Merge pull request #7 from apigee/feat/readme

feat: updated readme to add permission details
apigee · Jan 21, 2025 · 8221e69 · 8221e69
2 parents 3e22cf7 + 0c34505
commit 8221e69
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 1 deletion.
diff --git a/.lycheeignore b/.lycheeignore
@@ -17,4 +17,6 @@ https://jsonpath-comparison-lwy4scuauq-wl.a.run.app/
 https://cloud.google.com/apigee/docs/api-platform/reference/limits#api-proxies
 https://cloud.google.com/apigee/docs/api-platform/security/google-auth/overview
 https://cloud.google.com/apigee/docs/api-platform/reference/policies/oauthv2-policy
-https://cloud.google.com/apigee/docs/api-platform/reference/policies/data-capture-policy
+https://cloud.google.com/apigee/docs/api-platform/reference/policies/data-capture-policy
+https://cloud.google.com/iam/docs/understanding-roles#apigee-roles
+https://docs.apigee.com/api-platform/system-administration/edge-built-roles
diff --git a/README.md b/README.md
@@ -48,6 +48,26 @@ You can run this tool locally or using Docker.
     docker run <image_name>:<tag>
     ```
 
+## Apigee Permissions
+* **Apigee Edge SAAS/OPDK**
+
+   The tool requires permissions to export all objects from Apigee Egde. Hence assign the following permission to relevant user.
+   * `Read-only Organization Administrator`
+
+   Refer: [edge-built-roles](https://docs.apigee.com/api-platform/system-administration/edge-built-roles)
+
+* **Apigee X/Hybrid**
+
+   The tool requires readonly permissions to org, env & env objects. The tool also requires permissions to validate apis. Hence assign the below permissions to relevant user or service account.
+   * A built-in role `roles/apigee.readOnlyAdmin`
+   * A custom role with `apigee.proxies.create` permission
+        ```bash
+        gcloud iam roles create ApigeeAPIValidator --project=<PROJECT_ID> \
+        --title="Apigee API Validator" --description="Apigee API Import validator" \
+        --permissions="apigee.proxies.create" --stage=Alpha
+        ```
+    Refer: [apigee-roles](https://cloud.google.com/iam/docs/understanding-roles#apigee-roles)
+
 ## Tool Usage
 1. **Complete Assessment**