Added AI generated scaffold.

2026-06-10 01:12:36 +02:00
commit c7e75cabe6
7 changed files with 206 additions and 0 deletions
@@ -0,0 +1,76 @@
+# ─────────────────────────────────────────────
+# 1. API Enablement
+# ─────────────────────────────────────────────
+
+locals {
+  apis = toset([
+    "iam.googleapis.com",
+    "cloudresourcemanager.googleapis.com",
+    "aiplatform.googleapis.com",
+    "cloudaicompanion.googleapis.com",
+    "discoveryengine.googleapis.com",
+    "dialogflow.googleapis.com",
+    "secretmanager.googleapis.com",
+  ])
+}
+
+resource "google_project_service" "apis" {
+  for_each = local.apis
+
+  project = var.project_id
+  service = each.value
+
+  disable_on_destroy         = false
+  disable_dependent_services = false
+}
+
+# ─────────────────────────────────────────────
+# 2. Service Accounts
+# ─────────────────────────────────────────────
+
+resource "google_service_account" "agent_sa" {
+  project      = var.project_id
+  account_id   = "${var.prefix}-agent-sa"
+  display_name = "Gemini Agent Runtime SA"
+  description  = "Runtime service account for applications calling Vertex AI / Agent Engine APIs."
+
+  depends_on = [google_project_service.apis]
+}
+
+resource "google_service_account" "code_assist_sa" {
+  project      = var.project_id
+  account_id   = "${var.prefix}-code-assist-sa"
+  display_name = "Gemini Code Assist Enterprise SA"
+  description  = "Service account for Gemini Code Assist Enterprise IDE plugin configuration."
+
+  depends_on = [google_project_service.apis]
+}
+
+# ─────────────────────────────────────────────
+# 3. Project-level IAM Bindings (additive)
+# ─────────────────────────────────────────────
+
+resource "google_project_iam_member" "agent_sa_aiplatform_user" {
+  project = var.project_id
+  role    = "roles/aiplatform.user"
+  member  = google_service_account.agent_sa.member
+}
+
+resource "google_project_iam_member" "agent_sa_discovery_viewer" {
+  project = var.project_id
+  role    = "roles/discoveryengine.viewer"
+  member  = google_service_account.agent_sa.member
+}
+
+resource "google_project_iam_member" "agent_sa_cac_user" {
+  project = var.project_id
+  role    = "roles/cloudaicompanion.user"
+  member  = google_service_account.agent_sa.member
+}
+
+resource "google_project_iam_member" "code_assist_sa_cac_admin" {
+  project = var.project_id
+  role    = "roles/cloudaicompanion.admin"
+  member  = google_service_account.code_assist_sa.member
+}
+