Description
To use an existing subscription, we must look it up with pubsub.lookupSubscription(name).
This translates to ProjectsSubscriptionsResource.get in package:googleapis/pubsub/v1.dart, which requires "Pub/Sub Viewer" role.
However, this role is not needed to actually pull messages. Pulling translates to ProjectsSubscriptionsResource.pull, for which the subscription name is enough, and it only requires "Pub/Sub Subscriber".
If code knows its subscriptions, it's more secure to run without a privilege of viewing all topics and subscriptions.
I propose making a method in PubSub to create a Subscription object from supplied parameters without looking up the subscription. Naming is hard though, because get is used in the underlying package to request it from the API, and create is used to create a subscription through the API.
The same problem likely applies to topics and publishing, although I haven't tried it yet.