docs: add caution messages for container runnable username and passwo…

…rd fields

---
docs: refine proto comment for run_as_non_root
PiperOrigin-RevId: 608664745

Source-Link: googleapis/googleapis@254e61a

Source-Link: googleapis/googleapis-gen@4526911
Copy-Tag: eyJwIjoiYXBpcy9Hb29nbGUuQ2xvdWQuQmF0Y2guVjFBbHBoYS8uT3dsQm90LnlhbWwiLCJoIjoiNDUyNjkxMWM3ZGQ1ODYyZDE4MzcyNTU0ZGRkODIwZjk0ODI3ZjMzYSJ9

apis/Google.Cloud.Batch.V1Alpha/Google.Cloud.Batch.V1Alpha/Job.g.cs

@@ -7151,7 +7151,7 @@ public long TaskCountPerNode {
     /// <summary>
     /// When true, Batch will populate a file with a list of all VMs assigned to
     /// the TaskGroup and set the BATCH_HOSTS_FILE environment variable to the path
-    /// of that file. Defaults to false.
+    /// of that file. Defaults to false. The host file supports up to 1000 VMs.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -7182,10 +7182,11 @@ public bool PermissiveSsh {
     public const int RunAsNonRootFieldNumber = 14;
     private bool runAsNonRoot_;
     /// <summary>
-    /// Optional. If not set or set to false, Batch will use root user to execute
-    /// runnables. If set to true, Batch will make sure to run the runnables using
-    /// non-root user. Currently, the non-root user Batch used is generated by OS
-    /// login. Reference: https://cloud.google.com/compute/docs/oslogin
+    /// Optional. If not set or set to false, Batch uses the root user to execute
+    /// runnables. If set to true, Batch runs the runnables using a non-root user.
+    /// Currently, the non-root user Batch used is generated by OS Login. For more
+    /// information, see [About OS
+    /// Login](https://cloud.google.com/compute/docs/oslogin).
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]

apis/Google.Cloud.Batch.V1Alpha/Google.Cloud.Batch.V1Alpha/Task.g.cs

@@ -2427,9 +2427,22 @@ public bool BlockExternalNetwork {
         public const int UsernameFieldNumber = 10;
         private string username_ = "";
         /// <summary>
-        /// Optional username for logging in to a docker registry. If username
-        /// matches `projects/*/secrets/*/versions/*` then Batch will read the
-        /// username from the Secret Manager.
+        /// Required if the container image is from a private Docker registry. The
+        /// username to login to the Docker registry that contains the image.
+        ///
+        /// You can either specify the username directly by using plain text or
+        /// specify an encrypted username by using a Secret Manager secret:
+        /// `projects/*/secrets/*/versions/*`. However, using a secret is
+        /// recommended for enhanced security.
+        ///
+        /// Caution: If you specify the username using plain text, you risk the
+        /// username being exposed to any users who can view the job or its logs.
+        /// To avoid this risk, specify a secret that contains the username instead.
+        ///
+        /// Learn more about [Secret
+        /// Manager](https://cloud.google.com/secret-manager/docs/) and [using
+        /// Secret Manager with
+        /// Batch](https://cloud.google.com/batch/docs/create-run-job-secret-manager).
         /// </summary>
         [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
         [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -2444,9 +2457,21 @@ public string Username {
         public const int PasswordFieldNumber = 11;
         private string password_ = "";
         /// <summary>
-        /// Optional password for logging in to a docker registry. If password
-        /// matches `projects/*/secrets/*/versions/*` then Batch will read the
-        /// password from the Secret Manager;
+        /// Required if the container image is from a private Docker registry. The
+        /// password to login to the Docker registry that contains the image.
+        ///
+        /// For security, it is strongly recommended to specify an
+        /// encrypted password by using a Secret Manager secret:
+        /// `projects/*/secrets/*/versions/*`.
+        ///
+        /// Warning: If you specify the password using plain text, you risk the
+        /// password being exposed to any users who can view the job or its logs.
+        /// To avoid this risk, specify a secret that contains the password instead.
+        ///
+        /// Learn more about [Secret
+        /// Manager](https://cloud.google.com/secret-manager/docs/) and [using
+        /// Secret Manager with
+        /// Batch](https://cloud.google.com/batch/docs/create-run-job-secret-manager).
         /// </summary>
         [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
         [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -2859,7 +2884,7 @@ public Script Clone() {
         /// first line of the file.(For example, to execute the script using bash,
         /// `#!/bin/bash` should be the first line of the file. To execute the
         /// script using`Python3`, `#!/usr/bin/env python3` should be the first
-        /// line of the file.) Otherwise, the file will by default be excuted by
+        /// line of the file.) Otherwise, the file will by default be executed by
         /// `/bin/sh`.
         /// </summary>
         [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
@@ -2895,7 +2920,7 @@ public void ClearPath() {
         /// beginning of the text.(For example, to execute the script using bash,
         /// `#!/bin/bash\n` should be added. To execute the script using`Python3`,
         /// `#!/usr/bin/env python3\n` should be added.) Otherwise, the script will
-        /// by default be excuted by `/bin/sh`.
+        /// by default be executed by `/bin/sh`.
         /// </summary>
         [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
         [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]