A comprehensive catalog of GCP IAM roles and permissions, designed to easily identify which roles include a specific permission.
Website: https://gcp-iam-catalog.unitvectorylabs.com/
gcp-iam-catalog is a website that provides an organized and searchable catalog of GCP IAM roles and their associated permissions. The content is automatically generated by crawling the GCP IAM API, ensuring up-to-date and accurate information.
The rationale for providing this website is that the existing GCP documentation does not provide a simple way to search through the 1,700+ roles that exist in GCP. Additionally, the 10,000+ permissions in GCP make it challenging to identify which roles grant specific permissions. This site aims to fill that gap. It is possible that GCP may improve their documentation in the future, making this site obsolete. Until then, it aims to provide a useful resource that is kept up-to-date automatically.
This application is written in Go for both the data collection and site generation processes. The workflow consists of the following steps:
- Data Collection:
- A GitHub Action gcp-iam-catalog-crawl.yml runs daily to crawl the GCP IAM API.
- It fetches all IAM roles and their permissions, saving the data as JSON files in the repository under the iam folder.
- Site Generation:
- Another GitHub Action gcp-iam-catalog-generate.yaml triggers upon updates to the
mainbranch. - It generates static HTML pages from the JSON data using the Go application.
- Search functionality is implemented using JavaScript client-side.
- The generated site is automatically deployed to GitHub Pages.
- Another GitHub Action gcp-iam-catalog-generate.yaml triggers upon updates to the
- Hosting:
- The website is hosted on GitHub Pages.
- Role-to-Permission Mapping: Easily view all permissions associated with each IAM role.
- Permission-to-Role Mapping: Identify all roles that grant a specific permission.
- Automated Updates: The catalog is updated daily with the latest data from GCP.
- Search Functionality: Quickly search for roles or permissions.
- Dynamic Comparison: Compare two roles or permissions to highlight common and unique mappings.
The official Google Documentation for Roles and Permissions:
- Understanding Roles lists all Roles and the permissions they include. However, wildcards are used, which shortens the list but makes it difficult to get an all-inclusive list of permissions.
- Permissions Reference lists all of the permissions and each role that includes that permission.
Other sites that provide a similar functionality include:
- Permissions Reference for Google Cloud IAM by iann0036 which is available on GitHub at iann0036/gcp.permissions.cloud provides a searchable list of permissions and the roles that include them in addition to the APIs associated with each permission.
- Google Cloud ☁️ Identity and Access Management (IAM) by Cyclenerd which is available on GitHub under Cyclenerd/google-cloud-iam provides a searchable table of GCP roles and permissions.