This repository fetches the ~550 primitive and predefined IAM Roles in JSON format to the
roles directory. A GitHub Action is configured to refresh them daily. This allows for automatic tracking of changes as they are made by GCP.
A couple of helper scripts are provided to aid in searching/listing of the output:
list-all-permissions.shgrabs the unique list of all permissions contained in all roles fetched
list-alpha/beta/ga-roles.shlists the roles labeled by GCP as alpha, beta, or GA (generally available)
list-roles-with-permission.sh <api.resource.verb>lists the roles that contain a specific permission passed by the first argument. e.g.:
list-permissions-of-role.sh <role.name>lists the permissions contained by the role named
./list-roles-with-permission.sh container.admin(no need to prepend the