1apiVersion: iam.cnrm.cloud.google.com/v1beta1
2kind: IAMPolicyMember
3metadata:
4 name: bsl-sql-client-role
5 labels:
6 platform.edge.ncr.com/component: edge-bsl
7 cluster_hash: ${cluster_hash}
8 cluster_uuid: ${cluster_uuid}
9 namespace: edge-bsl
10 annotations:
11 cnrm.cloud.google.com/project-id: ${gcp_project_id}
12 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
13 pallet.edge.ncr.com/name: edge-bsl
14 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
15 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
16 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-platform'
17 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
18spec:
19 member: serviceAccount:edge-bsl@${gcp_project_id}.iam.gserviceaccount.com
20 resourceRef:
21 apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
22 kind: Project
23 external: "projects/${gcp_project_id}"
24 role: roles/cloudsql.client
25---
26apiVersion: iam.cnrm.cloud.google.com/v1beta1
27kind: IAMPolicyMember
28metadata:
29 name: bsl-sql-user-role
30 labels:
31 platform.edge.ncr.com/component: edge-bsl
32 cluster_hash: ${cluster_hash}
33 cluster_uuid: ${cluster_uuid}
34 namespace: edge-bsl
35 annotations:
36 cnrm.cloud.google.com/project-id: ${gcp_project_id}
37 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
38 pallet.edge.ncr.com/name: edge-bsl
39 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
40 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
41 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-platform'
42 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
43spec:
44 member: serviceAccount:edge-bsl@${gcp_project_id}.iam.gserviceaccount.com
45 resourceRef:
46 apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
47 kind: Project
48 external: "projects/${gcp_project_id}"
49 role: roles/cloudsql.instanceUser
50---
51apiVersion: iam.cnrm.cloud.google.com/v1beta1
52kind: IAMPolicyMember
53metadata:
54 name: edge-bsl-banners-secretadmin
55 labels:
56 platform.edge.ncr.com/component: edge-bsl
57 cluster_hash: ${cluster_hash}
58 cluster_uuid: ${cluster_uuid}
59 namespace: edge-bsl
60 annotations:
61 cnrm.cloud.google.com/project-id: ${gcp_project_id}
62 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
63 pallet.edge.ncr.com/name: edge-bsl
64 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
65 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
66 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-platform'
67 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
68spec:
69 member: serviceAccount:edge-bsl@${gcp_project_id}.iam.gserviceaccount.com
70 resourceRef:
71 apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
72 kind: Project
73 external: "projects/${gcp_project_id}"
74 role: roles/secretmanager.admin
75---
76apiVersion: iam.cnrm.cloud.google.com/v1beta1
77kind: IAMPolicyMember
78metadata:
79 name: edge-bsl-workload-identity-user
80 labels:
81 platform.edge.ncr.com/component: edge-bsl
82 cluster_hash: ${cluster_hash}
83 cluster_uuid: ${cluster_uuid}
84 namespace: edge-bsl
85 annotations:
86 cnrm.cloud.google.com/project-id: ${gcp_project_id}
87 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
88 pallet.edge.ncr.com/name: edge-bsl
89 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
90 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
91 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-platform'
92 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
93spec:
94 member: serviceAccount:${gcp_project_id}.svc.id.goog[edge-bsl/edge-bsl]
95 resourceRef:
96 name: edge-bsl
97 apiVersion: iam.cnrm.cloud.google.com/v1beta1
98 kind: IAMServiceAccount
99 role: roles/iam.workloadIdentityUser
100---
101apiVersion: iam.cnrm.cloud.google.com/v1beta1
102kind: IAMServiceAccount
103metadata:
104 name: edge-bsl
105 labels:
106 platform.edge.ncr.com/component: edge-bsl
107 cluster_hash: ${cluster_hash}
108 cluster_uuid: ${cluster_uuid}
109 namespace: edge-bsl
110 annotations:
111 cnrm.cloud.google.com/project-id: ${gcp_project_id}
112 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
113 pallet.edge.ncr.com/name: edge-bsl
114 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
115 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
116 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-platform'
117 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
118spec:
119 displayName: ${cluster_hash} Edge BSL
120 resourceID: edge-bsl
121---
122apiVersion: sql.cnrm.cloud.google.com/v1beta1
123kind: SQLUser
124metadata:
125 name: edge-bsl-sql-user
126 labels:
127 platform.edge.ncr.com/component: edge-bsl
128 cluster_hash: ${cluster_hash}
129 cluster_uuid: ${cluster_uuid}
130 namespace: edge-bsl
131 annotations:
132 cnrm.cloud.google.com/deletion-policy: abandon
133 cnrm.cloud.google.com/project-id: ${gcp_project_id}
134 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
135 pallet.edge.ncr.com/name: edge-bsl
136 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
137 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
138 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-platform'
139 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
140spec:
141 type: CLOUD_IAM_SERVICE_ACCOUNT
142 instanceRef:
143 name: ${gcp_project_id}
144 namespace: edge-system
145 resourceID: edge-bsl@${gcp_project_id}.iam
View as plain text