apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicyMember
metadata:
  name: ncr-charts-oci-reader
spec:
  member: serviceAccount:flux-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
  resourceRef:
    apiVersion: artifactregistry.cnrm.cloud.google.com/v1beta1
    kind: ArtifactRegistryRepository
    external: projects/${foreman_gcp_project_id}/locations/${gcp_region}/repositories/ncr-charts
  role: roles/artifactregistry.reader