apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPartialPolicy
metadata:
  name: response-topic-policy.${cluster_uuid}.dsds-ea-sa
  annotations:
    cnrm.cloud.google.com/project-id: ${gcp_project_id}
    cnrm.cloud.google.com/state-into-spec: merge
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: remotecli-cluster-infra
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
  labels:
    cluster_hash: ${cluster_hash}
    cluster_uuid: ${cluster_uuid}
spec:
  bindings:
  - members:
    - memberFrom:
        serviceAccountRef:
          name: service-account.${cluster_uuid}.dsds-ea
    role: roles/pubsub.publisher
  resourceRef:
    apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
    kind: PubSubTopic
    external: projects/${gcp_project_id}/topics/topic.dsds-ea-response
---
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPartialPolicy
metadata:
  name: subscription-policy.${cluster_uuid}.dsds-ea-sa
  annotations:
    cnrm.cloud.google.com/project-id: ${gcp_project_id}
    cnrm.cloud.google.com/state-into-spec: merge
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: remotecli-cluster-infra
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
  labels:
    cluster_hash: ${cluster_hash}
    cluster_uuid: ${cluster_uuid}
spec:
  bindings:
  - members:
    - memberFrom:
        serviceAccountRef:
          name: service-account.${cluster_uuid}.dsds-ea
    role: roles/pubsub.subscriber
  resourceRef:
    name: sub.${cluster_uuid}.dsds-ea-request
    apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
    kind: PubSubSubscription
---
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccount
metadata:
  name: service-account.${cluster_uuid}.dsds-ea
  annotations:
    cnrm.cloud.google.com/project-id: ${gcp_project_id}
    cnrm.cloud.google.com/state-into-spec: merge
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: remotecli-cluster-infra
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
  labels:
    cluster_hash: ${cluster_hash}
    cluster_uuid: ${cluster_uuid}
spec:
  description: "Remote Agent Emergency Access Service Account. (${cluster_uuid})"
  resourceID: dsds-ea-${cluster_hash}
---
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccountKey
metadata:
  name: remotecli-${cluster_uuid}-gcp-api-key
  annotations:
    cnrm.cloud.google.com/project-id: ${gcp_project_id}
    cnrm.cloud.google.com/state-into-spec: merge
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: remotecli-cluster-infra
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
  labels:
    cluster_hash: ${cluster_hash}
    cluster_uuid: ${cluster_uuid}
spec:
  serviceAccountRef:
    name: service-account.${cluster_uuid}.dsds-ea
---
apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
kind: PubSubSubscription
metadata:
  name: sub.${cluster_uuid}.dsds-ea-request
  annotations:
    cnrm.cloud.google.com/project-id: ${gcp_project_id}
    cnrm.cloud.google.com/state-into-spec: merge
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: remotecli-cluster-infra
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
  labels:
    cluster_hash: ${cluster_hash}
    cluster_uuid: ${cluster_uuid}
spec:
  enableMessageOrdering: true
  filter: attributes.storeId="${cluster_uuid}"
  resourceID: sub.${cluster_uuid}.dsds-ea-request
  topicRef:
    external: projects/${gcp_project_id}/topics/topic.dsds-ea-request
---
apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
kind: PubSubSubscription
metadata:
  name: sub.${cluster_uuid}.dsds-ea-response
  annotations:
    cnrm.cloud.google.com/project-id: ${gcp_project_id}
    cnrm.cloud.google.com/state-into-spec: merge
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: remotecli-cluster-infra
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
  labels:
    cluster_hash: ${cluster_hash}
    cluster_uuid: ${cluster_uuid}
spec:
  enableMessageOrdering: true
  filter: attributes.storeId="${cluster_uuid}"
  resourceID: sub.${cluster_uuid}.dsds-ea-response
  topicRef:
    external: projects/${gcp_project_id}/topics/topic.dsds-ea-response
---
apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
kind: SecretManagerSecret
metadata:
  name: remotecli-${cluster_uuid}-gcp-api-key
  annotations:
    cnrm.cloud.google.com/project-id: ${gcp_project_id}
    cnrm.cloud.google.com/state-into-spec: merge
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: remotecli-cluster-infra
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
  labels:
    cluster_hash: ${cluster_hash}
    cluster_uuid: ${cluster_uuid}
spec:
  replication:
    automatic: true
---
apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
kind: SecretManagerSecretVersion
metadata:
  name: secret-manager-secret-version.${cluster_uuid}.dsds-ea-sa
  annotations:
    cnrm.cloud.google.com/project-id: ${gcp_project_id}
    cnrm.cloud.google.com/state-into-spec: merge
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: remotecli-cluster-infra
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
  labels:
    cluster_hash: ${cluster_hash}
    cluster_uuid: ${cluster_uuid}
spec:
  secretRef:
    name: remotecli-${cluster_uuid}-gcp-api-key
  enabled: true
  secretData:
    valueFrom:
      secretKeyRef:
        name: remotecli-${cluster_uuid}-gcp-api-key
        key: key.json