gcp-iam v5.23.0 - IAM role bindings enforcement now works correctly on projects with conditional bindings | Changelog | Guardrails

Introducing PSPM: Preventive Security Posture Management →

gcp-iam v5.23.0 - IAM role bindings enforcement now works correctly on projects with conditional bindings

Feb 17, 2026•GuardrailsMods

Bug fixes

The approved controls for GCP > IAM > Service Account > Project Role Bindings, GCP > IAM > Service Account > Role Bindings, and GCP > IAM > Project User > Role Bindings previously failed to delete unapproved role bindings on projects or service accounts with conditional IAM bindings. This has now been fixed, and enforcement and delete actions will work as expected.

Control Types

GCP > IAM > API Key > Allowed
GCP > IAM > API Key > Allowed > Custom
GCP > IAM > Project User > Allowed
GCP > IAM > Project User > Allowed > Custom
GCP > IAM > Service Account > Allowed
GCP > IAM > Service Account > Allowed > Custom
GCP > IAM > Service Account Key > Allowed
GCP > IAM > Service Account Key > Allowed > Custom

Policy Types

GCP > IAM > API Key > Allowed
GCP > IAM > API Key > Allowed > Custom
GCP > IAM > API Key > Allowed > Custom > Rules
GCP > IAM > Project User > Allowed
GCP > IAM > Project User > Allowed > Custom
GCP > IAM > Project User > Allowed > Custom > Rules
GCP > IAM > Service Account > Allowed
GCP > IAM > Service Account > Allowed > Custom
GCP > IAM > Service Account > Allowed > Custom > Rules
GCP > IAM > Service Account Key > Allowed
GCP > IAM > Service Account Key > Allowed > Custom
GCP > IAM > Service Account Key > Allowed > Custom > Rules