Fix e2e examples with org- and folder-level sinks

foundations/business-units/main.tf

@@ -14,6 +14,18 @@
  * limitations under the License.
  */
 
+locals {
+  logging_sinks = {
+    audit-logs = {
+      type        = "bigquery"
+      destination = module.audit-dataset.id
+      filter      = var.audit_filter
+      iam         = true
+    }
+  }
+  root_node_type = split("/", var.root_node)[0]
+}
+
 ###############################################################################
 #                        Terraform top-level resources                        #
 ###############################################################################
@@ -99,8 +111,7 @@ module "audit-project" {
   prefix          = var.prefix
   billing_account = var.billing_account_id
   iam = {
-    "roles/bigquery.dataEditor" = [module.audit-log-sinks.writer_identities[0]]
+    "roles/viewer" = var.iam_audit_viewers
-    "roles/viewer"              = var.iam_audit_viewers
   }
   services = concat(var.project_services, [
     "bigquery.googleapis.com",
@@ -122,16 +133,22 @@ module "audit-dataset" {
   }
 }
 
-module "audit-log-sinks" {
+# uncomment the next two modules to create the logging sinks
-  source = "../../modules/logging-sinks"
+
-  parent = var.root_node
+# module "root_org" {
-  destinations = {
+#   count           = local.root_node_type == "organizations" ? 1 : 0
-    audit-logs = "bigquery.googleapis.com/${module.audit-dataset.id}"
+#   source          = "../../modules/organization"
-  }
+#   organization_id = var.root_node
-  sinks = {
+#   logging_sinks   = local.logging_sinks
-    audit-logs = var.audit_filter
+# }
-  }
+
-}
+# module "root_folder" {
+#   count         = local.root_node_type == "folders" ? 1 : 0
+#   source        = "../../modules/folder"
+#   id            = var.root_node
+#   folder_create = false
+#   logging_sinks = local.logging_sinks
+# }
 
 ###############################################################################
 #                    Shared resources (GCR, GCS, KMS, etc.)                   #

foundations/environments/main.tf

@@ -127,20 +127,22 @@ module "audit-dataset" {
   }
 }
 
-module "root_org" {
+# uncomment the next two modules to create the logging sinks
-  count           = local.root_node_type == "organizations" ? 1 : 0
-  source          = "../../modules/organization"
-  organization_id = var.root_node
-  logging_sinks   = local.logging_sinks
-}
 
-module "root_folder" {
+# module "root_org" {
-  count         = local.root_node_type == "folders" ? 1 : 0
+#   count           = local.root_node_type == "organizations" ? 1 : 0
-  source        = "../../modules/folder"
+#   source          = "../../modules/organization"
-  id            = var.root_node
+#   organization_id = var.root_node
-  folder_create = false
+#   logging_sinks   = local.logging_sinks
-  logging_sinks = local.logging_sinks
+# }
-}
+
+# module "root_folder" {
+#   count         = local.root_node_type == "folders" ? 1 : 0
+#   source        = "../../modules/folder"
+#   id            = var.root_node
+#   folder_create = false
+#   logging_sinks = local.logging_sinks
+# }
 
 
 ###############################################################################