diff --git a/iac/cal-itp-data-infra-staging/iam/us/outputs.tf b/iac/cal-itp-data-infra-staging/iam/us/outputs.tf index c22ca34198..e991d877a9 100755 --- a/iac/cal-itp-data-infra-staging/iam/us/outputs.tf +++ b/iac/cal-itp-data-infra-staging/iam/us/outputs.tf @@ -2,10 +2,6 @@ output "google_project_iam_custom_role_tfer--projects-002F-cal-itp-data-infra-st value = google_project_iam_custom_role.tfer--projects-002F-cal-itp-data-infra-staging-002F-roles-002F-CustomGCSPublisher.id } -output "google_project_iam_member_tfer--roles-002F-bigquery-002E-dataEditorserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com_id" { - value = google_project_iam_member.tfer--roles-002F-bigquery-002E-dataEditorserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com.id -} - output "google_project_iam_member_tfer--roles-002F-bigquery-002E-dataEditorserviceAccount-003A-github-actions-services-accoun-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com_id" { value = google_project_iam_member.tfer--roles-002F-bigquery-002E-dataEditorserviceAccount-003A-github-actions-services-accoun-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com.id } @@ -22,10 +18,6 @@ output "google_project_iam_member_tfer--roles-002F-bigquery-002E-dataViewerservi value = google_project_iam_member.tfer--roles-002F-bigquery-002E-dataViewerserviceAccount-003A-metabase-0040-cal-itp-data-infra-staging-002E-iam-002E-gserviceaccount-002E-com.id } -output "google_project_iam_member_tfer--roles-002F-bigquery-002E-jobUserserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com_id" { - value = google_project_iam_member.tfer--roles-002F-bigquery-002E-jobUserserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com.id -} - output "google_project_iam_member_tfer--roles-002F-bigquery-002E-jobUserserviceAccount-003A-calitp-py-ci-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com_id" { value = google_project_iam_member.tfer--roles-002F-bigquery-002E-jobUserserviceAccount-003A-calitp-py-ci-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com.id } @@ -54,10 +46,6 @@ output "google_project_iam_member_tfer--roles-002F-bigquery-002E-readSessionUser value = google_project_iam_member.tfer--roles-002F-bigquery-002E-readSessionUserserviceAccount-003A-github-actions-services-accoun-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com.id } -output "google_project_iam_member_tfer--roles-002F-bigquery-002E-userserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com_id" { - value = google_project_iam_member.tfer--roles-002F-bigquery-002E-userserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com.id -} - output "google_project_iam_member_tfer--roles-002F-bigquery-002E-userserviceAccount-003A-calitp-py-ci-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com_id" { value = google_project_iam_member.tfer--roles-002F-bigquery-002E-userserviceAccount-003A-calitp-py-ci-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com.id } @@ -94,18 +82,10 @@ output "google_project_iam_member_tfer--roles-002F-containerregistry-002E-Servic value = google_project_iam_member.tfer--roles-002F-containerregistry-002E-ServiceAgentserviceAccount-003A-service-473674835135-0040-containerregistry-002E-iam-002E-gserviceaccount-002E-com.id } -output "google_project_iam_member_tfer--roles-002F-dataproc-002E-editorserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com_id" { - value = google_project_iam_member.tfer--roles-002F-dataproc-002E-editorserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com.id -} - output "google_project_iam_member_tfer--roles-002F-dataproc-002E-serviceAgentserviceAccount-003A-service-473674835135-0040-dataproc-accounts-002E-iam-002E-gserviceaccount-002E-com_id" { value = google_project_iam_member.tfer--roles-002F-dataproc-002E-serviceAgentserviceAccount-003A-service-473674835135-0040-dataproc-accounts-002E-iam-002E-gserviceaccount-002E-com.id } -output "google_project_iam_member_tfer--roles-002F-dataproc-002E-workerserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com_id" { - value = google_project_iam_member.tfer--roles-002F-dataproc-002E-workerserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com.id -} - output "google_project_iam_member_tfer--roles-002F-editorserviceAccount-003A-473674835135-0040-cloudservices-002E-gserviceaccount-002E-com_id" { value = google_project_iam_member.tfer--roles-002F-editorserviceAccount-003A-473674835135-0040-cloudservices-002E-gserviceaccount-002E-com.id } @@ -114,10 +94,6 @@ output "google_project_iam_member_tfer--roles-002F-editorserviceAccount-003A-473 value = google_project_iam_member.tfer--roles-002F-editorserviceAccount-003A-473674835135-compute-0040-developer-002E-gserviceaccount-002E-com.id } -output "google_project_iam_member_tfer--roles-002F-iam-002E-serviceAccountUserserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com_id" { - value = google_project_iam_member.tfer--roles-002F-iam-002E-serviceAccountUserserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com.id -} - output "google_project_iam_member_tfer--roles-002F-ownerserviceAccount-003A-amplitude-0040-cal-itp-data-infra-staging-002E-iam-002E-gserviceaccount-002E-com_id" { value = google_project_iam_member.tfer--roles-002F-ownerserviceAccount-003A-amplitude-0040-cal-itp-data-infra-staging-002E-iam-002E-gserviceaccount-002E-com.id } @@ -134,10 +110,6 @@ output "google_project_iam_member_tfer--roles-002F-servicenetworking-002E-servic value = google_project_iam_member.tfer--roles-002F-servicenetworking-002E-serviceAgentserviceAccount-003A-service-473674835135-0040-gcp-sa-cloudasset-002E-iam-002E-gserviceaccount-002E-com.id } -output "google_project_iam_member_tfer--roles-002F-storage-002E-objectAdminserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com_id" { - value = google_project_iam_member.tfer--roles-002F-storage-002E-objectAdminserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com.id -} - output "google_project_iam_member_tfer--roles-002F-storage-002E-objectAdminserviceAccount-003A-service-473674835135-0040-gcp-sa-cloudasset-002E-iam-002E-gserviceaccount-002E-com_id" { value = google_project_iam_member.tfer--roles-002F-storage-002E-objectAdminserviceAccount-003A-service-473674835135-0040-gcp-sa-cloudasset-002E-iam-002E-gserviceaccount-002E-com.id } diff --git a/iac/cal-itp-data-infra-staging/iam/us/project_iam_member.tf b/iac/cal-itp-data-infra-staging/iam/us/project_iam_member.tf index 1b187d4d1b..e29e2663a7 100755 --- a/iac/cal-itp-data-infra-staging/iam/us/project_iam_member.tf +++ b/iac/cal-itp-data-infra-staging/iam/us/project_iam_member.tf @@ -1,9 +1,3 @@ -resource "google_project_iam_member" "tfer--roles-002F-bigquery-002E-dataEditorserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com" { - member = "serviceAccount:bq-transform-svcacct@cal-itp-data-infra.iam.gserviceaccount.com" - project = "cal-itp-data-infra-staging" - role = "roles/bigquery.dataEditor" -} - resource "google_project_iam_member" "tfer--roles-002F-bigquery-002E-dataEditorserviceAccount-003A-github-actions-services-accoun-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com" { member = "serviceAccount:github-actions-services-accoun@cal-itp-data-infra.iam.gserviceaccount.com" project = "cal-itp-data-infra-staging" @@ -28,12 +22,6 @@ resource "google_project_iam_member" "tfer--roles-002F-bigquery-002E-dataViewers role = "roles/bigquery.dataViewer" } -resource "google_project_iam_member" "tfer--roles-002F-bigquery-002E-jobUserserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com" { - member = "serviceAccount:bq-transform-svcacct@cal-itp-data-infra.iam.gserviceaccount.com" - project = "cal-itp-data-infra-staging" - role = "roles/bigquery.jobUser" -} - resource "google_project_iam_member" "tfer--roles-002F-bigquery-002E-jobUserserviceAccount-003A-calitp-py-ci-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com" { member = "serviceAccount:calitp-py-ci@cal-itp-data-infra.iam.gserviceaccount.com" project = "cal-itp-data-infra-staging" @@ -76,12 +64,6 @@ resource "google_project_iam_member" "tfer--roles-002F-bigquery-002E-readSession role = "roles/bigquery.readSessionUser" } -resource "google_project_iam_member" "tfer--roles-002F-bigquery-002E-userserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com" { - member = "serviceAccount:bq-transform-svcacct@cal-itp-data-infra.iam.gserviceaccount.com" - project = "cal-itp-data-infra-staging" - role = "roles/bigquery.user" -} - resource "google_project_iam_member" "tfer--roles-002F-bigquery-002E-userserviceAccount-003A-calitp-py-ci-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com" { member = "serviceAccount:calitp-py-ci@cal-itp-data-infra.iam.gserviceaccount.com" project = "cal-itp-data-infra-staging" @@ -136,24 +118,12 @@ resource "google_project_iam_member" "tfer--roles-002F-containerregistry-002E-Se role = "roles/containerregistry.ServiceAgent" } -resource "google_project_iam_member" "tfer--roles-002F-dataproc-002E-editorserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com" { - member = "serviceAccount:bq-transform-svcacct@cal-itp-data-infra.iam.gserviceaccount.com" - project = "cal-itp-data-infra-staging" - role = "roles/dataproc.editor" -} - resource "google_project_iam_member" "tfer--roles-002F-dataproc-002E-serviceAgentserviceAccount-003A-service-473674835135-0040-dataproc-accounts-002E-iam-002E-gserviceaccount-002E-com" { member = "serviceAccount:service-473674835135@dataproc-accounts.iam.gserviceaccount.com" project = "cal-itp-data-infra-staging" role = "roles/dataproc.serviceAgent" } -resource "google_project_iam_member" "tfer--roles-002F-dataproc-002E-workerserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com" { - member = "serviceAccount:bq-transform-svcacct@cal-itp-data-infra.iam.gserviceaccount.com" - project = "cal-itp-data-infra-staging" - role = "roles/dataproc.worker" -} - resource "google_project_iam_member" "tfer--roles-002F-editorserviceAccount-003A-473674835135-0040-cloudservices-002E-gserviceaccount-002E-com" { member = "serviceAccount:473674835135@cloudservices.gserviceaccount.com" project = "cal-itp-data-infra-staging" @@ -166,12 +136,6 @@ resource "google_project_iam_member" "tfer--roles-002F-editorserviceAccount-003A role = "roles/editor" } -resource "google_project_iam_member" "tfer--roles-002F-iam-002E-serviceAccountUserserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com" { - member = "serviceAccount:bq-transform-svcacct@cal-itp-data-infra.iam.gserviceaccount.com" - project = "cal-itp-data-infra-staging" - role = "roles/iam.serviceAccountUser" -} - resource "google_project_iam_member" "tfer--roles-002F-ownerserviceAccount-003A-amplitude-0040-cal-itp-data-infra-staging-002E-iam-002E-gserviceaccount-002E-com" { member = "serviceAccount:amplitude@cal-itp-data-infra-staging.iam.gserviceaccount.com" project = "cal-itp-data-infra-staging" @@ -196,12 +160,6 @@ resource "google_project_iam_member" "tfer--roles-002F-servicenetworking-002E-se role = "roles/servicenetworking.serviceAgent" } -resource "google_project_iam_member" "tfer--roles-002F-storage-002E-objectAdminserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com" { - member = "serviceAccount:bq-transform-svcacct@cal-itp-data-infra.iam.gserviceaccount.com" - project = "cal-itp-data-infra-staging" - role = "roles/storage.objectAdmin" -} - resource "google_project_iam_member" "tfer--roles-002F-storage-002E-objectAdminserviceAccount-003A-service-473674835135-0040-gcp-sa-cloudasset-002E-iam-002E-gserviceaccount-002E-com" { member = "serviceAccount:service-473674835135@gcp-sa-cloudasset.iam.gserviceaccount.com" project = "cal-itp-data-infra-staging" diff --git a/iac/cal-itp-data-infra/iam/us/outputs.tf b/iac/cal-itp-data-infra/iam/us/outputs.tf index bc2224dc4c..50393b1a97 100755 --- a/iac/cal-itp-data-infra/iam/us/outputs.tf +++ b/iac/cal-itp-data-infra/iam/us/outputs.tf @@ -58,14 +58,6 @@ output "google_project_iam_member_tfer--roles-002F-artifactregistry-002E-service value = google_project_iam_member.tfer--roles-002F-artifactregistry-002E-serviceAgentserviceAccount-003A-service-1005246706141-0040-gcp-sa-artifactregistry-002E-iam-002E-gserviceaccount-002E-com.id } -output "google_project_iam_member_tfer--roles-002F-bigquery-002E-adminserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com_id" { - value = google_project_iam_member.tfer--roles-002F-bigquery-002E-adminserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com.id -} - -output "google_project_iam_member_tfer--roles-002F-bigquery-002E-dataEditorserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com_id" { - value = google_project_iam_member.tfer--roles-002F-bigquery-002E-dataEditorserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com.id -} - output "google_project_iam_member_tfer--roles-002F-bigquery-002E-dataEditorserviceAccount-003A-composer2-service-account-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com_id" { value = google_project_iam_member.tfer--roles-002F-bigquery-002E-dataEditorserviceAccount-003A-composer2-service-account-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com.id } @@ -154,10 +146,6 @@ output "google_project_iam_member_tfer--roles-002F-bigquery-002E-userserviceAcco value = google_project_iam_member.tfer--roles-002F-bigquery-002E-userserviceAccount-003A-473674835135-compute-0040-developer-002E-gserviceaccount-002E-com.id } -output "google_project_iam_member_tfer--roles-002F-bigquery-002E-userserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com_id" { - value = google_project_iam_member.tfer--roles-002F-bigquery-002E-userserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com.id -} - output "google_project_iam_member_tfer--roles-002F-bigquery-002E-userserviceAccount-003A-calitp-py-ci-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com_id" { value = google_project_iam_member.tfer--roles-002F-bigquery-002E-userserviceAccount-003A-calitp-py-ci-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com.id } @@ -234,18 +222,10 @@ output "google_project_iam_member_tfer--roles-002F-containerregistry-002E-Servic value = google_project_iam_member.tfer--roles-002F-containerregistry-002E-ServiceAgentserviceAccount-003A-service-1005246706141-0040-containerregistry-002E-iam-002E-gserviceaccount-002E-com.id } -output "google_project_iam_member_tfer--roles-002F-dataproc-002E-editorserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com_id" { - value = google_project_iam_member.tfer--roles-002F-dataproc-002E-editorserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com.id -} - output "google_project_iam_member_tfer--roles-002F-dataproc-002E-serviceAgentserviceAccount-003A-service-1005246706141-0040-dataproc-accounts-002E-iam-002E-gserviceaccount-002E-com_id" { value = google_project_iam_member.tfer--roles-002F-dataproc-002E-serviceAgentserviceAccount-003A-service-1005246706141-0040-dataproc-accounts-002E-iam-002E-gserviceaccount-002E-com.id } -output "google_project_iam_member_tfer--roles-002F-dataproc-002E-workerserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com_id" { - value = google_project_iam_member.tfer--roles-002F-dataproc-002E-workerserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com.id -} - output "google_project_iam_member_tfer--roles-002F-editorserviceAccount-003A-1005246706141-0040-cloudservices-002E-gserviceaccount-002E-com_id" { value = google_project_iam_member.tfer--roles-002F-editorserviceAccount-003A-1005246706141-0040-cloudservices-002E-gserviceaccount-002E-com.id } @@ -266,10 +246,6 @@ output "google_project_iam_member_tfer--roles-002F-firestore-002E-serviceAgentse value = google_project_iam_member.tfer--roles-002F-firestore-002E-serviceAgentserviceAccount-003A-service-1005246706141-0040-gcp-sa-firestore-002E-iam-002E-gserviceaccount-002E-com.id } -output "google_project_iam_member_tfer--roles-002F-iam-002E-serviceAccountUserserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com_id" { - value = google_project_iam_member.tfer--roles-002F-iam-002E-serviceAccountUserserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com.id -} - output "google_project_iam_member_tfer--roles-002F-ownerserviceAccount-003A-cc-jarvus-airflow-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com_id" { value = google_project_iam_member.tfer--roles-002F-ownerserviceAccount-003A-cc-jarvus-airflow-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com.id } @@ -330,10 +306,6 @@ output "google_project_iam_member_tfer--roles-002F-storage-002E-objectAdminservi value = google_project_iam_member.tfer--roles-002F-storage-002E-objectAdminserviceAccount-003A-amplitude-export-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com.id } -output "google_project_iam_member_tfer--roles-002F-storage-002E-objectAdminserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com_id" { - value = google_project_iam_member.tfer--roles-002F-storage-002E-objectAdminserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com.id -} - output "google_project_iam_member_tfer--roles-002F-storage-002E-objectCreatorserviceAccount-003A-gtfs-rt-archiver-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com_id" { value = google_project_iam_member.tfer--roles-002F-storage-002E-objectCreatorserviceAccount-003A-gtfs-rt-archiver-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com.id } diff --git a/iac/cal-itp-data-infra/iam/us/project_iam_member.tf b/iac/cal-itp-data-infra/iam/us/project_iam_member.tf index 7f65ded411..5e30ebb29a 100755 --- a/iac/cal-itp-data-infra/iam/us/project_iam_member.tf +++ b/iac/cal-itp-data-infra/iam/us/project_iam_member.tf @@ -88,18 +88,6 @@ resource "google_project_iam_member" "tfer--roles-002F-artifactregistry-002E-ser role = "roles/artifactregistry.serviceAgent" } -resource "google_project_iam_member" "tfer--roles-002F-bigquery-002E-adminserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com" { - member = "serviceAccount:bq-transform-svcacct@cal-itp-data-infra.iam.gserviceaccount.com" - project = "cal-itp-data-infra" - role = "roles/bigquery.admin" -} - -resource "google_project_iam_member" "tfer--roles-002F-bigquery-002E-dataEditorserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com" { - member = "serviceAccount:bq-transform-svcacct@cal-itp-data-infra.iam.gserviceaccount.com" - project = "cal-itp-data-infra" - role = "roles/bigquery.dataEditor" -} - resource "google_project_iam_member" "tfer--roles-002F-bigquery-002E-dataEditorserviceAccount-003A-composer2-service-account-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com" { member = "serviceAccount:composer2-service-account@cal-itp-data-infra.iam.gserviceaccount.com" project = "cal-itp-data-infra" @@ -232,12 +220,6 @@ resource "google_project_iam_member" "tfer--roles-002F-bigquery-002E-userservice role = "roles/bigquery.user" } -resource "google_project_iam_member" "tfer--roles-002F-bigquery-002E-userserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com" { - member = "serviceAccount:bq-transform-svcacct@cal-itp-data-infra.iam.gserviceaccount.com" - project = "cal-itp-data-infra" - role = "roles/bigquery.user" -} - resource "google_project_iam_member" "tfer--roles-002F-bigquery-002E-userserviceAccount-003A-calitp-py-ci-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com" { member = "serviceAccount:calitp-py-ci@cal-itp-data-infra.iam.gserviceaccount.com" project = "cal-itp-data-infra" @@ -352,24 +334,12 @@ resource "google_project_iam_member" "tfer--roles-002F-containerregistry-002E-Se role = "roles/containerregistry.ServiceAgent" } -resource "google_project_iam_member" "tfer--roles-002F-dataproc-002E-editorserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com" { - member = "serviceAccount:bq-transform-svcacct@cal-itp-data-infra.iam.gserviceaccount.com" - project = "cal-itp-data-infra" - role = "roles/dataproc.editor" -} - resource "google_project_iam_member" "tfer--roles-002F-dataproc-002E-serviceAgentserviceAccount-003A-service-1005246706141-0040-dataproc-accounts-002E-iam-002E-gserviceaccount-002E-com" { member = "serviceAccount:service-1005246706141@dataproc-accounts.iam.gserviceaccount.com" project = "cal-itp-data-infra" role = "roles/dataproc.serviceAgent" } -resource "google_project_iam_member" "tfer--roles-002F-dataproc-002E-workerserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com" { - member = "serviceAccount:bq-transform-svcacct@cal-itp-data-infra.iam.gserviceaccount.com" - project = "cal-itp-data-infra" - role = "roles/dataproc.worker" -} - resource "google_project_iam_member" "tfer--roles-002F-editorserviceAccount-003A-1005246706141-0040-cloudservices-002E-gserviceaccount-002E-com" { member = "serviceAccount:1005246706141@cloudservices.gserviceaccount.com" project = "cal-itp-data-infra" @@ -400,12 +370,6 @@ resource "google_project_iam_member" "tfer--roles-002F-firestore-002E-serviceAge role = "roles/firestore.serviceAgent" } -resource "google_project_iam_member" "tfer--roles-002F-iam-002E-serviceAccountUserserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com" { - member = "serviceAccount:bq-transform-svcacct@cal-itp-data-infra.iam.gserviceaccount.com" - project = "cal-itp-data-infra" - role = "roles/iam.serviceAccountUser" -} - resource "google_project_iam_member" "tfer--roles-002F-ownerserviceAccount-003A-cc-jarvus-airflow-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com" { member = "serviceAccount:cc-jarvus-airflow@cal-itp-data-infra.iam.gserviceaccount.com" project = "cal-itp-data-infra" @@ -496,12 +460,6 @@ resource "google_project_iam_member" "tfer--roles-002F-storage-002E-objectAdmins role = "roles/storage.objectAdmin" } -resource "google_project_iam_member" "tfer--roles-002F-storage-002E-objectAdminserviceAccount-003A-bq-transform-svcacct-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com" { - member = "serviceAccount:bq-transform-svcacct@cal-itp-data-infra.iam.gserviceaccount.com" - project = "cal-itp-data-infra" - role = "roles/storage.objectAdmin" -} - resource "google_project_iam_member" "tfer--roles-002F-storage-002E-objectCreatorserviceAccount-003A-gtfs-rt-archiver-0040-cal-itp-data-infra-002E-iam-002E-gserviceaccount-002E-com" { member = "serviceAccount:gtfs-rt-archiver@cal-itp-data-infra.iam.gserviceaccount.com" project = "cal-itp-data-infra" diff --git a/iac/cal-itp-data-infra/iam/us/service_account.tf b/iac/cal-itp-data-infra/iam/us/service_account.tf index b0fe7977a8..c95cf5589d 100755 --- a/iac/cal-itp-data-infra/iam/us/service_account.tf +++ b/iac/cal-itp-data-infra/iam/us/service_account.tf @@ -180,14 +180,6 @@ resource "google_service_account" "tfer--113512472366715495471" { project = "cal-itp-data-infra" } -resource "google_service_account" "tfer--114731815246487683241" { - account_id = "bq-transform-svcacct" - description = "Grants Airflow pod operators access to GCS and bigquery" - disabled = "false" - display_name = "airflow-jobs-service-user" - project = "cal-itp-data-infra" -} - resource "google_service_account" "tfer--114755160399419974306" { account_id = "metabase-payments-team" description = "Service account for Payments Data Team to use via Metabase" diff --git a/warehouse/macros/create_row_access_policy.sql b/warehouse/macros/create_row_access_policy.sql index a30c49e377..e55f5ef677 100644 --- a/warehouse/macros/create_row_access_policy.sql +++ b/warehouse/macros/create_row_access_policy.sql @@ -96,7 +96,6 @@ filter using ( principals = [ 'serviceAccount:metabase@cal-itp-data-infra.iam.gserviceaccount.com', 'serviceAccount:metabase-payments-team@cal-itp-data-infra.iam.gserviceaccount.com', - 'serviceAccount:bq-transform-svcacct@cal-itp-data-infra.iam.gserviceaccount.com', 'serviceAccount:github-actions-services-accoun@cal-itp-data-infra.iam.gserviceaccount.com', 'serviceAccount:github-actions-service-account@cal-itp-data-infra.iam.gserviceaccount.com', 'serviceAccount:github-actions-service-account@cal-itp-data-infra-staging.iam.gserviceaccount.com', @@ -192,7 +191,6 @@ filter using ( principals = [ 'serviceAccount:metabase@cal-itp-data-infra.iam.gserviceaccount.com', 'serviceAccount:metabase-payments-team@cal-itp-data-infra.iam.gserviceaccount.com', - 'serviceAccount:bq-transform-svcacct@cal-itp-data-infra.iam.gserviceaccount.com', 'serviceAccount:github-actions-services-accoun@cal-itp-data-infra.iam.gserviceaccount.com', 'serviceAccount:github-actions-service-account@cal-itp-data-infra.iam.gserviceaccount.com', 'serviceAccount:github-actions-service-account@cal-itp-data-infra-staging.iam.gserviceaccount.com',