From 04f054478daa5d4edba25679b22e4d15494eac24 Mon Sep 17 00:00:00 2001
From: Lorenzo Caggioni <lorenzo.caggioni@gmail.com>
Date: Fri, 18 Feb 2022 00:34:51 +0100
Subject: [PATCH] Fix poliscy admin role

---
 fast/stages/01-resman/organization.tf                        | 5 ++++-
 .../02-networking-vpn/data/firewall-rules/dev/rules.yaml     | 3 +--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/fast/stages/01-resman/organization.tf b/fast/stages/01-resman/organization.tf
index e9659cff..7cf8afa4 100644
--- a/fast/stages/01-resman/organization.tf
+++ b/fast/stages/01-resman/organization.tf
@@ -63,7 +63,10 @@ module "organization" {
       "roles/compute.xpnAdmin" = [
         module.branch-network-sa.iam_email
       ]
-      "roles/orgpolicy.policyAdmin" = local.branch_teams_pf_sa_iam_emails
+      "roles/orgpolicy.policyAdmin" = concat(
+        local.branch_dataplatform_sa_iam_emails,
+        local.branch_teams_pf_sa_iam_emails
+      )
     },
     local.billing_org ? {
       "roles/billing.costsManager" = local.branch_teams_pf_sa_iam_emails
diff --git a/fast/stages/02-networking-vpn/data/firewall-rules/dev/rules.yaml b/fast/stages/02-networking-vpn/data/firewall-rules/dev/rules.yaml
index 8f911cef..d0863d4c 100644
--- a/fast/stages/02-networking-vpn/data/firewall-rules/dev/rules.yaml
+++ b/fast/stages/02-networking-vpn/data/firewall-rules/dev/rules.yaml
@@ -6,8 +6,7 @@ allow-dataflow-load-ingress-traffic:
   action: allow
   sources: []
   ranges:
-    - 10.10.0.0/24
-    - 10.10.1.0/24
+    - 10.128.48.0/24
   targets: []
   use_service_accounts: false
   rules: