1apiVersion: iam.cnrm.cloud.google.com/v1beta1
2kind: IAMServiceAccount
3metadata:
4 name: kinform-psqlinjector
5 labels:
6 platform.edge.ncr.com/component: kinform-psqlinjector
7spec:
8 displayName: kinform-psqlinjector
9 resourceID: kinform-psqlinjector
10---
11apiVersion: iam.cnrm.cloud.google.com/v1beta1
12kind: IAMPolicyMember
13metadata:
14 name: kinform-psqlinjector-pubsub-subscriber-tenants
15spec:
16 member: serviceAccount:kinform-psqlinjector@${foreman_gcp_project_id}.iam.gserviceaccount.com
17 resourceRef:
18 apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
19 kind: Folder
20 external: ${tenants_gcp_folder_id}
21 role: roles/pubsub.subscriber
22---
23apiVersion: iam.cnrm.cloud.google.com/v1beta1
24kind: IAMPolicyMember
25metadata:
26 name: kinform-psqlinjector-pubsub-viewer-tenants
27spec:
28 member: serviceAccount:kinform-psqlinjector@${foreman_gcp_project_id}.iam.gserviceaccount.com
29 resourceRef:
30 apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
31 kind: Folder
32 external: ${tenants_gcp_folder_id}
33 role: roles/pubsub.viewer
View as plain text