// Copyright 2021 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. syntax = "proto3"; package google.cloud.lifesciences.v2beta; import "google/api/annotations.proto"; import "google/api/field_behavior.proto"; import "google/longrunning/operations.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/timestamp.proto"; import "google/rpc/code.proto"; import "google/api/client.proto"; option csharp_namespace = "Google.Cloud.LifeSciences.V2Beta"; option go_package = "google.golang.org/genproto/googleapis/cloud/lifesciences/v2beta;lifesciences"; option java_multiple_files = true; option java_outer_classname = "WorkflowsProto"; option java_package = "com.google.cloud.lifesciences.v2beta"; option objc_class_prefix = "CLSW"; option php_namespace = "Google\\Cloud\\LifeSciences\\V2beta"; option ruby_package = "Google::Cloud::LifeSciences::V2beta"; // A service for running workflows, such as pipelines consisting of Docker // containers. service WorkflowsServiceV2Beta { option (google.api.default_host) = "lifesciences.googleapis.com"; option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; // Runs a pipeline. The returned Operation's [metadata] // [google.longrunning.Operation.metadata] field will contain a // [google.cloud.lifesciences.v2beta.Metadata][google.cloud.lifesciences.v2beta.Metadata] object describing the status // of the pipeline execution. The // [response][google.longrunning.Operation.response] field will contain a // [google.cloud.lifesciences.v2beta.RunPipelineResponse][google.cloud.lifesciences.v2beta.RunPipelineResponse] object if the // pipeline completes successfully. // // **Note:** Before you can use this method, the *Life Sciences Service Agent* // must have access to your project. This is done automatically when the // Cloud Life Sciences API is first enabled, but if you delete this permission // you must disable and re-enable the API to grant the Life Sciences // Service Agent the required permissions. // Authorization requires the following [Google // IAM](https://cloud.google.com/iam/) permission: // // * `lifesciences.workflows.run` rpc RunPipeline(RunPipelineRequest) returns (google.longrunning.Operation) { option (google.api.http) = { post: "/v2beta/{parent=projects/*/locations/*}/pipelines:run" body: "*" }; option (google.longrunning.operation_info) = { response_type: "RunPipelineResponse" metadata_type: "Metadata" }; } } // The arguments to the `RunPipeline` method. The requesting user must have // the `iam.serviceAccounts.actAs` permission for the Cloud Life Sciences // service account or the request will fail. message RunPipelineRequest { // The project and location that this request should be executed against. string parent = 4; // Required. The description of the pipeline to run. Pipeline pipeline = 1 [(google.api.field_behavior) = REQUIRED]; // User-defined labels to associate with the returned operation. These // labels are not propagated to any Google Cloud Platform resources used by // the operation, and can be modified at any time. // // To associate labels with resources created while executing the operation, // see the appropriate resource message (for example, `VirtualMachine`). map labels = 2; // The name of an existing Pub/Sub topic. The server will publish // messages to this topic whenever the status of the operation changes. // The Life Sciences Service Agent account must have publisher permissions to // the specified topic or notifications will not be sent. string pub_sub_topic = 3; } // The response to the RunPipeline method, returned in the operation's result // field on success. message RunPipelineResponse { } // Specifies a series of actions to execute, expressed as Docker containers. message Pipeline { // The list of actions to execute, in the order they are specified. repeated Action actions = 1; // The resources required for execution. Resources resources = 2; // The environment to pass into every action. Each action can also specify // additional environment variables but cannot delete an entry from this map // (though they can overwrite it with a different value). map environment = 3; // The maximum amount of time to give the pipeline to complete. This includes // the time spent waiting for a worker to be allocated. If the pipeline fails // to complete before the timeout, it will be cancelled and the error code // will be set to DEADLINE_EXCEEDED. // // If unspecified, it will default to 7 days. google.protobuf.Duration timeout = 4; } // Specifies a single action that runs a Docker container. message Action { // An optional name for the container. The container hostname will be set to // this name, making it useful for inter-container communication. The name // must contain only upper and lowercase alphanumeric characters and hyphens // and cannot start with a hyphen. string container_name = 1; // Required. The URI to pull the container image from. Note that all images referenced // by actions in the pipeline are pulled before the first action runs. If // multiple actions reference the same image, it is only pulled once, // ensuring that the same image is used for all actions in a single pipeline. // // The image URI can be either a complete host and image specification (e.g., // quay.io/biocontainers/samtools), a library and image name (e.g., // google/cloud-sdk) or a bare image name ('bash') to pull from the default // library. No schema is required in any of these cases. // // If the specified image is not public, the service account specified for // the Virtual Machine must have access to pull the images from GCR, or // appropriate credentials must be specified in the // [google.cloud.lifesciences.v2beta.Action.credentials][google.cloud.lifesciences.v2beta.Action.credentials] field. string image_uri = 2 [(google.api.field_behavior) = REQUIRED]; // If specified, overrides the `CMD` specified in the container. If the // container also has an `ENTRYPOINT` the values are used as entrypoint // arguments. Otherwise, they are used as a command and arguments to run // inside the container. repeated string commands = 3; // If specified, overrides the `ENTRYPOINT` specified in the container. string entrypoint = 4; // The environment to pass into the container. This environment is merged // with values specified in the [google.cloud.lifesciences.v2beta.Pipeline][google.cloud.lifesciences.v2beta.Pipeline] // message, overwriting any duplicate values. // // In addition to the values passed here, a few other values are // automatically injected into the environment. These cannot be hidden or // overwritten. // // `GOOGLE_PIPELINE_FAILED` will be set to "1" if the pipeline failed // because an action has exited with a non-zero status (and did not have the // `IGNORE_EXIT_STATUS` flag set). This can be used to determine if additional // debug or logging actions should execute. // // `GOOGLE_LAST_EXIT_STATUS` will be set to the exit status of the last // non-background action that executed. This can be used by workflow engine // authors to determine whether an individual action has succeeded or failed. map environment = 5; // An optional identifier for a PID namespace to run the action inside. // Multiple actions should use the same string to share a namespace. If // unspecified, a separate isolated namespace is used. string pid_namespace = 6; // A map of containers to host port mappings for this container. If the // container already specifies exposed ports, use the // `PUBLISH_EXPOSED_PORTS` flag instead. // // The host port number must be less than 65536. If it is zero, an unused // random port is assigned. To determine the resulting port number, consult // the `ContainerStartedEvent` in the operation metadata. map port_mappings = 8; // A list of mounts to make available to the action. // // In addition to the values specified here, every action has a special // virtual disk mounted under `/google` that contains log files and other // operational components. // //
    //
  • /google/logs All logs written during the pipeline // execution.
  • //
  • /google/logs/output The combined standard output and // standard error of all actions run as part of the pipeline // execution.
  • //
  • /google/logs/action/*/stdout The complete contents of // each individual action's standard output.
  • //
  • /google/logs/action/*/stderr The complete contents of // each individual action's standard error output.
  • //
repeated Mount mounts = 9; // Labels to associate with the action. This field is provided to assist // workflow engine authors in identifying actions (for example, to indicate // what sort of action they perform, such as localization or debugging). // They are returned in the operation metadata, but are otherwise ignored. map labels = 10; // If the specified image is hosted on a private registry other than Google // Container Registry, the credentials required to pull the image must be // specified here as an encrypted secret. // // The secret must decrypt to a JSON-encoded dictionary containing both // `username` and `password` keys. Secret credentials = 11; // The maximum amount of time to give the action to complete. If the action // fails to complete before the timeout, it will be terminated and the exit // status will be non-zero. The pipeline will continue or terminate based // on the rules defined by the `ALWAYS_RUN` and `IGNORE_EXIT_STATUS` flags. google.protobuf.Duration timeout = 12; // Normally, a non-zero exit status causes the pipeline to fail. This flag // allows execution of other actions to continue instead. bool ignore_exit_status = 13; // This flag allows an action to continue running in the background while // executing subsequent actions. This is useful to provide services to // other actions (or to provide debugging support tools like SSH servers). bool run_in_background = 14; // By default, after an action fails, no further actions are run. This flag // indicates that this action must be run even if the pipeline has already // failed. This is useful for actions that copy output files off of the VM // or for debugging. Note that no actions will be run if image prefetching // fails. bool always_run = 15; // Enable access to the FUSE device for this action. Filesystems can then // be mounted into disks shared with other actions. The other actions do // not need the `enable_fuse` flag to access the mounted filesystem. // // This has the effect of causing the container to be executed with // `CAP_SYS_ADMIN` and exposes `/dev/fuse` to the container, so use it only // for containers you trust. bool enable_fuse = 16; // Exposes all ports specified by `EXPOSE` statements in the container. To // discover the host side port numbers, consult the `ACTION_STARTED` event // in the operation metadata. bool publish_exposed_ports = 17; // All container images are typically downloaded before any actions are // executed. This helps prevent typos in URIs or issues like lack of disk // space from wasting large amounts of compute resources. // // If set, this flag prevents the worker from downloading the image until // just before the action is executed. bool disable_image_prefetch = 18; // A small portion of the container's standard error stream is typically // captured and returned inside the `ContainerStoppedEvent`. Setting this // flag disables this functionality. bool disable_standard_error_capture = 19; // Prevents the container from accessing the external network. bool block_external_network = 20; } // Holds encrypted information that is only decrypted and stored in RAM // by the worker VM when running the pipeline. message Secret { // The name of the Cloud KMS key that will be used to decrypt the secret // value. The VM service account must have the required permissions and // authentication scopes to invoke the `decrypt` method on the specified key. string key_name = 1; // The value of the cipherText response from the `encrypt` method. This field // is intentionally unaudited. string cipher_text = 2; } // Carries information about a particular disk mount inside a container. message Mount { // The name of the disk to mount, as specified in the resources section. string disk = 1; // The path to mount the disk inside the container. string path = 2; // If true, the disk is mounted read-only inside the container. bool read_only = 3; } // The system resources for the pipeline run. // // At least one zone or region must be specified or the pipeline run will fail. message Resources { // The list of regions allowed for VM allocation. If set, the `zones` field // must not be set. repeated string regions = 2; // The list of zones allowed for VM allocation. If set, the `regions` field // must not be set. repeated string zones = 3; // The virtual machine specification. VirtualMachine virtual_machine = 4; } // Carries information about a Compute Engine VM resource. message VirtualMachine { // Required. The machine type of the virtual machine to create. Must be the short name // of a standard machine type (such as "n1-standard-1") or a custom machine // type (such as "custom-1-4096", where "1" indicates the number of vCPUs and // "4096" indicates the memory in MB). See // [Creating an instance with a custom machine // type](https://cloud.google.com/compute/docs/instances/creating-instance-with-custom-machine-type#create) // for more specifications on creating a custom machine type. string machine_type = 1 [(google.api.field_behavior) = REQUIRED]; // If true, allocate a preemptible VM. bool preemptible = 2; // Optional set of labels to apply to the VM and any attached disk resources. // These labels must adhere to the [name and value // restrictions](https://cloud.google.com/compute/docs/labeling-resources) on // VM labels imposed by Compute Engine. // // Labels keys with the prefix 'google-' are reserved for use by Google. // // Labels applied at creation time to the VM. Applied on a best-effort basis // to attached disk resources shortly after VM creation. map labels = 3; // The list of disks to create and attach to the VM. // // Specify either the `volumes[]` field or the `disks[]` field, but not both. repeated Disk disks = 4; // The VM network configuration. Network network = 5; // The list of accelerators to attach to the VM. repeated Accelerator accelerators = 6; // The service account to install on the VM. This account does not need // any permissions other than those required by the pipeline. ServiceAccount service_account = 7; // The size of the boot disk, in GB. The boot disk must be large // enough to accommodate all of the Docker images from each action in the // pipeline at the same time. If not specified, a small but reasonable // default value is used. int32 boot_disk_size_gb = 8; // The CPU platform to request. An instance based on a newer platform can be // allocated, but never one with fewer capabilities. The value of this // parameter must be a valid Compute Engine CPU platform name (such as "Intel // Skylake"). This parameter is only useful for carefully optimized work // loads where the CPU platform has a significant impact. // // For more information about the effect of this parameter, see // https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform. string cpu_platform = 9; // The host operating system image to use. // // Currently, only Container-Optimized OS images can be used. // // The default value is `projects/cos-cloud/global/images/family/cos-stable`, // which selects the latest stable release of Container-Optimized OS. // // This option is provided to allow testing against the beta release of the // operating system to ensure that the new version does not interact // negatively with production pipelines. // // To test a pipeline against the beta release of Container-Optimized OS, // use the value `projects/cos-cloud/global/images/family/cos-beta`. string boot_image = 10; // The NVIDIA driver version to use when attaching an NVIDIA GPU accelerator. // The version specified here must be compatible with the GPU libraries // contained in the container being executed, and must be one of the drivers // hosted in the `nvidia-drivers-us-public` bucket on Google Cloud Storage. string nvidia_driver_version = 11 [deprecated = true]; // Whether Stackdriver monitoring should be enabled on the VM. bool enable_stackdriver_monitoring = 12; // The Compute Engine Disk Images to use as a Docker cache. The disks will be // mounted into the Docker folder in a way that the images present in the // cache will not need to be pulled. The digests of the cached images must // match those of the tags used or the latest version will still be pulled. // The root directory of the ext4 image must contain `image` and `overlay2` // directories copied from the Docker directory of a VM where the desired // Docker images have already been pulled. Any images pulled that are not // cached will be stored on the first cache disk instead of the boot disk. // Only a single image is supported. repeated string docker_cache_images = 13; // The list of disks and other storage to create or attach to the VM. // // Specify either the `volumes[]` field or the `disks[]` field, but not both. repeated Volume volumes = 14; } // Carries information about a Google Cloud service account. message ServiceAccount { // Email address of the service account. If not specified, the default // Compute Engine service account for the project will be used. string email = 1; // List of scopes to be enabled for this service account on the VM, in // addition to the cloud-platform API scope that will be added by default. repeated string scopes = 2; } // Carries information about an accelerator that can be attached to a VM. message Accelerator { // The accelerator type string (for example, "nvidia-tesla-k80"). // // Only NVIDIA GPU accelerators are currently supported. If an NVIDIA GPU is // attached, the required runtime libraries will be made available to all // containers under `/usr/local/nvidia`. The driver version to install must // be specified using the NVIDIA driver version parameter on the virtual // machine specification. Note that attaching a GPU increases the worker VM // startup time by a few minutes. string type = 1; // How many accelerators of this type to attach. int64 count = 2; } // VM networking options. message Network { // The network name to attach the VM's network interface to. The value will // be prefixed with `global/networks/` unless it contains a `/`, in which // case it is assumed to be a fully specified network resource URL. // // If unspecified, the global default network is used. string network = 1; // If set to true, do not attach a public IP address to the VM. Note that // without a public IP address, additional configuration is required to // allow the VM to access Google services. // // See https://cloud.google.com/vpc/docs/configure-private-google-access // for more information. bool use_private_address = 2; // If the specified network is configured for custom subnet creation, the // name of the subnetwork to attach the instance to must be specified here. // // The value is prefixed with `regions/*/subnetworks/` unless it contains a // `/`, in which case it is assumed to be a fully specified subnetwork // resource URL. // // If the `*` character appears in the value, it is replaced with the region // that the virtual machine has been allocated in. string subnetwork = 3; } // Carries information about a disk that can be attached to a VM. // // See https://cloud.google.com/compute/docs/disks/performance for more // information about disk type, size, and performance considerations. // // Specify either [`Volume`][google.cloud.lifesciences.v2beta.Volume] or // [`Disk`][google.cloud.lifesciences.v2beta.Disk], but not both. message Disk { // A user-supplied name for the disk. Used when mounting the disk into // actions. The name must contain only upper and lowercase alphanumeric // characters and hyphens and cannot start with a hyphen. string name = 1; // The size, in GB, of the disk to attach. If the size is not // specified, a default is chosen to ensure reasonable I/O performance. // // If the disk type is specified as `local-ssd`, multiple local drives are // automatically combined to provide the requested size. Note, however, that // each physical SSD is 375GB in size, and no more than 8 drives can be // attached to a single instance. int32 size_gb = 2; // The Compute Engine disk type. If unspecified, `pd-standard` is used. string type = 3; // An optional image to put on the disk before attaching it to the VM. string source_image = 4; } // Carries information about storage that can be attached to a VM. // // Specify either [`Volume`][google.cloud.lifesciences.v2beta.Volume] or // [`Disk`][google.cloud.lifesciences.v2beta.Disk], but not both. message Volume { // A user-supplied name for the volume. Used when mounting the volume into // [`Actions`][google.cloud.lifesciences.v2beta.Action]. The name must contain // only upper and lowercase alphanumeric characters and hyphens and cannot // start with a hyphen. string volume = 1; oneof storage { // Configuration for a persistent disk. PersistentDisk persistent_disk = 2; // Configuration for a existing disk. ExistingDisk existing_disk = 3; // Configuration for an NFS mount. NFSMount nfs_mount = 4; } } // Configuration for a persistent disk to be attached to the VM. // // See https://cloud.google.com/compute/docs/disks/performance for more // information about disk type, size, and performance considerations. message PersistentDisk { // The size, in GB, of the disk to attach. If the size is not // specified, a default is chosen to ensure reasonable I/O performance. // // If the disk type is specified as `local-ssd`, multiple local drives are // automatically combined to provide the requested size. Note, however, that // each physical SSD is 375GB in size, and no more than 8 drives can be // attached to a single instance. int32 size_gb = 1; // The Compute Engine disk type. If unspecified, `pd-standard` is used. string type = 2; // An image to put on the disk before attaching it to the VM. string source_image = 3; } // Configuration for an existing disk to be attached to the VM. message ExistingDisk { // If `disk` contains slashes, the Cloud Life Sciences API assumes that it is // a complete URL for the disk. If `disk` does not contain slashes, the Cloud // Life Sciences API assumes that the disk is a zonal disk and a URL will be // generated of the form `zones//disks/`, where `` is the // zone in which the instance is allocated. The disk must be ext4 formatted. // // If all `Mount` references to this disk have the `read_only` flag set to // true, the disk will be attached in `read-only` mode and can be shared with // other instances. Otherwise, the disk will be available for writing but // cannot be shared. string disk = 1; } // Configuration for an `NFSMount` to be attached to the VM. message NFSMount { // A target NFS mount. The target must be specified as `address:/mount". string target = 1; } // Carries information about the pipeline execution that is returned // in the long running operation's metadata field. message Metadata { // The pipeline this operation represents. Pipeline pipeline = 1; // The user-defined labels associated with this operation. map labels = 2; // The list of events that have happened so far during the execution of this // operation. repeated Event events = 3; // The time at which the operation was created by the API. google.protobuf.Timestamp create_time = 4; // The first time at which resources were allocated to execute the pipeline. google.protobuf.Timestamp start_time = 5; // The time at which execution was completed and resources were cleaned up. google.protobuf.Timestamp end_time = 6; // The name of the Cloud Pub/Sub topic where notifications of operation status // changes are sent. string pub_sub_topic = 7; } // Carries information about events that occur during pipeline execution. message Event { // The time at which the event occurred. google.protobuf.Timestamp timestamp = 1; // A human-readable description of the event. Note that these strings can // change at any time without notice. Any application logic must use the // information in the `details` field. string description = 2; // Machine-readable details about the event. oneof details { // See [google.cloud.lifesciences.v2beta.DelayedEvent][google.cloud.lifesciences.v2beta.DelayedEvent]. DelayedEvent delayed = 17; // See [google.cloud.lifesciences.v2beta.WorkerAssignedEvent][google.cloud.lifesciences.v2beta.WorkerAssignedEvent]. WorkerAssignedEvent worker_assigned = 18; // See [google.cloud.lifesciences.v2beta.WorkerReleasedEvent][google.cloud.lifesciences.v2beta.WorkerReleasedEvent]. WorkerReleasedEvent worker_released = 19; // See [google.cloud.lifesciences.v2beta.PullStartedEvent][google.cloud.lifesciences.v2beta.PullStartedEvent]. PullStartedEvent pull_started = 20; // See [google.cloud.lifesciences.v2beta.PullStoppedEvent][google.cloud.lifesciences.v2beta.PullStoppedEvent]. PullStoppedEvent pull_stopped = 21; // See [google.cloud.lifesciences.v2beta.ContainerStartedEvent][google.cloud.lifesciences.v2beta.ContainerStartedEvent]. ContainerStartedEvent container_started = 22; // See [google.cloud.lifesciences.v2beta.ContainerStoppedEvent][google.cloud.lifesciences.v2beta.ContainerStoppedEvent]. ContainerStoppedEvent container_stopped = 23; // See [google.cloud.lifesciences.v2beta.ContainerKilledEvent][google.cloud.lifesciences.v2beta.ContainerKilledEvent]. ContainerKilledEvent container_killed = 24; // See [google.cloud.lifesciences.v2beta.UnexpectedExitStatusEvent][google.cloud.lifesciences.v2beta.UnexpectedExitStatusEvent]. UnexpectedExitStatusEvent unexpected_exit_status = 25; // See [google.cloud.lifesciences.v2beta.FailedEvent][google.cloud.lifesciences.v2beta.FailedEvent]. FailedEvent failed = 26; } } // An event generated whenever a resource limitation or transient error // delays execution of a pipeline that was otherwise ready to run. message DelayedEvent { // A textual description of the cause of the delay. The string can change // without notice because it is often generated by another service (such as // Compute Engine). string cause = 1; // If the delay was caused by a resource shortage, this field lists the // Compute Engine metrics that are preventing this operation from running // (for example, `CPUS` or `INSTANCES`). If the particular metric is not // known, a single `UNKNOWN` metric will be present. repeated string metrics = 2; } // An event generated after a worker VM has been assigned to run the // pipeline. message WorkerAssignedEvent { // The zone the worker is running in. string zone = 1; // The worker's instance name. string instance = 2; // The machine type that was assigned for the worker. string machine_type = 3; } // An event generated when the worker VM that was assigned to the pipeline // has been released (deleted). message WorkerReleasedEvent { // The zone the worker was running in. string zone = 1; // The worker's instance name. string instance = 2; } // An event generated when the worker starts pulling an image. message PullStartedEvent { // The URI of the image that was pulled. string image_uri = 1; } // An event generated when the worker stops pulling an image. message PullStoppedEvent { // The URI of the image that was pulled. string image_uri = 1; } // An event generated when a container starts. message ContainerStartedEvent { // The numeric ID of the action that started this container. int32 action_id = 1; // The container-to-host port mappings installed for this container. This // set will contain any ports exposed using the `PUBLISH_EXPOSED_PORTS` flag // as well as any specified in the `Action` definition. map port_mappings = 2; // The public IP address that can be used to connect to the container. This // field is only populated when at least one port mapping is present. If the // instance was created with a private address, this field will be empty even // if port mappings exist. string ip_address = 3; } // An event generated when a container exits. message ContainerStoppedEvent { // The numeric ID of the action that started this container. int32 action_id = 1; // The exit status of the container. int32 exit_status = 2; // The tail end of any content written to standard error by the container. // If the content emits large amounts of debugging noise or contains // sensitive information, you can prevent the content from being printed by // setting the `DISABLE_STANDARD_ERROR_CAPTURE` flag. // // Note that only a small amount of the end of the stream is captured here. // The entire stream is stored in the `/google/logs` directory mounted into // each action, and can be copied off the machine as described elsewhere. string stderr = 3; } // An event generated when the execution of a container results in a // non-zero exit status that was not otherwise ignored. Execution will // continue, but only actions that are flagged as `ALWAYS_RUN` will be // executed. Other actions will be skipped. message UnexpectedExitStatusEvent { // The numeric ID of the action that started the container. int32 action_id = 1; // The exit status of the container. int32 exit_status = 2; } // An event generated when a container is forcibly terminated by the // worker. Currently, this only occurs when the container outlives the // timeout specified by the user. message ContainerKilledEvent { // The numeric ID of the action that started the container. int32 action_id = 1; } // An event generated when the execution of a pipeline has failed. Note // that other events can continue to occur after this event. message FailedEvent { // The Google standard error code that best describes this failure. google.rpc.Code code = 1; // The human-readable description of the cause of the failure. string cause = 2; }