apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMCustomRole
metadata:
  name: logmondev
  annotations:
    cnrm.cloud.google.com/deletion-policy: abandon
    cnrm.cloud.google.com/project-id: ${gcp_project_id}
    description: |
      Provides only the required permissions for viewing logs and metrics, and creating dashboards and alerts
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: o11y-infra
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-o11y'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
  labels:
    cluster_hash: ${cluster_hash}
    cluster_uuid: ${cluster_uuid}
spec:
  permissions:
  - cloudnotifications.activities.list
  - logging.buckets.get
  - logging.buckets.list
  - logging.exclusions.get
  - logging.exclusions.list
  - logging.locations.get
  - logging.locations.list
  - logging.logEntries.download
  - logging.logEntries.list
  - logging.logMetrics.create
  - logging.logMetrics.get
  - logging.logMetrics.list
  - logging.logMetrics.delete
  - logging.logMetrics.update
  - logging.logServiceIndexes.list
  - logging.logServices.list
  - logging.logs.list
  - logging.notificationRules.create
  - logging.notificationRules.update
  - logging.notificationRules.delete
  - logging.operations.get
  - logging.operations.list
  - logging.queries.create
  - logging.queries.delete
  - logging.queries.get
  - logging.queries.list
  - logging.queries.listShared
  - logging.queries.share
  - logging.queries.update
  - logging.queries.updateShared
  - logging.sinks.get
  - logging.sinks.list
  - logging.usage.get
  - logging.views.access
  - logging.views.get
  - logging.views.list
  - logging.views.listLogs
  - logging.views.listResourceKeys
  - logging.views.listResourceValues
  - monitoring.alertPolicies.create
  - monitoring.alertPolicies.delete
  - monitoring.alertPolicies.get
  - monitoring.alertPolicies.list
  - monitoring.alertPolicies.update
  - monitoring.dashboards.get
  - monitoring.dashboards.list
  - monitoring.dashboards.create
  - monitoring.dashboards.delete
  - monitoring.dashboards.update
  - monitoring.groups.get
  - monitoring.groups.list
  - monitoring.incidents.get
  - monitoring.incidents.update
  - monitoring.metricDescriptors.get
  - monitoring.metricDescriptors.list
  - monitoring.monitoredResourceDescriptors.get
  - monitoring.monitoredResourceDescriptors.list
  - monitoring.notificationChannelDescriptors.get
  - monitoring.notificationChannelDescriptors.list
  - monitoring.notificationChannels.create
  - monitoring.notificationChannels.delete
  - monitoring.notificationChannels.get
  - monitoring.notificationChannels.list
  - monitoring.notificationChannels.sendVerificationCode
  - monitoring.notificationChannels.update
  - monitoring.notificationChannels.verify
  - monitoring.publicWidgets.get
  - monitoring.publicWidgets.list
  - monitoring.services.get
  - monitoring.services.list
  - monitoring.slos.get
  - monitoring.slos.list
  - monitoring.timeSeries.list
  - monitoring.uptimeCheckConfigs.create
  - monitoring.uptimeCheckConfigs.get
  - monitoring.uptimeCheckConfigs.list
  - opsconfigmonitoring.resourceMetadata.list
  - resourcemanager.projects.get
  - serviceusage.services.use
  - stackdriver.projects.get
  title: logmondev
---
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicyMember
metadata:
  name: github-actions-monitoring-syncing
  annotations:
    cnrm.cloud.google.com/deletion-policy: abandon
    cnrm.cloud.google.com/project-id: ${gcp_project_id}
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: o11y-infra
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-o11y'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
  labels:
    cluster_hash: ${cluster_hash}
    cluster_uuid: ${cluster_uuid}
spec:
  member: serviceAccount:github-actions-runner@ret-edge-dev-infra.iam.gserviceaccount.com
  resourceRef:
    apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
    kind: Project
    external: "projects/${gcp_project_id}"
  role: roles/monitoring.editor