PubSubSchema referenced by IAMPolicyMember

[npitts0811]

Checklist

• [X] I did not find a related open enhancement request.
• [X] I understand that enhancement requests filed in the GitHub repository are by default low priority.
• [X] If this request is time-sensitive, I have submitted a corresponding issue with GCP support.

Describe the feature or resource

Currently, PubSubSchema resourced cannot be by referenced by IAMPolicyMember. This would be helpful to us for setting resource-level permissions. Example below:

---
apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
kind: PubSubSchema
metadata:
  name: pubsubsubschema-sample
spec:
  type: PROTOCOL_BUFFER
  definition: "syntax = \"proto3\";\nmessage Results {\nstring message_request = 1;\nstring message_response = 2;\nstring timestamp_request = 3;\nstring timestamp_response = 4;\n}"
  projectRef:
    name: project
---
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicyMember
metadata:
  name: iampolicymember-schema-example
spec:
  member: serviceAccount:my-serviceaccount@project.iam.gserviceaccount.com
  role: roles/pubsub.viewer
  resourceRef:
    apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
    kind: PubSubSchema
    name: pubsubsubschema-sample

Additional information

No response

Importance

No response

[caieo]

@npitts0811, thank you for filing this enhancement request. After taking a look at the API documentation, it doesn't seem like PubSubSchema has a API endpoint to interact with IAM. Because our product is built on GCP, we would need to wait for PubSub to support IAM on the PubSubSchema resource first. Feel free to reach out to the PubSub team here if you'd like to escalate/help prioritize your enhancement request.