apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicyMember
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"iam.cnrm.cloud.google.com/v1beta1","kind":"IAMPolicyMember","metadata":{"annotations":{},"labels":{"app.kubernetes.io/instance":"test-health-iam-sa"},"name":"test-objects-create","namespace":"test-project"},"spec":{"member":"serviceAccount:test-sa@test-project.iam.gserviceaccount.com","resourceRef":{"apiVersion":"resourcemanager.cnrm.cloud.google.com/v1beta1","external":"projects/test-project","kind":"Project"},"role":"roles/storage.objects.create"}}
  creationTimestamp: "2021-06-17T15:54:30Z"
  finalizers:
    - cnrm.cloud.google.com/finalizer
    - cnrm.cloud.google.com/deletion-defender
  generation: 1
  labels:
    app.kubernetes.io/instance: test-health-iam-sa
  managedFields:
    - apiVersion: iam.cnrm.cloud.google.com/v1beta1
      fieldsType: FieldsV1
      fieldsV1:
        f:metadata:
          f:annotations:
            .: {}
            f:kubectl.kubernetes.io/last-applied-configuration: {}
          f:labels:
            .: {}
            f:app.kubernetes.io/instance: {}
        f:spec:
          .: {}
          f:member: {}
          f:resourceRef:
            .: {}
            f:apiVersion: {}
            f:external: {}
            f:kind: {}
          f:role: {}
      manager: argocd-application-controller
      operation: Update
      time: "2021-06-17T15:54:30Z"
    - apiVersion: iam.cnrm.cloud.google.com/v1beta1
      fieldsType: FieldsV1
      fieldsV1:
        f:metadata:
          f:finalizers:
            .: {}
            v:"cnrm.cloud.google.com/deletion-defender": {}
            v:"cnrm.cloud.google.com/finalizer": {}
      manager: manager
      operation: Update
      time: "2021-06-17T15:54:31Z"
    - apiVersion: iam.cnrm.cloud.google.com/v1beta1
      fieldsType: FieldsV1
      fieldsV1:
        f:status:
          .: {}
          f:conditions: {}
          f:observedGeneration: {}
      manager: cnrm-controller-manager
      operation: Update
      time: "2021-06-17T15:54:34Z"
  name: test-objects-create
  namespace: test-project
  resourceVersion: "73435624"
  selfLink: /apis/iam.cnrm.cloud.google.com/v1beta1/namespaces/test-project/iampolicymembers/test-objects-create
  uid: 91c92bb4-c341-41b5-a2ce-efda6e0996a1
spec:
  member: serviceAccount:test-sa@test-project.iam.gserviceaccount.com
  resourceRef:
    apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
    external: projects/test-project
    kind: Project
  role: roles/storage.objects.create
status:
  conditions:
    - lastTransitionTime: "2021-06-17T15:54:34Z"
      message:
        'Update call failed: error setting policy member: error applying changes:
        summary: Request "Create IAM Members roles/storage.objects.create serviceAccount:test-sa@test-project.iam.gserviceaccount.com
        for \"project \\\"projects/test-project\\\"\"" returned error: Batch request
        and retried single request "Create IAM Members roles/storage.objects.create
        serviceAccount:test-sa@test-project.iam.gserviceaccount.com
        for \"project \\\"projects/test-project\\\"\"" both failed. Final error:
        Error applying IAM policy for project "projects/test-project": Error setting
        IAM policy for project "projects/test-project": googleapi: Error 400: Role
        roles/storage.objects.create is not supported for this resource., badRequest,
        detail: '
      reason: UpdateFailed
      status: "False"
      type: Ready
  observedGeneration: 1