Day split between infrastructure lookups and a deep GCP cross-project data access investigation. Located ArgoCD configs and traced how hugofun-prod data flows into BI/analytics projects.
Status: ✅ Root cause identified (Dataset-Level ACLs)
Issue: Data from hugofun-prod flowing into n1co-bi-beta, n1-analytics, and n1-data-development via Dataform pipelines
Key Findings:
- Primary service account:
service-782469272895@gcp-sa-dataform.iam.gserviceaccount.com(Google-managed Dataform SA from n1co-bi-beta) - Root cause: Dataset-level ACLs (not project/org IAM) granting READER access on:
hugofun-prod:reporteriahugofun-prod:orders_collection
- Pipeline: Dataform repo
h4b-dev/n1-dwh-dataform-core→ fun_raw schema → n1-analytics (silver/gold) - WIF setup: GitHub Actions via
github-dataform-ci-cdpool in n1-analytics
Other SAs in hugofun-prod:
bigqueryclient@hugofun-prod— active, for cross-project BigQuery accessbigquery-reader@hugofun-prod— daily 07:15 UTC scheduled queries for Excel reportsgus-datagrip@hugofun-prod—⚠️ 3 user keys (potential key sprawl)
Recommendations:
- Audit gus-datagrip keys (3 keys suggests sprawl)
- Review DataGrip access for mariana-datagrip, gus-datagrip, datagrip-isaac
- Document bigquery-reader purpose (currently no description)
- Consider stricter WIF condition (specific repos, not just h4b-dev org)
- Found ArgoCD repository:
~/Projects/n1co/n1-argocd-gitops - Located "payments v3" URLs in merchant dev config:
- API:
https://api-payments-v3.core.n1co.dev - Identity:
https://id-payments.core.n1co.dev - Wallets/Ledger:
https://api-payments-ledger.core.n1co.dev
- API:
Attendees: Sergio, Douglas, Chris, Hector, Oscar, Andres, Rodrigo
New Data Architecture (MotherDuck)
- Transactional data → Debezium CDC → Kafka (Red Panda) → Materialize → MotherDuck
- dbt for transformation (medallion: sources → staging → marts)
- Materialize exposes materialized views via PostgreSQL connection
Key Challenges
- Dataform orchestration replacement — complex dependency chains (Airflow suggested)
- Non-core sources — Google Drive, CleverTap, Notion, Sheets, N8N need integration
- User data editing — Appsheet/Apex frontends need alternative for MotherDuck
- Looker migration — moving to Metabase (open source, cheaper than Tableau)
Decisions
- All data flows through Materialize (Gus's vision)
- Parallel operation ~1 month for validation
- Font Capital data needs special handling (ask Gus)
- Policy tags for sensitive data to be replicated in MotherDuck
Action Items
- Chris: Investigate dbt workflow patterns for Dataform-style updates
- Chris + Douglas: Analyze data sources inventory with Sergio
- Chris: Check with Gus on Font Capital integration
- Chris: Explore AppSheet alternatives for user data editing
- Andres: Send dashboard inventory + data formal structure
- Rodrigo: Confirm cashback/ruleta apps future (stay or migrate)
Attendees: Alexandra, Douglas, Rodrigo
Topics:
- Support for Jesús — additional help confirmed
- Administrative & system controls — payment management, tutorials, hardware controls
- Internal documentation review — "transfer central" operation from last year
- Previous records — "Cuardo record, Alaska" and last year's release
- Morning brief ran via cron but returned NO_REPLY (WHOOP sleep not scored yet at 11:40 AM GT)
- Disk space: 81% — OK
- No urgent PRs or CI failures flagged
- Timezone reminder: America/Guatemala (UTC-6)
- (To be filled)