When setting up service accounts in Goggle Cloud Platform, there may be a requirements from some customers in preparation to create a host connection from Citrix Cloud,  customers security teams may need to know the exact permissions required so they can grant on those which are required.
It is not possible to give the account full permissions.

Required:
- cloudbuild.builds.create
- cloudbuild.builds.get
- cloudbuild.builds.list
- storage.buckets.create
- storage.buckets.get
- storage.buckets.list
- storage.objects.create
- storage.objects.delete
- storage.objects.get
- storage.objects.list
- resourcemanager.projects.get
    * Upload/download of ID Disk of cloned machines & Instruction disk of the Image Prep machine
- compute.acceleratorTypes.list
    * Zone validation when accelerators are provided
- compute.diskTypes.get
- compute.diskTypes.list
- compute.disks.create
- compute.disks.delete
- compute.disks.get
- compute.disks.setLabels
- compute.disks.use
- compute.disks.useReadOnly
    * Inventory, validation, & general disk management
- compute.disks.createSnapshot
    * Temporary preservation of master image during image prep creation
- compute.firewalls.create
- compute.firewalls.delete
- compute.firewalls.list
- compute.networks.updatePolicy
    * Firewall management for image prep machine
- compute.globalOperations.get
    * Monitor status of queued operations
- compute.images.create
- compute.images.delete
- compute.images.get
- compute.images.list
- compute.images.setLabels
- compute.images.useReadOnly
    * golden master image management, instance template references GCP image
- compute.instanceTemplates.create
- compute.instanceTemplates.delete
- compute.instanceTemplates.get
- compute.instanceTemplates.list
- compute.instanceTemplates.useReadOnly
    * golden master image management, saved as instance template
- compute.instances.attachDisk
- compute.instances.create
- compute.instances.delete
- compute.instances.detachDisk
    * Instance disk management
- compute.instances.get
- compute.instances.list
- compute.machineTypes.get
- compute.machineTypes.list
    * Inventory, Validation, Instance creation, & Instance management
- compute.instances.setDeletionProtection
- compute.instances.setLabels
- compute.instances.setMetadata
- compute.instances.setTags
- compute.instances.setServiceAccount
    * Instance creation
- compute.instances.reset
- compute.instances.resume
- compute.instances.start
- compute.instances.stop
- compute.instances.suspend
    * Power Management
- compute.networks.list
    * Host connection creation
- compute.projects.get
- compute.regions.list
- compute.zones.get
- compute.zones.list
    * Inventory, validation, & image prep/clone machine creation
- compute.snapshots.create
- compute.snapshots.delete
- compute.snapshots.list
- compute.snapshots.setLabels
- compute.snapshots.useReadOnly
    * Inventory, master image source, & temporary master image storage
- compute.subnetworks.get
- compute.subnetworks.list


- compute.subnetworks.use
- compute.subnetworks.useExternalIp
    * Hosting connection creation
- compute.zoneOperations.get
- compute.zoneOperations.list
    * Monitor status of queued zonal operations

Required if relevant resources used:
- cloudkms.cryptoKeys.get
- cloudkms.cryptoKeys.list
- cloudkms.keyRings.get
- cloudkms.keyRings.list
    * Inventory, Validation, & setting of crypto keys for cloned/image prep machines

Optional:
- storage.buckets.update
    * Update labels of existing buckets
- compute.nodeGroups.list
- compute.nodeTemplates.get
    * Sole Tenancy Validation
- compute.instances.update*
    * Machine Hardware Update Optimization (To Be Released)

Problem Cause