diff --git a/modules/agent-engine/README.md b/modules/agent-engine/README.md
index c3940ef44..f7de8590e 100644
--- a/modules/agent-engine/README.md
+++ b/modules/agent-engine/README.md
@@ -18,7 +18,7 @@ The module creates Agent Engine and related dependencies.
- [Minimal deployment](#minimal-deployment)
- [Serialized Object Deployment](#serialized-object-deployment)
- [Unmanaged deployments](#unmanaged-deployments)
-- [Service accounts](#service-accounts)
+- [Identities](#identities)
- [Private networking: setup PSC-I](#private-networking-setup-psc-i)
- [Specify an encryption key](#specify-an-encryption-key)
- [Define environment variables and use secrets](#define-environment-variables-and-use-secrets)
@@ -72,6 +72,7 @@ module "agent_engine" {
deployment_config = {
source_files_config = {
source_path = "assets/src/source.tar.gz"
+ python_spec = null
image_spec = {
build_args = {
"ENV" = "production"
@@ -159,9 +160,11 @@ module "agent_engine" {
# tftest inventory=unmanaged.yaml
```
-## Service accounts
+## Identities
-You can choose to use a custom service account or let the module create one for you.
+By default, the module creates agents with unique **agent identities**.
+
+If you want, you can choose instead to use a custom service account, by changing the `identity_type` to `SERVICE_ACCOUNT`.
```hcl
module "agent_engine" {
@@ -172,6 +175,7 @@ module "agent_engine" {
agent_engine_config = {
agent_framework = "google-adk"
+ identity_type = "SERVICE_ACCOUNT"
}
deployment_config = {
@@ -180,7 +184,7 @@ module "agent_engine" {
}
}
}
-# tftest inventory=sa-default.yaml
+# tftest inventory=sa-create.yaml
```
Using a custom service account.
@@ -194,6 +198,7 @@ module "agent_engine" {
agent_engine_config = {
agent_framework = "google-adk"
+ identity_type = "SERVICE_ACCOUNT"
}
deployment_config = {
@@ -207,7 +212,7 @@ module "agent_engine" {
email = "my-agent@project-id.iam.gserviceaccount.com"
}
}
-# tftest inventory=sa-custom.yaml
+# tftest inventory=sa-external.yaml
```
## Private networking: setup PSC-I
@@ -355,6 +360,7 @@ module "agent_engine" {
}
}
}
+#tftest inventory=memory-bank.yaml
```
## Getting values from context
@@ -449,9 +455,9 @@ module "agent_engine" {
| [project_id](variables.tf#L197) | The id of the project where to deploy the agent. | string | ✓ | |
| [region](variables.tf#L203) | The region where to deploy the agent. | string | ✓ | |
| [agent_engine_config](variables.tf#L17) | The agent configuration. Supported values for agent_framework: 'google-adk', 'langchain', 'langgraph', 'ag2', 'llama-index', 'custom'. | object({…}) | | {} |
-| [bucket_config](variables.tf#L41) | The GCS bucket configuration. | object({…}) | | {} |
-| [context](variables.tf#L52) | Context-specific interpolations. | object({…}) | | {} |
-| [deployment_config](variables.tf#L68) | The deployment configuration. | object({…}) | | {} |
+| [bucket_config](variables.tf#L50) | The GCS bucket configuration. | object({…}) | | {} |
+| [context](variables.tf#L61) | Context-specific interpolations. | object({…}) | | {} |
+| [deployment_config](variables.tf#L77) | The deployment configuration. | object({…}) | | {} |
| [description](variables.tf#L128) | The Agent Engine description. | string | | "Terraform managed." |
| [enable_deletion_protection](variables.tf#L135) | Whether deletion protection should be enabled. | bool | | true |
| [encryption_key](variables.tf#L142) | The full resource name of the Cloud KMS CryptoKey. | string | | null |
@@ -466,5 +472,5 @@ module "agent_engine" {
|---|---|:---:|
| [agent](outputs.tf#L17) | The Agent Engine object. | |
| [id](outputs.tf#L22) | Fully qualified Agent Engine id. | |
-| [service_account](outputs.tf#L27) | Service account resource. | |
+| [identity](outputs.tf#L27) | The agent identity. | |
diff --git a/modules/agent-engine/agent-managed.tf b/modules/agent-engine/agent-managed.tf
index 8e2f81ed8..c43f6b257 100644
--- a/modules/agent-engine/agent-managed.tf
+++ b/modules/agent-engine/agent-managed.tf
@@ -15,17 +15,13 @@
*/
resource "google_vertex_ai_reasoning_engine" "managed" {
- provider = google-beta
- count = var.managed ? 1 : 0
- display_name = var.name
- project = local.project_id
- description = var.description
- region = local.location
- deletion_policy = (
- var.enable_deletion_protection
- ? null
- : "FORCE"
- )
+ provider = google-beta
+ count = var.managed ? 1 : 0
+ display_name = var.name
+ project = local.project_id
+ description = var.description
+ region = local.location
+ deletion_policy = var.enable_deletion_protection ? null : "FORCE"
dynamic "encryption_spec" {
for_each = var.encryption_key == null ? {} : { 1 = 1 }
@@ -46,6 +42,7 @@ resource "google_vertex_ai_reasoning_engine" "managed" {
? null
: var.agent_engine_config.class_methods
)
+ identity_type = var.agent_engine_config.identity_type
service_account = local.service_account_email
dynamic "deployment_spec" {
@@ -126,7 +123,7 @@ resource "google_vertex_ai_reasoning_engine" "managed" {
}
dynamic "container_spec" {
- for_each = var.deployment_config.container_config != null ? { 1 = 1 } : {}
+ for_each = var.deployment_config.container_config == null ? {} : { 1 = 1 }
content {
image_uri = var.deployment_config.container_config.image_uri
@@ -134,7 +131,7 @@ resource "google_vertex_ai_reasoning_engine" "managed" {
}
dynamic "package_spec" {
- for_each = var.deployment_config.package_config != null ? { 1 = 1 } : {}
+ for_each = var.deployment_config.package_config == null ? {} : { 1 = 1 }
content {
python_version = var.agent_engine_config.python_version
@@ -157,14 +154,18 @@ resource "google_vertex_ai_reasoning_engine" "managed" {
}
dynamic "source_code_spec" {
- for_each = var.deployment_config.source_files_config != null ? { 1 = 1 } : {}
+ for_each = (
+ var.deployment_config.source_files_config == null
+ ? {}
+ : { 1 = 1 }
+ )
content {
dynamic "inline_source" {
for_each = (
- try(var.deployment_config.source_files_config.source_path, null) != null
- ? { 1 = 1 }
- : {}
+ try(var.deployment_config.source_files_config.source_path, null) == null
+ ? {}
+ : { 1 = 1 }
)
content {
source_archive = filebase64(var.deployment_config.source_files_config.source_path)
@@ -173,9 +174,9 @@ resource "google_vertex_ai_reasoning_engine" "managed" {
dynamic "developer_connect_source" {
for_each = (
- try(var.deployment_config.source_files_config.developer_connect_config, null) != null
- ? { 1 = 1 }
- : {}
+ try(var.deployment_config.source_files_config.developer_connect_config, null) == null
+ ? {}
+ : { 1 = 1 }
)
content {
config {
@@ -188,9 +189,10 @@ resource "google_vertex_ai_reasoning_engine" "managed" {
dynamic "python_spec" {
for_each = (
- try(var.deployment_config.source_files_config.python_spec, null) != null
- ? { 1 = 1 }
- : {}
+ try(var.deployment_config.source_files_config.python_spec, null) == null
+ || try(var.deployment_config.source_files_config.image_spec, null) != null
+ ? {}
+ : { 1 = 1 }
)
content {
entrypoint_module = var.deployment_config.source_files_config.python_spec.entrypoint_module
@@ -202,9 +204,9 @@ resource "google_vertex_ai_reasoning_engine" "managed" {
dynamic "image_spec" {
for_each = (
- try(var.deployment_config.source_files_config.image_spec, null) != null
- ? { 1 = 1 }
- : {}
+ try(var.deployment_config.source_files_config.image_spec, null) == null
+ ? {}
+ : { 1 = 1 }
)
content {
build_args = var.deployment_config.source_files_config.image_spec.build_args
@@ -215,7 +217,7 @@ resource "google_vertex_ai_reasoning_engine" "managed" {
}
dynamic "context_spec" {
- for_each = var.memory_bank_config != null ? { 1 = 1 } : {}
+ for_each = var.memory_bank_config == null ? {} : { 1 = 1 }
content {
memory_bank_config {
@@ -223,7 +225,7 @@ resource "google_vertex_ai_reasoning_engine" "managed" {
dynamic "generation_config" {
for_each = (
- var.memory_bank_config.generation_config != null ? { 1 = 1 } : {}
+ var.memory_bank_config.generation_config == null ? {} : { 1 = 1 }
)
content {
model = lookup(
@@ -236,7 +238,9 @@ resource "google_vertex_ai_reasoning_engine" "managed" {
dynamic "similarity_search_config" {
for_each = (
- var.memory_bank_config.similarity_search_config != null ? { 1 = 1 } : {}
+ var.memory_bank_config.similarity_search_config == null
+ ? {}
+ : { 1 = 1 }
)
content {
embedding_model = lookup(
@@ -249,7 +253,7 @@ resource "google_vertex_ai_reasoning_engine" "managed" {
dynamic "ttl_config" {
for_each = (
- var.memory_bank_config.ttl_config != null ? { 1 = 1 } : {}
+ var.memory_bank_config.ttl_config == null ? {} : { 1 = 1 }
)
content {
default_ttl = var.memory_bank_config.ttl_config.default_ttl
@@ -257,9 +261,9 @@ resource "google_vertex_ai_reasoning_engine" "managed" {
dynamic "granular_ttl_config" {
for_each = (
- var.memory_bank_config.ttl_config.granular_ttl_config != null
- ? { 1 = 1 }
- : {}
+ var.memory_bank_config.ttl_config.granular_ttl_config == null
+ ? {}
+ : { 1 = 1 }
)
content {
create_ttl = (
diff --git a/modules/agent-engine/agent-unmanaged.tf b/modules/agent-engine/agent-unmanaged.tf
index 4c350feb1..77e2efe21 100644
--- a/modules/agent-engine/agent-unmanaged.tf
+++ b/modules/agent-engine/agent-unmanaged.tf
@@ -15,17 +15,13 @@
*/
resource "google_vertex_ai_reasoning_engine" "unmanaged" {
- provider = google-beta
- count = var.managed ? 0 : 1
- display_name = var.name
- project = local.project_id
- description = var.description
- region = local.location
- deletion_policy = (
- var.enable_deletion_protection
- ? null
- : "FORCE"
- )
+ provider = google-beta
+ count = var.managed ? 0 : 1
+ display_name = var.name
+ project = local.project_id
+ description = var.description
+ region = local.location
+ deletion_policy = var.enable_deletion_protection ? null : "FORCE"
dynamic "encryption_spec" {
for_each = var.encryption_key == null ? {} : { 1 = 1 }
@@ -46,6 +42,7 @@ resource "google_vertex_ai_reasoning_engine" "unmanaged" {
? null
: var.agent_engine_config.class_methods
)
+ identity_type = var.agent_engine_config.identity_type
service_account = local.service_account_email
dynamic "deployment_spec" {
@@ -126,7 +123,7 @@ resource "google_vertex_ai_reasoning_engine" "unmanaged" {
}
dynamic "container_spec" {
- for_each = var.deployment_config.container_config != null ? { 1 = 1 } : {}
+ for_each = var.deployment_config.container_config == null ? {} : { 1 = 1 }
content {
image_uri = var.deployment_config.container_config.image_uri
@@ -134,7 +131,7 @@ resource "google_vertex_ai_reasoning_engine" "unmanaged" {
}
dynamic "package_spec" {
- for_each = var.deployment_config.package_config != null ? { 1 = 1 } : {}
+ for_each = var.deployment_config.package_config == null ? {} : { 1 = 1 }
content {
python_version = var.agent_engine_config.python_version
@@ -157,12 +154,16 @@ resource "google_vertex_ai_reasoning_engine" "unmanaged" {
}
dynamic "source_code_spec" {
- for_each = var.deployment_config.source_files_config != null ? { 1 = 1 } : {}
+ for_each = (
+ var.deployment_config.source_files_config == null ?
+ {}
+ : { 1 = 1 }
+ )
content {
dynamic "inline_source" {
for_each = (
- try(var.deployment_config.source_files_config.source_path, null) != null
+ try(var.deployment_config.source_files_config.source_path, null) == null
? { 1 = 1 }
: {}
)
@@ -173,9 +174,9 @@ resource "google_vertex_ai_reasoning_engine" "unmanaged" {
dynamic "developer_connect_source" {
for_each = (
- try(var.deployment_config.source_files_config.developer_connect_config, null) != null
- ? { 1 = 1 }
- : {}
+ try(var.deployment_config.source_files_config.developer_connect_config, null) == null
+ ? {}
+ : { 1 = 1 }
)
content {
config {
@@ -188,9 +189,9 @@ resource "google_vertex_ai_reasoning_engine" "unmanaged" {
dynamic "python_spec" {
for_each = (
- try(var.deployment_config.source_files_config.python_spec, null) != null
- ? { 1 = 1 }
- : {}
+ try(var.deployment_config.source_files_config.python_spec, null) == null
+ ? {}
+ : { 1 = 1 }
)
content {
entrypoint_module = var.deployment_config.source_files_config.python_spec.entrypoint_module
@@ -202,9 +203,9 @@ resource "google_vertex_ai_reasoning_engine" "unmanaged" {
dynamic "image_spec" {
for_each = (
- try(var.deployment_config.source_files_config.image_spec, null) != null
- ? { 1 = 1 }
- : {}
+ try(var.deployment_config.source_files_config.image_spec, null) == null
+ ? {}
+ : { 1 = 1 }
)
content {
build_args = var.deployment_config.source_files_config.image_spec.build_args
@@ -215,7 +216,7 @@ resource "google_vertex_ai_reasoning_engine" "unmanaged" {
}
dynamic "context_spec" {
- for_each = var.memory_bank_config != null ? { 1 = 1 } : {}
+ for_each = var.memory_bank_config == null ? {} : { 1 = 1 }
content {
memory_bank_config {
@@ -223,7 +224,7 @@ resource "google_vertex_ai_reasoning_engine" "unmanaged" {
dynamic "generation_config" {
for_each = (
- var.memory_bank_config.generation_config != null ? { 1 = 1 } : {}
+ var.memory_bank_config.generation_config == null ? {} : { 1 = 1 }
)
content {
model = lookup(
@@ -236,7 +237,9 @@ resource "google_vertex_ai_reasoning_engine" "unmanaged" {
dynamic "similarity_search_config" {
for_each = (
- var.memory_bank_config.similarity_search_config != null ? { 1 = 1 } : {}
+ var.memory_bank_config.similarity_search_config == null
+ ? {}
+ : { 1 = 1 }
)
content {
embedding_model = lookup(
@@ -249,7 +252,7 @@ resource "google_vertex_ai_reasoning_engine" "unmanaged" {
dynamic "ttl_config" {
for_each = (
- var.memory_bank_config.ttl_config != null ? { 1 = 1 } : {}
+ var.memory_bank_config.ttl_config == null ? {} : { 1 = 1 }
)
content {
default_ttl = var.memory_bank_config.ttl_config.default_ttl
@@ -257,9 +260,9 @@ resource "google_vertex_ai_reasoning_engine" "unmanaged" {
dynamic "granular_ttl_config" {
for_each = (
- var.memory_bank_config.ttl_config.granular_ttl_config != null
- ? { 1 = 1 }
- : {}
+ var.memory_bank_config.ttl_config.granular_ttl_config == null
+ ? {}
+ : { 1 = 1 }
)
content {
create_ttl = (
diff --git a/modules/agent-engine/identity.tf b/modules/agent-engine/identity.tf
new file mode 100644
index 000000000..d38ee4093
--- /dev/null
+++ b/modules/agent-engine/identity.tf
@@ -0,0 +1,85 @@
+/**
+ * Copyright 2026 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+locals {
+ _effective_identity = coalesce(
+ try(google_vertex_ai_reasoning_engine.managed[0].spec[0].effective_identity, null),
+ try(google_vertex_ai_reasoning_engine.unmanaged[0].spec[0].effective_identity, null)
+ )
+ effective_identity = (
+ local._effective_identity == null
+ ? "principal://${local._effective_identity}"
+ : null
+ )
+ identity = coalesce(
+ local.effective_identity,
+ local.service_account_email,
+ "service-{your_project_number}@gcp-sa-aiplatform-re.iam.gserviceaccount.com"
+ )
+ service_account_email = (
+ var.service_account_config.create
+ ? try(google_service_account.service_account[0].email, null) # use managed SA, when creating
+ : (var.service_account_config.email == null ? null # set to null, if no email provided
+ : lookup( # lookup SA in context
+ local.ctx.iam_principals,
+ var.service_account_config.email,
+ var.service_account_config.email
+ )
+ )
+ )
+ roles = [
+ for role in var.service_account_config.roles
+ : lookup(local.ctx.custom_roles, role, role)
+ ]
+}
+
+resource "google_service_account" "service_account" {
+ count = (
+ var.service_account_config.create
+ && var.agent_engine_config.identity_type == "SERVICE_ACCOUNT"
+ ? 1 : 0
+ )
+ project = local.project_id
+ account_id = coalesce(var.service_account_config.name, var.name)
+ display_name = coalesce(
+ var.service_account_config.display_name,
+ var.service_account_config.name,
+ var.name
+ )
+}
+
+resource "google_project_iam_member" "iam_member_sa" {
+ for_each = (
+ var.service_account_config.create
+ && var.agent_engine_config.identity_type == "SERVICE_ACCOUNT"
+ ? toset(local.roles)
+ : toset([])
+ )
+ role = each.key
+ project = local.project_id
+ member = google_service_account.service_account[0].member
+}
+
+resource "google_project_iam_member" "iam_member_identity" {
+ for_each = (
+ var.agent_engine_config.identity_type == "AGENT_IDENTITY"
+ ? toset(local.roles)
+ : toset([])
+ )
+ role = each.key
+ project = local.project_id
+ member = local.effective_identity
+}
diff --git a/modules/agent-engine/main.tf b/modules/agent-engine/main.tf
index 7f3c8a75e..c09a46fd7 100644
--- a/modules/agent-engine/main.tf
+++ b/modules/agent-engine/main.tf
@@ -43,16 +43,6 @@ locals {
}
}
-# TODO: fix once eventual consistency issue is solved.
-# AE doesn't retry the deployment (yet) if bindings are still not active.
-resource "time_sleep" "wait_5_minutes" {
- create_duration = "5m"
-
- depends_on = [
- google_project_iam_member.default
- ]
-}
-
resource "google_storage_bucket" "default" {
count = (
var.bucket_config.create
diff --git a/modules/agent-engine/outputs.tf b/modules/agent-engine/outputs.tf
index 0b8cb48d5..ba3a8223a 100644
--- a/modules/agent-engine/outputs.tf
+++ b/modules/agent-engine/outputs.tf
@@ -24,7 +24,7 @@ output "id" {
value = local.resource.id
}
-output "service_account" {
- description = "Service account resource."
- value = try(google_service_account.service_account[0], null)
+output "identity" {
+ description = "The agent identity."
+ value = local.identity
}
diff --git a/modules/agent-engine/serviceaccount.tf b/modules/agent-engine/serviceaccount.tf
deleted file mode 100644
index 46c7499e4..000000000
--- a/modules/agent-engine/serviceaccount.tf
+++ /dev/null
@@ -1,55 +0,0 @@
-/**
- * Copyright 2025 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-locals {
- service_account_email = (
- var.service_account_config.create
- ? google_service_account.service_account[0].email # use managed SA, when creating
- : (var.service_account_config.email == null ? null # set to null, if no email provided
- : lookup( # lookup SA in context
- local.ctx.iam_principals,
- var.service_account_config.email,
- var.service_account_config.email
- )
- )
- )
- service_account_roles = [
- for role in var.service_account_config.roles
- : lookup(local.ctx.custom_roles, role, role)
- ]
-}
-
-resource "google_service_account" "service_account" {
- count = var.service_account_config.create ? 1 : 0
- project = local.project_id
- account_id = coalesce(var.service_account_config.name, var.name)
- display_name = coalesce(
- var.service_account_config.display_name,
- var.service_account_config.name,
- var.name
- )
-}
-
-resource "google_project_iam_member" "default" {
- for_each = (
- var.service_account_config.create
- ? toset(local.service_account_roles)
- : toset([])
- )
- role = each.key
- project = local.project_id
- member = google_service_account.service_account[0].member
-}
diff --git a/modules/agent-engine/variables.tf b/modules/agent-engine/variables.tf
index fa2260c39..792b8cded 100644
--- a/modules/agent-engine/variables.tf
+++ b/modules/agent-engine/variables.tf
@@ -22,6 +22,7 @@ variable "agent_engine_config" {
class_methods = optional(string)
container_concurrency = optional(number)
environment_variables = optional(map(string), {})
+ identity_type = optional(string, "AGENT_IDENTITY")
max_instances = optional(number)
min_instances = optional(number)
python_version = optional(string, "3.13")
@@ -36,6 +37,14 @@ variable "agent_engine_config" {
})
nullable = false
default = {}
+
+ validation {
+ condition = (
+ var.agent_engine_config.identity_type == "AGENT_IDENTITY"
+ || var.agent_engine_config.identity_type == "SERVICE_ACCOUNT"
+ )
+ error_message = "var.agent_engine_config.identity_type must be either AGENT_IDENTITY or SERVICE_ACCOUNT."
+ }
}
variable "bucket_config" {
@@ -88,7 +97,7 @@ variable "deployment_config" {
entrypoint_module = optional(string, "agent")
entrypoint_object = optional(string, "agent")
requirements_file = optional(string, "requirements.txt")
- }))
+ }), {})
image_spec = optional(object({
build_args = optional(map(string), {})
}))
@@ -114,15 +123,6 @@ variable "deployment_config" {
)
error_message = "Only one of 'source_path' or 'developer_connect_config' can be specified within 'source_files_config'."
}
- validation {
- condition = (
- var.deployment_config.source_files_config == null ? true : (
- (var.deployment_config.source_files_config.python_spec != null ? 1 : 0) +
- (var.deployment_config.source_files_config.image_spec != null ? 1 : 0)
- ) <= 1
- )
- error_message = "Only one of 'python_spec' or 'image_spec' can be specified within 'source_files_config'."
- }
}
variable "description" {
diff --git a/tests/modules/agent_engine/examples/container.yaml b/tests/modules/agent_engine/examples/container.yaml
index 5c577c3d0..357810483 100644
--- a/tests/modules/agent_engine/examples/container.yaml
+++ b/tests/modules/agent_engine/examples/container.yaml
@@ -13,26 +13,14 @@
# limitations under the License.
values:
- module.agent_engine.google_project_iam_member.default["roles/aiplatform.user"]:
+ module.agent_engine.google_project_iam_member.iam_member_identity["roles/aiplatform.user"]:
condition: []
- member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
project: project-id
role: roles/aiplatform.user
- module.agent_engine.google_project_iam_member.default["roles/storage.objectViewer"]:
+ module.agent_engine.google_project_iam_member.iam_member_identity["roles/storage.objectViewer"]:
condition: []
- member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
project: project-id
role: roles/storage.objectViewer
- module.agent_engine.google_service_account.service_account[0]:
- account_id: my-agent
- create_ignore_already_exists: null
- description: null
- disabled: false
- display_name: my-agent
- email: my-agent@project-id.iam.gserviceaccount.com
- member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
- project: project-id
- timeouts: null
module.agent_engine.google_vertex_ai_reasoning_engine.managed[0]:
context_spec: []
deletion_policy: null
@@ -55,24 +43,18 @@ values:
value: bar
psc_interface_config: []
secret_env: []
- identity_type: null
+ identity_type: AGENT_IDENTITY
package_spec: []
- service_account: my-agent@project-id.iam.gserviceaccount.com
+ service_account: null
source_code_spec: []
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
- module.agent_engine.time_sleep.wait_5_minutes:
- create_duration: 5m
- destroy_duration: null
- triggers: null
counts:
google_project_iam_member: 2
- google_service_account: 1
google_vertex_ai_reasoning_engine: 1
modules: 1
- resources: 5
- time_sleep: 1
+ resources: 3
outputs: {}
diff --git a/tests/modules/agent_engine/examples/context.yaml b/tests/modules/agent_engine/examples/context.yaml
index c30a91aab..904c6de6b 100644
--- a/tests/modules/agent_engine/examples/context.yaml
+++ b/tests/modules/agent_engine/examples/context.yaml
@@ -13,6 +13,14 @@
# limitations under the License.
values:
+ module.agent_engine.google_project_iam_member.iam_member_identity["roles/aiplatform.user"]:
+ condition: []
+ project: test-project-1
+ role: roles/aiplatform.user
+ module.agent_engine.google_project_iam_member.iam_member_identity["roles/storage.objectViewer"]:
+ condition: []
+ project: test-project-1
+ role: roles/storage.objectViewer
module.agent_engine.google_vertex_ai_reasoning_engine.managed[0]:
context_spec: []
deletion_policy: null
@@ -40,7 +48,7 @@ values:
target_project: company-dns-project
network_attachment: projects/test-project-1/regions/europe-west1/networkAttachments/core-service
secret_env: []
- identity_type: null
+ identity_type: AGENT_IDENTITY
package_spec: []
service_account: my-sa@$test-project-1.iam.gserviceaccount.com
source_code_spec:
@@ -48,19 +56,19 @@ values:
image_spec: []
inline_source:
- source_archive: H4sIAMCUSmkAA+1Y727bNhB3CwzbtM/b55v7oQmQyPprJyk8QE2y1ahrZ7HTriiKgJFom4skqhRV2yj6Hvu8PdL2AgP2CHuAHWXZiZP+C5C4WKsfQNjiHY+/I3l3og7I5AElARU1/VjQFxkTNKKxTHU5kZVrgmEYdceBSiMHVCy34Vo2qP4ZXAdM17Qs1eomGJZp160KTK6LwLuQpZIIpBJmPkkElfQteolgERHToeBZ8ib5zBNY/P5PYDqQsaC5ZWw5DUuzDYgki2jTbNTrzrbrGNt6fatuGbhljvaxuZa4ftxc1J9hHv+24dqGbVyKf8uxl+PfbNgNtwLG9VO5jM88/itffPdl5Xal8oj40O3BL1BA9VW+xmZhe4FNPf/xYSa9fv+w+KtG/Ibtmwsqt876v/V5pJMkCameCP6SxiT2aeXW7cpf//z+1b9/b/15DU6WeBsOFvX/5vLA++o/Bv3F+m869bL+rwJXqf9uA9qt+97h7oPW4319QqQU+puCt+n93PLMbo/tHvRH3c4jzdmGHg5qP33XoHMRX75prAw3X/3fX//Ni/FvNsy6Udb/VWDI+TCkm37Is2CTsCQkcsBF9IwM8UQc03jIYpo+/6Fp6qZl6IZW6JPgNO9zdVPLxybMPw1ps2nrSutje1XiQ3Fw7v6f77meTK97jivc/03LdVX8u65R1v9V4J3139natnXbMvA2ZrlbZVR/gri5qD/DFe7/Rfy7bt0u6/9KUN7/P2uc1f+bywNXuP/P679tO2X9XwWuUv/L+/+nh5uv/u+t/5btXIx/13adsv6vAne+r2WpqJ2wuEbjl5BM5YjHtqbdgV2eTAUbjiSoz3/wU37xh3Z7V7uD0jbzaZzSALIYiwfIEQUvIT7+FJINeExFyngMlm7AmlKoFqLq+j20MOUZRGQKMZeQpRRNsBQGDOegE58mElgMmCiSkKn0AGMmR/k0hREdTTwtTPATSVCboH6CT4PzekBkTlhhJGWS7tRq4/EY849iq3MxrIUzzbTWbu3ud3r7m8g4H3MUhzRNofhGFsDJFFTaYj45QZohGQMXQIaCokxyRXgsmGTxcANSPpBjIihaCVgqBTvJ5NJqzemh0+cVcL1IDFWvB61eFe57vVZvA208afUfdI/68MQ7PPQ6/dZ+D7qHsNvt7LX6rW4Hn34Er/MUHrY6extAca1wGjrBA438kSRT60gDtWg9SpcIDPiMUJpQnw2Yj37FwwzzAgwxN4sY3YGEioilajdTpBeglZBFTBKZ91xySte0geARzD4W6SQ41fM8kyoeXEhoh5GnOmZqOIukE8L0pY9Oc10vOPWSRNO0gA5gSFE+8UdIkR4LIumapjbWz4SgsT89VvZ2AJcTmlA96u1VN5blki+k+0eHF6UBGlzIQ3xIJaqs76BWQUYdBexNsQeXNuFqAZuLXh3pzQgBDKrz00YSpg8EiU8HGfopVOWrvVqa83VBBCAhgkRp85UGC1SVT9WdZR83zitIfl4seSF7rZTWc6YyE/GCsP5ryuO1dS0PckFxfvD2HkK++EWYcR6mmuBczm6H6OJ8x2buRTygYbM6pBGLGYaLuzkISToq3GAxLmHmq8PRrKoYxTjA4BzRMBlkIRA8SJh0Y1moxwRfOO4u+C+2N5/67kwnZ9R8dmn7n+P2aNqc5OyorOWPzTP66+X7RIkSJUpcwn+2Vos4ACgAAA==
- python_spec: []
+ python_spec:
+ - entrypoint_module: agent
+ entrypoint_object: agent
+ requirements_file: requirements.txt
+ version: '3.13'
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
- module.agent_engine.time_sleep.wait_5_minutes:
- create_duration: 5m
- destroy_duration: null
- triggers: null
counts:
+ google_project_iam_member: 2
google_vertex_ai_reasoning_engine: 1
modules: 1
- resources: 2
- time_sleep: 1
+ resources: 3
outputs: {}
diff --git a/tests/modules/agent_engine/examples/deletion-protection.yaml b/tests/modules/agent_engine/examples/deletion-protection.yaml
index c343508e3..d793a4cc0 100644
--- a/tests/modules/agent_engine/examples/deletion-protection.yaml
+++ b/tests/modules/agent_engine/examples/deletion-protection.yaml
@@ -13,26 +13,14 @@
# limitations under the License.
values:
- module.agent_engine.google_project_iam_member.default["roles/aiplatform.user"]:
+ module.agent_engine.google_project_iam_member.iam_member_identity["roles/aiplatform.user"]:
condition: []
- member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
project: project-id
role: roles/aiplatform.user
- module.agent_engine.google_project_iam_member.default["roles/storage.objectViewer"]:
+ module.agent_engine.google_project_iam_member.iam_member_identity["roles/storage.objectViewer"]:
condition: []
- member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
project: project-id
role: roles/storage.objectViewer
- module.agent_engine.google_service_account.service_account[0]:
- account_id: my-agent
- create_ignore_already_exists: null
- description: null
- disabled: false
- display_name: my-agent
- email: my-agent@project-id.iam.gserviceaccount.com
- member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
- project: project-id
- timeouts: null
module.agent_engine.google_storage_bucket.default[0]:
autoclass: []
cors: []
@@ -131,30 +119,24 @@ values:
class_methods: null
container_spec: []
deployment_spec: []
- identity_type: null
+ identity_type: AGENT_IDENTITY
package_spec:
- dependency_files_gcs_uri: gs://my-agent/dependencies.tar.gz
pickle_object_gcs_uri: gs://my-agent/pickle.pkl
python_version: '3.13'
requirements_gcs_uri: gs://my-agent/requirements.txt
- service_account: my-agent@project-id.iam.gserviceaccount.com
+ service_account: null
source_code_spec: []
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
- module.agent_engine.time_sleep.wait_5_minutes:
- create_duration: 5m
- destroy_duration: null
- triggers: null
counts:
google_project_iam_member: 2
- google_service_account: 1
google_storage_bucket: 1
google_storage_bucket_object: 3
google_vertex_ai_reasoning_engine: 1
modules: 1
- resources: 9
- time_sleep: 1
+ resources: 7
outputs: {}
diff --git a/tests/modules/agent_engine/examples/encryption.yaml b/tests/modules/agent_engine/examples/encryption.yaml
index 030b35d1c..49ff79273 100644
--- a/tests/modules/agent_engine/examples/encryption.yaml
+++ b/tests/modules/agent_engine/examples/encryption.yaml
@@ -13,26 +13,14 @@
# limitations under the License.
values:
- module.agent_engine.google_project_iam_member.default["roles/aiplatform.user"]:
+ module.agent_engine.google_project_iam_member.iam_member_identity["roles/aiplatform.user"]:
condition: []
- member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
project: project-id
role: roles/aiplatform.user
- module.agent_engine.google_project_iam_member.default["roles/storage.objectViewer"]:
+ module.agent_engine.google_project_iam_member.iam_member_identity["roles/storage.objectViewer"]:
condition: []
- member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
project: project-id
role: roles/storage.objectViewer
- module.agent_engine.google_service_account.service_account[0]:
- account_id: my-agent
- create_ignore_already_exists: null
- description: null
- disabled: false
- display_name: my-agent
- email: my-agent@project-id.iam.gserviceaccount.com
- member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
- project: project-id
- timeouts: null
module.agent_engine.google_vertex_ai_reasoning_engine.managed[0]:
context_spec: []
deletion_policy: null
@@ -50,29 +38,27 @@ values:
class_methods: null
container_spec: []
deployment_spec: []
- identity_type: null
+ identity_type: AGENT_IDENTITY
package_spec: []
- service_account: my-agent@project-id.iam.gserviceaccount.com
+ service_account: null
source_code_spec:
- developer_connect_source: []
image_spec: []
inline_source:
- source_archive: H4sIAMCUSmkAA+1Y727bNhB3CwzbtM/b55v7oQmQyPprJyk8QE2y1ahrZ7HTriiKgJFom4skqhRV2yj6Hvu8PdL2AgP2CHuAHWXZiZP+C5C4WKsfQNjiHY+/I3l3og7I5AElARU1/VjQFxkTNKKxTHU5kZVrgmEYdceBSiMHVCy34Vo2qP4ZXAdM17Qs1eomGJZp160KTK6LwLuQpZIIpBJmPkkElfQteolgERHToeBZ8ib5zBNY/P5PYDqQsaC5ZWw5DUuzDYgki2jTbNTrzrbrGNt6fatuGbhljvaxuZa4ftxc1J9hHv+24dqGbVyKf8uxl+PfbNgNtwLG9VO5jM88/itffPdl5Xal8oj40O3BL1BA9VW+xmZhe4FNPf/xYSa9fv+w+KtG/Ibtmwsqt876v/V5pJMkCameCP6SxiT2aeXW7cpf//z+1b9/b/15DU6WeBsOFvX/5vLA++o/Bv3F+m869bL+rwJXqf9uA9qt+97h7oPW4319QqQU+puCt+n93PLMbo/tHvRH3c4jzdmGHg5qP33XoHMRX75prAw3X/3fX//Ni/FvNsy6Udb/VWDI+TCkm37Is2CTsCQkcsBF9IwM8UQc03jIYpo+/6Fp6qZl6IZW6JPgNO9zdVPLxybMPw1ps2nrSutje1XiQ3Fw7v6f77meTK97jivc/03LdVX8u65R1v9V4J3139natnXbMvA2ZrlbZVR/gri5qD/DFe7/Rfy7bt0u6/9KUN7/P2uc1f+bywNXuP/P679tO2X9XwWuUv/L+/+nh5uv/u+t/5btXIx/13adsv6vAne+r2WpqJ2wuEbjl5BM5YjHtqbdgV2eTAUbjiSoz3/wU37xh3Z7V7uD0jbzaZzSALIYiwfIEQUvIT7+FJINeExFyngMlm7AmlKoFqLq+j20MOUZRGQKMZeQpRRNsBQGDOegE58mElgMmCiSkKn0AGMmR/k0hREdTTwtTPATSVCboH6CT4PzekBkTlhhJGWS7tRq4/EY849iq3MxrIUzzbTWbu3ud3r7m8g4H3MUhzRNofhGFsDJFFTaYj45QZohGQMXQIaCokxyRXgsmGTxcANSPpBjIihaCVgqBTvJ5NJqzemh0+cVcL1IDFWvB61eFe57vVZvA208afUfdI/68MQ7PPQ6/dZ+D7qHsNvt7LX6rW4Hn34Er/MUHrY6extAca1wGjrBA438kSRT60gDtWg9SpcIDPiMUJpQnw2Yj37FwwzzAgwxN4sY3YGEioilajdTpBeglZBFTBKZ91xySte0geARzD4W6SQ41fM8kyoeXEhoh5GnOmZqOIukE8L0pY9Oc10vOPWSRNO0gA5gSFE+8UdIkR4LIumapjbWz4SgsT89VvZ2AJcTmlA96u1VN5blki+k+0eHF6UBGlzIQ3xIJaqs76BWQUYdBexNsQeXNuFqAZuLXh3pzQgBDKrz00YSpg8EiU8HGfopVOWrvVqa83VBBCAhgkRp85UGC1SVT9WdZR83zitIfl4seSF7rZTWc6YyE/GCsP5ryuO1dS0PckFxfvD2HkK++EWYcR6mmuBczm6H6OJ8x2buRTygYbM6pBGLGYaLuzkISToq3GAxLmHmq8PRrKoYxTjA4BzRMBlkIRA8SJh0Y1moxwRfOO4u+C+2N5/67kwnZ9R8dmn7n+P2aNqc5OyorOWPzTP66+X7RIkSJUpcwn+2Vos4ACgAAA==
- python_spec: []
+ python_spec:
+ - entrypoint_module: agent
+ entrypoint_object: agent
+ requirements_file: requirements.txt
+ version: '3.13'
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
- module.agent_engine.time_sleep.wait_5_minutes:
- create_duration: 5m
- destroy_duration: null
- triggers: null
counts:
google_project_iam_member: 2
- google_service_account: 1
google_vertex_ai_reasoning_engine: 1
modules: 1
- resources: 5
- time_sleep: 1
+ resources: 3
outputs: {}
diff --git a/tests/modules/agent_engine/examples/environment.yaml b/tests/modules/agent_engine/examples/environment.yaml
index e520a9f31..412e0f759 100644
--- a/tests/modules/agent_engine/examples/environment.yaml
+++ b/tests/modules/agent_engine/examples/environment.yaml
@@ -13,26 +13,14 @@
# limitations under the License.
values:
- module.agent_engine.google_project_iam_member.default["roles/aiplatform.user"]:
+ module.agent_engine.google_project_iam_member.iam_member_identity["roles/aiplatform.user"]:
condition: []
- member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
project: project-id
role: roles/aiplatform.user
- module.agent_engine.google_project_iam_member.default["roles/storage.objectViewer"]:
+ module.agent_engine.google_project_iam_member.iam_member_identity["roles/storage.objectViewer"]:
condition: []
- member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
project: project-id
role: roles/storage.objectViewer
- module.agent_engine.google_service_account.service_account[0]:
- account_id: my-agent
- create_ignore_already_exists: null
- description: null
- disabled: false
- display_name: my-agent
- email: my-agent@project-id.iam.gserviceaccount.com
- member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
- project: project-id
- timeouts: null
module.agent_engine.google_vertex_ai_reasoning_engine.managed[0]:
context_spec: []
deletion_policy: null
@@ -58,29 +46,27 @@ values:
secret_ref:
- secret: projects/project-id/secrets/my-secret
version: latest
- identity_type: null
+ identity_type: AGENT_IDENTITY
package_spec: []
- service_account: my-agent@project-id.iam.gserviceaccount.com
+ service_account: null
source_code_spec:
- developer_connect_source: []
image_spec: []
inline_source:
- source_archive: H4sIAMCUSmkAA+1Y727bNhB3CwzbtM/b55v7oQmQyPprJyk8QE2y1ahrZ7HTriiKgJFom4skqhRV2yj6Hvu8PdL2AgP2CHuAHWXZiZP+C5C4WKsfQNjiHY+/I3l3og7I5AElARU1/VjQFxkTNKKxTHU5kZVrgmEYdceBSiMHVCy34Vo2qP4ZXAdM17Qs1eomGJZp160KTK6LwLuQpZIIpBJmPkkElfQteolgERHToeBZ8ib5zBNY/P5PYDqQsaC5ZWw5DUuzDYgki2jTbNTrzrbrGNt6fatuGbhljvaxuZa4ftxc1J9hHv+24dqGbVyKf8uxl+PfbNgNtwLG9VO5jM88/itffPdl5Xal8oj40O3BL1BA9VW+xmZhe4FNPf/xYSa9fv+w+KtG/Ibtmwsqt876v/V5pJMkCameCP6SxiT2aeXW7cpf//z+1b9/b/15DU6WeBsOFvX/5vLA++o/Bv3F+m869bL+rwJXqf9uA9qt+97h7oPW4319QqQU+puCt+n93PLMbo/tHvRH3c4jzdmGHg5qP33XoHMRX75prAw3X/3fX//Ni/FvNsy6Udb/VWDI+TCkm37Is2CTsCQkcsBF9IwM8UQc03jIYpo+/6Fp6qZl6IZW6JPgNO9zdVPLxybMPw1ps2nrSutje1XiQ3Fw7v6f77meTK97jivc/03LdVX8u65R1v9V4J3139natnXbMvA2ZrlbZVR/gri5qD/DFe7/Rfy7bt0u6/9KUN7/P2uc1f+bywNXuP/P679tO2X9XwWuUv/L+/+nh5uv/u+t/5btXIx/13adsv6vAne+r2WpqJ2wuEbjl5BM5YjHtqbdgV2eTAUbjiSoz3/wU37xh3Z7V7uD0jbzaZzSALIYiwfIEQUvIT7+FJINeExFyngMlm7AmlKoFqLq+j20MOUZRGQKMZeQpRRNsBQGDOegE58mElgMmCiSkKn0AGMmR/k0hREdTTwtTPATSVCboH6CT4PzekBkTlhhJGWS7tRq4/EY849iq3MxrIUzzbTWbu3ud3r7m8g4H3MUhzRNofhGFsDJFFTaYj45QZohGQMXQIaCokxyRXgsmGTxcANSPpBjIihaCVgqBTvJ5NJqzemh0+cVcL1IDFWvB61eFe57vVZvA208afUfdI/68MQ7PPQ6/dZ+D7qHsNvt7LX6rW4Hn34Er/MUHrY6extAca1wGjrBA438kSRT60gDtWg9SpcIDPiMUJpQnw2Yj37FwwzzAgwxN4sY3YGEioilajdTpBeglZBFTBKZ91xySte0geARzD4W6SQ41fM8kyoeXEhoh5GnOmZqOIukE8L0pY9Oc10vOPWSRNO0gA5gSFE+8UdIkR4LIumapjbWz4SgsT89VvZ2AJcTmlA96u1VN5blki+k+0eHF6UBGlzIQ3xIJaqs76BWQUYdBexNsQeXNuFqAZuLXh3pzQgBDKrz00YSpg8EiU8HGfopVOWrvVqa83VBBCAhgkRp85UGC1SVT9WdZR83zitIfl4seSF7rZTWc6YyE/GCsP5ryuO1dS0PckFxfvD2HkK++EWYcR6mmuBczm6H6OJ8x2buRTygYbM6pBGLGYaLuzkISToq3GAxLmHmq8PRrKoYxTjA4BzRMBlkIRA8SJh0Y1moxwRfOO4u+C+2N5/67kwnZ9R8dmn7n+P2aNqc5OyorOWPzTP66+X7RIkSJUpcwn+2Vos4ACgAAA==
- python_spec: []
+ python_spec:
+ - entrypoint_module: agent
+ entrypoint_object: agent
+ requirements_file: requirements.txt
+ version: '3.13'
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
- module.agent_engine.time_sleep.wait_5_minutes:
- create_duration: 5m
- destroy_duration: null
- triggers: null
counts:
google_project_iam_member: 2
- google_service_account: 1
google_vertex_ai_reasoning_engine: 1
modules: 1
- resources: 5
- time_sleep: 1
+ resources: 3
outputs: {}
diff --git a/tests/modules/agent_engine/examples/image-spec.yaml b/tests/modules/agent_engine/examples/image-spec.yaml
index e6414fd63..5ba3f5775 100644
--- a/tests/modules/agent_engine/examples/image-spec.yaml
+++ b/tests/modules/agent_engine/examples/image-spec.yaml
@@ -13,26 +13,14 @@
# limitations under the License.
values:
- module.agent_engine.google_project_iam_member.default["roles/aiplatform.user"]:
+ module.agent_engine.google_project_iam_member.iam_member_identity["roles/aiplatform.user"]:
condition: []
- member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
project: project-id
role: roles/aiplatform.user
- module.agent_engine.google_project_iam_member.default["roles/storage.objectViewer"]:
+ module.agent_engine.google_project_iam_member.iam_member_identity["roles/storage.objectViewer"]:
condition: []
- member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
project: project-id
role: roles/storage.objectViewer
- module.agent_engine.google_service_account.service_account[0]:
- account_id: my-agent
- create_ignore_already_exists: null
- description: null
- disabled: false
- display_name: my-agent
- email: my-agent@project-id.iam.gserviceaccount.com
- member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
- project: project-id
- timeouts: null
module.agent_engine.google_vertex_ai_reasoning_engine.managed[0]:
context_spec: []
deletion_policy: null
@@ -49,9 +37,9 @@ values:
class_methods: null
container_spec: []
deployment_spec: []
- identity_type: null
+ identity_type: AGENT_IDENTITY
package_spec: []
- service_account: my-agent@project-id.iam.gserviceaccount.com
+ service_account: null
source_code_spec:
- developer_connect_source: []
image_spec:
@@ -63,17 +51,11 @@ values:
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
- module.agent_engine.time_sleep.wait_5_minutes:
- create_duration: 5m
- destroy_duration: null
- triggers: null
counts:
google_project_iam_member: 2
- google_service_account: 1
google_vertex_ai_reasoning_engine: 1
modules: 1
- resources: 5
- time_sleep: 1
+ resources: 3
outputs: {}
diff --git a/tests/modules/agent_engine/examples/memory-bank.yaml b/tests/modules/agent_engine/examples/memory-bank.yaml
new file mode 100644
index 000000000..888d2373e
--- /dev/null
+++ b/tests/modules/agent_engine/examples/memory-bank.yaml
@@ -0,0 +1,73 @@
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.agent_engine.google_project_iam_member.iam_member_identity["roles/aiplatform.user"]:
+ condition: []
+ project: project-id
+ role: roles/aiplatform.user
+ module.agent_engine.google_project_iam_member.iam_member_identity["roles/storage.objectViewer"]:
+ condition: []
+ project: project-id
+ role: roles/storage.objectViewer
+ module.agent_engine.google_vertex_ai_reasoning_engine.managed[0]:
+ context_spec:
+ - memory_bank_config:
+ - disable_memory_revisions: false
+ generation_config:
+ - model: projects/my-project/locations/us-central1/publishers/google/models/gemini-2.0-flash-001
+ similarity_search_config:
+ - embedding_model: projects/my-project/locations/us-central1/publishers/google/models/text-embedding-005
+ ttl_config:
+ - default_ttl: 2592000s
+ granular_ttl_config: []
+ memory_revision_default_ttl: null
+ deletion_policy: null
+ description: Terraform managed.
+ display_name: my-agent
+ effective_labels:
+ goog-terraform-provisioned: 'true'
+ encryption_spec: []
+ labels: null
+ project: project-id
+ region: europe-west8
+ spec:
+ - agent_framework: google-adk
+ class_methods: null
+ container_spec: []
+ deployment_spec: []
+ identity_type: AGENT_IDENTITY
+ package_spec: []
+ service_account: null
+ source_code_spec:
+ - developer_connect_source: []
+ image_spec: []
+ inline_source:
+ - source_archive: H4sIAMCUSmkAA+1Y727bNhB3CwzbtM/b55v7oQmQyPprJyk8QE2y1ahrZ7HTriiKgJFom4skqhRV2yj6Hvu8PdL2AgP2CHuAHWXZiZP+C5C4WKsfQNjiHY+/I3l3og7I5AElARU1/VjQFxkTNKKxTHU5kZVrgmEYdceBSiMHVCy34Vo2qP4ZXAdM17Qs1eomGJZp160KTK6LwLuQpZIIpBJmPkkElfQteolgERHToeBZ8ib5zBNY/P5PYDqQsaC5ZWw5DUuzDYgki2jTbNTrzrbrGNt6fatuGbhljvaxuZa4ftxc1J9hHv+24dqGbVyKf8uxl+PfbNgNtwLG9VO5jM88/itffPdl5Xal8oj40O3BL1BA9VW+xmZhe4FNPf/xYSa9fv+w+KtG/Ibtmwsqt876v/V5pJMkCameCP6SxiT2aeXW7cpf//z+1b9/b/15DU6WeBsOFvX/5vLA++o/Bv3F+m869bL+rwJXqf9uA9qt+97h7oPW4319QqQU+puCt+n93PLMbo/tHvRH3c4jzdmGHg5qP33XoHMRX75prAw3X/3fX//Ni/FvNsy6Udb/VWDI+TCkm37Is2CTsCQkcsBF9IwM8UQc03jIYpo+/6Fp6qZl6IZW6JPgNO9zdVPLxybMPw1ps2nrSutje1XiQ3Fw7v6f77meTK97jivc/03LdVX8u65R1v9V4J3139natnXbMvA2ZrlbZVR/gri5qD/DFe7/Rfy7bt0u6/9KUN7/P2uc1f+bywNXuP/P679tO2X9XwWuUv/L+/+nh5uv/u+t/5btXIx/13adsv6vAne+r2WpqJ2wuEbjl5BM5YjHtqbdgV2eTAUbjiSoz3/wU37xh3Z7V7uD0jbzaZzSALIYiwfIEQUvIT7+FJINeExFyngMlm7AmlKoFqLq+j20MOUZRGQKMZeQpRRNsBQGDOegE58mElgMmCiSkKn0AGMmR/k0hREdTTwtTPATSVCboH6CT4PzekBkTlhhJGWS7tRq4/EY849iq3MxrIUzzbTWbu3ud3r7m8g4H3MUhzRNofhGFsDJFFTaYj45QZohGQMXQIaCokxyRXgsmGTxcANSPpBjIihaCVgqBTvJ5NJqzemh0+cVcL1IDFWvB61eFe57vVZvA208afUfdI/68MQ7PPQ6/dZ+D7qHsNvt7LX6rW4Hn34Er/MUHrY6extAca1wGjrBA438kSRT60gDtWg9SpcIDPiMUJpQnw2Yj37FwwzzAgwxN4sY3YGEioilajdTpBeglZBFTBKZ91xySte0geARzD4W6SQ41fM8kyoeXEhoh5GnOmZqOIukE8L0pY9Oc10vOPWSRNO0gA5gSFE+8UdIkR4LIumapjbWz4SgsT89VvZ2AJcTmlA96u1VN5blki+k+0eHF6UBGlzIQ3xIJaqs76BWQUYdBexNsQeXNuFqAZuLXh3pzQgBDKrz00YSpg8EiU8HGfopVOWrvVqa83VBBCAhgkRp85UGC1SVT9WdZR83zitIfl4seSF7rZTWc6YyE/GCsP5ryuO1dS0PckFxfvD2HkK++EWYcR6mmuBczm6H6OJ8x2buRTygYbM6pBGLGYaLuzkISToq3GAxLmHmq8PRrKoYxTjA4BzRMBlkIRA8SJh0Y1moxwRfOO4u+C+2N5/67kwnZ9R8dmn7n+P2aNqc5OyorOWPzTP66+X7RIkSJUpcwn+2Vos4ACgAAA==
+ python_spec:
+ - entrypoint_module: agent
+ entrypoint_object: agent
+ requirements_file: requirements.txt
+ version: '3.13'
+ terraform_labels:
+ goog-terraform-provisioned: 'true'
+ timeouts: null
+
+counts:
+ google_project_iam_member: 2
+ google_vertex_ai_reasoning_engine: 1
+ modules: 1
+ resources: 3
+
+outputs: {}
diff --git a/tests/modules/agent_engine/examples/minimal-pickle.yaml b/tests/modules/agent_engine/examples/minimal-pickle.yaml
index a00c61c82..d7809c936 100644
--- a/tests/modules/agent_engine/examples/minimal-pickle.yaml
+++ b/tests/modules/agent_engine/examples/minimal-pickle.yaml
@@ -13,26 +13,14 @@
# limitations under the License.
values:
- module.agent_engine.google_project_iam_member.default["roles/aiplatform.user"]:
+ module.agent_engine.google_project_iam_member.iam_member_identity["roles/aiplatform.user"]:
condition: []
- member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
project: project-id
role: roles/aiplatform.user
- module.agent_engine.google_project_iam_member.default["roles/storage.objectViewer"]:
+ module.agent_engine.google_project_iam_member.iam_member_identity["roles/storage.objectViewer"]:
condition: []
- member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
project: project-id
role: roles/storage.objectViewer
- module.agent_engine.google_service_account.service_account[0]:
- account_id: my-agent
- create_ignore_already_exists: null
- description: null
- disabled: false
- display_name: my-agent
- email: my-agent@project-id.iam.gserviceaccount.com
- member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
- project: project-id
- timeouts: null
module.agent_engine.google_storage_bucket.default[0]:
autoclass: []
cors: []
@@ -131,30 +119,24 @@ values:
class_methods: null
container_spec: []
deployment_spec: []
- identity_type: null
+ identity_type: AGENT_IDENTITY
package_spec:
- dependency_files_gcs_uri: gs://my-agent/dependencies.tar.gz
pickle_object_gcs_uri: gs://my-agent/pickle.pkl
python_version: '3.13'
requirements_gcs_uri: gs://my-agent/requirements.txt
- service_account: my-agent@project-id.iam.gserviceaccount.com
+ service_account: null
source_code_spec: []
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
- module.agent_engine.time_sleep.wait_5_minutes:
- create_duration: 5m
- destroy_duration: null
- triggers: null
counts:
google_project_iam_member: 2
- google_service_account: 1
google_storage_bucket: 1
google_storage_bucket_object: 3
google_vertex_ai_reasoning_engine: 1
modules: 1
- resources: 9
- time_sleep: 1
+ resources: 7
outputs: {}
diff --git a/tests/modules/agent_engine/examples/minimal.yaml b/tests/modules/agent_engine/examples/minimal.yaml
index 9840fa2fb..6e96b6345 100644
--- a/tests/modules/agent_engine/examples/minimal.yaml
+++ b/tests/modules/agent_engine/examples/minimal.yaml
@@ -13,26 +13,14 @@
# limitations under the License.
values:
- module.agent_engine.google_project_iam_member.default["roles/aiplatform.user"]:
+ module.agent_engine.google_project_iam_member.iam_member_identity["roles/aiplatform.user"]:
condition: []
- member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
project: project-id
role: roles/aiplatform.user
- module.agent_engine.google_project_iam_member.default["roles/storage.objectViewer"]:
+ module.agent_engine.google_project_iam_member.iam_member_identity["roles/storage.objectViewer"]:
condition: []
- member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
project: project-id
role: roles/storage.objectViewer
- module.agent_engine.google_service_account.service_account[0]:
- account_id: my-agent
- create_ignore_already_exists: null
- description: null
- disabled: false
- display_name: my-agent
- email: my-agent@project-id.iam.gserviceaccount.com
- member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
- project: project-id
- timeouts: null
module.agent_engine.google_vertex_ai_reasoning_engine.managed[0]:
context_spec: []
deletion_policy: null
@@ -49,29 +37,27 @@ values:
class_methods: null
container_spec: []
deployment_spec: []
- identity_type: null
+ identity_type: AGENT_IDENTITY
package_spec: []
- service_account: my-agent@project-id.iam.gserviceaccount.com
+ service_account: null
source_code_spec:
- developer_connect_source: []
image_spec: []
inline_source:
- source_archive: H4sIAMCUSmkAA+1Y727bNhB3CwzbtM/b55v7oQmQyPprJyk8QE2y1ahrZ7HTriiKgJFom4skqhRV2yj6Hvu8PdL2AgP2CHuAHWXZiZP+C5C4WKsfQNjiHY+/I3l3og7I5AElARU1/VjQFxkTNKKxTHU5kZVrgmEYdceBSiMHVCy34Vo2qP4ZXAdM17Qs1eomGJZp160KTK6LwLuQpZIIpBJmPkkElfQteolgERHToeBZ8ib5zBNY/P5PYDqQsaC5ZWw5DUuzDYgki2jTbNTrzrbrGNt6fatuGbhljvaxuZa4ftxc1J9hHv+24dqGbVyKf8uxl+PfbNgNtwLG9VO5jM88/itffPdl5Xal8oj40O3BL1BA9VW+xmZhe4FNPf/xYSa9fv+w+KtG/Ibtmwsqt876v/V5pJMkCameCP6SxiT2aeXW7cpf//z+1b9/b/15DU6WeBsOFvX/5vLA++o/Bv3F+m869bL+rwJXqf9uA9qt+97h7oPW4319QqQU+puCt+n93PLMbo/tHvRH3c4jzdmGHg5qP33XoHMRX75prAw3X/3fX//Ni/FvNsy6Udb/VWDI+TCkm37Is2CTsCQkcsBF9IwM8UQc03jIYpo+/6Fp6qZl6IZW6JPgNO9zdVPLxybMPw1ps2nrSutje1XiQ3Fw7v6f77meTK97jivc/03LdVX8u65R1v9V4J3139natnXbMvA2ZrlbZVR/gri5qD/DFe7/Rfy7bt0u6/9KUN7/P2uc1f+bywNXuP/P679tO2X9XwWuUv/L+/+nh5uv/u+t/5btXIx/13adsv6vAne+r2WpqJ2wuEbjl5BM5YjHtqbdgV2eTAUbjiSoz3/wU37xh3Z7V7uD0jbzaZzSALIYiwfIEQUvIT7+FJINeExFyngMlm7AmlKoFqLq+j20MOUZRGQKMZeQpRRNsBQGDOegE58mElgMmCiSkKn0AGMmR/k0hREdTTwtTPATSVCboH6CT4PzekBkTlhhJGWS7tRq4/EY849iq3MxrIUzzbTWbu3ud3r7m8g4H3MUhzRNofhGFsDJFFTaYj45QZohGQMXQIaCokxyRXgsmGTxcANSPpBjIihaCVgqBTvJ5NJqzemh0+cVcL1IDFWvB61eFe57vVZvA208afUfdI/68MQ7PPQ6/dZ+D7qHsNvt7LX6rW4Hn34Er/MUHrY6extAca1wGjrBA438kSRT60gDtWg9SpcIDPiMUJpQnw2Yj37FwwzzAgwxN4sY3YGEioilajdTpBeglZBFTBKZ91xySte0geARzD4W6SQ41fM8kyoeXEhoh5GnOmZqOIukE8L0pY9Oc10vOPWSRNO0gA5gSFE+8UdIkR4LIumapjbWz4SgsT89VvZ2AJcTmlA96u1VN5blki+k+0eHF6UBGlzIQ3xIJaqs76BWQUYdBexNsQeXNuFqAZuLXh3pzQgBDKrz00YSpg8EiU8HGfopVOWrvVqa83VBBCAhgkRp85UGC1SVT9WdZR83zitIfl4seSF7rZTWc6YyE/GCsP5ryuO1dS0PckFxfvD2HkK++EWYcR6mmuBczm6H6OJ8x2buRTygYbM6pBGLGYaLuzkISToq3GAxLmHmq8PRrKoYxTjA4BzRMBlkIRA8SJh0Y1moxwRfOO4u+C+2N5/67kwnZ9R8dmn7n+P2aNqc5OyorOWPzTP66+X7RIkSJUpcwn+2Vos4ACgAAA==
- python_spec: []
+ python_spec:
+ - entrypoint_module: agent
+ entrypoint_object: agent
+ requirements_file: requirements.txt
+ version: '3.13'
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
- module.agent_engine.time_sleep.wait_5_minutes:
- create_duration: 5m
- destroy_duration: null
- triggers: null
counts:
google_project_iam_member: 2
- google_service_account: 1
google_vertex_ai_reasoning_engine: 1
modules: 1
- resources: 5
- time_sleep: 1
+ resources: 3
outputs: {}
diff --git a/tests/modules/agent_engine/examples/pickle-gcs.yaml b/tests/modules/agent_engine/examples/pickle-gcs.yaml
index 6c427e146..571adc432 100644
--- a/tests/modules/agent_engine/examples/pickle-gcs.yaml
+++ b/tests/modules/agent_engine/examples/pickle-gcs.yaml
@@ -13,26 +13,14 @@
# limitations under the License.
values:
- module.agent_engine.google_project_iam_member.default["roles/aiplatform.user"]:
+ module.agent_engine.google_project_iam_member.iam_member_identity["roles/aiplatform.user"]:
condition: []
- member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
project: project-id
role: roles/aiplatform.user
- module.agent_engine.google_project_iam_member.default["roles/storage.objectViewer"]:
+ module.agent_engine.google_project_iam_member.iam_member_identity["roles/storage.objectViewer"]:
condition: []
- member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
project: project-id
role: roles/storage.objectViewer
- module.agent_engine.google_service_account.service_account[0]:
- account_id: my-agent
- create_ignore_already_exists: null
- description: null
- disabled: false
- display_name: my-agent
- email: my-agent@project-id.iam.gserviceaccount.com
- member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
- project: project-id
- timeouts: null
module.agent_engine.google_storage_bucket.default[0]:
autoclass: []
cors: []
@@ -74,29 +62,23 @@ values:
class_methods: null
container_spec: []
deployment_spec: []
- identity_type: null
+ identity_type: AGENT_IDENTITY
package_spec:
- dependency_files_gcs_uri: gs://my-bucket/dependencies.tar.gz
pickle_object_gcs_uri: gs://my-bucket/pickle.pkl
python_version: '3.13'
requirements_gcs_uri: gs://my-bucket/requirements.txt
- service_account: my-agent@project-id.iam.gserviceaccount.com
+ service_account: null
source_code_spec: []
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
- module.agent_engine.time_sleep.wait_5_minutes:
- create_duration: 5m
- destroy_duration: null
- triggers: null
counts:
google_project_iam_member: 2
- google_service_account: 1
google_storage_bucket: 1
google_vertex_ai_reasoning_engine: 1
modules: 1
- resources: 6
- time_sleep: 1
+ resources: 4
outputs: {}
diff --git a/tests/modules/agent_engine/examples/psc-i.yaml b/tests/modules/agent_engine/examples/psc-i.yaml
index 7ebaef0b1..e10ac3724 100644
--- a/tests/modules/agent_engine/examples/psc-i.yaml
+++ b/tests/modules/agent_engine/examples/psc-i.yaml
@@ -13,26 +13,14 @@
# limitations under the License.
values:
- module.agent_engine.google_project_iam_member.default["roles/aiplatform.user"]:
+ module.agent_engine.google_project_iam_member.iam_member_identity["roles/aiplatform.user"]:
condition: []
- member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
project: project-id
role: roles/aiplatform.user
- module.agent_engine.google_project_iam_member.default["roles/storage.objectViewer"]:
+ module.agent_engine.google_project_iam_member.iam_member_identity["roles/storage.objectViewer"]:
condition: []
- member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
project: project-id
role: roles/storage.objectViewer
- module.agent_engine.google_service_account.service_account[0]:
- account_id: my-agent
- create_ignore_already_exists: null
- description: null
- disabled: false
- display_name: my-agent
- email: my-agent@project-id.iam.gserviceaccount.com
- member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
- project: project-id
- timeouts: null
module.agent_engine.google_vertex_ai_reasoning_engine.managed[0]:
context_spec: []
deletion_policy: null
@@ -57,29 +45,27 @@ values:
target_project: project-id
network_attachment: projects/project-id/regions/europe-west8/networkAttachments/my-nat
secret_env: []
- identity_type: null
+ identity_type: AGENT_IDENTITY
package_spec: []
- service_account: my-agent@project-id.iam.gserviceaccount.com
+ service_account: null
source_code_spec:
- developer_connect_source: []
image_spec: []
inline_source:
- source_archive: H4sIAMCUSmkAA+1Y727bNhB3CwzbtM/b55v7oQmQyPprJyk8QE2y1ahrZ7HTriiKgJFom4skqhRV2yj6Hvu8PdL2AgP2CHuAHWXZiZP+C5C4WKsfQNjiHY+/I3l3og7I5AElARU1/VjQFxkTNKKxTHU5kZVrgmEYdceBSiMHVCy34Vo2qP4ZXAdM17Qs1eomGJZp160KTK6LwLuQpZIIpBJmPkkElfQteolgERHToeBZ8ib5zBNY/P5PYDqQsaC5ZWw5DUuzDYgki2jTbNTrzrbrGNt6fatuGbhljvaxuZa4ftxc1J9hHv+24dqGbVyKf8uxl+PfbNgNtwLG9VO5jM88/itffPdl5Xal8oj40O3BL1BA9VW+xmZhe4FNPf/xYSa9fv+w+KtG/Ibtmwsqt876v/V5pJMkCameCP6SxiT2aeXW7cpf//z+1b9/b/15DU6WeBsOFvX/5vLA++o/Bv3F+m869bL+rwJXqf9uA9qt+97h7oPW4319QqQU+puCt+n93PLMbo/tHvRH3c4jzdmGHg5qP33XoHMRX75prAw3X/3fX//Ni/FvNsy6Udb/VWDI+TCkm37Is2CTsCQkcsBF9IwM8UQc03jIYpo+/6Fp6qZl6IZW6JPgNO9zdVPLxybMPw1ps2nrSutje1XiQ3Fw7v6f77meTK97jivc/03LdVX8u65R1v9V4J3139natnXbMvA2ZrlbZVR/gri5qD/DFe7/Rfy7bt0u6/9KUN7/P2uc1f+bywNXuP/P679tO2X9XwWuUv/L+/+nh5uv/u+t/5btXIx/13adsv6vAne+r2WpqJ2wuEbjl5BM5YjHtqbdgV2eTAUbjiSoz3/wU37xh3Z7V7uD0jbzaZzSALIYiwfIEQUvIT7+FJINeExFyngMlm7AmlKoFqLq+j20MOUZRGQKMZeQpRRNsBQGDOegE58mElgMmCiSkKn0AGMmR/k0hREdTTwtTPATSVCboH6CT4PzekBkTlhhJGWS7tRq4/EY849iq3MxrIUzzbTWbu3ud3r7m8g4H3MUhzRNofhGFsDJFFTaYj45QZohGQMXQIaCokxyRXgsmGTxcANSPpBjIihaCVgqBTvJ5NJqzemh0+cVcL1IDFWvB61eFe57vVZvA208afUfdI/68MQ7PPQ6/dZ+D7qHsNvt7LX6rW4Hn34Er/MUHrY6extAca1wGjrBA438kSRT60gDtWg9SpcIDPiMUJpQnw2Yj37FwwzzAgwxN4sY3YGEioilajdTpBeglZBFTBKZ91xySte0geARzD4W6SQ41fM8kyoeXEhoh5GnOmZqOIukE8L0pY9Oc10vOPWSRNO0gA5gSFE+8UdIkR4LIumapjbWz4SgsT89VvZ2AJcTmlA96u1VN5blki+k+0eHF6UBGlzIQ3xIJaqs76BWQUYdBexNsQeXNuFqAZuLXh3pzQgBDKrz00YSpg8EiU8HGfopVOWrvVqa83VBBCAhgkRp85UGC1SVT9WdZR83zitIfl4seSF7rZTWc6YyE/GCsP5ryuO1dS0PckFxfvD2HkK++EWYcR6mmuBczm6H6OJ8x2buRTygYbM6pBGLGYaLuzkISToq3GAxLmHmq8PRrKoYxTjA4BzRMBlkIRA8SJh0Y1moxwRfOO4u+C+2N5/67kwnZ9R8dmn7n+P2aNqc5OyorOWPzTP66+X7RIkSJUpcwn+2Vos4ACgAAA==
- python_spec: []
+ python_spec:
+ - entrypoint_module: agent
+ entrypoint_object: agent
+ requirements_file: requirements.txt
+ version: '3.13'
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
- module.agent_engine.time_sleep.wait_5_minutes:
- create_duration: 5m
- destroy_duration: null
- triggers: null
counts:
google_project_iam_member: 2
- google_service_account: 1
google_vertex_ai_reasoning_engine: 1
modules: 1
- resources: 5
- time_sleep: 1
+ resources: 3
outputs: {}
diff --git a/tests/modules/agent_engine/examples/sa-default.yaml b/tests/modules/agent_engine/examples/sa-create.yaml
similarity index 90%
rename from tests/modules/agent_engine/examples/sa-default.yaml
rename to tests/modules/agent_engine/examples/sa-create.yaml
index 9840fa2fb..cb145a252 100644
--- a/tests/modules/agent_engine/examples/sa-default.yaml
+++ b/tests/modules/agent_engine/examples/sa-create.yaml
@@ -13,12 +13,12 @@
# limitations under the License.
values:
- module.agent_engine.google_project_iam_member.default["roles/aiplatform.user"]:
+ module.agent_engine.google_project_iam_member.iam_member_sa["roles/aiplatform.user"]:
condition: []
member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
project: project-id
role: roles/aiplatform.user
- module.agent_engine.google_project_iam_member.default["roles/storage.objectViewer"]:
+ module.agent_engine.google_project_iam_member.iam_member_sa["roles/storage.objectViewer"]:
condition: []
member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
project: project-id
@@ -49,7 +49,7 @@ values:
class_methods: null
container_spec: []
deployment_spec: []
- identity_type: null
+ identity_type: SERVICE_ACCOUNT
package_spec: []
service_account: my-agent@project-id.iam.gserviceaccount.com
source_code_spec:
@@ -57,21 +57,20 @@ values:
image_spec: []
inline_source:
- source_archive: H4sIAMCUSmkAA+1Y727bNhB3CwzbtM/b55v7oQmQyPprJyk8QE2y1ahrZ7HTriiKgJFom4skqhRV2yj6Hvu8PdL2AgP2CHuAHWXZiZP+C5C4WKsfQNjiHY+/I3l3og7I5AElARU1/VjQFxkTNKKxTHU5kZVrgmEYdceBSiMHVCy34Vo2qP4ZXAdM17Qs1eomGJZp160KTK6LwLuQpZIIpBJmPkkElfQteolgERHToeBZ8ib5zBNY/P5PYDqQsaC5ZWw5DUuzDYgki2jTbNTrzrbrGNt6fatuGbhljvaxuZa4ftxc1J9hHv+24dqGbVyKf8uxl+PfbNgNtwLG9VO5jM88/itffPdl5Xal8oj40O3BL1BA9VW+xmZhe4FNPf/xYSa9fv+w+KtG/Ibtmwsqt876v/V5pJMkCameCP6SxiT2aeXW7cpf//z+1b9/b/15DU6WeBsOFvX/5vLA++o/Bv3F+m869bL+rwJXqf9uA9qt+97h7oPW4319QqQU+puCt+n93PLMbo/tHvRH3c4jzdmGHg5qP33XoHMRX75prAw3X/3fX//Ni/FvNsy6Udb/VWDI+TCkm37Is2CTsCQkcsBF9IwM8UQc03jIYpo+/6Fp6qZl6IZW6JPgNO9zdVPLxybMPw1ps2nrSutje1XiQ3Fw7v6f77meTK97jivc/03LdVX8u65R1v9V4J3139natnXbMvA2ZrlbZVR/gri5qD/DFe7/Rfy7bt0u6/9KUN7/P2uc1f+bywNXuP/P679tO2X9XwWuUv/L+/+nh5uv/u+t/5btXIx/13adsv6vAne+r2WpqJ2wuEbjl5BM5YjHtqbdgV2eTAUbjiSoz3/wU37xh3Z7V7uD0jbzaZzSALIYiwfIEQUvIT7+FJINeExFyngMlm7AmlKoFqLq+j20MOUZRGQKMZeQpRRNsBQGDOegE58mElgMmCiSkKn0AGMmR/k0hREdTTwtTPATSVCboH6CT4PzekBkTlhhJGWS7tRq4/EY849iq3MxrIUzzbTWbu3ud3r7m8g4H3MUhzRNofhGFsDJFFTaYj45QZohGQMXQIaCokxyRXgsmGTxcANSPpBjIihaCVgqBTvJ5NJqzemh0+cVcL1IDFWvB61eFe57vVZvA208afUfdI/68MQ7PPQ6/dZ+D7qHsNvt7LX6rW4Hn34Er/MUHrY6extAca1wGjrBA438kSRT60gDtWg9SpcIDPiMUJpQnw2Yj37FwwzzAgwxN4sY3YGEioilajdTpBeglZBFTBKZ91xySte0geARzD4W6SQ41fM8kyoeXEhoh5GnOmZqOIukE8L0pY9Oc10vOPWSRNO0gA5gSFE+8UdIkR4LIumapjbWz4SgsT89VvZ2AJcTmlA96u1VN5blki+k+0eHF6UBGlzIQ3xIJaqs76BWQUYdBexNsQeXNuFqAZuLXh3pzQgBDKrz00YSpg8EiU8HGfopVOWrvVqa83VBBCAhgkRp85UGC1SVT9WdZR83zitIfl4seSF7rZTWc6YyE/GCsP5ryuO1dS0PckFxfvD2HkK++EWYcR6mmuBczm6H6OJ8x2buRTygYbM6pBGLGYaLuzkISToq3GAxLmHmq8PRrKoYxTjA4BzRMBlkIRA8SJh0Y1moxwRfOO4u+C+2N5/67kwnZ9R8dmn7n+P2aNqc5OyorOWPzTP66+X7RIkSJUpcwn+2Vos4ACgAAA==
- python_spec: []
+ python_spec:
+ - entrypoint_module: agent
+ entrypoint_object: agent
+ requirements_file: requirements.txt
+ version: '3.13'
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
- module.agent_engine.time_sleep.wait_5_minutes:
- create_duration: 5m
- destroy_duration: null
- triggers: null
counts:
google_project_iam_member: 2
google_service_account: 1
google_vertex_ai_reasoning_engine: 1
modules: 1
- resources: 5
- time_sleep: 1
+ resources: 4
outputs: {}
diff --git a/tests/modules/agent_engine/examples/sa-custom.yaml b/tests/modules/agent_engine/examples/sa-external.yaml
similarity index 93%
rename from tests/modules/agent_engine/examples/sa-custom.yaml
rename to tests/modules/agent_engine/examples/sa-external.yaml
index e97d121a1..99b7bc5a1 100644
--- a/tests/modules/agent_engine/examples/sa-custom.yaml
+++ b/tests/modules/agent_engine/examples/sa-external.yaml
@@ -29,7 +29,7 @@ values:
class_methods: null
container_spec: []
deployment_spec: []
- identity_type: null
+ identity_type: SERVICE_ACCOUNT
package_spec: []
service_account: my-agent@project-id.iam.gserviceaccount.com
source_code_spec:
@@ -37,19 +37,18 @@ values:
image_spec: []
inline_source:
- source_archive: H4sIAMCUSmkAA+1Y727bNhB3CwzbtM/b55v7oQmQyPprJyk8QE2y1ahrZ7HTriiKgJFom4skqhRV2yj6Hvu8PdL2AgP2CHuAHWXZiZP+C5C4WKsfQNjiHY+/I3l3og7I5AElARU1/VjQFxkTNKKxTHU5kZVrgmEYdceBSiMHVCy34Vo2qP4ZXAdM17Qs1eomGJZp160KTK6LwLuQpZIIpBJmPkkElfQteolgERHToeBZ8ib5zBNY/P5PYDqQsaC5ZWw5DUuzDYgki2jTbNTrzrbrGNt6fatuGbhljvaxuZa4ftxc1J9hHv+24dqGbVyKf8uxl+PfbNgNtwLG9VO5jM88/itffPdl5Xal8oj40O3BL1BA9VW+xmZhe4FNPf/xYSa9fv+w+KtG/Ibtmwsqt876v/V5pJMkCameCP6SxiT2aeXW7cpf//z+1b9/b/15DU6WeBsOFvX/5vLA++o/Bv3F+m869bL+rwJXqf9uA9qt+97h7oPW4319QqQU+puCt+n93PLMbo/tHvRH3c4jzdmGHg5qP33XoHMRX75prAw3X/3fX//Ni/FvNsy6Udb/VWDI+TCkm37Is2CTsCQkcsBF9IwM8UQc03jIYpo+/6Fp6qZl6IZW6JPgNO9zdVPLxybMPw1ps2nrSutje1XiQ3Fw7v6f77meTK97jivc/03LdVX8u65R1v9V4J3139natnXbMvA2ZrlbZVR/gri5qD/DFe7/Rfy7bt0u6/9KUN7/P2uc1f+bywNXuP/P679tO2X9XwWuUv/L+/+nh5uv/u+t/5btXIx/13adsv6vAne+r2WpqJ2wuEbjl5BM5YjHtqbdgV2eTAUbjiSoz3/wU37xh3Z7V7uD0jbzaZzSALIYiwfIEQUvIT7+FJINeExFyngMlm7AmlKoFqLq+j20MOUZRGQKMZeQpRRNsBQGDOegE58mElgMmCiSkKn0AGMmR/k0hREdTTwtTPATSVCboH6CT4PzekBkTlhhJGWS7tRq4/EY849iq3MxrIUzzbTWbu3ud3r7m8g4H3MUhzRNofhGFsDJFFTaYj45QZohGQMXQIaCokxyRXgsmGTxcANSPpBjIihaCVgqBTvJ5NJqzemh0+cVcL1IDFWvB61eFe57vVZvA208afUfdI/68MQ7PPQ6/dZ+D7qHsNvt7LX6rW4Hn34Er/MUHrY6extAca1wGjrBA438kSRT60gDtWg9SpcIDPiMUJpQnw2Yj37FwwzzAgwxN4sY3YGEioilajdTpBeglZBFTBKZ91xySte0geARzD4W6SQ41fM8kyoeXEhoh5GnOmZqOIukE8L0pY9Oc10vOPWSRNO0gA5gSFE+8UdIkR4LIumapjbWz4SgsT89VvZ2AJcTmlA96u1VN5blki+k+0eHF6UBGlzIQ3xIJaqs76BWQUYdBexNsQeXNuFqAZuLXh3pzQgBDKrz00YSpg8EiU8HGfopVOWrvVqa83VBBCAhgkRp85UGC1SVT9WdZR83zitIfl4seSF7rZTWc6YyE/GCsP5ryuO1dS0PckFxfvD2HkK++EWYcR6mmuBczm6H6OJ8x2buRTygYbM6pBGLGYaLuzkISToq3GAxLmHmq8PRrKoYxTjA4BzRMBlkIRA8SJh0Y1moxwRfOO4u+C+2N5/67kwnZ9R8dmn7n+P2aNqc5OyorOWPzTP66+X7RIkSJUpcwn+2Vos4ACgAAA==
- python_spec: []
+ python_spec:
+ - entrypoint_module: agent
+ entrypoint_object: agent
+ requirements_file: requirements.txt
+ version: '3.13'
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
- module.agent_engine.time_sleep.wait_5_minutes:
- create_duration: 5m
- destroy_duration: null
- triggers: null
counts:
google_vertex_ai_reasoning_engine: 1
modules: 1
- resources: 2
- time_sleep: 1
+ resources: 1
outputs: {}
diff --git a/tests/modules/agent_engine/examples/unmanaged.yaml b/tests/modules/agent_engine/examples/unmanaged.yaml
index 4cb8e4c2c..07ace0197 100644
--- a/tests/modules/agent_engine/examples/unmanaged.yaml
+++ b/tests/modules/agent_engine/examples/unmanaged.yaml
@@ -13,26 +13,14 @@
# limitations under the License.
values:
- module.agent_engine.google_project_iam_member.default["roles/aiplatform.user"]:
+ module.agent_engine.google_project_iam_member.iam_member_identity["roles/aiplatform.user"]:
condition: []
- member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
project: project-id
role: roles/aiplatform.user
- module.agent_engine.google_project_iam_member.default["roles/storage.objectViewer"]:
+ module.agent_engine.google_project_iam_member.iam_member_identity["roles/storage.objectViewer"]:
condition: []
- member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
project: project-id
role: roles/storage.objectViewer
- module.agent_engine.google_service_account.service_account[0]:
- account_id: my-agent
- create_ignore_already_exists: null
- description: null
- disabled: false
- display_name: my-agent
- email: my-agent@project-id.iam.gserviceaccount.com
- member: serviceAccount:my-agent@project-id.iam.gserviceaccount.com
- project: project-id
- timeouts: null
module.agent_engine.google_vertex_ai_reasoning_engine.unmanaged[0]:
context_spec: []
deletion_policy: null
@@ -49,29 +37,26 @@ values:
class_methods: null
container_spec: []
deployment_spec: []
- identity_type: null
+ identity_type: AGENT_IDENTITY
package_spec: []
- service_account: my-agent@project-id.iam.gserviceaccount.com
+ service_account: null
source_code_spec:
- developer_connect_source: []
image_spec: []
- inline_source:
- - source_archive: H4sIAMCUSmkAA+1Y727bNhB3CwzbtM/b55v7oQmQyPprJyk8QE2y1ahrZ7HTriiKgJFom4skqhRV2yj6Hvu8PdL2AgP2CHuAHWXZiZP+C5C4WKsfQNjiHY+/I3l3og7I5AElARU1/VjQFxkTNKKxTHU5kZVrgmEYdceBSiMHVCy34Vo2qP4ZXAdM17Qs1eomGJZp160KTK6LwLuQpZIIpBJmPkkElfQteolgERHToeBZ8ib5zBNY/P5PYDqQsaC5ZWw5DUuzDYgki2jTbNTrzrbrGNt6fatuGbhljvaxuZa4ftxc1J9hHv+24dqGbVyKf8uxl+PfbNgNtwLG9VO5jM88/itffPdl5Xal8oj40O3BL1BA9VW+xmZhe4FNPf/xYSa9fv+w+KtG/Ibtmwsqt876v/V5pJMkCameCP6SxiT2aeXW7cpf//z+1b9/b/15DU6WeBsOFvX/5vLA++o/Bv3F+m869bL+rwJXqf9uA9qt+97h7oPW4319QqQU+puCt+n93PLMbo/tHvRH3c4jzdmGHg5qP33XoHMRX75prAw3X/3fX//Ni/FvNsy6Udb/VWDI+TCkm37Is2CTsCQkcsBF9IwM8UQc03jIYpo+/6Fp6qZl6IZW6JPgNO9zdVPLxybMPw1ps2nrSutje1XiQ3Fw7v6f77meTK97jivc/03LdVX8u65R1v9V4J3139natnXbMvA2ZrlbZVR/gri5qD/DFe7/Rfy7bt0u6/9KUN7/P2uc1f+bywNXuP/P679tO2X9XwWuUv/L+/+nh5uv/u+t/5btXIx/13adsv6vAne+r2WpqJ2wuEbjl5BM5YjHtqbdgV2eTAUbjiSoz3/wU37xh3Z7V7uD0jbzaZzSALIYiwfIEQUvIT7+FJINeExFyngMlm7AmlKoFqLq+j20MOUZRGQKMZeQpRRNsBQGDOegE58mElgMmCiSkKn0AGMmR/k0hREdTTwtTPATSVCboH6CT4PzekBkTlhhJGWS7tRq4/EY849iq3MxrIUzzbTWbu3ud3r7m8g4H3MUhzRNofhGFsDJFFTaYj45QZohGQMXQIaCokxyRXgsmGTxcANSPpBjIihaCVgqBTvJ5NJqzemh0+cVcL1IDFWvB61eFe57vVZvA208afUfdI/68MQ7PPQ6/dZ+D7qHsNvt7LX6rW4Hn34Er/MUHrY6extAca1wGjrBA438kSRT60gDtWg9SpcIDPiMUJpQnw2Yj37FwwzzAgwxN4sY3YGEioilajdTpBeglZBFTBKZ91xySte0geARzD4W6SQ41fM8kyoeXEhoh5GnOmZqOIukE8L0pY9Oc10vOPWSRNO0gA5gSFE+8UdIkR4LIumapjbWz4SgsT89VvZ2AJcTmlA96u1VN5blki+k+0eHF6UBGlzIQ3xIJaqs76BWQUYdBexNsQeXNuFqAZuLXh3pzQgBDKrz00YSpg8EiU8HGfopVOWrvVqa83VBBCAhgkRp85UGC1SVT9WdZR83zitIfl4seSF7rZTWc6YyE/GCsP5ryuO1dS0PckFxfvD2HkK++EWYcR6mmuBczm6H6OJ8x2buRTygYbM6pBGLGYaLuzkISToq3GAxLmHmq8PRrKoYxTjA4BzRMBlkIRA8SJh0Y1moxwRfOO4u+C+2N5/67kwnZ9R8dmn7n+P2aNqc5OyorOWPzTP66+X7RIkSJUpcwn+2Vos4ACgAAA==
- python_spec: []
+ inline_source: []
+ python_spec:
+ - entrypoint_module: agent
+ entrypoint_object: agent
+ requirements_file: requirements.txt
+ version: '3.13'
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
- module.agent_engine.time_sleep.wait_5_minutes:
- create_duration: 5m
- destroy_duration: null
- triggers: null
counts:
google_project_iam_member: 2
- google_service_account: 1
google_vertex_ai_reasoning_engine: 1
modules: 1
- resources: 5
- time_sleep: 1
+ resources: 3
outputs: {}
diff --git a/tools/duplicate-diff.py b/tools/duplicate-diff.py
index 4c7ab5939..01f4811e0 100755
--- a/tools/duplicate-diff.py
+++ b/tools/duplicate-diff.py
@@ -119,7 +119,6 @@ duplicates = [
"modules/cloud-function-v2/bundle.tf",
],
[
- "modules/agent-engine/serviceaccount.tf",
"modules/cloud-function-v1/serviceaccount.tf",
"modules/cloud-function-v2/serviceaccount.tf",
"modules/cloud-run-v2/serviceaccount.tf",