apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicyMember
metadata:
  name: bsl-sql-client-role
  labels:
    platform.edge.ncr.com/component: edge-bsl
    cluster_hash: ${cluster_hash}
    cluster_uuid: ${cluster_uuid}
  namespace: edge-bsl
  annotations:
    cnrm.cloud.google.com/project-id: ${gcp_project_id}
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: edge-bsl
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-platform'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
spec:
  member: serviceAccount:edge-bsl@${gcp_project_id}.iam.gserviceaccount.com
  resourceRef:
    apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
    kind: Project
    external: "projects/${gcp_project_id}"
  role: roles/cloudsql.client
---
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicyMember
metadata:
  name: bsl-sql-user-role
  labels:
    platform.edge.ncr.com/component: edge-bsl
    cluster_hash: ${cluster_hash}
    cluster_uuid: ${cluster_uuid}
  namespace: edge-bsl
  annotations:
    cnrm.cloud.google.com/project-id: ${gcp_project_id}
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: edge-bsl
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-platform'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
spec:
  member: serviceAccount:edge-bsl@${gcp_project_id}.iam.gserviceaccount.com
  resourceRef:
    apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
    kind: Project
    external: "projects/${gcp_project_id}"
  role: roles/cloudsql.instanceUser
---
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicyMember
metadata:
  name: edge-bsl-banners-secretadmin
  labels:
    platform.edge.ncr.com/component: edge-bsl
    cluster_hash: ${cluster_hash}
    cluster_uuid: ${cluster_uuid}
  namespace: edge-bsl
  annotations:
    cnrm.cloud.google.com/project-id: ${gcp_project_id}
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: edge-bsl
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-platform'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
spec:
  member: serviceAccount:edge-bsl@${gcp_project_id}.iam.gserviceaccount.com
  resourceRef:
    apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
    kind: Project
    external: "projects/${gcp_project_id}"
  role: roles/secretmanager.admin
---
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicyMember
metadata:
  name: edge-bsl-workload-identity-user
  labels:
    platform.edge.ncr.com/component: edge-bsl
    cluster_hash: ${cluster_hash}
    cluster_uuid: ${cluster_uuid}
  namespace: edge-bsl
  annotations:
    cnrm.cloud.google.com/project-id: ${gcp_project_id}
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: edge-bsl
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-platform'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
spec:
  member: serviceAccount:${gcp_project_id}.svc.id.goog[edge-bsl/edge-bsl]
  resourceRef:
    name: edge-bsl
    apiVersion: iam.cnrm.cloud.google.com/v1beta1
    kind: IAMServiceAccount
  role: roles/iam.workloadIdentityUser
---
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccount
metadata:
  name: edge-bsl
  labels:
    platform.edge.ncr.com/component: edge-bsl
    cluster_hash: ${cluster_hash}
    cluster_uuid: ${cluster_uuid}
  namespace: edge-bsl
  annotations:
    cnrm.cloud.google.com/project-id: ${gcp_project_id}
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: edge-bsl
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-platform'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
spec:
  displayName: ${cluster_hash} Edge BSL
  resourceID: edge-bsl
---
apiVersion: sql.cnrm.cloud.google.com/v1beta1
kind: SQLUser
metadata:
  name: edge-bsl-sql-user
  labels:
    platform.edge.ncr.com/component: edge-bsl
    cluster_hash: ${cluster_hash}
    cluster_uuid: ${cluster_uuid}
  namespace: edge-bsl
  annotations:
    cnrm.cloud.google.com/deletion-policy: abandon
    cnrm.cloud.google.com/project-id: ${gcp_project_id}
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: edge-bsl
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-platform'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
spec:
  type: CLOUD_IAM_SERVICE_ACCOUNT
  instanceRef:
    name: ${gcp_project_id}
    namespace: edge-system
  resourceID: edge-bsl@${gcp_project_id}.iam