apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPartialPolicy
metadata:
  name: siem-pubsub-partial-policy
spec:
  bindings:
  - members:
    - member: serviceAccount:service-${gcp_project_number}@gcp-sa-logging.iam.gserviceaccount.com
    role: roles/pubsub.publisher
  resourceRef:
    apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
    kind: PubSubTopic
    external: projects/${foreman_gcp_project_id}/topics/siem