changed, 1177 deletions(-) delete mode 100644 pr/prisma-cloud-gcp-terraform-1728940260.tf.json diff --git a/pr/prisma-cloud-gcp-terraform-1728940260.tf.json b/pr/prisma-cloud-gcp-terraform-1728940260.tf.json deleted file mode 100644 index cb8e01ea6..000000000 --- a/pr/prisma-cloud-gcp-terraform-1728940260.tf.json +++ /dev/null @@ -1,1177 +0,0 @@ -{ - "output": { - "user_instruction": { - "value": "Successfully Configured !!\n\n What to do next ?\n\t1. Please download the file ${local_file.key.filename}\n\nUse the downloaded JSON file and Proceed at Prisma Cloud UI" - } - }, - "provider": { - "random": {}, - "google": {} - }, - "resource": { - "random_string": { - "unique_id": { - "special": false, - "length": 5, - "min_lower": 5 - } - }, - "google_service_account": { - "prisma_cloud_service_account": { - "account_id": "prisma-cloud-serv-${random_string.unique_id.result}", - "project": "${var.project_id}", - "display_name": "Prisma Cloud Service Account" - } - }, - "google_organization_iam_custom_role": { - "prisma_cloud_organization_custom_role": { - "role_id": "prismaCloudViewer${random_string.unique_id.result}", - "org_id": "${var.org_id}", - "permissions": "${var.org_iam_policy_custom_role_permissions}", - "description": "This is a custom role created for Prisma Cloud. Contains granular additional permission which is not covered by built-in roles", - "title": "Prisma Cloud Viewer ${random_string.unique_id.result}" - } - }, - "google_service_account_key": { - "prisma_cloud_service_account_key": { - "service_account_id": "${google_service_account.prisma_cloud_service_account.name}" - } - }, - "google_project_service": { - "project_apis": { - "service": "${var.project_services[count.index]}", - "disable_on_destroy": false, - "count": "${length(var.project_services)}", - "project": "${var.project_id}" - }, - "org_onboarding_apis": { - "service": "${var.org_services[count.index]}", - "count": "${length(var.org_services)}", - "project": "${var.project_id}" - } - }, - "local_file": { - "key": { - "filename": "${var.project_id}-${random_string.unique_id.result}.json", - "content": "${base64decode(google_service_account_key.prisma_cloud_service_account_key.private_key)}" - } - }, - "google_organization_iam_member": { - "bind_custom_role_to_org_iam_policy": { - "role": "organizations/${var.org_id}/roles/${google_organization_iam_custom_role.prisma_cloud_organization_custom_role.role_id}", - "org_id": "${var.org_id}", - "member": "serviceAccount:${google_service_account.prisma_cloud_service_account.email}" - }, - "bind_managed_roles_to_org_iam_policy": { - "role": "${var.org_iam_policy_managed_roles[count.index]}", - "org_id": "${var.org_id}", - "count": "${length(var.org_iam_policy_managed_roles)}", - "member": "serviceAccount:${google_service_account.prisma_cloud_service_account.email}" - } - } - }, - "variable": { - "project_id": { - "type": "string" - }, - "org_id": { - "default": "123", - "type": "string" - }, - "org_iam_policy_managed_roles": { - "default": [ - "roles/cloudfunctions.viewer", - "roles/container.clusterViewer", - "roles/iam.organizationRoleViewer", - "roles/resourcemanager.folderViewer", - "roles/storage.objectViewer", - "roles/viewer" - ], - "type": "list" - }, - "org_iam_policy_custom_role_permissions": { - "default": [ - "accessapproval.settings.get", - "accesscontextmanager.accessLevels.list", - "accesscontextmanager.accessPolicies.list", - "accesscontextmanager.policies.list", - "accesscontextmanager.servicePerimeters.list", - "aiplatform.batchPredictionJobs.list", - "aiplatform.customJobs.list", - "aiplatform.datasets.list", - "aiplatform.deploymentResourcePools.list", - "aiplatform.endpoints.list", - "aiplatform.entityTypes.getIamPolicy", - "aiplatform.entityTypes.list", - "aiplatform.featureGroups.list", - "aiplatform.featureOnlineStores.list", - "aiplatform.featurestores.getIamPolicy", - "aiplatform.featurestores.list", - "aiplatform.hyperparameterTuningJobs.list", - "aiplatform.indexEndpoints.list", - "aiplatform.indexes.list", - "aiplatform.metadataStores.list", - "aiplatform.modelDeploymentMonitoringJobs.list", - "aiplatform.models.list", - "aiplatform.nasJobs.list", - "aiplatform.notebookRuntimeTemplates.getIamPolicy", - "aiplatform.notebookRuntimeTemplates.list", - "aiplatform.notebookRuntimes.list", - "aiplatform.persistentResources.list", - "aiplatform.pipelineJobs.list", - "aiplatform.specialistPools.list", - "aiplatform.studies.list", - "aiplatform.tensorboards.list", - "aiplatform.trainingPipelines.list", - "aiplatform.tuningJobs.list", - "alloydb.backups.list", - "alloydb.clusters.list", - "alloydb.instances.list", - "alloydb.users.list", - "analyticshub.dataExchanges.list", - "analyticshub.listings.getIamPolicy", - "analyticshub.listings.list", - "apigateway.gateways.get", - "apigateway.gateways.getIamPolicy", - "apigateway.gateways.list", - "apigee.apiproducts.get", - "apigee.apiproducts.list", - "apigee.datacollectors.list", - "apigee.datastores.list", - "apigee.deployments.list", - "apigee.envgroups.list", - "apigee.environments.get", - "apigee.environments.getIamPolicy", - "apigee.hostsecurityreports.list", - "apigee.instanceattachments.list", - "apigee.instances.list", - "apigee.organizations.get", - "apigee.organizations.list", - "apigee.proxies.get", - "apigee.proxies.list", - "apigee.reports.list", - "apigee.securityProfiles.list", - "apigee.sharedflows.get", - "apigee.sharedflows.list", - "apikeys.keys.get", - "apikeys.keys.list", - "appengine.applications.get", - "artifactregistry.locations.list", - "artifactregistry.repositories.getIamPolicy", - "artifactregistry.repositories.list", - "autoscaling.sites.getIamPolicy", - "autoscaling.sites.readRecommendations", - "backupdr.managementServers.getIamPolicy", - "backupdr.managementServers.list", - "baremetalsolution.instances.list", - "baremetalsolution.luns.list", - "baremetalsolution.networks.list", - "baremetalsolution.nfsshares.list", - "baremetalsolution.volumes.list", - "batch.jobs.list", - "bigquery.bireservations.get", - "bigquery.capacityCommitments.get", - "bigquery.capacityCommitments.list", - "bigquery.config.get", - "bigquery.connections.get", - "bigquery.connections.getIamPolicy", - "bigquery.connections.list", - "bigquery.dataPolicies.get", - "bigquery.dataPolicies.getIamPolicy", - "bigquery.dataPolicies.list", - "bigquery.datasets.get", - "bigquery.datasets.getIamPolicy", - "bigquery.datasets.listTagBindings", - "bigquery.jobs.get", - "bigquery.jobs.list", - "bigquery.jobs.listExecutionMetadata", - "bigquery.models.getData", - "bigquery.models.getMetadata", - "bigquery.models.list", - "bigquery.readsessions.getData", - "bigquery.reservationAssignments.list", - "bigquery.reservations.get", - "bigquery.reservations.list", - "bigquery.routines.get", - "bigquery.routines.list", - "bigquery.rowAccessPolicies.getIamPolicy", - "bigquery.rowAccessPolicies.list", - "bigquery.savedqueries.get", - "bigquery.savedqueries.list", - "bigquery.tables.get", - "bigquery.tables.getIamPolicy", - "bigquery.transfers.get", - "bigtable.appProfiles.get", - "bigtable.appProfiles.list", - "bigtable.backups.getIamPolicy", - "bigtable.backups.list", - "bigtable.clusters.get", - "bigtable.clusters.list", - "bigtable.instances.get", - "bigtable.instances.getIamPolicy", - "bigtable.instances.list", - "bigtable.tables.get", - "bigtable.tables.getIamPolicy", - "bigtable.tables.list", - "binaryauthorization.attestors.getIamPolicy", - "binaryauthorization.attestors.list", - "binaryauthorization.policy.get", - "binaryauthorization.policy.getIamPolicy", - "certificatemanager.certissuanceconfigs.list", - "certificatemanager.certmaps.list", - "certificatemanager.certs.list", - "certificatemanager.dnsauthorizations.list", - "certificatemanager.locations.list", - "clientauthconfig.brands.list", - "clientauthconfig.clients.listWithSecrets", - "cloudbuild.builds.get", - "cloudbuild.builds.list", - "cloudbuild.integrations.list", - "cloudbuild.workerpools.list", - "cloudconfig.configs.get", - "clouddeploy.config.get", - "clouddeploy.deliveryPipelines.getIamPolicy", - "clouddeploy.deliveryPipelines.list", - "clouddeploy.locations.list", - "clouddeploy.targets.getIamPolicy", - "clouddeploy.targets.list", - "cloudfunctions.functions.get", - "cloudfunctions.functions.getIamPolicy", - "cloudfunctions.functions.list", - "cloudfunctions.locations.get", - "cloudfunctions.locations.list", - "cloudfunctions.operations.get", - "cloudfunctions.operations.list", - "cloudfunctions.runtimes.list", - "cloudkms.cryptoKeyVersions.get", - "cloudkms.cryptoKeyVersions.list", - "cloudkms.cryptoKeys.get", - "cloudkms.cryptoKeys.getIamPolicy", - "cloudkms.cryptoKeys.list", - "cloudkms.ekmConnections.get", - "cloudkms.ekmConnections.getIamPolicy", - "cloudkms.ekmConnections.list", - "cloudkms.importJobs.get", - "cloudkms.importJobs.getIamPolicy", - "cloudkms.importJobs.list", - "cloudkms.keyRings.get", - "cloudkms.keyRings.getIamPolicy", - "cloudkms.keyRings.list", - "cloudkms.keyRings.listEffectiveTags", - "cloudkms.keyRings.listTagBindings", - "cloudkms.locations.generateRandomBytes", - "cloudkms.locations.get", - "cloudkms.locations.list", - "cloudscheduler.jobs.get", - "cloudscheduler.jobs.list", - "cloudscheduler.locations.get", - "cloudscheduler.locations.list", - "cloudsecurityscanner.scans.list", - "cloudsql.backupRuns.get", - "cloudsql.backupRuns.list", - "cloudsql.databases.get", - "cloudsql.databases.list", - "cloudsql.instances.get", - "cloudsql.instances.list", - "cloudsql.instances.listEffectiveTags", - "cloudsql.instances.listServerCas", - "cloudsql.instances.listTagBindings", - "cloudsql.sslCerts.get", - "cloudsql.sslCerts.list", - "cloudsql.users.get", - "cloudsql.users.list", - "cloudsupport.techCases.list", - "cloudtasks.locations.list", - "cloudtasks.queues.list", - "cloudtasks.tasks.list", - "cloudtranslate.customModels.list", - "cloudtranslate.datasets.list", - "cloudtranslate.glossaries.list", - "cloudtranslate.locations.list", - "composer.environments.get", - "composer.environments.list", - "composer.imageversions.list", - "compute.acceleratorTypes.get", - "compute.acceleratorTypes.list", - "compute.addresses.get", - "compute.addresses.list", - "compute.autoscalers.get", - "compute.autoscalers.list", - "compute.backendBuckets.get", - "compute.backendBuckets.getIamPolicy", - "compute.backendBuckets.list", - "compute.backendServices.get", - "compute.backendServices.getIamPolicy", - "compute.backendServices.list", - "compute.commitments.get", - "compute.commitments.list", - "compute.diskTypes.get", - "compute.diskTypes.list", - "compute.disks.createSnapshot", - "compute.disks.get", - "compute.disks.getIamPolicy", - "compute.disks.list", - "compute.disks.listEffectiveTags", - "compute.disks.listTagBindings", - "compute.disks.useReadOnly", - "compute.externalVpnGateways.get", - "compute.externalVpnGateways.list", - "compute.firewallPolicies.get", - "compute.firewallPolicies.getIamPolicy", - "compute.firewallPolicies.list", - "compute.firewalls.get", - "compute.firewalls.list", - "compute.forwardingRules.get", - "compute.forwardingRules.list", - "compute.globalAddresses.get", - "compute.globalAddresses.list", - "compute.globalForwardingRules.get", - "compute.globalForwardingRules.list", - "compute.globalForwardingRules.pscGet", - "compute.globalNetworkEndpointGroups.get", - "compute.globalNetworkEndpointGroups.list", - "compute.globalOperations.get", - "compute.globalOperations.getIamPolicy", - "compute.globalOperations.list", - "compute.globalPublicDelegatedPrefixes.get", - "compute.globalPublicDelegatedPrefixes.list", - "compute.healthChecks.get", - "compute.healthChecks.list", - "compute.healthChecks.useReadOnly", - "compute.httpHealthChecks.get", - "compute.httpHealthChecks.list", - "compute.httpHealthChecks.useReadOnly", - "compute.httpsHealthChecks.get", - "compute.httpsHealthChecks.list", - "compute.httpsHealthChecks.useReadOnly", - "compute.images.get", - "compute.images.getFromFamily", - "compute.images.getIamPolicy", - "compute.images.list", - "compute.images.listEffectiveTags", - "compute.images.listTagBindings", - "compute.images.useReadOnly", - "compute.instanceGroupManagers.get", - "compute.instanceGroupManagers.list", - "compute.instanceGroups.get", - "compute.instanceGroups.list", - "compute.instanceTemplates.get", - "compute.instanceTemplates.getIamPolicy", - "compute.instanceTemplates.list", - "compute.instanceTemplates.useReadOnly", - "compute.instances.get", - "compute.instances.getEffectiveFirewalls", - "compute.instances.getGuestAttributes", - "compute.instances.getIamPolicy", - "compute.instances.getScreenshot", - "compute.instances.getSerialPortOutput", - "compute.instances.getShieldedInstanceIdentity", - "compute.instances.getShieldedVmIdentity", - "compute.instances.list", - "compute.instances.listEffectiveTags", - "compute.instances.listReferrers", - "compute.instances.listTagBindings", - "compute.instances.useReadOnly", - "compute.interconnectAttachments.get", - "compute.interconnectAttachments.list", - "compute.interconnectLocations.get", - "compute.interconnectLocations.list", - "compute.interconnects.get", - "compute.interconnects.list", - "compute.licenseCodes.get", - "compute.licenseCodes.getIamPolicy", - "compute.licenseCodes.list", - "compute.licenses.get", - "compute.licenses.getIamPolicy", - "compute.licenses.list", - "compute.machineImages.get", - "compute.machineImages.getIamPolicy", - "compute.machineImages.list", - "compute.machineImages.useReadOnly", - "compute.machineTypes.get", - "compute.machineTypes.list", - "compute.maintenancePolicies.get", - "compute.maintenancePolicies.getIamPolicy", - "compute.maintenancePolicies.list", - "compute.networkAttachments.get", - "compute.networkAttachments.list", - "compute.networkEdgeSecurityServices.get", - "compute.networkEdgeSecurityServices.list", - "compute.networkEndpointGroups.get", - "compute.networkEndpointGroups.getIamPolicy", - "compute.networkEndpointGroups.list", - "compute.networks.get", - "compute.networks.getEffectiveFirewalls", - "compute.networks.getRegionEffectiveFirewalls", - "compute.networks.list", - "compute.networks.listPeeringRoutes", - "compute.nodeGroups.get", - "compute.nodeGroups.getIamPolicy", - "compute.nodeGroups.list", - "compute.nodeTemplates.get", - "compute.nodeTemplates.getIamPolicy", - "compute.nodeTemplates.list", - "compute.nodeTypes.get", - "compute.nodeTypes.list", - "compute.organizations.listAssociations", - "compute.packetMirrorings.get", - "compute.packetMirrorings.list", - "compute.projects.get", - "compute.publicAdvertisedPrefixes.get", - "compute.publicAdvertisedPrefixes.list", - "compute.publicDelegatedPrefixes.get", - "compute.publicDelegatedPrefixes.list", - "compute.regionBackendServices.get", - "compute.regionBackendServices.getIamPolicy", - "compute.regionBackendServices.list", - "compute.regionFirewallPolicies.get", - "compute.regionFirewallPolicies.getIamPolicy", - "compute.regionFirewallPolicies.list", - "compute.regionHealthCheckServices.get", - "compute.regionHealthCheckServices.list", - "compute.regionHealthChecks.get", - "compute.regionHealthChecks.list", - "compute.regionHealthChecks.useReadOnly", - "compute.regionNetworkEndpointGroups.get", - "compute.regionNetworkEndpointGroups.list", - "compute.regionNotificationEndpoints.get", - "compute.regionNotificationEndpoints.list", - "compute.regionOperations.get", - "compute.regionOperations.getIamPolicy", - "compute.regionOperations.list", - "compute.regionSecurityPolicies.get", - "compute.regionSecurityPolicies.list", - "compute.regionSslCertificates.get", - "compute.regionSslCertificates.list", - "compute.regionSslPolicies.get", - "compute.regionSslPolicies.list", - "compute.regionSslPolicies.listAvailableFeatures", - "compute.regionTargetHttpProxies.get", - "compute.regionTargetHttpProxies.list", - "compute.regionTargetHttpsProxies.get", - "compute.regionTargetHttpsProxies.list", - "compute.regionTargetTcpProxies.get", - "compute.regionTargetTcpProxies.list", - "compute.regionUrlMaps.get", - "compute.regionUrlMaps.list", - "compute.regions.get", - "compute.regions.list", - "compute.reservations.get", - "compute.reservations.getIamPolicy", - "compute.reservations.list", - "compute.resourcePolicies.get", - "compute.resourcePolicies.getIamPolicy", - "compute.resourcePolicies.list", - "compute.routers.get", - "compute.routers.list", - "compute.routes.get", - "compute.routes.list", - "compute.securityPolicies.get", - "compute.securityPolicies.getIamPolicy", - "compute.securityPolicies.list", - "compute.serviceAttachments.get", - "compute.serviceAttachments.getIamPolicy", - "compute.serviceAttachments.list", - "compute.snapshots.get", - "compute.snapshots.getIamPolicy", - "compute.snapshots.list", - "compute.snapshots.listEffectiveTags", - "compute.snapshots.listTagBindings", - "compute.sslCertificates.get", - "compute.sslCertificates.list", - "compute.sslPolicies.get", - "compute.sslPolicies.list", - "compute.sslPolicies.listAvailableFeatures", - "compute.subnetworks.get", - "compute.subnetworks.getIamPolicy", - "compute.subnetworks.list", - "compute.targetGrpcProxies.get", - "compute.targetGrpcProxies.list", - "compute.targetHttpProxies.get", - "compute.targetHttpProxies.list", - "compute.targetHttpsProxies.get", - "compute.targetHttpsProxies.list", - "compute.targetInstances.get", - "compute.targetInstances.list", - "compute.targetPools.get", - "compute.targetPools.list", - "compute.targetSslProxies.get", - "compute.targetSslProxies.list", - "compute.targetTcpProxies.get", - "compute.targetTcpProxies.list", - "compute.targetVpnGateways.get", - "compute.targetVpnGateways.list", - "compute.urlMaps.get", - "compute.urlMaps.list", - "compute.vpnGateways.get", - "compute.vpnGateways.list", - "compute.vpnTunnels.get", - "compute.vpnTunnels.list", - "compute.zoneOperations.get", - "compute.zoneOperations.getIamPolicy", - "compute.zoneOperations.list", - "compute.zones.get", - "compute.zones.list", - "container.apiServices.get", - "container.apiServices.getStatus", - "container.apiServices.list", - "container.auditSinks.get", - "container.auditSinks.list", - "container.backendConfigs.get", - "container.backendConfigs.list", - "container.bindings.get", - "container.bindings.list", - "container.certificateSigningRequests.get", - "container.certificateSigningRequests.getStatus", - "container.certificateSigningRequests.list", - "container.clusterRoleBindings.get", - "container.clusterRoleBindings.list", - "container.clusterRoles.get", - "container.clusterRoles.list", - "container.clusters.get", - "container.clusters.getCredentials", - "container.clusters.list", - "container.clusters.listEffectiveTags", - "container.clusters.listTagBindings", - "container.componentStatuses.get", - "container.componentStatuses.list", - "container.configMaps.get", - "container.configMaps.list", - "container.controllerRevisions.get", - "container.controllerRevisions.list", - "container.cronJobs.get", - "container.cronJobs.getStatus", - "container.cronJobs.list", - "container.csiDrivers.get", - "container.csiDrivers.list", - "container.csiNodeInfos.get", - "container.csiNodeInfos.list", - "container.csiNodes.get", - "container.csiNodes.list", - "container.customResourceDefinitions.get", - "container.customResourceDefinitions.getStatus", - "container.customResourceDefinitions.list", - "container.daemonSets.get", - "container.daemonSets.getStatus", - "container.daemonSets.list", - "container.deployments.get", - "container.deployments.getStatus", - "container.deployments.list", - "container.endpointSlices.get", - "container.endpointSlices.list", - "container.endpoints.get", - "container.endpoints.list", - "container.events.get", - "container.events.list", - "container.frontendConfigs.get", - "container.frontendConfigs.list", - "container.horizontalPodAutoscalers.get", - "container.horizontalPodAutoscalers.getStatus", - "container.horizontalPodAutoscalers.list", - "container.ingresses.get", - "container.ingresses.getStatus", - "container.ingresses.list", - "container.initializerConfigurations.get", - "container.initializerConfigurations.list", - "container.jobs.get", - "container.jobs.getStatus", - "container.jobs.list", - "container.leases.get", - "container.leases.list", - "container.limitRanges.get", - "container.limitRanges.list", - "container.localSubjectAccessReviews.list", - "container.managedCertificates.get", - "container.managedCertificates.list", - "container.mutatingWebhookConfigurations.get", - "container.mutatingWebhookConfigurations.list", - "container.namespaces.get", - "container.namespaces.getStatus", - "container.namespaces.list", - "container.networkPolicies.get", - "container.networkPolicies.list", - "container.nodes.get", - "container.nodes.getStatus", - "container.nodes.list", - "container.operations.get", - "container.operations.list", - "container.persistentVolumeClaims.get", - "container.persistentVolumeClaims.getStatus", - "container.persistentVolumeClaims.list", - "container.persistentVolumes.get", - "container.persistentVolumes.getStatus", - "container.persistentVolumes.list", - "container.petSets.get", - "container.petSets.list", - "container.podDisruptionBudgets.get", - "container.podDisruptionBudgets.getStatus", - "container.podDisruptionBudgets.list", - "container.podPresets.get", - "container.podPresets.list", - "container.podSecurityPolicies.get", - "container.podSecurityPolicies.list", - "container.podTemplates.get", - "container.podTemplates.list", - "container.pods.get", - "container.pods.getLogs", - "container.pods.getStatus", - "container.pods.list", - "container.priorityClasses.get", - "container.priorityClasses.list", - "container.replicaSets.get", - "container.replicaSets.getScale", - "container.replicaSets.getStatus", - "container.replicaSets.list", - "container.replicationControllers.get", - "container.replicationControllers.getScale", - "container.replicationControllers.getStatus", - "container.replicationControllers.list", - "container.resourceQuotas.get", - "container.resourceQuotas.getStatus", - "container.resourceQuotas.list", - "container.roleBindings.get", - "container.roleBindings.list", - "container.roles.get", - "container.roles.list", - "container.runtimeClasses.get", - "container.runtimeClasses.list", - "container.scheduledJobs.get", - "container.scheduledJobs.list", - "container.selfSubjectAccessReviews.list", - "container.serviceAccounts.get", - "container.serviceAccounts.list", - "container.services.get", - "container.services.getStatus", - "container.services.list", - "container.statefulSets.get", - "container.statefulSets.getScale", - "container.statefulSets.getStatus", - "container.statefulSets.list", - "container.storageClasses.get", - "container.storageClasses.list", - "container.storageStates.get", - "container.storageStates.getStatus", - "container.storageStates.list", - "container.storageVersionMigrations.get", - "container.storageVersionMigrations.getStatus", - "container.storageVersionMigrations.list", - "container.subjectAccessReviews.list", - "container.thirdPartyObjects.get", - "container.thirdPartyObjects.list", - "container.thirdPartyResources.get", - "container.thirdPartyResources.list", - "container.updateInfos.get", - "container.updateInfos.list", - "container.validatingWebhookConfigurations.get", - "container.validatingWebhookConfigurations.list", - "container.volumeAttachments.get", - "container.volumeAttachments.getStatus", - "container.volumeAttachments.list", - "container.volumeSnapshotClasses.get", - "container.volumeSnapshotClasses.list", - "container.volumeSnapshotContents.get", - "container.volumeSnapshotContents.getStatus", - "container.volumeSnapshotContents.list", - "container.volumeSnapshots.get", - "container.volumeSnapshots.getStatus", - "container.volumeSnapshots.list", - "containeranalysis.occurrences.list", - "datacatalog.entryGroups.get", - "datacatalog.entryGroups.getIamPolicy", - "datacatalog.entryGroups.list", - "datacatalog.taxonomies.get", - "datacatalog.taxonomies.getIamPolicy", - "datacatalog.taxonomies.list", - "datafusion.instances.getIamPolicy", - "datafusion.instances.list", - "datamigration.connectionprofiles.getIamPolicy", - "datamigration.connectionprofiles.list", - "datamigration.conversionworkspaces.getIamPolicy", - "datamigration.conversionworkspaces.list", - "datamigration.migrationjobs.getIamPolicy", - "datamigration.migrationjobs.list", - "datamigration.privateconnections.getIamPolicy", - "datamigration.privateconnections.list", - "dataplex.assetActions.list", - "dataplex.assets.getIamPolicy", - "dataplex.assets.list", - "dataplex.content.getIamPolicy", - "dataplex.content.list", - "dataplex.entities.list", - "dataplex.environments.getIamPolicy", - "dataplex.environments.list", - "dataplex.lakeActions.list", - "dataplex.lakes.getIamPolicy", - "dataplex.lakes.list", - "dataplex.tasks.getIamPolicy", - "dataplex.tasks.list", - "dataplex.zoneActions.list", - "dataplex.zones.getIamPolicy", - "dataplex.zones.list", - "dataproc.agents.get", - "dataproc.agents.list", - "dataproc.autoscalingPolicies.get", - "dataproc.autoscalingPolicies.getIamPolicy", - "dataproc.autoscalingPolicies.list", - "dataproc.batches.get", - "dataproc.batches.list", - "dataproc.clusters.get", - "dataproc.clusters.getIamPolicy", - "dataproc.clusters.list", - "dataproc.jobs.get", - "dataproc.jobs.getIamPolicy", - "dataproc.jobs.list", - "dataproc.operations.get", - "dataproc.operations.getIamPolicy", - "dataproc.operations.list", - "dataproc.tasks.listInvalidatedLeases", - "dataproc.workflowTemplates.get", - "dataproc.workflowTemplates.getIamPolicy", - "dataproc.workflowTemplates.list", - "dataprocessing.datasources.get", - "dataprocessing.datasources.list", - "dataprocessing.featurecontrols.list", - "dataprocessing.groupcontrols.get", - "dataprocessing.groupcontrols.list", - "datastore.databases.list", - "datastore.indexes.list", - "datastream.connectionProfiles.list", - "datastream.locations.list", - "datastream.privateConnections.list", - "datastream.streams.list", - "deploymentmanager.deployments.getIamPolicy", - "deploymentmanager.deployments.list", - "deploymentmanager.manifests.list", - "dlp.deidentifyTemplates.list", - "dlp.inspectTemplates.list", - "dlp.jobTriggers.list", - "dlp.storedInfoTypes.list", - "dns.changes.get", - "dns.changes.list", - "dns.dnsKeys.get", - "dns.dnsKeys.list", - "dns.managedZoneOperations.get", - "dns.managedZoneOperations.list", - "dns.managedZones.get", - "dns.managedZones.getIamPolicy", - "dns.managedZones.list", - "dns.policies.get", - "dns.policies.getIamPolicy", - "dns.policies.list", - "dns.projects.get", - "dns.resourceRecordSets.get", - "dns.resourceRecordSets.list", - "dns.responsePolicies.get", - "dns.responsePolicies.list", - "dns.responsePolicyRules.get", - "dns.responsePolicyRules.list", - "essentialcontacts.contacts.list", - "eventarc.channelConnections.get", - "eventarc.channelConnections.getIamPolicy", - "eventarc.channelConnections.list", - "eventarc.channels.get", - "eventarc.channels.getIamPolicy", - "eventarc.channels.list", - "eventarc.googleChannelConfigs.get", - "eventarc.locations.get", - "eventarc.locations.list", - "eventarc.operations.get", - "eventarc.operations.list", - "eventarc.providers.get", - "eventarc.providers.list", - "eventarc.triggers.get", - "eventarc.triggers.getIamPolicy", - "eventarc.triggers.list", - "file.backups.list", - "file.instances.list", - "file.snapshots.list", - "firebaseappdistro.testers.list", - "firebaseauth.configs.get", - "firebaseauth.users.get", - "firebasedatabase.instances.list", - "firebasedatabase.instances.update", - "firebasehosting.sites.get", - "firebaserules.releases.list", - "firebaserules.rulesets.get", - "firebaserules.rulesets.list", - "gkehub.features.getIamPolicy", - "gkehub.features.list", - "gkehub.locations.list", - "gkehub.memberships.getIamPolicy", - "gkehub.memberships.list", - "healthcare.datasets.get", - "healthcare.datasets.getIamPolicy", - "healthcare.datasets.list", - "healthcare.locations.list", - "iam.denypolicies.get", - "iam.denypolicies.list", - "iam.googleapis.com/workforcePoolProviders.get", - "iam.googleapis.com/workforcePoolProviders.list", - "iam.googleapis.com/workforcePools.get", - "iam.googleapis.com/workforcePools.getIamPolicy", - "iam.googleapis.com/workforcePools.list", - "iam.googleapis.com/workloadIdentityPoolProviders.get", - "iam.googleapis.com/workloadIdentityPoolProviders.list", - "iam.googleapis.com/workloadIdentityPools.get", - "iam.googleapis.com/workloadIdentityPools.list", - "iam.roles.get", - "iam.roles.list", - "iam.serviceAccountKeys.get", - "iam.serviceAccountKeys.list", - "iam.serviceAccounts.get", - "iam.serviceAccounts.getIamPolicy", - "iam.serviceAccounts.list", - "iam.workloadIdentityPoolProviders.list", - "iam.workloadIdentityPools.list", - "identitytoolkit.tenants.get", - "identitytoolkit.tenants.getIamPolicy", - "identitytoolkit.tenants.list", - "integrations.integrationVersions.list", - "integrations.integrations.list", - "logging.buckets.get", - "logging.buckets.list", - "logging.cmekSettings.get", - "logging.exclusions.get", - "logging.exclusions.list", - "logging.links.get", - "logging.links.list", - "logging.locations.get", - "logging.locations.list", - "logging.logEntries.list", - "logging.logMetrics.get", - "logging.logMetrics.list", - "logging.logServiceIndexes.list", - "logging.logServices.list", - "logging.logs.list", - "logging.notificationRules.get", - "logging.notificationRules.list", - "logging.operations.get", - "logging.operations.list", - "logging.queries.get", - "logging.queries.list", - "logging.queries.listShared", - "logging.sinks.get", - "logging.sinks.list", - "logging.usage.get", - "logging.views.access", - "logging.views.get", - "logging.views.list", - "logging.views.listLogs", - "logging.views.listResourceKeys", - "logging.views.listResourceValues", - "looker.instances.get", - "looker.instances.list", - "managedidentities.domains.get", - "managedidentities.domains.getIamPolicy", - "managedidentities.domains.list", - "managedidentities.sqlintegrations.list", - "memcache.instances.list", - "memcache.locations.list", - "metastore.federations.getIamPolicy", - "metastore.federations.list", - "metastore.locations.list", - "metastore.services.getIamPolicy", - "metastore.services.list", - "ml.jobs.get", - "ml.jobs.getIamPolicy", - "ml.jobs.list", - "ml.models.getIamPolicy", - "ml.models.list", - "monitoring.alertPolicies.get", - "monitoring.alertPolicies.list", - "monitoring.dashboards.get", - "monitoring.dashboards.list", - "monitoring.groups.get", - "monitoring.groups.list", - "monitoring.metricDescriptors.get", - "monitoring.metricDescriptors.list", - "monitoring.monitoredResourceDescriptors.get", - "monitoring.monitoredResourceDescriptors.list", - "monitoring.notificationChannelDescriptors.get", - "monitoring.notificationChannelDescriptors.list", - "monitoring.notificationChannels.get", - "monitoring.notificationChannels.list", - "monitoring.publicWidgets.get", - "monitoring.publicWidgets.list", - "monitoring.services.get", - "monitoring.services.list", - "monitoring.slos.get", - "monitoring.slos.list", - "monitoring.snoozes.list", - "monitoring.timeSeries.list", - "monitoring.uptimeCheckConfigs.get", - "monitoring.uptimeCheckConfigs.list", - "networkconnectivity.hubs.getIamPolicy", - "networkconnectivity.hubs.list", - "networkconnectivity.locations.list", - "networkconnectivity.spokes.getIamPolicy", - "networkconnectivity.spokes.list", - "networksecurity.authorizationPolicies.getIamPolicy", - "networksecurity.authorizationPolicies.list", - "networksecurity.clientTlsPolicies.getIamPolicy", - "networksecurity.clientTlsPolicies.list", - "networksecurity.gatewaySecurityPolicies.list", - "networksecurity.gatewaySecurityPolicyRules.list", - "networksecurity.serverTlsPolicies.getIamPolicy", - "networksecurity.serverTlsPolicies.list", - "networksecurity.urlLists.list", - "networkservices.gateways.list", - "networkservices.grpcRoutes.list", - "networkservices.httpRoutes.list", - "networkservices.locations.list", - "networkservices.tcpRoutes.list", - "networkservices.tlsRoutes.list", - "notebooks.environments.list", - "notebooks.instances.checkUpgradability", - "notebooks.instances.getHealth", - "notebooks.instances.getIamPolicy", - "notebooks.instances.list", - "notebooks.locations.list", - "notebooks.runtimes.list", - "notebooks.schedules.list", - "orgpolicy.constraints.list", - "orgpolicy.policy.get", - "policyanalyzer.serviceAccountLastAuthenticationActivities.query", - "privateca.caPools.getIamPolicy", - "privateca.caPools.list", - "privateca.certificateAuthorities.list", - "privateca.certificateRevocationLists.getIamPolicy", - "privateca.certificateRevocationLists.list", - "privateca.certificateTemplates.getIamPolicy", - "privateca.certificateTemplates.list", - "privateca.certificates.list", - "privateca.locations.list", - "pubsub.schemas.get", - "pubsub.schemas.getIamPolicy", - "pubsub.schemas.list", - "pubsub.snapshots.get", - "pubsub.snapshots.list", - "pubsub.snapshots.seek", - "pubsub.subscriptions.get", - "pubsub.subscriptions.getIamPolicy", - "pubsub.subscriptions.list", - "pubsub.topics.get", - "pubsub.topics.getIamPolicy", - "pubsub.topics.list", - "recaptchaenterprise.keys.list", - "recommender.computeFirewallInsights.list", - "recommender.iamPolicyLateralMovementInsights.list", - "recommender.iamPolicyRecommendations.list", - "recommender.iamServiceAccountInsights.list", - "recommender.locations.get", - "recommender.locations.list", - "recommender.runServiceIdentityInsights.get", - "recommender.runServiceIdentityInsights.list", - "recommender.runServiceIdentityRecommendations.get", - "recommender.runServiceIdentityRecommendations.list", - "recommender.runServiceSecurityInsights.get", - "recommender.runServiceSecurityInsights.list", - "recommender.runServiceSecurityRecommendations.get", - "recommender.runServiceSecurityRecommendations.list", - "redis.instances.get", - "redis.instances.list", - "redis.locations.get", - "redis.locations.list", - "redis.operations.get", - "redis.operations.list", - "remotebuildexecution.blobs.get", - "resourcemanager.folders.get", - "resourcemanager.folders.getIamPolicy", - "resourcemanager.hierarchyNodes.listEffectiveTags", - "resourcemanager.hierarchyNodes.listTagBindings", - "resourcemanager.organizations.getIamPolicy", - "resourcemanager.projects.get", - "resourcemanager.projects.getIamPolicy", - "resourcemanager.projects.list", - "resourcemanager.tagHolds.list", - "resourcemanager.tagKeys.get", - "resourcemanager.tagKeys.getIamPolicy", - "resourcemanager.tagKeys.list", - "resourcemanager.tagValues.get", - "resourcemanager.tagValues.getIamPolicy", - "resourcemanager.tagValues.list", - "run.configurations.get", - "run.configurations.list", - "run.executions.get", - "run.executions.list", - "run.jobs.get", - "run.jobs.getIamPolicy", - "run.jobs.list", - "run.locations.list", - "run.operations.get", - "run.operations.list", - "run.revisions.get", - "run.revisions.list", - "run.routes.get", - "run.routes.list", - "run.services.get", - "run.services.getIamPolicy", - "run.services.list", - "run.services.listEffectiveTags", - "run.services.listTagBindings", - "run.tasks.get", - "run.tasks.list", - "secretmanager.secrets.getIamPolicy", - "secretmanager.secrets.list", - "secretmanager.versions.list", - "securitycenter.muteconfigs.list", - "securitycenter.notificationconfig.list", - "securitycenter.organizationsettings.get", - "securitycenter.sources.list", - "servicedirectory.endpoints.list", - "servicedirectory.namespaces.getIamPolicy", - "servicedirectory.namespaces.list", - "servicedirectory.services.getIamPolicy", - "servicedirectory.services.list", - "serviceusage.quotas.get", - "serviceusage.services.get", - "serviceusage.services.list", - "serviceusage.services.use", - "source.repos.getIamPolicy", - "source.repos.list", - "spanner.backups.getIamPolicy", - "spanner.backups.list", - "spanner.databases.getIamPolicy", - "spanner.databases.list", - "spanner.instanceConfigs.list", - "spanner.instances.getIamPolicy", - "spanner.instances.list", - "speech.customClasses.list", - "speech.phraseSets.list", - "storage.buckets.get", - "storage.buckets.getIamPolicy", - "storage.buckets.list", - "storage.buckets.listEffectiveTags", - "storage.buckets.listTagBindings", - "storage.hmacKeys.get", - "storage.hmacKeys.list", - "storage.objects.get", - "storage.objects.list", - "storagetransfer.agentpools.list", - "storagetransfer.jobs.list", - "vmwareengine.clusters.getIamPolicy", - "vmwareengine.clusters.list", - "vmwareengine.hcxActivationKeys.getIamPolicy", - "vmwareengine.hcxActivationKeys.list", - "vmwareengine.locations.list", - "vmwareengine.networkPolicies.list", - "vmwareengine.privateClouds.getIamPolicy", - "vmwareengine.subnets.list", - "vmwareengine.vmwareEngineNetworks.list", - "vpcaccess.connectors.list", - "vpcaccess.locations.list", - "workflows.locations.list", - "workflows.workflows.list", - "workstations.workstationClusters.list", - "workstations.workstationConfigs.getIamPolicy", - "workstations.workstationConfigs.list", - "workstations.workstations.getIamPolicy", - "workstations.workstations.list" - ], - "type": "list" - }, - "org_services": { - "default": [ - "accesscontextmanager.googleapis.com" - ], - "type": "list" - }, - "project_services": { - "default": [ - "accessapproval.googleapis.com", - "aiplatform.googleapis.com", - "alloydb.googleapis.com", - "analyticshub.googleapis.com", - "apigateway.googleapis.com", - "apigee.googleapis.com", - "apikeys.googleapis.com", - "appengine.googleapis.com", - "artifactregistry.googleapis.com", - "biglake.googleapis.com", - "bigquery.googleapis.com", - "bigquerydatatransfer.googleapis.com", - "bigtableadmin.googleapis.com", - "binaryauthorization.googleapis.com", - "certificatemanager.googleapis.com", - "cloudasset.googleapis.com", - "cloudbilling.googleapis.com", - "cloudbuild.googleapis.com", - "clouddeploy.googleapis.com", - "cloudfunctions.googleapis.com", - "cloudkms.googleapis.com", - "cloudresourcemanager.googleapis.com", - "cloudsupport.googleapis.com", - "cloudtasks.googleapis.com", - "composer.googleapis.com", - "compute.googleapis.com", - "container.googleapis.com", - "containeranalysis.googleapis.com", - "datacatalog.googleapis.com", - "datafusion.googleapis.com", - "datamigration.googleapis.com", - "dataplex.googleapis.com", - "dataproc.googleapis.com", - "datastore.googleapis.com", - "datastream.googleapis.com", - "deploymentmanager.googleapis.com", - "dlp.googleapis.com", - "dns.googleapis.com", - "domains.googleapis.com", - "essentialcontacts.googleapis.com", - "eventarc.googleapis.com", - "file.googleapis.com", - "firebaseappdistribution.googleapis.com", - "firebasehosting.googleapis.com", - "firebaseremoteconfig.googleapis.com", - "firebaserules.googleapis.com", - "firestore.googleapis.com", - "gkehub.googleapis.com", - "healthcare.googleapis.com", - "iam.googleapis.com", - "iap.googleapis.com", - "identitytoolkit.googleapis.com", - "logging.googleapis.com", - "managedidentities.googleapis.com", - "memcache.googleapis.com", - "metastore.googleapis.com", - "ml.googleapis.com", - "monitoring.googleapis.com", - "networkconnectivity.googleapis.com", - "networksecurity.googleapis.com", - "networkservices.googleapis.com", - "notebooks.googleapis.com", - "orgpolicy.googleapis.com", - "policyanalyzer.googleapis.com", - "privateca.googleapis.com", - "pubsub.googleapis.com", - "recaptchaenterprise.googleapis.com", - "recommender.googleapis.com", - "redis.googleapis.com", - "run.googleapis.com", - "secretmanager.googleapis.com", - "securitycenter.googleapis.com", - "servicedirectory.googleapis.com", - "serviceusage.googleapis.com", - "spanner.googleapis.com", - "speech.googleapis.com", - "sql-component.googleapis.com", - "storage-component.googleapis.com", - "storagetransfer.googleapis.com", - "translate.googleapis.com", - "vmwareengine.googleapis.com", - "vpcaccess.googleapis.com", - "websecurityscanner.googleapis.com", - "workflows.googleapis.com", - "workstations.googleapis.com" - ], - "type": "list" - } - }, - "terraform": { - "required_providers": { - "random": "~> 3.1", - "google-beta": "~> 3.90", - "google": "~> 3.90" - } - } -} \ No newline at end of file