From 52b0e4311239a3ebf62ce16f1aa1206256c931f3 Mon Sep 17 00:00:00 2001
From: Lorenzo Caggioni <lorenzo.caggioni@gmail.com>
Date: Fri, 14 Jan 2022 09:32:15 +0100
Subject: [PATCH] Fix variables

---
 data-solutions/gcs-to-bq-with-least-privileges/main.tf |  9 +++++++--
 .../gcs-to-bq-with-least-privileges/variables.tf       | 10 ++++++++--
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/data-solutions/gcs-to-bq-with-least-privileges/main.tf b/data-solutions/gcs-to-bq-with-least-privileges/main.tf
index b8b6b133..168cd7c0 100644
--- a/data-solutions/gcs-to-bq-with-least-privileges/main.tf
+++ b/data-solutions/gcs-to-bq-with-least-privileges/main.tf
@@ -33,6 +33,7 @@ module "project-service" {
   name            = var.project_name
   parent          = var.root_node
   billing_account = var.billing_account
+  project_create  = var.project_create
   services = [
     "compute.googleapis.com",
     "servicenetworking.googleapis.com",
@@ -83,6 +84,12 @@ module "project-service" {
     "roles/iam.serviceAccountUser" = [
       module.service-account-orch.iam_email,
     ]
+    "roles/iam.serviceAccountTokenCreator" = concat(
+      local.data_eng_users_iam,
+    )
+    "roles/viewer" = concat(
+      local.data_eng_users_iam,
+    )
     #Dataflow roles
     "roles/dataflow.admin" = [
       module.service-account-orch.iam_email,
@@ -90,11 +97,9 @@ module "project-service" {
   }
   group_iam = {
     "roles/iam.serviceAccountTokenCreator" = concat(
-      local.data_eng_users_iam,
       local.data_eng_groups_iam
     )
     "roles/viewer" = concat(
-      local.data_eng_users_iam,
       local.data_eng_groups_iam
     )
   }
diff --git a/data-solutions/gcs-to-bq-with-least-privileges/variables.tf b/data-solutions/gcs-to-bq-with-least-privileges/variables.tf
index fc3c2544..d62a4bdf 100644
--- a/data-solutions/gcs-to-bq-with-least-privileges/variables.tf
+++ b/data-solutions/gcs-to-bq-with-least-privileges/variables.tf
@@ -19,13 +19,13 @@ variable "billing_account" {
 }
 
 variable "data_eng_groups" {
-  description = "Groups with Service Account Tocken creator role on service accounts in the form 'USER/GROUP_EMAIL'."
+  description = "Groups with Service Account Tocken creator role on service accounts in the form 'GROUP_EMAIL@DOMAIN.COM'."
   type        = list(string)
   default     = []
 }
 
 variable "data_eng_users" {
-  description = "Users with Service Account Tocken creator role on service accounts in the form 'USER/GROUP_EMAIL'."
+  description = "Users with Service Account Tocken creator role on service accounts in the form 'USER_EMAIL@DOMAIN.COM'. User level role is intended for the porpuse of the test, prefer group role based on real life use cases."
   type        = list(string)
   default     = []
 }
@@ -36,6 +36,12 @@ variable "location" {
   default     = "europe"
 }
 
+variable "project_create" {
+  description = "Set to true to create projects, will use existing ones by default."
+  type        = bool
+  default     = false
+}
+
 variable "project_name" {
   description = "Name for the new Service Project."
   type        = string