File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -442,6 +442,25 @@ message AllocationPolicy {
442442 // Optional. Set this field true if you want Batch to install Ops Agent on
443443 // your behalf. Default is false.
444444 bool install_ops_agent = 4 [(google.api.field_behavior ) = OPTIONAL ];
445+
446+ // Optional. Set this field to `true` if you want Batch to block
447+ // project-level SSH keys from accessing this job's VMs. Alternatively, you
448+ // can configure the job to specify a VM instance template that blocks
449+ // project-level SSH keys. In either case, Batch blocks project-level SSH
450+ // keys while creating the VMs for this job.
451+ //
452+ // Batch allows project-level SSH keys for a job's VMs only if all
453+ // the following are true:
454+ //
455+ // + This field is undefined or set to `false`.
456+ // + The job's VM instance template (if any) doesn't block project-level
457+ // SSH keys.
458+ //
459+ // Notably, you can override this behavior by manually updating a VM to
460+ // block or allow project-level SSH keys. For more information about
461+ // blocking project-level SSH keys, see the Compute Engine documentation:
462+ // https://cloud.google.com/compute/docs/connect/restrict-ssh-keys#block-keys
463+ bool block_project_ssh_keys = 5 [(google.api.field_behavior ) = OPTIONAL ];
445464 }
446465
447466 // A network interface.
You can’t perform that action at this time.
0 commit comments