From f7ef1271492b66b725708446e1c8041b04aa5c74 Mon Sep 17 00:00:00 2001
From: lcaggio <lorenzo.caggioni@gmail.com>
Date: Wed, 28 Sep 2022 15:14:36 +0200
Subject: [PATCH 1/5] first commit.

---
 .../data-platform-foundations/07-exposure.tf  | 49 +++++++++++++++++++
 1 file changed, 49 insertions(+)

diff --git a/blueprints/data-solutions/data-platform-foundations/07-exposure.tf b/blueprints/data-solutions/data-platform-foundations/07-exposure.tf
index 030be0b8..8110159d 100644
--- a/blueprints/data-solutions/data-platform-foundations/07-exposure.tf
+++ b/blueprints/data-solutions/data-platform-foundations/07-exposure.tf
@@ -14,10 +14,59 @@
 
 # tfdoc:file:description common project.
 
+locals {
+  exp_group_iam = {
+    (local.groups.data-engineers) = [
+      "roles/bigquery.admin",
+      "roles/storage.admin",
+    ],
+    (local.groups.data-analysts) = [
+      "analyticshub.googleapis.com",
+      "roles/bigquery.dataViewer",
+      "roles/bigquery.jobUser",
+      "roles/bigquery.metadataViewer",
+      "roles/bigquery.user",
+      "roles/datacatalog.viewer",
+      "roles/datacatalog.tagTemplateViewer",
+      "roles/storage.objectViewer",
+    ]
+  }
+  exp_iam = {
+    "roles/bigquery.dataOwner" = [
+      module.transf-sa-df-0.iam_email,
+      module.transf-sa-bq-0.iam_email,
+    ]
+    "roles/bigquery.jobUser" = [
+      module.transf-sa-bq-0.iam_email,
+    ]
+    "roles/datacatalog.categoryAdmin" = [
+      module.load-sa-df-0.iam_email
+    ]
+    "roles/storage.objectCreator" = [
+      module.transf-sa-df-0.iam_email,
+    ]
+    "roles/storage.objectViewer" = [
+      module.transf-sa-df-0.iam_email,
+    ]
+  }
+  exp_services = concat(var.project_services, [
+    "bigquery.googleapis.com",
+    "bigqueryreservation.googleapis.com",
+    "bigquerystorage.googleapis.com",
+    "cloudkms.googleapis.com",
+    "pubsub.googleapis.com",
+    "storage.googleapis.com",
+    "storage-component.googleapis.com"
+  ])
+}
+
 module "exp-project" {
   source          = "../../../modules/project"
   parent          = var.folder_id
   billing_account = var.billing_account_id
   prefix          = var.prefix
   name            = "exp${local.project_suffix}"
+  group_iam       = local.exp_group_iam
+  iam             = local.exp_iam
+  services        = local.exp_services
 }

From ce148d68f40c61fc061b06cf5ed078595e017344 Mon Sep 17 00:00:00 2001
From: lcaggio <lorenzo.caggioni@gmail.com>
Date: Thu, 13 Oct 2022 06:36:20 +0200
Subject: [PATCH 2/5] Update roles

---
 .../data-solutions/data-platform-foundations/07-exposure.tf  | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/blueprints/data-solutions/data-platform-foundations/07-exposure.tf b/blueprints/data-solutions/data-platform-foundations/07-exposure.tf
index 8110159d..1149edae 100644
--- a/blueprints/data-solutions/data-platform-foundations/07-exposure.tf
+++ b/blueprints/data-solutions/data-platform-foundations/07-exposure.tf
@@ -19,9 +19,12 @@ locals {
     (local.groups.data-engineers) = [
       "roles/bigquery.admin",
       "roles/storage.admin",
+      "roles/analyticshub.admin",
+      "roles/analyticshub.publisher",
+      "roles/analyticshub.listingAdmin"
     ],
     (local.groups.data-analysts) = [
-      "analyticshub.googleapis.com",
+      "roles/analyticshub.viewer",
       "roles/bigquery.dataViewer",
       "roles/bigquery.jobUser",
       "roles/bigquery.metadataViewer",

From 529dde5a46562d2e35c9894915445540a3dfb906 Mon Sep 17 00:00:00 2001
From: lcaggio <lorenzo.caggioni@gmail.com>
Date: Mon, 24 Oct 2022 22:59:35 +0200
Subject: [PATCH 3/5] Fix CloudSQL blueprint

---
 blueprints/data-solutions/cloudsql-multiregion/outputs.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/blueprints/data-solutions/cloudsql-multiregion/outputs.tf b/blueprints/data-solutions/cloudsql-multiregion/outputs.tf
index 6d6d5178..69840195 100644
--- a/blueprints/data-solutions/cloudsql-multiregion/outputs.tf
+++ b/blueprints/data-solutions/cloudsql-multiregion/outputs.tf
@@ -38,8 +38,8 @@ output "demo_commands" {
   description = "Demo commands."
   value = {
     "01_ssh"             = "gcloud compute ssh ${module.test-vm.instance.name} --project ${module.project.name} --zone ${var.regions.primary}-b"
-    "02_cloud_sql_proxy" = "cloud_sql_proxy -instances=${module.db.connection_name}=tcp:5432 &"
-    "03_psql"            = "psql 'host=127.0.0.1 port=5432 sslmode=disable dbname=${var.postgres_database} user=postgres'"
+    "02_cloud_sql_proxy" = "cloud_sql_proxy -enable_iam_login -instances=${module.db.connection_name}=tcp:5432 &"
+    "03_psql"            = "psql 'host=127.0.0.1 port=5432 sslmode=disable dbname=${var.postgres_database} user=postgres password=PASSWORD'"
   }
 }
 

From 9c985fbbb53ff30ae3be7cbcd4fefe8130d2132b Mon Sep 17 00:00:00 2001
From: lcaggio <lorenzo.caggioni@gmail.com>
Date: Mon, 24 Oct 2022 22:59:53 +0200
Subject: [PATCH 4/5] Fix regexp

---
 blueprints/data-solutions/cloudsql-multiregion/cloudsql.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/blueprints/data-solutions/cloudsql-multiregion/cloudsql.tf b/blueprints/data-solutions/cloudsql-multiregion/cloudsql.tf
index b33dc980..796cc1b6 100644
--- a/blueprints/data-solutions/cloudsql-multiregion/cloudsql.tf
+++ b/blueprints/data-solutions/cloudsql-multiregion/cloudsql.tf
@@ -50,7 +50,7 @@ resource "google_sql_user" "service-account" {
   for_each = toset(var.data_eng_principals)
   project  = module.project.project_id
   # Omit the .gserviceaccount.com suffix in the email
-  name     = regex("(.+)(gserviceaccount)", module.service-account-sql.email)[0]
+  name     = regex("(.+)(.gserviceaccount)", module.service-account-sql.email)[0]
   instance = module.db.name
   type     = "CLOUD_IAM_SERVICE_ACCOUNT"
 }

From f9795a38d00075736d9d609c9950a589f500c333 Mon Sep 17 00:00:00 2001
From: lcaggio <lorenzo.caggioni@gmail.com>
Date: Tue, 25 Oct 2022 06:25:36 +0200
Subject: [PATCH 5/5] Fix DataPlatform file wrongly submitted.

---
 .../data-platform-foundations/07-exposure.tf  | 52 -------------------
 1 file changed, 52 deletions(-)

diff --git a/blueprints/data-solutions/data-platform-foundations/07-exposure.tf b/blueprints/data-solutions/data-platform-foundations/07-exposure.tf
index 1149edae..030be0b8 100644
--- a/blueprints/data-solutions/data-platform-foundations/07-exposure.tf
+++ b/blueprints/data-solutions/data-platform-foundations/07-exposure.tf
@@ -14,62 +14,10 @@
 
 # tfdoc:file:description common project.
 
-locals {
-  exp_group_iam = {
-    (local.groups.data-engineers) = [
-      "roles/bigquery.admin",
-      "roles/storage.admin",
-      "roles/analyticshub.admin",
-      "roles/analyticshub.publisher",
-      "roles/analyticshub.listingAdmin"
-    ],
-    (local.groups.data-analysts) = [
-      "roles/analyticshub.viewer",
-      "roles/bigquery.dataViewer",
-      "roles/bigquery.jobUser",
-      "roles/bigquery.metadataViewer",
-      "roles/bigquery.user",
-      "roles/datacatalog.viewer",
-      "roles/datacatalog.tagTemplateViewer",
-      "roles/storage.objectViewer",
-    ]
-  }
-  exp_iam = {
-    "roles/bigquery.dataOwner" = [
-      module.transf-sa-df-0.iam_email,
-      module.transf-sa-bq-0.iam_email,
-    ]
-    "roles/bigquery.jobUser" = [
-      module.transf-sa-bq-0.iam_email,
-    ]
-    "roles/datacatalog.categoryAdmin" = [
-      module.load-sa-df-0.iam_email
-    ]
-    "roles/storage.objectCreator" = [
-      module.transf-sa-df-0.iam_email,
-    ]
-    "roles/storage.objectViewer" = [
-      module.transf-sa-df-0.iam_email,
-    ]
-  }
-  exp_services = concat(var.project_services, [
-    "bigquery.googleapis.com",
-    "bigqueryreservation.googleapis.com",
-    "bigquerystorage.googleapis.com",
-    "cloudkms.googleapis.com",
-    "pubsub.googleapis.com",
-    "storage.googleapis.com",
-    "storage-component.googleapis.com"
-  ])
-}
-
 module "exp-project" {
   source          = "../../../modules/project"
   parent          = var.folder_id
   billing_account = var.billing_account_id
   prefix          = var.prefix
   name            = "exp${local.project_suffix}"
-  group_iam       = local.exp_group_iam
-  iam             = local.exp_iam
-  services        = local.exp_services
 }