feat: add block_project_ssh_keys field to the v1alpha job API to block project level ssh keys access to Batch created VMs

Google APIs · copybara-github · commit d4acb64370d3 · 2024-08-06T00:36:31.000-07:00
---
feat: remove visibility restriction of cancel job api, allow in v1alpha

---
feat: update Go Datastore import path
feat: update Go Bigtable import path

---
docs: Refine usage scope for field `task_execution` and `task_state` in `status_events`
PiperOrigin-RevId: 659840586
diff --git a/google/cloud/batch/v1alpha/batch.proto b/google/cloud/batch/v1alpha/batch.proto
@@ -75,6 +75,19 @@ service BatchService {
     };
   }
 
+  // Cancel a Job.
+  rpc CancelJob(CancelJobRequest) returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      post: "/v1alpha/{name=projects/*/locations/*/jobs/*}:cancel"
+      body: "*"
+    };
+    option (google.api.method_signature) = "name";
+    option (google.longrunning.operation_info) = {
+      response_type: "CancelJobResponse"
+      metadata_type: "google.cloud.batch.v1alpha.OperationMetadata"
+    };
+  }
+
   // Update a Job.
   rpc UpdateJob(UpdateJobRequest) returns (Job) {
     option (google.api.http) = {
@@ -233,6 +246,36 @@ message DeleteJobRequest {
   string request_id = 4 [(google.api.field_behavior) = OPTIONAL];
 }
 
+// CancelJob Request.
+message CancelJobRequest {
+  // Required. Job name.
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = { type: "batch.googleapis.com/Job" }
+  ];
+
+  // Optional. An optional request ID to identify requests. Specify a unique
+  // request ID so that if you must retry your request, the server will know to
+  // ignore the request if it has already been completed. The server will
+  // guarantee that for at least 60 minutes after the first request.
+  //
+  // For example, consider a situation where you make an initial request and
+  // the request times out. If you make the request again with the same request
+  // ID, the server can check if original operation with the same request ID
+  // was received, and if so, will ignore the second request. This prevents
+  // clients from accidentally creating duplicate commitments.
+  //
+  // The request ID must be a valid UUID with the exception that zero UUID is
+  // not supported (00000000-0000-0000-0000-000000000000).
+  string request_id = 4 [
+    (google.api.field_info).format = UUID4,
+    (google.api.field_behavior) = OPTIONAL
+  ];
+}
+
+// Response to the CancelJob request.
+message CancelJobResponse {}
+
 // UpdateJob Request.
 message UpdateJobRequest {
   // Required. The Job to update.
diff --git a/google/cloud/batch/v1alpha/batch_v1alpha_grpc_service_config.json b/google/cloud/batch/v1alpha/batch_v1alpha_grpc_service_config.json
@@ -4,9 +4,11 @@
       { "service": "google.cloud.batch.v1alpha.BatchService", "method": "ListJobs" },
       { "service": "google.cloud.batch.v1alpha.BatchService", "method": "ListTasks" },
       { "service": "google.cloud.batch.v1alpha.BatchService", "method": "ListResourceAllowances" },
+      { "service": "google.cloud.batch.v1alpha.BatchService", "method": "ListNodePools" },
       { "service": "google.cloud.batch.v1alpha.BatchService", "method": "GetJob" },
       { "service": "google.cloud.batch.v1alpha.BatchService", "method": "GetTask" },
-      { "service": "google.cloud.batch.v1alpha.BatchService", "method": "GetResourceAllowance" }
+      { "service": "google.cloud.batch.v1alpha.BatchService", "method": "GetResourceAllowance" },
+      { "service": "google.cloud.batch.v1alpha.BatchService", "method": "GetNodePool" }
     ],
     "timeout": "60s",
     "retryPolicy": {
@@ -26,7 +28,9 @@
       { "service": "google.cloud.batch.v1alpha.BatchService", "method": "CreateResourceAllowance" },
       { "service": "google.cloud.batch.v1alpha.BatchService", "method": "DeleteResourceAllowance" },
       { "service": "google.cloud.batch.v1alpha.BatchService", "method": "UpdateResourceAllowance"},
-      { "service": "google.cloud.batch.v1alpha.BatchService", "method": "CancelTasks"}
+      { "service": "google.cloud.batch.v1alpha.BatchService", "method": "CancelTasks"},
+      { "service": "google.cloud.batch.v1alpha.BatchService", "method": "CreateNodePool" },
+      { "service": "google.cloud.batch.v1alpha.BatchService", "method": "DeleteNodePool" }
     ],
     "timeout": "60s"
   }]
diff --git a/google/cloud/batch/v1alpha/job.proto b/google/cloud/batch/v1alpha/job.proto
@@ -511,6 +511,25 @@ message AllocationPolicy {
     // Optional. Set this field true if you want Batch to install Ops Agent on
     // your behalf. Default is false.
     bool install_ops_agent = 4 [(google.api.field_behavior) = OPTIONAL];
+
+    // Optional. Set this field to `true` if you want Batch to block
+    // project-level SSH keys from accessing this job's VMs.  Alternatively, you
+    // can configure the job to specify a VM instance template that blocks
+    // project-level SSH keys. In either case, Batch blocks project-level SSH
+    // keys while creating the VMs for this job.
+    //
+    // Batch allows project-level SSH keys for a job's VMs only if all
+    // the following are true:
+    //
+    // + This field is undefined or set to `false`.
+    // + The job's VM instance template (if any) doesn't block project-level
+    //   SSH keys.
+    //
+    // Notably, you can override this behavior by manually updating a VM to
+    // block or allow project-level SSH keys. For more information about
+    // blocking project-level SSH keys, see the Compute Engine documentation:
+    // https://cloud.google.com/compute/docs/connect/restrict-ssh-keys#block-keys
+    bool block_project_ssh_keys = 5 [(google.api.field_behavior) = OPTIONAL];
   }
 
   // A network interface.
diff --git a/google/cloud/batch/v1alpha/task.proto b/google/cloud/batch/v1alpha/task.proto
@@ -86,7 +86,7 @@ message ComputeResource {
   int64 boot_disk_mib = 4;
 }
 
-// Status event
+// Status event.
 message StatusEvent {
   // Type of the event.
   string type = 3;
@@ -97,10 +97,13 @@ message StatusEvent {
   // The time this event occurred.
   google.protobuf.Timestamp event_time = 2;
 
-  // Task Execution
+  // Task Execution.
+  // This field is only defined for task-level status events where the task
+  // fails.
   TaskExecution task_execution = 4;
 
-  // Task State
+  // Task State.
+  // This field is only defined for task-level status events.
   TaskStatus.State task_state = 5;
 }
 
@@ -125,7 +128,7 @@ message TaskExecution {
   string stderr_snippet = 2 [(google.api.field_behavior) = OPTIONAL];
 }
 
-// Status of a task
+// Status of a task.
 message TaskStatus {
   // Task states.
   enum State {
@@ -151,7 +154,7 @@ message TaskStatus {
     UNEXECUTED = 6;
   }
 
-  // Task state
+  // Task state.
   State state = 1;
 
   // Detailed info about why the state is reached.
