Sign-inTry Buddy for free

Google policies required by Buddy

This is the list of policies that need to be checked in order to make Buddy work properly with Google Cloud services.

Google Cloud Storage
Copy link

Listing buckets:

storage.buckets.list

Deployment:

storage.objects.list
storage.objects.create
storage.objects.update
storage.objects.delete

Google CDN Invalidate
Copy link

Listing urlMaps:

compute.urlMaps.list

Invalidation:

compute.urlMaps.invalidateCache

Google Function Deploy
Copy link

Listing functions:

cloudfunctions.functions.list

Deployment:

cloudfunctions.functions.get 
cloudfunctions.functions.sourceCodeSet
iam.serviceAccounts.actAs
cloudfunctions.functions.update 
cloudfunctions.operations.get

Google Function Invoke
Copy link

Listing functions:

cloudfunctions.functions.list

Triggering functions:

cloudfunctions.functions.call

Google Cloud Run Deploy
Copy link

Cloud Run API is required. In the Service account permissions panel, set the status of the Cloud Run Admin role to ENABLED. Cloud Run Admin Role must be added to the member.

Required policies:

run.services.create
run.services.update
iam.serviceAccounts.actAs

Google App Deploy
Copy link

App Engine Admin API and Cloud Build API are required.

Required policies:

appengine.applications.get
appengine.instances.get
appengine.instances.list
appengine.operations.get
appengine.operations.list
appengine.services.get
appengine.services.list
appengine.versions.create
appengine.versions.delete
appengine.versions.get
appengine.versions.list
appengine.versions.update
cloudbuild.builds.create
cloudbuild.builds.get
cloudbuild.builds.list
cloudbuild.builds.update
iam.serviceAccounts.actAs
resourcemanager.projects.get
storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.list
storage.objects.update

Google Kubernetes Engine actions
Copy link

Listing zone and clusters:

container.clusters.get
container.clusters.list

Kubernetes CLI/Helm
Copy link

container.pods.list
container.pods.portForward

Kubernetes Run Job
Copy link

container.clusters.get
container.clusters.list
container.pods.get
container.pods.list
container.pods.getLogs
container.jobs.create
container.jobs.delete
container.jobs.get

Kubernetes Run Pod
Copy link

container.clusters.get
container.clusters.list
container.pods.get
container.pods.list
container.pods.getLogs
container.pods.delete
container.pods.create

Kubernetes Apply
Copy link

container.clusters.get
container.clusters.list
container.deployments.get
container.deployments.list
container.deployments.create
container.deployments.update
container.configMaps.list
container.endpoints.list
container.persistentVolumeClaims.list
container.pods.list
container.replicationControllers.list
container.secrets.list
container.services.list
container.jobs.list
container.cronJobs.list
container.ingresses.list
container.daemonSets.list
container.replicaSets.list
container.statefulSets.list
container.namespaces.list
container.namespaces.delete

Kubernetes Set Image
Copy link

container.clusters.get
container.clusters.list
container.deployments.get
container.deployments.list
container.deployments.update

Actions that use Google Container Registry
Copy link

Container Registry API is required.

Policies required for pulling an image:

storage.objects.get
storage.objects.getIamPolicy
storage.objects.list

Policies required for pushing an image:

pubsub.topics.publish
storage.buckets.create
storage.buckets.get
storage.objects.create
storage.objects.get
storage.objects.getIamPolicy
storage.objects.list
storage.objects.update

Get Started

Sign up for free and deploy your project in less than 10 minutes.

GitHubEmail