Gemini Enterprise Blueprint - Release 1.2.0#15
Open
michael-intindola wants to merge 6 commits intomainfrom
Open
Gemini Enterprise Blueprint - Release 1.2.0#15michael-intindola wants to merge 6 commits intomainfrom
michael-intindola wants to merge 6 commits intomainfrom
Conversation
Updates the README to reflect the new version 1.2.0 and the latest capabilities of the blueprint. Revises the infrastructure description to better explain the core components, networking, security controls, and data storage. Clarifies the deployment automation features, including session persistence, interactive configuration, and helper functions.
Introduces support for a "none" deployment type, allowing the provisioning of the Gemini Enterprise application without a Load Balancer. Adds support for Google-managed SSL certificates via Certificate Manager. Simplifies CMEK management by removing key creation from Terraform and assuming keys are managed externally or via the deployment script. Adds Analytics capabilities by creating a BigQuery sink for Discovery Engine audit logs. Updates Data Store logic to create empty stores and wait for IAM propagation before importing data. Supports multiple user groups for Identity-Aware Proxy (IAP) access. Conditionally enables APIs based on the selected compliance regime.
Adds support for the IL5 compliance regime, including disabling specific features and implicit model caching not yet authorized for IL5. Introduces new commands for listing and distributing Gemini for Government licenses across projects. Enhances application creation by accepting display names, company names, and enabling audit logs. Updates assistant configurations and feature toggles to align with compliance requirements. Supports relative paths for Google Cloud Storage document imports.
Adds automated installation of tfenv and enforces Terraform version 1.12.2 to ensure consistent deployments. Introduces state hydration to persist configuration values across different stages and sessions. Improves authentication handling, including better Application Default Credentials (ADC) and quota project setup. Adds support for importing existing Google Cloud Storage buckets and BigQuery datasets into Terraform state. Provides interactive menus for selecting compliance regimes (including IL5), certificate management types, and deployment topologies. Adds interactive BigQuery schema mapping for document imports directly within the script. Includes a new helper function menu option for distributing Gemini licenses. Automates CMEK key registration and validation for Discovery Engine.
…ured in deploy.sh
| "commonConfig": { | ||
| "companyName": company_name | ||
| }, | ||
| # "knowledgeGraphConfig": { |
Collaborator
There was a problem hiding this comment.
Question: Why has this been commented out? I'd recommend leaving a comment to help communicate the justification or delete the content entirely.
| @@ -1,3 +1,4 @@ | |||
| import sys | |||
Collaborator
There was a problem hiding this comment.
Don't quite know what the current process is but shouldn't this file have the following header at least?
Suggested change
| import sys | |
| # Copyright 2026 Google LLC | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # http://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| import sys |
…ry code from create_engine function
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This pull request introduces significant enhancements to the deployment workflow for the Gemini Enterprise blueprint (version 1.2.0). The changes primarily focus on hardening the
deploy.shscript, improving the user experience through interactive menus, enforcing environment consistency, and automating compliance-related configurations (such as CMEK registration) required for Assured Workloads environments (FedRAMP High, IL4/IL5).Key Changes
Environment & Tooling Consistency
tfenvManagement: Added logic to automatically installtfenvif missing and enforce the use of Terraform version1.12.2. This ensures all operators use the same Terraform version, preventing state corruption and inconsistent applies.State Management & Hydration
Authentication & Security
Interactive Deployment Enhancements
Helper Functions
Bug Fixes & Optimizations
gcloudcommands.Verification Plan
gemini-stage-0andgemini-stage-1have been validated.