* fix(modules): allow disabling logging and configuring optional fields in LB backend services
Replaced 'log_sample_rate' (number) with 'log_config' (object) in all Load Balancer Backend Service modules. This allows explicitly disabling logging ('enable = false') and configuring advanced options like 'optional_mode' and 'optional_fields', resolving infinite plan drift and the inability to disable logging.
Affected modules:
- net-lb-app-ext-regional
- net-lb-app-ext
- net-lb-app-int-cross-region
- net-lb-app-int
- net-lb-ext
- net-lb-int
- net-lb-proxy-int
Added test cases and updated documentation.
Fixes#3914
* style: format variables files with terraform fmt
* docs: add critical linting rule for AI agents to GEMINI.md
* feat(agent-engine): add support for container and custom image specs
- Add container_config to deployment_files.
- Add image_spec with build_args to source_config.
- Make agent_framework optional and document supported values.
- Implement dynamic specs for container and source deployments.
- Add examples and automated tests for new deployment types.
* chore: update Google provider version to 7.28.0 across modules
Mechanical update of versions.tf and versions.tofu files using tools/versions.py.
* feat(agent-engine): refactor for container deployments and API alignment
- Group deployment settings under 'deployment_config' (renamed from 'deployment_files').
- Support container-based deployments via 'container_config' and 'image_spec'.
- Refactor 'source_files_config' (renamed from 'source_config') to include mutually exclusive 'python_spec' and 'image_spec'.
- Support 'developer_connect_config' as a source code type.
- Group engine settings (framework, env, secrets) under 'agent_engine_config'.
- Add support for 'memory_bank_config' persistent memory.
- Overhaul reasoning engine resources with dynamic blocks to match provider schema.
- Update all documentation examples, add TOC, and refresh test inventories.
* Update dynamic python_spec block and related example yamls
* Ignore changes setting for developer_connect_source under lifecycle management
* fixing review comments for `try` and default path for `source_path`
---------
Co-authored-by: Hemanand <hemr@google.com>
Co-authored-by: Julio Castillo <jccb@google.com>
* feat(agent-engine): add support for memory bank configuration
* refactor(agent-engine): remove source_path_override and revert to standard source_path
* provider version upgrade from 7.17 to 7.27
* docs(agent-engine): fix README validation and update tables
---------
Co-authored-by: Hemanand <hemr@google.com>
* add ad for compute-vm refactor
* Exclue nic_type from validated fields, add split of main.tf and template.tf
* boot disk
* fix examples and fixtures
* attached disks
* fix further examples and module-level tests
* remove extra file
* fix mig examples
* finish refactoring variables
* align fast and other modules
* refactor(compute-vm): align examples and ADR with the newly implemented interface
This commit addresses the remaining references of the `instance_type` and `confidential_compute` parameters in the testing environment and updates the ADR.
* feat(compute-vm): add network_performance_config to instance and templates
This change implements the usage of the `network_performance_tier` variable we added earlier into the actual Terraform resources.
---------
Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
* Update CORS policy in urlmap_config to use lists for allow_headers, allow_methods, and expose_headers
* Update README.md to clarify urlmap_config structure and options for load balancer configuration
* refactor(net-lb-app-ext): improve configurability and resource references
- Allow overriding names for backend buckets and instance groups
- Add optional per-group description with default value
- Use self_link for instance group backend references
- Fix HTTP proxy name to use http_proxy_config
* reverted the instance group reference in backend service back to id instead of self link
* updated all the lb modules for unmanaged instance groups to have flexible names and proper refactorization of http_proxy_cofig in each module
* removed the description variable
* updated the readme.md for the net-lb-app-ext-regional module
* fixed the linting error for the change in versions.tf
---------
Co-authored-by: Julio Castillo <jccb@google.com>
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* Updates to add secret_sync to GKE module in CFF
* updated READMEs against the python tfdoc command
* updated version for secret_sync to reflect 7.12.0
* update provider versions to 7.12.0
* Updated READMEs which got clobbered by merge with main
* Fixed test errors in secret-manager module
---------
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
Updates the dynamic block in load balancer modules to make OAuth2 client fields optional.
This allows enabling Google-Managed IAP by omitting these fields or passing .
Supports migration path by passing as per Google documentation.
Added test case to to verify configuration.
