Skip to content

Latest commit

 

History

History
127 lines (91 loc) · 2.57 KB

GSP190.md

File metadata and controls

127 lines (91 loc) · 2.57 KB
Raw

GSP190 - IAM Custom Roles

Task 1. Viewing the available permissions for a resource

gcloud iam list-testable-permissions //cloudresourcemanager.googleapis.com/projects/$DEVSHELL_PROJECT_ID

Task 2. Getting the role metadata

gcloud iam roles describe [ROLE_NAME]

Task 3. Viewing the grantable roles on resources

gcloud iam list-grantable-roles //cloudresourcemanager.googleapis.com/projects/$DEVSHELL_PROJECT_ID

Task 4. Creating a custom role

Task 5. To create a custom role using a YAML file

  1. create yaml

    nano role-definition.yaml
    title: "Role Editor"
description: "Edit access for App Versions"
stage: "ALPHA"
includedPermissions:
  - appengine.versions.create
  - appengine.versions.delete

  2. Execute

    gcloud iam roles create editor --project $DEVSHELL_PROJECT_ID \
    --file role-definition.yaml

Task 6. Create a custom role using flags

gcloud iam roles create viewer --project $DEVSHELL_PROJECT_ID \
--title "Role Viewer" --description "Custom role description." \
--permissions compute.instances.get,compute.instances.list --stage ALPHA

Task 7. Listing the custom roles

gcloud iam roles list --project $DEVSHELL_PROJECT_ID
gcloud iam roles list

Task 8. Editing an existing custom role

Task 9. To update a custom role using a YAML file

  1. Current role

    gcloud iam roles describe [ROLE_ID] --project $DEVSHELL_PROJECT_ID

  2. Buat yaml

    nano new-role-definition.yaml

  3. Add more role

    description: Edit access for App Versions
etag: BwVxIBjfN3M=
includedPermissions:
  - appengine.versions.create
  - appengine.versions.delete
  - storage.buckets.get
  - storage.buckets.list
name: projects/[PROJECT_ID]/roles/editor
stage: ALPHA
title: Role Editor

  4. Update role

    gcloud iam roles update [ROLE_ID] --project $DEVSHELL_PROJECT_ID \
--file new-role-definition.yaml

Task 10. To update a custom role using flags

gcloud iam roles update viewer --project $DEVSHELL_PROJECT_ID \
--add-permissions storage.buckets.get,storage.buckets.list

Task 11. Disabling a custom role

gcloud iam roles update viewer --project $DEVSHELL_PROJECT_ID \
--stage DISABLED

Task 12. Deleting a custom role

gcloud iam roles delete viewer --project $DEVSHELL_PROJECT_ID

Task 13. Undeleting a custom role

gcloud iam roles undelete viewer --project $DEVSHELL_PROJECT_ID