From b9804d895b7debed37e41592484fbcb1dd9bd2f6 Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Fri, 18 Feb 2022 14:39:33 +0100
Subject: [PATCH] re-add org policy admin role

---
 fast/stages/01-resman/organization.tf | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/fast/stages/01-resman/organization.tf b/fast/stages/01-resman/organization.tf
index e9659cff2..d49ec86ae 100644
--- a/fast/stages/01-resman/organization.tf
+++ b/fast/stages/01-resman/organization.tf
@@ -63,7 +63,11 @@ module "organization" {
       "roles/compute.xpnAdmin" = [
         module.branch-network-sa.iam_email
       ]
-      "roles/orgpolicy.policyAdmin" = local.branch_teams_pf_sa_iam_emails
+      # TODO: implement tag-based conditions on this org role
+      "roles/orgpolicy.policyAdmin" = concat(
+        local.branch_teams_pf_sa_iam_emails,
+        local.branch_dataplatform_sa_iam_emails,
+      )
     },
     local.billing_org ? {
       "roles/billing.costsManager" = local.branch_teams_pf_sa_iam_emails