1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15# **WARNING**: The policy here represents the full declarative intent for the
16# referenced project. It will fully overwrite the existing policy on the
17# project.
18#
19# If you want finer-grained control over a project's IAM bindings, use
20# IAMPolicyMember. If you want finer-grained control over audit configs, use
21# IAMAuditConfig.
22apiVersion: iam.cnrm.cloud.google.com/v1beta1
23kind: IAMPolicy
24metadata:
25 name: iampolicy-sample-external-project
26spec:
27 resourceRef:
28 kind: Project
29 external: projects/iampolicy-dep-external-project
30 bindings:
31 - members:
32 # Replace ${GSA_EMAIL?} with the Config Connector service account's
33 # email address. This ensures that the Config Connector service account
34 # can continue to manage the referenced project.
35 - serviceAccount:${GSA_EMAIL?}
36 role: roles/owner
37 - members:
38 - serviceAccount:iampolicy-dep-external-project@iampolicy-dep-external-project.iam.gserviceaccount.com
39 role: roles/storage.admin
View as plain text