IAM Custom Roles

 Task 4. Create a custom role using a YAML file

student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ cat role-definition.yaml 

title: "Role Editor"
description: "Edit access for App Versions"
stage: "ALPHA"
includedPermissions:
- appengine.versions.create
- appengine.versions.delete
student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ 



student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ gcloud iam roles create editor --project $DEVSHELL_PROJECT_ID \

--file role-definition.yaml
Created role [editor].
description: Edit access for App Versions
etag: BwYCJniwVFE=
includedPermissions:
- appengine.versions.create
- appengine.versions.delete
name: projects/qwiklabs-gcp-03-f9c3b919cb17/roles/editor
stage: ALPHA
title: Role Editor
student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$





Task 5. Create a custom role using flags

student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ gcloud iam roles create viewer --project $DEVSHELL_PROJECT_ID \
--title "Role Viewer" --description "Custom role description." \
--permissions compute.instances.get,compute.instances.list --stage ALPHA
Created role [viewer].

description: Custom role description.
etag: BwYCJohCkUY=
includedPermissions:
- compute.instances.get
- compute.instances.list
name: projects/qwiklabs-gcp-03-f9c3b919cb17/roles/viewer
stage: ALPHA
title: Role Viewer
student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ 
student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ 

8d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ 
student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ 
student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ 
student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ gcloud iam roles list --project $DEVSHELL_PROJECT_ID
---
description: Edit access for App Versions
etag: BwYCJniwVFE=
name: projects/qwiklabs-gcp-03-f9c3b919cb17/roles/editor
title: Role Editor
---
description: Custom role description.
etag: BwYCJohCkUY=
name: projects/qwiklabs-gcp-03-f9c3b919cb17/roles/viewer
title: Role Viewer
student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ 






student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ gcloud iam roles describe editor --project $DEVSHELL_PROJECT_ID                    
description: Edit access for App Versions
etag: BwYCJniwVFE=
description: Edit access for App Versions
includedPermissions:
- appengine.versions.create
- appengine.versions.delete
name: projects/qwiklabs-gcp-03-f9c3b919cb17/roles/editor
stage: ALPHA
title: Role Editor


student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ gcloud iam roles describe editor --project $DEVSHELL_PROJECT_ID > new-role-definition.yaml

student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ vi new-role-definition.yaml 

student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ cat new-role-definition.yaml 
description: Edit access for App Versions
etag: BwYCJniwVFE=
includedPermissions:
- appengine.versions.create
- appengine.versions.delete
name: projects/qwiklabs-gcp-03-f9c3b919cb17/roles/editor
stage: ALPHA
title: Role Editor
student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ vi new-role-definition.yaml 



@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ cat new-role-definition.yaml 
description: Edit access for App Versions
etag: BwYCstudent_04_717d1aa28d01JniwVFE=
includedPermissions:
- appengine.versions.create
- appengine.versions.delete
name: projects/qwiklabs-gcp-03-f9c3b919cb17/roles/editor
stage: ALPHA
title: Role Editor
student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ vi new
student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ 
student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-0student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ vi new-role-definition.yaml 



student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$cat new-role-definition.yaml 
description: Edit access for App Versions
etag: BwYCJniwVFE=
includedPermissions:
- appengine.versions.create
- appengine.versions.delete
- storage.buckets.get
- storage.buckets.list
name: projects/qwiklabs-gcp-03-f9c3b919cb17/roles/editor
stage: ALPHA
title: Role Editor



student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ gcloud iam roles update editor --project $DEVSHELL_PROJECT_ID \
--file new-role-definition.yaml
description: Edit access for App Versions
etag: BwYCJqMMtxQ=
includedPermissions:
- appengine.versions.create
- appengine.versions.delete
- storage.buckets.get
- storage.buckets.list
name: projects/qwiklabs-gcp-03-f9c3b919cb17/roles/editor
stage: ALPHA
title: Role Editor



student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ gcloud iam roles describe editor --project $DEVSHELL_PROJECT_ID
description: Edit access for App Versions
etag: BwYCJqMMtxQ=
includedPermissions:
- appengine.versions.create
- appengine.versions.delete
- storage.buckets.get
- storage.buckets.list
name: projects/qwiklabs-gcp-03-f9c3b919cb17/roles/editor
stage: ALPHA
title: Role Editor




student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ gcloud iam roles update viewer --project $DEVSHELL_PROJECT_ID \
--add-permissions storage.buckets.get,storage.buckets.list
description: Custom role description.
etag: BwYCJqZCu14=
includedPermissions:
- compute.instances.get
- compute.instances.list
- storage.buckets.get
- storage.buckets.list
name: projects/qwiklabs-gcp-03-f9c3b919cb17/roles/viewer
stage: ALPHA
title: Role Viewer
student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919







ent_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ 
student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ gcloud iam roles describe viewer --project $DEVSHELL_PROJECT_ID
description: Custom role description.
etag: BwYCJr_MNQc=
includedPermissions:
- compute.instances.get
- compute.instances.list
- storage.buckets.get
- storage.buckets.list
name: projects/qwiklabs-gcp-03-f9c3b919cb17/roles/viewer
stage: DISABLED
title: Role Viewer
student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ 
student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ gcloud iam roles delete viewer --project $DEVSHELL_PROJECT_ID
deleted: true
description: Custom role description.
etag: BwYCJsEhGhY=
includedPermissions:
- compute.instances.get
- compute.instances.list
- storage.buckets.get
- storage.buckets.list
name: projects/qwiklabs-gcp-03-f9c3b919cb17/roles/viewer
stage: DISABLED
title: Role Viewer
student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ 
student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ 
student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ gcloud iam roles describe viewer --project $DEVSHELL_PROJECT_ID
deleted: true
description: Custom role description.
etag: BwYCJsEhGhY=
includedPermissions:
- compute.instances.get
- compute.instances.list
- storage.buckets.get
- storage.buckets.list
name: projects/qwiklabs-gcp-03-f9c3b919cb17/roles/viewer
stage: DISABLED
title: Role Viewer
student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ 
student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ 
student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ gcloud iam roles describe viewer --project $DEVSHELL_PROJECT_ID
deleted: true
description: Custom role description.
etag: BwYCJsEhGhY=
includedPermissions:
- compute.instances.get
- compute.instances.list
- storage.buckets.get
- storage.buckets.list
name: projects/qwiklabs-gcp-03-f9c3b919cb17/roles/viewer
stage: DISABLED
title: Role Viewer
student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ 
student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ 
student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ gcloud iam roles undelete viewer --project $DEVSHELL_PROJECT_ID
description: Custom role description.
etag: BwYCJsP4KGg=
includedPermissions:
- compute.instances.get
- compute.instances.list
- storage.buckets.get
- storage.buckets.list
name: projects/qwiklabs-gcp-03-f9c3b919cb17/roles/viewer
stage: DISABLED
title: Role Viewer
student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ 
student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919cb17)$ history
    1  gcloud config set compute/region us-west3
    2  gcloud iam list-testable-permissions //cloudresourcemanager.googleapis.com/projects/$DEVSHELL_PROJECT_ID
    3  gcloud iam roles describe roles/viewer
    4  gcloud iam roles describe roles/editor
    5  gcloud iam roles describe roles/viewer | grep pubsub
    6  gcloud iam roles describe roles/viewer | grep storage
    7  gcloud iam list-grantable-roles 
    8  gcloud iam list-grantable-roles //cloudresourcemanager.googleapis.com/projects/$DEVSHELL_PROJECT_ID
    9  vi role-definition.yaml
   10  cat role-definition.yaml 
   11  cat role-definition.yaml 
   12  vi role-definition.yaml 
   13  gcloud iam roles create editor --project $DEVSHELL_PROJECT_ID --file role-definition.yaml
   14  cat role-definition.yaml 
   15  gcloud iam roles create viewer --project $DEVSHELL_PROJECT_ID --title "Role Viewer" --description "Custom role description." --permissions compute.instances.get,compute.instances.list --stage ALPHA
   16  gcloud iam roles list --project $DEVSHELL_PROJECT_ID
   17  gcloud iam roles list
   18  gcloud iam roles describe [ROLE_ID] --project $DEVSHELL_PROJECT_ID
   19  gcloud iam roles describe editor --project $DEVSHELL_PROJECT_ID
   20  vi new-role-definition.yaml
   21  gcloud iam roles describe editor --project $DEVSHELL_PROJECT_ID > new-role-definition.yaml
   22  vi new-role-definition.yaml 
   23  cat new-role-definition.yaml 
   24  vi new
   25  vi new-role-definition.yaml 
   26  cat new-role-definition.yaml 
   27  gcloud iam roles update editor --project $DEVSHELL_PROJECT_ID --file new-role-definition.yaml
   28  gcloud iam roles describe editor --project $DEVSHELL_PROJECT_ID
   29  gcloud iam roles update viewer --project $DEVSHELL_PROJECT_ID --add-permissions storage.buckets.get,storage.buckets.list
   30  gcloud iam roles describe viewer --project $DEVSHELL_PROJECT_ID
   31  gcloud iam roles describe editor --project $DEVSHELL_PROJECT_ID
   32  gcloud iam roles describe viewer --project $DEVSHELL_PROJECT_ID
   33  gcloud iam roles update viewer --project $DEVSHELL_PROJECT_ID --stage DISABLED
   34  gcloud iam roles describe viewer --project $DEVSHELL_PROJECT_ID
   35  gcloud iam roles delete viewer --project $DEVSHELL_PROJECT_ID
   36  gcloud iam roles describe viewer --project $DEVSHELL_PROJECT_ID
   37  gcloud iam roles describe viewer --project $DEVSHELL_PROJECT_ID
   38  gcloud iam roles undelete viewer --project $DEVSHELL_PROJECT_ID
   39  history
student_04_717d1aa28d01@cloudshell:~ (qwiklabs-gcp-03-f9c3b919
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

AppEngine - Python

tudent_04_347b5286260a@cloudshell:~/python-docs-samples/appengine/standard_python3/hello_world (qwiklabs-gcp-00-88834e0beca1)$ sudo apt upda...

  • CC
  • Configuring IAM Permissions with gcloud
    What is IAM? Google Cloud offers Cloud Identity and Access Management (IAM), which lets you manage access control by defining who (identity)...
  • Kafka on Kubernetes
      Deploying Kafka on Kubernetes(GKE) using Strimzi Operator: Kafka: Apache Kafka is an event streaming platform.  Kafka combines three key c...