1apiVersion: iam.cnrm.cloud.google.com/v1beta1 2kind: IAMPartialPolicy 3metadata: 4 name: siem-pubsub-partial-policy 5spec: 6 bindings: 7 - members: 8 - member: serviceAccount:service-${gcp_project_number}@gcp-sa-logging.iam.gserviceaccount.com 9 role: roles/pubsub.publisher 10 resourceRef: 11 apiVersion: pubsub.cnrm.cloud.google.com/v1beta1 12 kind: PubSubTopic 13 external: projects/${foreman_gcp_project_id}/topics/siem