apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
kind: PubSubTopic
metadata:
  name: promotions
  annotations:
    description: Used to promote artifacts to specific projects managed by us.
---
apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
kind: PubSubSubscription
metadata:
  name: promotions
spec:
  ackDeadlineSeconds: 60
  retainAckedMessages: false
  retryPolicy:
    maximumBackoff: 600s
    minimumBackoff: 5s
  topicRef:
    name: promotions
---
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicyMember
metadata:
  name: registryforwarder-promotions-subscriber
  annotations:
    description: Allow platform-infra installation of forwarder subscribe to the promotions topic.
spec:
  member: serviceAccount:fwder-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
  resourceRef:
    name: promotions
    apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
    kind: PubSubSubscription
  role: roles/pubsub.subscriber
---
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicyMember
metadata:
  name: registryforwarder-promotions-viewer
spec:
  member: serviceAccount:fwder-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
  resourceRef:
    name: promotions
    apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
    kind: PubSubSubscription
  role: roles/pubsub.viewer