diff --git a/modules/apigee/recipe-apigee-swp/README.md b/modules/apigee/recipe-apigee-swp/README.md index 400b97b1a..a16513f75 100644 --- a/modules/apigee/recipe-apigee-swp/README.md +++ b/modules/apigee/recipe-apigee-swp/README.md @@ -54,4 +54,4 @@ module "recipe_apigee_swp" { subnet_proxy_only_ip_cidr_range = "10.16.2.0/24" } } -# tftest modules=10 resources=44 +# tftest modules=10 resources=43 diff --git a/modules/project/service-agents.yaml b/modules/project/service-agents.yaml index 7f8fb35ca..06a3ce030 100644 --- a/modules/project/service-agents.yaml +++ b/modules/project/service-agents.yaml @@ -1,4 +1,4 @@ -# Copyright 2025 Google LLC +# Copyright 2026 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -147,7 +147,7 @@ role: roles/agentgateway.serviceAgent is_primary: false aliases: [] - skip_iam: false + skip_iam: true - name: alloydb display_name: AlloyDB Service Account api: alloydb.googleapis.com @@ -1430,6 +1430,14 @@ is_primary: true aliases: [] skip_iam: false +- name: run-ai + display_name: Google Cloud Run AI Bundle Service Agent + api: run.googleapis.com + identity: service-${project_number}@gcp-sa-run-ai.${universe_domain}iam.gserviceaccount.com + role: null + is_primary: false + aliases: [] + skip_iam: false - name: serverless-robot-prod display_name: Google Cloud Run Service Agent api: run.googleapis.com @@ -2116,3 +2124,4 @@ is_primary: false aliases: [] skip_iam: false + diff --git a/tests/modules/project/service_agents.yaml b/tests/modules/project/service_agents.yaml index c51281104..ed32140a4 100644 --- a/tests/modules/project/service_agents.yaml +++ b/tests/modules/project/service_agents.yaml @@ -1,4 +1,4 @@ -# Copyright 2025 Google LLC +# Copyright 2026 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -145,6 +145,14 @@ outputs: is_primary: true name: serverless-robot-prod role: roles/run.serviceAgent + run-ai: + api: run.googleapis.com + display_name: Google Cloud Run AI Bundle Service Agent + email: service-12345@gcp-sa-run-ai.iam.gserviceaccount.com + iam_email: serviceAccount:service-12345@gcp-sa-run-ai.iam.gserviceaccount.com + is_primary: false + name: run-ai + role: null serverless-robot-prod: api: run.googleapis.com display_name: Google Cloud Run Service Agent diff --git a/tests/modules/project/service_agents_universe.yaml b/tests/modules/project/service_agents_universe.yaml index 867520006..0b0ea6828 100644 --- a/tests/modules/project/service_agents_universe.yaml +++ b/tests/modules/project/service_agents_universe.yaml @@ -147,6 +147,14 @@ outputs: is_primary: true name: serverless-robot-prod role: roles/run.serviceAgent + run-ai: + api: run.googleapis.com + display_name: Google Cloud Run AI Bundle Service Agent + email: service-12345@gcp-sa-run-ai.alpha-system.iam.gserviceaccount.com + iam_email: serviceAccount:service-12345@gcp-sa-run-ai.alpha-system.iam.gserviceaccount.com + is_primary: false + name: run-ai + role: null serverless-robot-prod: api: run.googleapis.com display_name: Google Cloud Run Service Agent diff --git a/tools/build_service_agents.py b/tools/build_service_agents.py index 4c432e434..56fa52e37 100755 --- a/tools/build_service_agents.py +++ b/tools/build_service_agents.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 -# Copyright 2025 Google LLC +# Copyright 2026 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -74,6 +74,7 @@ SKIP_IAM_AGENTS = [ 'service-PROJECT_NUMBER@gcp-sa-scc-notification.iam.gserviceaccount.com', 'service-PROJECT_NUMBER@gcp-sa-securitycenter.iam.gserviceaccount.com', 'service-PROJECT_NUMBER@gcp-sa-ns-authz.iam.gserviceaccount.com', + 'service-PROJECT_NUMBER@gcp-sa-agentgateway.iam.gserviceaccount.com', ] AGENT_NAME_OVERRIDE = {