Remove data platform IAM grants from datasets

fast/stages/0-org-setup/datasets/classic-gcd/folders/networking/.config.yaml

@@ -33,22 +33,6 @@ iam_by_principals:
     - roles/compute.viewer
     - $custom_roles:project_iam_viewer
 iam_bindings:
-  dp_dev_rw:
-    members:
-      - $iam_principals:service_accounts/iac-0/iac-dp-dev-rw
-    role: $custom_roles:service_project_network_admin
-    condition:
-      expression: |
-        resource.matchTag('${organization.id}/environment', 'development')
-      title: Data platform dev service project admin.
-  dp_dev_ro:
-    role: roles/compute.networkViewer
-    members:
-      - $iam_principals:service_accounts/iac-0/iac-dp-dev-ro
-    condition:
-      title: Data platform dev network viewer.
-      expression: |
-        resource.matchTag('${organization.id}/environment', 'development')
   project_factory:
     role: roles/resourcemanager.projectIamAdmin
     members:

fast/stages/0-org-setup/datasets/classic-gcd/folders/networking/dev/.config.yaml

@@ -15,19 +15,5 @@
 # yaml-language-server: $schema=../../../../../schemas/folder.schema.json
 
 name: Development
-iam:
-  $custom_roles:project_iam_viewer:
-    - $iam_principals:service_accounts/iac-0/iac-dp-dev-ro
-iam_bindings:
-  dp_dev:
-    role: roles/resourcemanager.projectIamAdmin
-    members:
-      - $iam_principals:service_accounts/iac-0/iac-dp-dev-rw
-    condition:
-      title: Data platform dev delegated IAM grant.
-      expression: |
-        api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly([
-          '${custom_roles.service_project_network_admin}'
-        ])
 tag_bindings:
   environment: $tag_values:environment/development

fast/stages/0-org-setup/datasets/classic/folders/networking/.config.yaml

@@ -33,22 +33,6 @@ iam_by_principals:
     - roles/compute.viewer
     - $custom_roles:project_iam_viewer
 iam_bindings:
-  dp_dev_rw:
-    members:
-      - $iam_principals:service_accounts/iac-0/iac-dp-dev-rw
-    role: $custom_roles:service_project_network_admin
-    condition:
-      expression: |
-        resource.matchTag('${organization.id}/environment', 'development')
-      title: Data platform dev service project admin.
-  dp_dev_ro:
-    role: roles/compute.networkViewer
-    members:
-      - $iam_principals:service_accounts/iac-0/iac-dp-dev-ro
-    condition:
-      title: Data platform dev network viewer.
-      expression: |
-        resource.matchTag('${organization.id}/environment', 'development')
   project_factory:
     role: roles/resourcemanager.projectIamAdmin
     members:

fast/stages/0-org-setup/datasets/classic/folders/networking/dev/.config.yaml

@@ -15,19 +15,5 @@
 # yaml-language-server: $schema=../../../../../schemas/folder.schema.json
 
 name: Development
-iam:
-  $custom_roles:project_iam_viewer:
-    - $iam_principals:service_accounts/iac-0/iac-dp-dev-ro
-iam_bindings:
-  dp_dev:
-    role: roles/resourcemanager.projectIamAdmin
-    members:
-      - $iam_principals:service_accounts/iac-0/iac-dp-dev-rw
-    condition:
-      title: Data platform dev delegated IAM grant.
-      expression: |
-        api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly([
-          '${custom_roles.service_project_network_admin}'
-        ])
 tag_bindings:
   environment: $tag_values:environment/development

fast/stages/0-org-setup/datasets/hardened/folders/networking/.config.yaml

@@ -44,22 +44,6 @@ iam_by_principals:
     - roles/compute.viewer
     - $custom_roles:project_iam_viewer
 iam_bindings:
-  dp_dev_rw:
-    members:
-      - $iam_principals:service_accounts/iac-0/iac-dp-dev-rw
-    role: $custom_roles:service_project_network_admin
-    condition:
-      expression: |
-        resource.matchTag('${organization.id}/environment', 'development')
-      title: Data platform dev service project admin.
-  dp_dev_ro:
-    role: roles/compute.networkViewer
-    members:
-      - $iam_principals:service_accounts/iac-0/iac-dp-dev-ro
-    condition:
-      title: Data platform dev network viewer.
-      expression: |
-        resource.matchTag('${organization.id}/environment', 'development')
   project_factory:
     role: roles/resourcemanager.projectIamAdmin
     members:

fast/stages/0-org-setup/datasets/hardened/folders/networking/dev/.config.yaml

@@ -15,19 +15,5 @@
 # yaml-language-server: $schema=../../../../../schemas/folder.schema.json
 
 name: Development
-iam:
-  $custom_roles:project_iam_viewer:
-    - $iam_principals:service_accounts/iac-0/iac-dp-dev-ro
-iam_bindings:
-  dp_dev:
-    role: roles/resourcemanager.projectIamAdmin
-    members:
-      - $iam_principals:service_accounts/iac-0/iac-dp-dev-rw
-    condition:
-      title: Data platform dev delegated IAM grant.
-      expression: |
-        api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly([
-          '${custom_roles.service_project_network_admin}'
-        ])
 tag_bindings:
   environment: $tag_values:environment/development

fast/stages/0-org-setup/datasets/hardened/folders/security/dev/.config.yaml

@@ -19,7 +19,5 @@ parent: $folder_ids:security
 tag_bindings:
   environment: $tag_values:environment/development
 iam_by_principals:
-  $iam_principals:service_accounts/iac-0/iac-dp-dev-ro:
-    - $custom_roles:cloudkms_viewer
   $iam_principals:service_accounts/iac-0/iac-pf-ro:
     - $custom_roles:cloudkms_viewer