apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicyMember
metadata:
  name: kcc-foreman-artifact-admin
spec:
  member: serviceAccount:kcc-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
  resourceRef:
    apiVersion: artifactregistry.cnrm.cloud.google.com/v1beta1
    kind: ArtifactRegistryRepository
    external: projects/${foreman_gcp_project_id}/locations/${gcp_region}/repositories/warehouse
  role: roles/artifactregistry.admin
---
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicyMember
metadata:
  name: kcc-foreman-ctlfish-pubsub-admin
spec:
  member: serviceAccount:kcc-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
  resourceRef:
    apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
    kind: PubSubTopic
    external: projects/${foreman_gcp_project_id}/topics/ctlfish-pubsub
  role: roles/pubsub.admin