1apiVersion: iam.cnrm.cloud.google.com/v1beta1
2kind: IAMServiceAccount
3metadata:
4 name: edge-bsl
5spec:
6 displayName: ${cluster_hash} Edge BSL
7 resourceID: edge-bsl
8---
9apiVersion: iam.cnrm.cloud.google.com/v1beta1
10kind: IAMPolicyMember
11metadata:
12 name: edge-bsl-banners-secretadmin
13spec:
14 member: serviceAccount:edge-bsl@${gcp_project_id}.iam.gserviceaccount.com
15 resourceRef:
16 apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
17 kind: Project
18 external: projects/${gcp_project_id}
19 role: roles/secretmanager.admin
20---
21apiVersion: iam.cnrm.cloud.google.com/v1beta1
22kind: IAMPolicyMember
23metadata:
24 name: bsl-sql-user-role
25spec:
26 member: serviceAccount:edge-bsl@${gcp_project_id}.iam.gserviceaccount.com
27 resourceRef:
28 apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
29 kind: Project
30 external: projects/${gcp_project_id}
31 role: roles/cloudsql.instanceUser
32---
33apiVersion: sql.cnrm.cloud.google.com/v1beta1
34kind: SQLUser
35metadata:
36 name: edge-bsl-sql-user
37 annotations:
38 cnrm.cloud.google.com/deletion-policy: abandon
39spec:
40 type: CLOUD_IAM_SERVICE_ACCOUNT
41 instanceRef:
42 name: ${edge_sql_db_name}-migrated
43 namespace: edge-system
44 resourceID: edge-bsl@${gcp_project_id}.iam
45---
46apiVersion: iam.cnrm.cloud.google.com/v1beta1
47kind: IAMPolicyMember
48metadata:
49 name: bsl-sql-client-role
50spec:
51 member: serviceAccount:edge-bsl@${gcp_project_id}.iam.gserviceaccount.com
52 resourceRef:
53 apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
54 kind: Project
55 external: projects/${gcp_project_id}
56 role: roles/cloudsql.client
View as plain text