diff --git a/modules/core_project_factory/scripts/preconditions/preconditions.py b/modules/core_project_factory/scripts/preconditions/preconditions.py index 6b60041a..5e8635ea 100755 --- a/modules/core_project_factory/scripts/preconditions/preconditions.py +++ b/modules/core_project_factory/scripts/preconditions/preconditions.py @@ -73,9 +73,6 @@ class OrgPermissions: ALL_PERMISSIONS = [ # Typically granted with `roles/resourcemanager.organizationViewer` "resourcemanager.organizations.get", - - # Typically granted with `roles/iam.serviceAccountAdmin` - "iam.serviceAccounts.setIamPolicy", ] # Permissions required when the service account is attaching a new project @@ -146,9 +143,6 @@ class FolderPermissions: PARENT_PERMISSIONS = [ # Typically granted with `roles/resourcemanager.projectCreator` "resourcemanager.projects.create", - - # Typically granted with `roles/resourcemanager.folderViewer` - "resourcemanager.folders.get", ] def __init__(self, folder_id, parent=False): diff --git a/test/scripts/preconditions/test_preconditions.py b/test/scripts/preconditions/test_preconditions.py index c4288eba..cc23e814 100755 --- a/test/scripts/preconditions/test_preconditions.py +++ b/test/scripts/preconditions/test_preconditions.py @@ -113,7 +113,6 @@ def test_base_permissions(self): org_perms.permissions, [ "resourcemanager.organizations.get", - "iam.serviceAccounts.setIamPolicy", ] ) @@ -123,7 +122,6 @@ def test_shared_vpc_permissions(self): org_perms.permissions, [ "resourcemanager.organizations.get", - "iam.serviceAccounts.setIamPolicy", "compute.subnetworks.setIamPolicy", "compute.organizations.enableXpnResource", ] @@ -135,7 +133,6 @@ def test_parent_permissions(self): org_perms.permissions, [ "resourcemanager.organizations.get", - "iam.serviceAccounts.setIamPolicy", "resourcemanager.projects.create" ] ) @@ -155,7 +152,6 @@ def test_parent_permissions(self): folder_perms.permissions, [ "resourcemanager.projects.create", - "resourcemanager.folders.get", ] )