feat: Add run_as_non_root field to allow user's runnable be execute…

…d as non root --- feat: Add `tags` field in Job's AllocationPolicy field in v1 --- feat: add Batch Image Streaming support for v1 --- docs: Polish the field descriptions for enableImageStreaming and CloudLoggingOptions PiperOrigin-RevId: 600866696
googleapis · Jan 23, 2024 · 78acac9 · 78acac9
1 parent 78d3b67
commit 78acac9
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 6 deletions.
diff --git a/google/cloud/batch/v1/batch.proto b/google/cloud/batch/v1/batch.proto
@@ -19,6 +19,7 @@ package google.cloud.batch.v1;
 import "google/api/annotations.proto";
 import "google/api/client.proto";
 import "google/api/field_behavior.proto";
+import "google/api/field_info.proto";
 import "google/api/resource.proto";
 import "google/cloud/batch/v1/job.proto";
 import "google/cloud/batch/v1/task.proto";

diff --git a/google/cloud/batch/v1/batch_v1_grpc_service_config.json b/google/cloud/batch/v1/batch_v1_grpc_service_config.json
@@ -18,7 +18,8 @@
   {
     "name": [
       { "service": "google.cloud.batch.v1.BatchService", "method": "CreateJob" },
-      { "service": "google.cloud.batch.v1.BatchService", "method": "DeleteJob" }
+      { "service": "google.cloud.batch.v1.BatchService", "method": "DeleteJob" },
+      { "service": "google.cloud.batch.v1.BatchService", "method": "CancelJob"}
     ],
     "timeout": "60s"
   }]

diff --git a/google/cloud/batch/v1/job.proto b/google/cloud/batch/v1/job.proto
@@ -91,9 +91,20 @@ message Job {
 // LogsPolicy describes how outputs from a Job's Tasks (stdout/stderr) will be
 // preserved.
 message LogsPolicy {
-  // CloudLoggingOption contains additional settings for cloud logging generated
-  // by Batch job.
-  message CloudLoggingOption {}
+  // `CloudLoggingOption` contains additional settings for Cloud Logging logs
+  // generated by Batch job.
+  message CloudLoggingOption {
+    // Optional. Set this flag to true to change the [monitored resource
+    // type](https://cloud.google.com/monitoring/api/resources) for
+    // Cloud Logging logs generated by this Batch job from
+    // the
+    // [`batch.googleapis.com/Job`](https://cloud.google.com/monitoring/api/resources#tag_batch.googleapis.com/Job)
+    // type to the formerly used
+    // [`generic_task`](https://cloud.google.com/monitoring/api/resources#tag_generic_task)
+    // type.
+    bool use_generic_task_monitored_resource = 1
+        [(google.api.field_behavior) = OPTIONAL];
+  }
 
   // The destination (if any) for logs.
   enum Destination {
@@ -116,7 +127,7 @@ message LogsPolicy {
   string logs_path = 2;
 
   // Optional. Additional settings for Cloud Logging. It will only take effect
-  // when the destination of LogsPolicy is set to CLOUD_LOGGING.
+  // when the destination of `LogsPolicy` is set to `CLOUD_LOGGING`.
   CloudLoggingOption cloud_logging_option = 3
       [(google.api.field_behavior) = OPTIONAL];
 }
@@ -517,13 +528,20 @@ message AllocationPolicy {
 
   // The network policy.
   //
-  // If you define an instance template in the InstancePolicyOrTemplate field,
+  // If you define an instance template in the `InstancePolicyOrTemplate` field,
   // Batch will use the network settings in the instance template instead of
   // this field.
   NetworkPolicy network = 7;
 
   // The placement policy.
   PlacementPolicy placement = 10;
+
+  // Optional. Tags applied to the VM instances.
+  //
+  // The tags identify valid sources or targets for network firewalls.
+  // Each tag must be 1-63 characters long, and comply with
+  // [RFC1035](https://www.ietf.org/rfc/rfc1035.txt).
+  repeated string tags = 11 [(google.api.field_behavior) = OPTIONAL];
 }
 
 // A TaskGroup defines one or more Tasks that all share the same TaskSpec.
@@ -595,6 +613,12 @@ message TaskGroup {
   // When true, Batch will configure SSH to allow passwordless login between
   // VMs running the Batch tasks in the same TaskGroup.
   bool permissive_ssh = 12;
+
+  // Optional. If not set or set to false, Batch will use root user to execute
+  // runnables. If set to true, Batch will make sure to run the runnables using
+  // non-root user. Currently, the non-root user Batch used is generated by OS
+  // login. Reference: https://cloud.google.com/compute/docs/oslogin
+  bool run_as_non_root = 14 [(google.api.field_behavior) = OPTIONAL];
 }
 
 // Carries information about a Google Cloud service account.

diff --git a/google/cloud/batch/v1/task.proto b/google/cloud/batch/v1/task.proto
@@ -188,6 +188,25 @@ message Runnable {
     // matches `projects/*/secrets/*/versions/*` then Batch will read the
     // password from the Secret Manager;
     string password = 11;
+
+    // Optional. If set to true, this container runnable uses Image streaming.
+    //
+    // Use Image streaming to allow the runnable to initialize without
+    // waiting for the entire container image to download, which can
+    // significantly reduce startup time for large container images.
+    //
+    // When `enableImageStreaming` is set to true, the container
+    // runtime is [containerd](https://containerd.io/) instead of Docker.
+    // Additionally, this container runnable only supports the following
+    // `container` subfields: `imageUri`,
+    // `commands[]`, `entrypoint`, and
+    // `volumes[]`; any other `container` subfields are ignored.
+    //
+    // For more information about the requirements and limitations for using
+    // Image streaming with Batch, see the [`image-streaming`
+    // sample on
+    // GitHub](https://github.com/GoogleCloudPlatform/batch-samples/tree/main/api-samples/image-streaming).
+    bool enable_image_streaming = 12 [(google.api.field_behavior) = OPTIONAL];
   }
 
   // Script runnable.