diff --git a/fast/stages/0-org-setup/datasets/classic/organization/custom-roles/ngfw_enterprise_admin.yaml b/fast/stages/0-org-setup/datasets/classic/organization/custom-roles/ngfw_enterprise_admin.yaml new file mode 100644 index 0000000000..38b4ee7b6b --- /dev/null +++ b/fast/stages/0-org-setup/datasets/classic/organization/custom-roles/ngfw_enterprise_admin.yaml @@ -0,0 +1,49 @@ +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# yaml-language-server: $schema=../../../../schemas/custom-role.schema.json +# this is used by the networking SA to deploy NGFW Enterprise through the addon + +name: ngfwEnterpriseAdmin +includedPermissions: + - networksecurity.firewallEndpoints.create + - networksecurity.firewallEndpoints.delete + - networksecurity.firewallEndpoints.get + - networksecurity.firewallEndpoints.list + - networksecurity.firewallEndpoints.update + - networksecurity.firewallEndpoints.use + - networksecurity.locations.get + - networksecurity.locations.list + - networksecurity.operations.cancel + - networksecurity.operations.delete + - networksecurity.operations.get + - networksecurity.operations.list + - networksecurity.securityProfileGroups.create + - networksecurity.securityProfileGroups.delete + - networksecurity.securityProfileGroups.get + - networksecurity.securityProfileGroups.list + - networksecurity.securityProfileGroups.update + - networksecurity.securityProfileGroups.use + - networksecurity.securityProfiles.create + - networksecurity.securityProfiles.delete + - networksecurity.securityProfiles.get + - networksecurity.securityProfiles.list + - networksecurity.securityProfiles.update + - networksecurity.securityProfiles.use + - networksecurity.tlsInspectionPolicies.create + - networksecurity.tlsInspectionPolicies.delete + - networksecurity.tlsInspectionPolicies.get + - networksecurity.tlsInspectionPolicies.list + - networksecurity.tlsInspectionPolicies.update + - networksecurity.tlsInspectionPolicies.use diff --git a/fast/stages/0-org-setup/datasets/classic/organization/custom-roles/ngfw_enterprise_viewer.yaml b/fast/stages/0-org-setup/datasets/classic/organization/custom-roles/ngfw_enterprise_viewer.yaml new file mode 100644 index 0000000000..3e814ab9f7 --- /dev/null +++ b/fast/stages/0-org-setup/datasets/classic/organization/custom-roles/ngfw_enterprise_viewer.yaml @@ -0,0 +1,35 @@ +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# yaml-language-server: $schema=../../../../schemas/custom-role.schema.json +# this is used by the networking SA to deploy NGFW Enterprise through the addon + +name: ngfwEnterpriseViewer +includedPermissions: + - networksecurity.firewallEndpoints.get + - networksecurity.firewallEndpoints.list + - networksecurity.firewallEndpoints.use + - networksecurity.locations.get + - networksecurity.locations.list + - networksecurity.operations.get + - networksecurity.operations.list + - networksecurity.securityProfileGroups.get + - networksecurity.securityProfileGroups.list + - networksecurity.securityProfileGroups.use + - networksecurity.securityProfiles.get + - networksecurity.securityProfiles.list + - networksecurity.securityProfiles.use + - networksecurity.tlsInspectionPolicies.get + - networksecurity.tlsInspectionPolicies.list + - networksecurity.tlsInspectionPolicies.use diff --git a/tests/fast/stages/s0_org_setup/not-simple.yaml b/tests/fast/stages/s0_org_setup/not-simple.yaml index 3f2530c559..21773b6e5e 100644 --- a/tests/fast/stages/s0_org_setup/not-simple.yaml +++ b/tests/fast/stages/s0_org_setup/not-simple.yaml @@ -2773,7 +2773,7 @@ counts: google_org_policy_custom_constraint: 1 google_org_policy_policy: 37 google_organization_iam_binding: 35 - google_organization_iam_custom_role: 7 + google_organization_iam_custom_role: 9 google_project: 3 google_project_iam_binding: 16 google_project_iam_member: 15 @@ -2793,5 +2793,5 @@ counts: google_tags_tag_value_iam_binding: 4 local_file: 9 modules: 46 - resources: 308 - terraform_data: 2 \ No newline at end of file + resources: 310 + terraform_data: 2