apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPartialPolicy
metadata:
  name: dsp-partial-policy
spec:
  bindings:
  - members:
    - member: serviceAccount:service-${gcp_project_number}@gcp-sa-monitoring-notification.iam.gserviceaccount.com
    role: roles/pubsub.publisher
  resourceRef:
    apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
    kind: PubSubTopic
    external: projects/${gcp_project_id}/topics/dsp-notifications
---
apiVersion: monitoring.cnrm.cloud.google.com/v1beta1
kind: MonitoringNotificationChannel
metadata:
  name: dsp-pubsub-notification-channel
spec:
  type: pubsub
  labels:
    topic: projects/${gcp_project_id}/topics/dsp-notifications
  description: PubSub topic for sending events to DSP for processing.
  enabled: true
  forceDelete: true
---
apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
kind: PubSubSubscription
metadata:
  name: dsp-notifications-subscription
spec:
  ackDeadlineSeconds: 600
  messageRetentionDuration: 604800s
  retainAckedMessages: false
  topicRef:
    name: dsp-notifications
---
apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
kind: PubSubTopic
metadata:
  name: dsp-notifications
---
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPartialPolicy
metadata:
  name: dsp-users-pubsub-access
spec:
  bindings:
  - members:
    - member: user:fh185040@ncr.com
    - member: user:ak185158@ncr.com
    - member: user:ag185392@ncr.com
    - member: user:rs185722@ncr.com
    - member: serviceAccount:edge-dev1-pubsub@hsp-pstream-cug01-prep.iam.gserviceaccount.com
    role: roles/pubsub.subscriber
  resourceRef:
    apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
    kind: PubSubSubscription
    external: projects/${gcp_project_id}/subscriptions/dsp-notifications-subscription