Fix e2e examples with org- and folder-level sinks

2020-12-05 22:30:04 +01:00
parent d4201c740d
commit b2af6fdd33
2 changed files with 44 additions and 25 deletions
--- a/foundations/business-units/main.tf
+++ b/foundations/business-units/main.tf
@@ -14,6 +14,18 @@
 * limitations under the License.
 */

+locals {
+  logging_sinks = {
+    audit-logs = {
+      type        = "bigquery"
+      destination = module.audit-dataset.id
+      filter      = var.audit_filter
+      iam         = true
+    }
+  }
+  root_node_type = split("/", var.root_node)[0]
+}
+
 ###############################################################################
 #                        Terraform top-level resources                        #
 ###############################################################################
@@ -99,8 +111,7 @@ module "audit-project" {
  prefix          = var.prefix
  billing_account = var.billing_account_id
  iam = {
-    "roles/bigquery.dataEditor" = [module.audit-log-sinks.writer_identities[0]]
-    "roles/viewer"              = var.iam_audit_viewers
+    "roles/viewer" = var.iam_audit_viewers
  }
  services = concat(var.project_services, [
    "bigquery.googleapis.com",
@@ -122,16 +133,22 @@ module "audit-dataset" {
  }
 }

-module "audit-log-sinks" {
-  source = "../../modules/logging-sinks"
-  parent = var.root_node
-  destinations = {
-    audit-logs = "bigquery.googleapis.com/${module.audit-dataset.id}"
-  }
-  sinks = {
-    audit-logs = var.audit_filter
-  }
-}
+# uncomment the next two modules to create the logging sinks
+
+# module "root_org" {
+#   count           = local.root_node_type == "organizations" ? 1 : 0
+#   source          = "../../modules/organization"
+#   organization_id = var.root_node
+#   logging_sinks   = local.logging_sinks
+# }
+
+# module "root_folder" {
+#   count         = local.root_node_type == "folders" ? 1 : 0
+#   source        = "../../modules/folder"
+#   id            = var.root_node
+#   folder_create = false
+#   logging_sinks = local.logging_sinks
+# }

 ###############################################################################
 #                    Shared resources (GCR, GCS, KMS, etc.)                   #
--- a/foundations/environments/main.tf
+++ b/foundations/environments/main.tf
@@ -127,20 +127,22 @@ module "audit-dataset" {
  }
 }

-module "root_org" {
-  count           = local.root_node_type == "organizations" ? 1 : 0
-  source          = "../../modules/organization"
-  organization_id = var.root_node
-  logging_sinks   = local.logging_sinks
-}
+# uncomment the next two modules to create the logging sinks

-module "root_folder" {
-  count         = local.root_node_type == "folders" ? 1 : 0
-  source        = "../../modules/folder"
-  id            = var.root_node
-  folder_create = false
-  logging_sinks = local.logging_sinks
-}
+# module "root_org" {
+#   count           = local.root_node_type == "organizations" ? 1 : 0
+#   source          = "../../modules/organization"
+#   organization_id = var.root_node
+#   logging_sinks   = local.logging_sinks
+# }
+
+# module "root_folder" {
+#   count         = local.root_node_type == "folders" ? 1 : 0
+#   source        = "../../modules/folder"
+#   id            = var.root_node
+#   folder_create = false
+#   logging_sinks = local.logging_sinks
+# }


 ###############################################################################