# Copyright 2025 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: null labels: rbac.authorization.k8s.io/aggregate-to-view: "true" name: viewer rules: - apiGroups: - accesscontextmanager.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - aiplatform.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - alloydb.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - apigateway.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - apigee.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - apikeys.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - appengine.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - apphub.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - artifactregistry.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - asset.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - backupdr.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - batch.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - beyondcorp.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - bigquery.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - bigqueryanalyticshub.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - bigquerybiglake.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - bigqueryconnection.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - bigquerydatapolicy.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - bigquerydatatransfer.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - bigqueryreservation.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - bigtable.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - billingbudgets.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - binaryauthorization.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - certificatemanager.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - cloudasset.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - cloudbuild.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - clouddeploy.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - clouddms.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - cloudfunctions.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - cloudfunctions2.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - cloudidentity.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - cloudids.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - cloudiot.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - cloudquota.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - cloudscheduler.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - cloudtasks.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - colab.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - composer.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - compute.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - configcontroller.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - container.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - containeranalysis.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - containerattached.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - datacatalog.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - dataflow.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - dataform.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - datafusion.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - dataplex.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - dataproc.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - datastore.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - datastream.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - deploymentmanager.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - dialogflow.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - dialogflowcx.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - discoveryengine.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - dlp.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - dns.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - documentai.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - edgecontainer.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - edgenetwork.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - essentialcontacts.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - eventarc.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - filestore.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - firebase.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - firebasedatabase.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - firebasehosting.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - firebasestorage.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - firestore.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - gkebackup.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - gkehub.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - healthcare.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - iam.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - iap.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - identityplatform.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - kms.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - logging.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - managedkafka.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - memcache.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - memorystore.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - metastore.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - mlengine.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - monitoring.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - netapp.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - networkconnectivity.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - networkmanagement.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - networksecurity.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - networkservices.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - notebooks.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - orgpolicy.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - osconfig.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - oslogin.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - privateca.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - privilegedaccessmanager.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - pubsub.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - pubsublite.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - recaptchaenterprise.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - redis.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - resourcemanager.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - run.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - secretmanager.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - securesourcemanager.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - securitycenter.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - servicedirectory.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - servicenetworking.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - serviceusage.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - sourcerepo.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - spanner.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - speech.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - sql.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - storage.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - storagetransfer.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - tags.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - tpu.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - vertexai.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - vmwareengine.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - vpcaccess.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - workflowexecutions.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - workflows.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch - apiGroups: - workstations.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch