1apiVersion: iam.cnrm.cloud.google.com/v1beta1
2kind: IAMServiceAccount
3metadata:
4 name: syncedobjectctl
5spec:
6 displayName: syncedobjectctl
7 resourceID: soctl-${cluster_hash}
8---
9apiVersion: iam.cnrm.cloud.google.com/v1beta1
10kind: IAMPolicyMember
11metadata:
12 name: syncedobjectctl-pubsub-publisher
13 labels:
14 platform.edge.ncr.com/component: edge-backend
15spec:
16 member: serviceAccount:soctl-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
17 resourceRef:
18 apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
19 kind: Project
20 external: ${foreman_gcp_project_id}
21 role: roles/pubsub.publisher
22---
23apiVersion: iam.cnrm.cloud.google.com/v1beta1
24kind: IAMPolicyMember
25metadata:
26 name: syncedobjectctl-pubsub-subscriber
27spec:
28 member: serviceAccount:soctl-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
29 resourceRef:
30 apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
31 kind: Project
32 external: ${foreman_gcp_project_id}
33 role: roles/pubsub.subscriber
View as plain text