From a32a308a4b518b5d3cf5304da88df82715830403 Mon Sep 17 00:00:00 2001
From: Noa Aviel Dove <nadove@ucsc.edu>
Date: Thu, 11 Jul 2024 18:15:04 -0700
Subject: [PATCH] fixup! Parquet to BigQuery import for GCP-backed AnVIL
 snapshots (#6355)

---
 scripts/post_deploy_tdr.py                   | 4 ++--
 src/azul/terra.py                            | 2 +-
 terraform/authentication.tf.json.template.py | 3 +++
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/scripts/post_deploy_tdr.py b/scripts/post_deploy_tdr.py
index f1fd34abdf..2923f8a068 100644
--- a/scripts/post_deploy_tdr.py
+++ b/scripts/post_deploy_tdr.py
@@ -93,9 +93,9 @@ def verify_source(self,
                       ) -> None:
         source = self.tdr.lookup_source(source_spec)
         log.info('TDR client is authorized for API access to %s.', source_spec)
-        require(source.project == source_spec.project,
+        require(source_spec.project in (source.project, config.google_project()),
                 'Actual Google project of TDR source differs from configured one',
-                source.project, source_spec.project)
+                source.project, source_spec.project, config.google_project())
         # Uppercase is standard for multi-regions in the documentation but TDR
         # returns 'us' in lowercase
         require(source.location.lower() == config.tdr_source_location.lower(),
diff --git a/src/azul/terra.py b/src/azul/terra.py
index 6eb5fa75d4..44e827f7f5 100644
--- a/src/azul/terra.py
+++ b/src/azul/terra.py
@@ -270,7 +270,7 @@ def oauth2_scopes(self) -> Sequence[str]:
         return [
             *super().oauth2_scopes(),
             'https://www.googleapis.com/auth/devstorage.read_only',
-            'https://www.googleapis.com/auth/bigquery.readonly'
+            'https://www.googleapis.com/auth/bigquery'
         ]
 
 
diff --git a/terraform/authentication.tf.json.template.py b/terraform/authentication.tf.json.template.py
index 782c1581b9..07f29b3c3e 100644
--- a/terraform/authentication.tf.json.template.py
+++ b/terraform/authentication.tf.json.template.py
@@ -60,6 +60,9 @@
                             "title": f"azul_{config.deployment_stage}",
                             "permissions": [
                                 "bigquery.jobs.create",
+                                "bigquery.datasets.create",
+                                "bigquery.tables.create",
+                                "bigquery.tables.updateData",
                                 *[
                                     f'bigquery.{resource}.{action}'
                                     for resource in ('capacityCommitments', 'reservations')