Cannot create GKE Admin role permissions with current IAM Resource

[AaronME]

What problem are you facing?

When we attempt to grant a ServiceAccount resource GKE Cluster Admin, we see the following error:

        create failed: cannot set policy of CryptoKey: googleapi: Error 400:
        Role roles/container.clusterAdmin is not supported for this resource.,
        badRequest

It appears that this role can only be assigned as a binding on the Projects api, not as a policy on a ServiceAccount.

How could Crossplane help solve your problem?

Implement bindings on the projects API for GCP.