Description
Issue Description
The following Vertex AI Search agent runs locally and appears to deploy successfully, However, when called as a deployed agent fails. From the logs, the issue seems to related to permissions with this message:
403 PERMISSION_DENIED. {'error': {'code': 403, 'message': "Permission 'discoveryengine.servingConfigs.search' denied on resource '//discoveryengine.googleapis.com/projects/1062597788108/locations/global/collections/default_collection/dataStores/web-text-da
Gemini reports that it is the "Two Service Accounts" Problem. Specifically there are 2 service accounts required to run the deployed agent, Your Service Account and the Agent Engine Service Account (service-[YOUR_PROJECT_NUMBER]@gcp-sa-aiplatform-cc.iam.gserviceaccount.com), and the issue arises because the Agent Engine Service Account does not have the necessary Discovery Engine Admin privileges. However, I can't find nor create that account to update its permissions.
To Reproduce
Code to create Vertex AI Search Agent
vais_datastore_id = "projects/1062597788108/locations/global/collections/default_collection/dataStores/web-text-data-store_1750123044929"
vais_agent_description = "Answers questions using a specific Vertex AI Search datastore."
vais_agent_instruction = f"""
You are a helpful assistant that answers questions based on information found in the document store:
{vais_datastore_id}. Use the search tool to find relevant information before answering.
If the answer isn't in the documents, say that you couldn't find the information in the
CCC Policy Assistant datastore.
When you provide an answer, you must also add one or more citations **at the end** of your answer.
This citation must include the document's URI and the document's organization name and organization URI
and the URI associated with that document.
"""
vertex_search_tool = VertexAiSearchTool(data_store_id=prompt.vais_datastore_id)
root_agent = LlmAgent(
name=prompt.vais_agent_name,
model=prompt.vais_model_name,
tools=[
vertex_search_tool
],
instruction=prompt.vais_agent_instruction,
description=prompt.vais_agent_description,
)
Code to deploy Vertex AI Search Agent
Note: (1) This function is run with a agent_index parameter allowing it to be used for multiple agents, (2) This same deployment code works a Google search builtin agent
def deploy(agent_index: str, deploy_configs) -> None:
'''
Function to deploy a new agent to Vertex AI
agent_name: String indicating which agent is to be deployed
'''
# Set environment variables
env_vars = None
# Set parameters
root_agent = deploy_configs[agent_index]["agent"]
display_name = deploy_configs[agent_index]["display_name"]
description = deploy_configs[agent_index]["description"]
# Set an ADK App
app = AdkApp(agent=root_agent,
enable_tracing=True,
)
# Create the agent resource
remote_app = agent_engines.create(
app,
requirements=[
"google-cloud-aiplatform[agent_engines,adk,langchain,ag2,llama_index,evaluation]>=1.88.0",
"google-adk==1.2.1",
"google-cloud-discoveryengine",
"cloudpickle==3.1.1",
"python-dotenv",
"google-auth",
],
extra_packages=[
"ccc_chatbot",
"data",
"utils"
],
gcs_dir_name=os.environ["STAGING_BUCKET"],
display_name=display_name,
description=description,
env_vars=env_vars
)
# log remote_app
print(f"Deployed {agent_index} agent to Vertex AI Agent Engine successfully, resource name: {remote_app.resource_name}")
Code to retrieve and run the Vertex AI and Google search agents
Note: the Vertex AI search agent does not produce results, but the Google search agent does.
vertexai_resource_name = "projects/1062597788108/locations/us-central1/reasoningEngines/5673523979789271040"
search_resource_name = "projects/1062597788108/locations/us-central1/reasoningEngines/6068151897137610752"
resource_name = agent_resource_name
agent_engine2 = agent_engines.get(resource_name)
print("Testing a local deployment of agent: {}".format(agent_engine2.name))
start_time = datetime.now()
print("Time: {}".format(start_time.strftime("%b %-d, %Y, %-H:%M:%S %p")))
session = agent_engine2.create_session(user_id="u_123")
print("Session details: {}".format(session))
q1 = "What are the responsibilities of the board members of a California community college?"
test_result = agent_engine2.stream_query(message=q1,
session_id=session["id"],
user_id="U_123")
events = []
for event in test_result:
events.append(event)
print("Event Author: {}".format(event["author"]))
print("Text: {} ...".format(event['content']["parts"][0]["text"][:750]))
print()
See screen shots for error and additional context
nal context
Expected behavior
Deployed and retrieved agent should produce similar results to that of a local agent.
Screenshots
See attached
Desktop (please complete the following information):
- OS: Mac OS: Sequoia 15.5
- Python version(python -V): 3.11.12
- ADK version(pip show google-adk): Version: 1.3.0
Additional context
Add any other context about the problem here.