feat: [google-cloud-batch] Add run_as_non_root field to allow user's runnable be executed as non root (googleapis#12221)

gcf-owl-bot[bot] · web-flow · commit 7d78274ac9fb · 2024-01-24T07:15:45.000-05:00
- [ ] Regenerate this pull request now. BEGIN_COMMIT_OVERRIDE feat: Add `run_as_non_root` field to allow user's runnable be executed as non root feat: Add `tags` field in Job's AllocationPolicy field in v1 feat: Add Batch Image Streaming support for v1 END_COMMIT_OVERRIDE docs: Polish the field descriptions for enableImageStreaming and CloudLoggingOptions PiperOrigin-RevId: 600866696 Source-Link: googleapis/googleapis@78acac9 Source-Link: https://github.com/googleapis/googleapis-gen/commit/61e7a2704e599217151acb9798ca77f29bc50710 Copy-Tag: eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNsb3VkLWJhdGNoLy5Pd2xCb3QueWFtbCIsImgiOiI2MWU3YTI3MDRlNTk5MjE3MTUxYWNiOTc5OGNhNzdmMjliYzUwNzEwIn0= --------- Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
diff --git a/packages/google-cloud-batch/google/cloud/batch_v1/types/job.py b/packages/google-cloud-batch/google/cloud/batch_v1/types/job.py
@@ -150,8 +150,8 @@ class LogsPolicy(proto.Message):
             path.
         cloud_logging_option (google.cloud.batch_v1.types.LogsPolicy.CloudLoggingOption):
             Optional. Additional settings for Cloud Logging. It will
-            only take effect when the destination of LogsPolicy is set
-            to CLOUD_LOGGING.
+            only take effect when the destination of ``LogsPolicy`` is
+            set to ``CLOUD_LOGGING``.
     """
 
     class Destination(proto.Enum):
@@ -170,11 +170,26 @@ class Destination(proto.Enum):
         PATH = 2
 
     class CloudLoggingOption(proto.Message):
-        r"""CloudLoggingOption contains additional settings for cloud
-        logging generated by Batch job.
+        r"""``CloudLoggingOption`` contains additional settings for Cloud
+        Logging logs generated by Batch job.
 
+        Attributes:
+            use_generic_task_monitored_resource (bool):
+                Optional. Set this flag to true to change the `monitored
+                resource
+                type <https://cloud.google.com/monitoring/api/resources>`__
+                for Cloud Logging logs generated by this Batch job from the
+                ```batch.googleapis.com/Job`` <https://cloud.google.com/monitoring/api/resources#tag_batch.googleapis.com/Job>`__
+                type to the formerly used
+                ```generic_task`` <https://cloud.google.com/monitoring/api/resources#tag_generic_task>`__
+                type.
         """
 
+        use_generic_task_monitored_resource: bool = proto.Field(
+            proto.BOOL,
+            number=1,
+        )
+
     destination: Destination = proto.Field(
         proto.ENUM,
         number=1,
@@ -422,11 +437,17 @@ class AllocationPolicy(proto.Message):
             The network policy.
 
             If you define an instance template in the
-            InstancePolicyOrTemplate field, Batch will use
-            the network settings in the instance template
-            instead of this field.
+            ``InstancePolicyOrTemplate`` field, Batch will use the
+            network settings in the instance template instead of this
+            field.
         placement (google.cloud.batch_v1.types.AllocationPolicy.PlacementPolicy):
             The placement policy.
+        tags (MutableSequence[str]):
+            Optional. Tags applied to the VM instances.
+
+            The tags identify valid sources or targets for network
+            firewalls. Each tag must be 1-63 characters long, and comply
+            with `RFC1035 <https://www.ietf.org/rfc/rfc1035.txt>`__.
     """
 
     class ProvisioningModel(proto.Enum):
@@ -906,6 +927,10 @@ class PlacementPolicy(proto.Message):
         number=10,
         message=PlacementPolicy,
     )
+    tags: MutableSequence[str] = proto.RepeatedField(
+        proto.STRING,
+        number=11,
+    )
 
 
 class TaskGroup(proto.Message):
@@ -961,6 +986,14 @@ class TaskGroup(proto.Message):
             When true, Batch will configure SSH to allow
             passwordless login between VMs running the Batch
             tasks in the same TaskGroup.
+        run_as_non_root (bool):
+            Optional. If not set or set to false, Batch
+            will use root user to execute runnables. If set
+            to true, Batch will make sure to run the
+            runnables using non-root user. Currently, the
+            non-root user Batch used is generated by OS
+            login. Reference:
+            https://cloud.google.com/compute/docs/oslogin
     """
 
     class SchedulingPolicy(proto.Enum):
@@ -1022,6 +1055,10 @@ class SchedulingPolicy(proto.Enum):
         proto.BOOL,
         number=12,
     )
+    run_as_non_root: bool = proto.Field(
+        proto.BOOL,
+        number=14,
+    )
 
 
 class ServiceAccount(proto.Message):
diff --git a/packages/google-cloud-batch/google/cloud/batch_v1/types/task.py b/packages/google-cloud-batch/google/cloud/batch_v1/types/task.py
@@ -325,6 +325,27 @@ class Container(proto.Message):
                 Optional password for logging in to a docker registry. If
                 password matches ``projects/*/secrets/*/versions/*`` then
                 Batch will read the password from the Secret Manager;
+            enable_image_streaming (bool):
+                Optional. If set to true, this container runnable uses Image
+                streaming.
+
+                Use Image streaming to allow the runnable to initialize
+                without waiting for the entire container image to download,
+                which can significantly reduce startup time for large
+                container images.
+
+                When ``enableImageStreaming`` is set to true, the container
+                runtime is `containerd <https://containerd.io/>`__ instead
+                of Docker. Additionally, this container runnable only
+                supports the following ``container`` subfields:
+                ``imageUri``, ``commands[]``, ``entrypoint``, and
+                ``volumes[]``; any other ``container`` subfields are
+                ignored.
+
+                For more information about the requirements and limitations
+                for using Image streaming with Batch, see the
+                ```image-streaming`` sample on
+                GitHub <https://github.com/GoogleCloudPlatform/batch-samples/tree/main/api-samples/image-streaming>`__.
         """
 
         image_uri: str = proto.Field(
@@ -359,6 +380,10 @@ class Container(proto.Message):
             proto.STRING,
             number=11,
         )
+        enable_image_streaming: bool = proto.Field(
+            proto.BOOL,
+            number=12,
+        )
 
     class Script(proto.Message):
         r"""Script runnable.
diff --git a/packages/google-cloud-batch/tests/unit/gapic/batch_v1/test_batch_service.py b/packages/google-cloud-batch/tests/unit/gapic/batch_v1/test_batch_service.py
@@ -2538,6 +2538,7 @@ def test_create_job_rest(request_type):
                                 "block_external_network": True,
                                 "username": "username_value",
                                 "password": "password_value",
+                                "enable_image_streaming": True,
                             },
                             "script": {"path": "path_value", "text": "text_value"},
                             "barrier": {"name": "name_value"},
@@ -2592,6 +2593,7 @@ def test_create_job_rest(request_type):
                 "task_count_per_node": 2022,
                 "require_hosts_file": True,
                 "permissive_ssh": True,
+                "run_as_non_root": True,
             }
         ],
         "allocation_policy": {
@@ -2650,6 +2652,7 @@ def test_create_job_rest(request_type):
                 ]
             },
             "placement": {"collocation": "collocation_value", "max_distance": 1264},
+            "tags": ["tags_value1", "tags_value2"],
         },
         "labels": {},
         "status": {
@@ -2671,7 +2674,7 @@ def test_create_job_rest(request_type):
         "logs_policy": {
             "destination": 1,
             "logs_path": "logs_path_value",
-            "cloud_logging_option": {},
+            "cloud_logging_option": {"use_generic_task_monitored_resource": True},
         },
         "notifications": [
             {
