List required Google CloudDNS permissions exhaustively

[renaudguerin]

The cert-manager CloudDNS documentation currently says :

you will need to create a custom role with the following permissions: dns.resourceRecordSets.* dns.changes.* dns.managedZones.list

Unfortunately, this list can't be used as is (in Terraform at least) because the Google API doesn't seem to allow wildcards for permissions.

It's easy enough to expand these to the full list, but many of them may be unnecessary. Could you please clarify which permissions are actually required for the DNS01 solver ?

Thanks