First commit.

TODO:
 - fix error on destroy
 - improve robot service account handling

modules/project/service_accounts.tf

@@ -17,6 +17,8 @@
 locals {
   service_account_cloud_services = "${google_project.project.number}@cloudservices.gserviceaccount.com"
   service_accounts_default = {
+    # TODO: Find a better place to store BQ service account
+    bq      = "bq-${google_project.project.number}@bigquery-encryption.iam.gserviceaccount.com"
     compute = "${google_project.project.number}-compute@developer.gserviceaccount.com"
     gae     = "${google_project.project.project_id}@appspot.gserviceaccount.com"
   }
@@ -26,6 +28,7 @@ locals {
     compute           = "compute-system"
     container-engine  = "container-engine-robot"
     containerregistry = "containerregistry"
+    dataflow          = "dataflow-service-producer-prod"
     dataproc          = "dataproc-accounts"
     gae-flex          = "gae-api-prod"
     gcf               = "gcf-admin-robot"