roles/redis.dbConnectionUser is not supported for this resource

[shvkumara]

Describe your question

I am trying to add roles/redis.dbConnectionUser to a service account in GCP but I am getting an error.

apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPartialPolicy
metadata:
  name: roles-at-sa-level
spec:
  resourceRef:
    kind: IAMServiceAccount
    external: projects/my-project/serviceAccounts/[email protected]
  bindings:
  - role: roles/redis.dbConnectionUser
    members:
    - member: "serviceAccount:[email protected]"

Error:

Events:
  Type     Reason        Age   From                         Message
  ----     ------        ----  ----                         -------
  Warning  UpdateFailed  12s   iampartialpolicy-controller  Update call failed: error setting policy: error applying changes: summary: Error setting IAM policy for service account 'projects/my-project/serviceAccounts/[email protected]': googleapi: Error 400: Role roles/redis.dbConnectionUser is not supported for this resource., badRequest

However, I can assign the below roles successful

  - role: roles/iam.serviceAccountTokenCreator
  - role: roles/iam.workloadIdentityUser

I think this is because the role is not yet GA as shown inthe documentation

ID - roles/redis.dbConnectionUser
Role launch stage - Beta