apiVersion: iam.cnrm.cloud.google.com/v1beta1 kind: IAMPolicyMember metadata: name: shoot-publisher namespace: data-sync-connector labels: platform.edge.ncr.com/component: data-sync-connector cluster_hash: ${cluster_hash} cluster_uuid: ${cluster_uuid} annotations: cnrm.cloud.google.com/project-id: ${gcp_project_id} pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: shoot pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: member: serviceAccount:shoot-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com resourceRef: apiVersion: pubsub.cnrm.cloud.google.com/v1beta1 kind: PubSubTopic external: "projects/${foreman_gcp_project_id}/topics/data-sync-e2c" role: roles/pubsub.publisher --- apiVersion: iam.cnrm.cloud.google.com/v1beta1 kind: IAMPolicyMember metadata: name: shoot-publisher-legacy namespace: data-sync-connector labels: platform.edge.ncr.com/component: data-sync-connector cluster_hash: ${cluster_hash} cluster_uuid: ${cluster_uuid} annotations: cnrm.cloud.google.com/project-id: ${gcp_project_id} pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: shoot pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: member: serviceAccount:shoot-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com resourceRef: apiVersion: pubsub.cnrm.cloud.google.com/v1beta1 kind: PubSubTopic external: "projects/${foreman_gcp_project_id}/topics/public" role: roles/pubsub.publisher --- apiVersion: iam.cnrm.cloud.google.com/v1beta1 kind: IAMPolicyMember metadata: name: shoot-workload-id namespace: data-sync-connector labels: platform.edge.ncr.com/component: data-sync-connector cluster_hash: ${cluster_hash} cluster_uuid: ${cluster_uuid} annotations: cnrm.cloud.google.com/project-id: ${gcp_project_id} description: | Binds the K8s SA used by shoot to the GCP IAM service account defined in the base. pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: shoot pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: member: serviceAccount:${gcp_project_id}.svc.id.goog[data-sync-connector/data-sync-connector] resourceRef: name: shoot apiVersion: iam.cnrm.cloud.google.com/v1beta1 kind: IAMServiceAccount role: roles/iam.workloadIdentityUser --- apiVersion: iam.cnrm.cloud.google.com/v1beta1 kind: IAMServiceAccount metadata: name: shoot namespace: data-sync-connector labels: platform.edge.ncr.com/component: data-sync-connector cluster_hash: ${cluster_hash} cluster_uuid: ${cluster_uuid} annotations: cnrm.cloud.google.com/project-id: ${gcp_project_id} pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: shoot pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: displayName: ${cluster_uuid} Data Sync Shoot resourceID: shoot-${cluster_hash}