apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMCustomRole
metadata:
  name: logmondev
  namespace: o11y
  annotations:
    description: |
      Provides only the required permissions for viewing logs and metrics, and creating dashboards and alerts
spec:
  permissions:
  - cloudnotifications.activities.list
  - logging.buckets.get
  - logging.buckets.list
  - logging.exclusions.get
  - logging.exclusions.list
  - logging.locations.get
  - logging.locations.list
  - logging.logEntries.download
  - logging.logEntries.list
  - logging.logMetrics.create
  - logging.logMetrics.get
  - logging.logMetrics.list
  - logging.logMetrics.delete
  - logging.logMetrics.update
  - logging.logServiceIndexes.list
  - logging.logServices.list
  - logging.logs.list
  - logging.notificationRules.create
  - logging.notificationRules.update
  - logging.notificationRules.delete
  - logging.operations.get
  - logging.operations.list
  - logging.queries.create
  - logging.queries.delete
  - logging.queries.get
  - logging.queries.list
  - logging.queries.listShared
  - logging.queries.share
  - logging.queries.update
  - logging.queries.updateShared
  - logging.sinks.get
  - logging.sinks.list
  - logging.usage.get
  - logging.views.access
  - logging.views.get
  - logging.views.list
  - logging.views.listLogs
  - logging.views.listResourceKeys
  - logging.views.listResourceValues
  - monitoring.alertPolicies.create
  - monitoring.alertPolicies.delete
  - monitoring.alertPolicies.get
  - monitoring.alertPolicies.list
  - monitoring.alertPolicies.update
  - monitoring.dashboards.get
  - monitoring.dashboards.list
  - monitoring.dashboards.create
  - monitoring.dashboards.delete
  - monitoring.dashboards.update
  - monitoring.groups.get
  - monitoring.groups.list
  - monitoring.incidents.get
  - monitoring.incidents.update
  - monitoring.metricDescriptors.get
  - monitoring.metricDescriptors.list
  - monitoring.monitoredResourceDescriptors.get
  - monitoring.monitoredResourceDescriptors.list
  - monitoring.notificationChannelDescriptors.get
  - monitoring.notificationChannelDescriptors.list
  - monitoring.notificationChannels.create
  - monitoring.notificationChannels.delete
  - monitoring.notificationChannels.get
  - monitoring.notificationChannels.list
  - monitoring.notificationChannels.sendVerificationCode
  - monitoring.notificationChannels.update
  - monitoring.notificationChannels.verify
  - monitoring.publicWidgets.get
  - monitoring.publicWidgets.list
  - monitoring.services.get
  - monitoring.services.list
  - monitoring.slos.get
  - monitoring.slos.list
  - monitoring.timeSeries.list
  - monitoring.uptimeCheckConfigs.create
  - monitoring.uptimeCheckConfigs.update
  - monitoring.uptimeCheckConfigs.delete
  - monitoring.uptimeCheckConfigs.get
  - monitoring.uptimeCheckConfigs.list
  - opsconfigmonitoring.resourceMetadata.list
  - resourcemanager.projects.get
  - serviceusage.services.use
  - stackdriver.projects.get
  - stackdriver.resourceMetadata.list
  title: logmondev