apiVersion: backend.edge.ncr.com/v1alpha2
kind: DatabaseUser
metadata:
  name: cctl-${cluster_hash}
spec:
  type: CLOUD_IAM_SERVICE_ACCOUNT
  serviceAccount:
    emailRef: cctl-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
    iamUsername: cctl-${cluster_hash}@${gcp_project_id}.iam
  force: true
  grants:
  - schema: public
    tableGrant:
    - permissions:
      - permission: SELECT
      - permission: TRIGGER
      - permission: UPDATE
      table: clusters
    - permissions:
      - permission: SELECT
      table: terminals
    - permissions:
      - permission: SELECT
      table: labels
    - permissions:
      - permission: SELECT
      table: cluster_labels
    - permissions:
      - permission: SELECT
      table: banners
    - permissions:
      - permission: SELECT
      table: channels
    - permissions:
      - permission: INSERT
      - permission: SELECT
      table: helm_workloads_channels
  instanceRef:
    name: ${edge_sql_db_name}-migrated
    projectID: ${gcp_project_id}
  prune: true