Skip to main content
Glama
enesjakozh
krzko

Google Cloud MCP Server

by krzko
OverviewSchemaRelated ServersScoreDiscussions
TypeScript
Remote

gcp-iam-list-deployment-services

List Google Cloud Platform services that have predefined deployment permission sets to manage access control for deployment tasks.

Instructions

List all GCP services with pre-defined deployment permission sets

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault

No arguments

Implementation Reference

  • src/services/iam/tools.ts:417-466 (handler)
    Inline handler function that lists all GCP deployment services with their permission sets. It formats a detailed markdown response including service keys, descriptions, permission counts, and usage examples. Uses getAllDeploymentPermissionSets() helper.
      async () => {
    try {
      const permissionSets = getAllDeploymentPermissionSets();

      let result = `# Available Deployment Services\n\n`;
      result += `The following GCP services have pre-defined permission sets for deployment validation:\n\n`;

      permissionSets.forEach((set) => {
        // Get the service key from the original keys
        const serviceKey =
          Object.keys(DEPLOYMENT_PERMISSION_SETS).find(
            (key) => DEPLOYMENT_PERMISSION_SETS[key] === set,
          ) || set.service.toLowerCase().replace(/\s+/g, "-");

        result += `## ${set.service}\n\n`;
        result += `**Service Key:** \`${serviceKey}\`\n`;
        result += `**Description:** ${set.description}\n`;
        result += `**Required Permissions:** ${set.requiredPermissions.length}\n`;
        result += `**Optional Permissions:** ${set.optionalPermissions?.length || 0}\n\n`;
      });

      result += `## Usage\n\n`;
      result += `Use the \`validate-deployment-permissions\` tool with the service key to check your permissions for deploying to any of these services.\n\n`;
      result += `**Example:** \`validate-deployment-permissions\` with service="cloud-run"\n`;

      return {
        content: [
          {
            type: "text",
            text: result,
          },
        ],
      };
    } catch (error: unknown) {
      const errorMessage =
        error instanceof Error ? error.message : "Unknown error";
      logger.error(`Error listing deployment services: ${errorMessage}`);

      return {
        content: [
          {
            type: "text",
            text: `# Error Listing Deployment Services\n\nFailed to list deployment services: ${errorMessage}`,
          },
        ],
        isError: true,
      };
    }
  },
);
  • src/services/iam/tools.ts:410-466 (registration)
    Registration of the 'gcp-iam-list-deployment-services' tool via server.registerTool call within registerIamTools function. Includes title, description, empty input schema, and inline handler.
      "gcp-iam-list-deployment-services",
  {
    title: "List Available Deployment Services",
    description:
      "List all GCP services with pre-defined deployment permission sets",
    inputSchema: {},
  },
  async () => {
    try {
      const permissionSets = getAllDeploymentPermissionSets();

      let result = `# Available Deployment Services\n\n`;
      result += `The following GCP services have pre-defined permission sets for deployment validation:\n\n`;

      permissionSets.forEach((set) => {
        // Get the service key from the original keys
        const serviceKey =
          Object.keys(DEPLOYMENT_PERMISSION_SETS).find(
            (key) => DEPLOYMENT_PERMISSION_SETS[key] === set,
          ) || set.service.toLowerCase().replace(/\s+/g, "-");

        result += `## ${set.service}\n\n`;
        result += `**Service Key:** \`${serviceKey}\`\n`;
        result += `**Description:** ${set.description}\n`;
        result += `**Required Permissions:** ${set.requiredPermissions.length}\n`;
        result += `**Optional Permissions:** ${set.optionalPermissions?.length || 0}\n\n`;
      });

      result += `## Usage\n\n`;
      result += `Use the \`validate-deployment-permissions\` tool with the service key to check your permissions for deploying to any of these services.\n\n`;
      result += `**Example:** \`validate-deployment-permissions\` with service="cloud-run"\n`;

      return {
        content: [
          {
            type: "text",
            text: result,
          },
        ],
      };
    } catch (error: unknown) {
      const errorMessage =
        error instanceof Error ? error.message : "Unknown error";
      logger.error(`Error listing deployment services: ${errorMessage}`);

      return {
        content: [
          {
            type: "text",
            text: `# Error Listing Deployment Services\n\nFailed to list deployment services: ${errorMessage}`,
          },
        ],
        isError: true,
      };
    }
  },
);
  • src/services/iam/types.ts:409-411 (helper)
    Helper function called by the tool handler to retrieve all DeploymentPermissionSet objects from the DEPLOYMENT_PERMISSION_SETS constant.
    export function getAllDeploymentPermissionSets(): DeploymentPermissionSet[] {
  return Object.values(DEPLOYMENT_PERMISSION_SETS);
}
  • src/services/iam/types.ts:231-395 (helper)
    Constant data structure defining permission sets for multiple GCP services (Cloud Run, GKE, Compute Engine, etc.). Each entry includes service details, required/optional permissions, and common resources. Used by getAllDeploymentPermissionSets().
    export const DEPLOYMENT_PERMISSION_SETS: Record<
  string,
  DeploymentPermissionSet
> = {
  "cloud-run": {
    service: "Cloud Run",
    description: "Deploy and manage Cloud Run services",
    requiredPermissions: [
      "run.services.create",
      "run.services.update",
      "run.services.get",
      "run.services.list",
      "run.services.delete",
      "run.revisions.get",
      "run.revisions.list",
      "iam.serviceAccounts.actAs",
    ],
    optionalPermissions: [
      "run.services.setIamPolicy",
      "run.services.getIamPolicy",
      "cloudsql.instances.connect",
      "secretmanager.versions.access",
    ],
    commonResources: [
      "projects/{project}/locations/{location}/services/{service}",
    ],
  },
  gke: {
    service: "Google Kubernetes Engine",
    description: "Deploy and manage GKE clusters and workloads",
    requiredPermissions: [
      "container.clusters.create",
      "container.clusters.update",
      "container.clusters.get",
      "container.clusters.list",
      "container.clusters.delete",
      "container.operations.get",
      "container.operations.list",
      "compute.instances.get",
      "compute.instances.list",
      "iam.serviceAccounts.actAs",
    ],
    optionalPermissions: [
      "container.clusters.getCredentials",
      "compute.networks.get",
      "compute.subnetworks.get",
      "logging.logEntries.create",
      "monitoring.metricDescriptors.create",
    ],
    commonResources: [
      "projects/{project}/locations/{location}/clusters/{cluster}",
    ],
  },
  "compute-engine": {
    service: "Compute Engine",
    description: "Deploy and manage Compute Engine instances",
    requiredPermissions: [
      "compute.instances.create",
      "compute.instances.delete",
      "compute.instances.get",
      "compute.instances.list",
      "compute.instances.start",
      "compute.instances.stop",
      "compute.disks.create",
      "compute.disks.use",
      "compute.networks.use",
      "compute.subnetworks.use",
      "iam.serviceAccounts.actAs",
    ],
    optionalPermissions: [
      "compute.instances.setMetadata",
      "compute.instances.setTags",
      "compute.firewalls.create",
      "compute.addresses.create",
    ],
    commonResources: ["projects/{project}/zones/{zone}/instances/{instance}"],
  },
  "cloud-functions": {
    service: "Cloud Functions",
    description: "Deploy and manage Cloud Functions",
    requiredPermissions: [
      "cloudfunctions.functions.create",
      "cloudfunctions.functions.update",
      "cloudfunctions.functions.get",
      "cloudfunctions.functions.list",
      "cloudfunctions.functions.delete",
      "cloudfunctions.operations.get",
      "iam.serviceAccounts.actAs",
    ],
    optionalPermissions: [
      "cloudfunctions.functions.setIamPolicy",
      "cloudfunctions.functions.getIamPolicy",
      "storage.buckets.get",
      "storage.objects.create",
    ],
    commonResources: [
      "projects/{project}/locations/{location}/functions/{function}",
    ],
  },
  "app-engine": {
    service: "App Engine",
    description: "Deploy and manage App Engine applications",
    requiredPermissions: [
      "appengine.applications.create",
      "appengine.applications.update",
      "appengine.applications.get",
      "appengine.versions.create",
      "appengine.versions.update",
      "appengine.versions.get",
      "appengine.versions.list",
      "appengine.services.get",
      "appengine.services.list",
    ],
    optionalPermissions: [
      "appengine.versions.delete",
      "appengine.instances.get",
      "appengine.instances.list",
      "storage.buckets.get",
      "storage.objects.create",
    ],
    commonResources: [
      "projects/{project}/services/{service}/versions/{version}",
    ],
  },
  "cloud-storage": {
    service: "Cloud Storage",
    description: "Manage Cloud Storage buckets and objects",
    requiredPermissions: [
      "storage.buckets.create",
      "storage.buckets.get",
      "storage.buckets.list",
      "storage.objects.create",
      "storage.objects.get",
      "storage.objects.list",
    ],
    optionalPermissions: [
      "storage.buckets.delete",
      "storage.objects.delete",
      "storage.buckets.setIamPolicy",
      "storage.buckets.getIamPolicy",
    ],
    commonResources: ["projects/{project}/buckets/{bucket}"],
  },
  "cloud-sql": {
    service: "Cloud SQL",
    description: "Deploy and manage Cloud SQL instances",
    requiredPermissions: [
      "cloudsql.instances.create",
      "cloudsql.instances.update",
      "cloudsql.instances.get",
      "cloudsql.instances.list",
      "cloudsql.instances.connect",
      "cloudsql.databases.create",
      "cloudsql.databases.get",
      "cloudsql.databases.list",
    ],
    optionalPermissions: [
      "cloudsql.instances.delete",
      "cloudsql.users.create",
      "cloudsql.users.list",
      "cloudsql.backupRuns.create",
    ],
    commonResources: ["projects/{project}/instances/{instance}"],
  },
};
  • src/index.ts:202-202 (registration)
    Invocation of registerIamTools(server) in the main server startup, which triggers registration of IAM tools including 'gcp-iam-list-deployment-services'.
    registerIamTools(server);
Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/krzko/google-cloud-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server