google-cloud-os_config-v1 0.7.0 → 0.8.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,597 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2021 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Google
21
+ module Cloud
22
+ module OsConfig
23
+ module V1
24
+ # An OS policy defines the desired state configuration for a VM.
25
+ # @!attribute [rw] id
26
+ # @return [::String]
27
+ # Required. The id of the OS policy with the following restrictions:
28
+ #
29
+ # * Must contain only lowercase letters, numbers, and hyphens.
30
+ # * Must start with a letter.
31
+ # * Must be between 1-63 characters.
32
+ # * Must end with a number or a letter.
33
+ # * Must be unique within the assignment.
34
+ # @!attribute [rw] description
35
+ # @return [::String]
36
+ # Policy description.
37
+ # Length of the description is limited to 1024 characters.
38
+ # @!attribute [rw] mode
39
+ # @return [::Google::Cloud::OsConfig::V1::OSPolicy::Mode]
40
+ # Required. Policy mode
41
+ # @!attribute [rw] resource_groups
42
+ # @return [::Array<::Google::Cloud::OsConfig::V1::OSPolicy::ResourceGroup>]
43
+ # Required. List of resource groups for the policy.
44
+ # For a particular VM, resource groups are evaluated in the order specified
45
+ # and the first resource group that is applicable is selected and the rest
46
+ # are ignored.
47
+ #
48
+ # If none of the resource groups are applicable for a VM, the VM is
49
+ # considered to be non-compliant w.r.t this policy. This behavior can be
50
+ # toggled by the flag `allow_no_resource_group_match`
51
+ # @!attribute [rw] allow_no_resource_group_match
52
+ # @return [::Boolean]
53
+ # This flag determines the OS policy compliance status when none of the
54
+ # resource groups within the policy are applicable for a VM. Set this value
55
+ # to `true` if the policy needs to be reported as compliant even if the
56
+ # policy has nothing to validate or enforce.
57
+ class OSPolicy
58
+ include ::Google::Protobuf::MessageExts
59
+ extend ::Google::Protobuf::MessageExts::ClassMethods
60
+
61
+ # Filtering criteria to select VMs based on inventory details.
62
+ # @!attribute [rw] os_short_name
63
+ # @return [::String]
64
+ # Required. The OS short name
65
+ # @!attribute [rw] os_version
66
+ # @return [::String]
67
+ # The OS version
68
+ #
69
+ # Prefix matches are supported if asterisk(*) is provided as the
70
+ # last character. For example, to match all versions with a major
71
+ # version of `7`, specify the following value for this field `7.*`
72
+ #
73
+ # An empty string matches all OS versions.
74
+ class InventoryFilter
75
+ include ::Google::Protobuf::MessageExts
76
+ extend ::Google::Protobuf::MessageExts::ClassMethods
77
+ end
78
+
79
+ # An OS policy resource is used to define the desired state configuration
80
+ # and provides a specific functionality like installing/removing packages,
81
+ # executing a script etc.
82
+ #
83
+ # The system ensures that resources are always in their desired state by
84
+ # taking necessary actions if they have drifted from their desired state.
85
+ # @!attribute [rw] id
86
+ # @return [::String]
87
+ # Required. The id of the resource with the following restrictions:
88
+ #
89
+ # * Must contain only lowercase letters, numbers, and hyphens.
90
+ # * Must start with a letter.
91
+ # * Must be between 1-63 characters.
92
+ # * Must end with a number or a letter.
93
+ # * Must be unique within the OS policy.
94
+ # @!attribute [rw] pkg
95
+ # @return [::Google::Cloud::OsConfig::V1::OSPolicy::Resource::PackageResource]
96
+ # Package resource
97
+ # @!attribute [rw] repository
98
+ # @return [::Google::Cloud::OsConfig::V1::OSPolicy::Resource::RepositoryResource]
99
+ # Package repository resource
100
+ # @!attribute [rw] exec
101
+ # @return [::Google::Cloud::OsConfig::V1::OSPolicy::Resource::ExecResource]
102
+ # Exec resource
103
+ # @!attribute [rw] file
104
+ # @return [::Google::Cloud::OsConfig::V1::OSPolicy::Resource::FileResource]
105
+ # File resource
106
+ class Resource
107
+ include ::Google::Protobuf::MessageExts
108
+ extend ::Google::Protobuf::MessageExts::ClassMethods
109
+
110
+ # A remote or local file.
111
+ # @!attribute [rw] remote
112
+ # @return [::Google::Cloud::OsConfig::V1::OSPolicy::Resource::File::Remote]
113
+ # A generic remote file.
114
+ # @!attribute [rw] gcs
115
+ # @return [::Google::Cloud::OsConfig::V1::OSPolicy::Resource::File::Gcs]
116
+ # A Cloud Storage object.
117
+ # @!attribute [rw] local_path
118
+ # @return [::String]
119
+ # A local path within the VM to use.
120
+ # @!attribute [rw] allow_insecure
121
+ # @return [::Boolean]
122
+ # Defaults to false. When false, files are subject to validations
123
+ # based on the file type:
124
+ #
125
+ # Remote: A checksum must be specified.
126
+ # Cloud Storage: An object generation number must be specified.
127
+ class File
128
+ include ::Google::Protobuf::MessageExts
129
+ extend ::Google::Protobuf::MessageExts::ClassMethods
130
+
131
+ # Specifies a file available via some URI.
132
+ # @!attribute [rw] uri
133
+ # @return [::String]
134
+ # Required. URI from which to fetch the object. It should contain both
135
+ # the protocol and path following the format `{protocol}://{location}`.
136
+ # @!attribute [rw] sha256_checksum
137
+ # @return [::String]
138
+ # SHA256 checksum of the remote file.
139
+ class Remote
140
+ include ::Google::Protobuf::MessageExts
141
+ extend ::Google::Protobuf::MessageExts::ClassMethods
142
+ end
143
+
144
+ # Specifies a file available as a Cloud Storage Object.
145
+ # @!attribute [rw] bucket
146
+ # @return [::String]
147
+ # Required. Bucket of the Cloud Storage object.
148
+ # @!attribute [rw] object
149
+ # @return [::String]
150
+ # Required. Name of the Cloud Storage object.
151
+ # @!attribute [rw] generation
152
+ # @return [::Integer]
153
+ # Generation number of the Cloud Storage object.
154
+ class Gcs
155
+ include ::Google::Protobuf::MessageExts
156
+ extend ::Google::Protobuf::MessageExts::ClassMethods
157
+ end
158
+ end
159
+
160
+ # A resource that manages a system package.
161
+ # @!attribute [rw] desired_state
162
+ # @return [::Google::Cloud::OsConfig::V1::OSPolicy::Resource::PackageResource::DesiredState]
163
+ # Required. The desired state the agent should maintain for this package.
164
+ # @!attribute [rw] apt
165
+ # @return [::Google::Cloud::OsConfig::V1::OSPolicy::Resource::PackageResource::APT]
166
+ # A package managed by Apt.
167
+ # @!attribute [rw] deb
168
+ # @return [::Google::Cloud::OsConfig::V1::OSPolicy::Resource::PackageResource::Deb]
169
+ # A deb package file.
170
+ # @!attribute [rw] yum
171
+ # @return [::Google::Cloud::OsConfig::V1::OSPolicy::Resource::PackageResource::YUM]
172
+ # A package managed by YUM.
173
+ # @!attribute [rw] zypper
174
+ # @return [::Google::Cloud::OsConfig::V1::OSPolicy::Resource::PackageResource::Zypper]
175
+ # A package managed by Zypper.
176
+ # @!attribute [rw] rpm
177
+ # @return [::Google::Cloud::OsConfig::V1::OSPolicy::Resource::PackageResource::RPM]
178
+ # An rpm package file.
179
+ # @!attribute [rw] googet
180
+ # @return [::Google::Cloud::OsConfig::V1::OSPolicy::Resource::PackageResource::GooGet]
181
+ # A package managed by GooGet.
182
+ # @!attribute [rw] msi
183
+ # @return [::Google::Cloud::OsConfig::V1::OSPolicy::Resource::PackageResource::MSI]
184
+ # An MSI package.
185
+ class PackageResource
186
+ include ::Google::Protobuf::MessageExts
187
+ extend ::Google::Protobuf::MessageExts::ClassMethods
188
+
189
+ # A deb package file. dpkg packages only support INSTALLED state.
190
+ # @!attribute [rw] source
191
+ # @return [::Google::Cloud::OsConfig::V1::OSPolicy::Resource::File]
192
+ # Required. A deb package.
193
+ # @!attribute [rw] pull_deps
194
+ # @return [::Boolean]
195
+ # Whether dependencies should also be installed.
196
+ # - install when false: `dpkg -i package`
197
+ # - install when true: `apt-get update && apt-get -y install
198
+ # package.deb`
199
+ class Deb
200
+ include ::Google::Protobuf::MessageExts
201
+ extend ::Google::Protobuf::MessageExts::ClassMethods
202
+ end
203
+
204
+ # A package managed by APT.
205
+ # - install: `apt-get update && apt-get -y install [name]`
206
+ # - remove: `apt-get -y remove [name]`
207
+ # @!attribute [rw] name
208
+ # @return [::String]
209
+ # Required. Package name.
210
+ class APT
211
+ include ::Google::Protobuf::MessageExts
212
+ extend ::Google::Protobuf::MessageExts::ClassMethods
213
+ end
214
+
215
+ # An RPM package file. RPM packages only support INSTALLED state.
216
+ # @!attribute [rw] source
217
+ # @return [::Google::Cloud::OsConfig::V1::OSPolicy::Resource::File]
218
+ # Required. An rpm package.
219
+ # @!attribute [rw] pull_deps
220
+ # @return [::Boolean]
221
+ # Whether dependencies should also be installed.
222
+ # - install when false: `rpm --upgrade --replacepkgs package.rpm`
223
+ # - install when true: `yum -y install package.rpm` or
224
+ # `zypper -y install package.rpm`
225
+ class RPM
226
+ include ::Google::Protobuf::MessageExts
227
+ extend ::Google::Protobuf::MessageExts::ClassMethods
228
+ end
229
+
230
+ # A package managed by YUM.
231
+ # - install: `yum -y install package`
232
+ # - remove: `yum -y remove package`
233
+ # @!attribute [rw] name
234
+ # @return [::String]
235
+ # Required. Package name.
236
+ class YUM
237
+ include ::Google::Protobuf::MessageExts
238
+ extend ::Google::Protobuf::MessageExts::ClassMethods
239
+ end
240
+
241
+ # A package managed by Zypper.
242
+ # - install: `zypper -y install package`
243
+ # - remove: `zypper -y rm package`
244
+ # @!attribute [rw] name
245
+ # @return [::String]
246
+ # Required. Package name.
247
+ class Zypper
248
+ include ::Google::Protobuf::MessageExts
249
+ extend ::Google::Protobuf::MessageExts::ClassMethods
250
+ end
251
+
252
+ # A package managed by GooGet.
253
+ # - install: `googet -noconfirm install package`
254
+ # - remove: `googet -noconfirm remove package`
255
+ # @!attribute [rw] name
256
+ # @return [::String]
257
+ # Required. Package name.
258
+ class GooGet
259
+ include ::Google::Protobuf::MessageExts
260
+ extend ::Google::Protobuf::MessageExts::ClassMethods
261
+ end
262
+
263
+ # An MSI package. MSI packages only support INSTALLED state.
264
+ # @!attribute [rw] source
265
+ # @return [::Google::Cloud::OsConfig::V1::OSPolicy::Resource::File]
266
+ # Required. The MSI package.
267
+ # @!attribute [rw] properties
268
+ # @return [::Array<::String>]
269
+ # Additional properties to use during installation.
270
+ # This should be in the format of Property=Setting.
271
+ # Appended to the defaults of `ACTION=INSTALL
272
+ # REBOOT=ReallySuppress`.
273
+ class MSI
274
+ include ::Google::Protobuf::MessageExts
275
+ extend ::Google::Protobuf::MessageExts::ClassMethods
276
+ end
277
+
278
+ # The desired state that the OS Config agent maintains on the VM.
279
+ module DesiredState
280
+ # Unspecified is invalid.
281
+ DESIRED_STATE_UNSPECIFIED = 0
282
+
283
+ # Ensure that the package is installed.
284
+ INSTALLED = 1
285
+
286
+ # The agent ensures that the package is not installed and
287
+ # uninstalls it if detected.
288
+ REMOVED = 2
289
+ end
290
+ end
291
+
292
+ # A resource that manages a package repository.
293
+ # @!attribute [rw] apt
294
+ # @return [::Google::Cloud::OsConfig::V1::OSPolicy::Resource::RepositoryResource::AptRepository]
295
+ # An Apt Repository.
296
+ # @!attribute [rw] yum
297
+ # @return [::Google::Cloud::OsConfig::V1::OSPolicy::Resource::RepositoryResource::YumRepository]
298
+ # A Yum Repository.
299
+ # @!attribute [rw] zypper
300
+ # @return [::Google::Cloud::OsConfig::V1::OSPolicy::Resource::RepositoryResource::ZypperRepository]
301
+ # A Zypper Repository.
302
+ # @!attribute [rw] goo
303
+ # @return [::Google::Cloud::OsConfig::V1::OSPolicy::Resource::RepositoryResource::GooRepository]
304
+ # A Goo Repository.
305
+ class RepositoryResource
306
+ include ::Google::Protobuf::MessageExts
307
+ extend ::Google::Protobuf::MessageExts::ClassMethods
308
+
309
+ # Represents a single apt package repository. These will be added to
310
+ # a repo file that will be managed at
311
+ # `/etc/apt/sources.list.d/google_osconfig.list`.
312
+ # @!attribute [rw] archive_type
313
+ # @return [::Google::Cloud::OsConfig::V1::OSPolicy::Resource::RepositoryResource::AptRepository::ArchiveType]
314
+ # Required. Type of archive files in this repository.
315
+ # @!attribute [rw] uri
316
+ # @return [::String]
317
+ # Required. URI for this repository.
318
+ # @!attribute [rw] distribution
319
+ # @return [::String]
320
+ # Required. Distribution of this repository.
321
+ # @!attribute [rw] components
322
+ # @return [::Array<::String>]
323
+ # Required. List of components for this repository. Must contain at
324
+ # least one item.
325
+ # @!attribute [rw] gpg_key
326
+ # @return [::String]
327
+ # URI of the key file for this repository. The agent maintains a
328
+ # keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg`.
329
+ class AptRepository
330
+ include ::Google::Protobuf::MessageExts
331
+ extend ::Google::Protobuf::MessageExts::ClassMethods
332
+
333
+ # Type of archive.
334
+ module ArchiveType
335
+ # Unspecified is invalid.
336
+ ARCHIVE_TYPE_UNSPECIFIED = 0
337
+
338
+ # Deb indicates that the archive contains binary files.
339
+ DEB = 1
340
+
341
+ # Deb-src indicates that the archive contains source files.
342
+ DEB_SRC = 2
343
+ end
344
+ end
345
+
346
+ # Represents a single yum package repository. These are added to a
347
+ # repo file that is managed at
348
+ # `/etc/yum.repos.d/google_osconfig.repo`.
349
+ # @!attribute [rw] id
350
+ # @return [::String]
351
+ # Required. A one word, unique name for this repository. This is the
352
+ # `repo id` in the yum config file and also the `display_name` if
353
+ # `display_name` is omitted. This id is also used as the unique
354
+ # identifier when checking for resource conflicts.
355
+ # @!attribute [rw] display_name
356
+ # @return [::String]
357
+ # The display name of the repository.
358
+ # @!attribute [rw] base_url
359
+ # @return [::String]
360
+ # Required. The location of the repository directory.
361
+ # @!attribute [rw] gpg_keys
362
+ # @return [::Array<::String>]
363
+ # URIs of GPG keys.
364
+ class YumRepository
365
+ include ::Google::Protobuf::MessageExts
366
+ extend ::Google::Protobuf::MessageExts::ClassMethods
367
+ end
368
+
369
+ # Represents a single zypper package repository. These are added to a
370
+ # repo file that is managed at
371
+ # `/etc/zypp/repos.d/google_osconfig.repo`.
372
+ # @!attribute [rw] id
373
+ # @return [::String]
374
+ # Required. A one word, unique name for this repository. This is the
375
+ # `repo id` in the zypper config file and also the `display_name` if
376
+ # `display_name` is omitted. This id is also used as the unique
377
+ # identifier when checking for GuestPolicy conflicts.
378
+ # @!attribute [rw] display_name
379
+ # @return [::String]
380
+ # The display name of the repository.
381
+ # @!attribute [rw] base_url
382
+ # @return [::String]
383
+ # Required. The location of the repository directory.
384
+ # @!attribute [rw] gpg_keys
385
+ # @return [::Array<::String>]
386
+ # URIs of GPG keys.
387
+ class ZypperRepository
388
+ include ::Google::Protobuf::MessageExts
389
+ extend ::Google::Protobuf::MessageExts::ClassMethods
390
+ end
391
+
392
+ # Represents a Goo package repository. These are added to a repo file
393
+ # that is managed at
394
+ # `C:/ProgramData/GooGet/repos/google_osconfig.repo`.
395
+ # @!attribute [rw] name
396
+ # @return [::String]
397
+ # Required. The name of the repository.
398
+ # @!attribute [rw] url
399
+ # @return [::String]
400
+ # Required. The url of the repository.
401
+ class GooRepository
402
+ include ::Google::Protobuf::MessageExts
403
+ extend ::Google::Protobuf::MessageExts::ClassMethods
404
+ end
405
+ end
406
+
407
+ # A resource that allows executing scripts on the VM.
408
+ #
409
+ # The `ExecResource` has 2 stages: `validate` and `enforce` and both stages
410
+ # accept a script as an argument to execute.
411
+ #
412
+ # When the `ExecResource` is applied by the agent, it first executes the
413
+ # script in the `validate` stage. The `validate` stage can signal that the
414
+ # `ExecResource` is already in the desired state by returning an exit code
415
+ # of `100`. If the `ExecResource` is not in the desired state, it should
416
+ # return an exit code of `101`. Any other exit code returned by this stage
417
+ # is considered an error.
418
+ #
419
+ # If the `ExecResource` is not in the desired state based on the exit code
420
+ # from the `validate` stage, the agent proceeds to execute the script from
421
+ # the `enforce` stage. If the `ExecResource` is already in the desired
422
+ # state, the `enforce` stage will not be run.
423
+ # Similar to `validate` stage, the `enforce` stage should return an exit
424
+ # code of `100` to indicate that the resource in now in its desired state.
425
+ # Any other exit code is considered an error.
426
+ #
427
+ # NOTE: An exit code of `100` was chosen over `0` (and `101` vs `1`) to
428
+ # have an explicit indicator of `in desired state`, `not in desired state`
429
+ # and errors. Because, for example, Powershell will always return an exit
430
+ # code of `0` unless an `exit` statement is provided in the script. So, for
431
+ # reasons of consistency and being explicit, exit codes `100` and `101`
432
+ # were chosen.
433
+ # @!attribute [rw] validate
434
+ # @return [::Google::Cloud::OsConfig::V1::OSPolicy::Resource::ExecResource::Exec]
435
+ # Required. What to run to validate this resource is in the desired
436
+ # state. An exit code of 100 indicates "in desired state", and exit code
437
+ # of 101 indicates "not in desired state". Any other exit code indicates
438
+ # a failure running validate.
439
+ # @!attribute [rw] enforce
440
+ # @return [::Google::Cloud::OsConfig::V1::OSPolicy::Resource::ExecResource::Exec]
441
+ # What to run to bring this resource into the desired state.
442
+ # An exit code of 100 indicates "success", any other exit code indicates
443
+ # a failure running enforce.
444
+ class ExecResource
445
+ include ::Google::Protobuf::MessageExts
446
+ extend ::Google::Protobuf::MessageExts::ClassMethods
447
+
448
+ # A file or script to execute.
449
+ # @!attribute [rw] file
450
+ # @return [::Google::Cloud::OsConfig::V1::OSPolicy::Resource::File]
451
+ # A remote or local file.
452
+ # @!attribute [rw] script
453
+ # @return [::String]
454
+ # An inline script.
455
+ # The size of the script is limited to 1024 characters.
456
+ # @!attribute [rw] args
457
+ # @return [::Array<::String>]
458
+ # Optional arguments to pass to the source during execution.
459
+ # @!attribute [rw] interpreter
460
+ # @return [::Google::Cloud::OsConfig::V1::OSPolicy::Resource::ExecResource::Exec::Interpreter]
461
+ # Required. The script interpreter to use.
462
+ # @!attribute [rw] output_file_path
463
+ # @return [::String]
464
+ # Only recorded for enforce Exec.
465
+ # Path to an output file (that is created by this Exec) whose
466
+ # content will be recorded in OSPolicyResourceCompliance after a
467
+ # successful run. Absence or failure to read this file will result in
468
+ # this ExecResource being non-compliant. Output file size is limited to
469
+ # 100K bytes.
470
+ class Exec
471
+ include ::Google::Protobuf::MessageExts
472
+ extend ::Google::Protobuf::MessageExts::ClassMethods
473
+
474
+ # The interpreter to use.
475
+ module Interpreter
476
+ # Defaults to NONE.
477
+ INTERPRETER_UNSPECIFIED = 0
478
+
479
+ # If an interpreter is not specified, the
480
+ # source is executed directly. This execution, without an
481
+ # interpreter, only succeeds for executables and scripts that have <a
482
+ # href="https://en.wikipedia.org/wiki/Shebang_(Unix)"
483
+ # class="external">shebang lines</a>.
484
+ NONE = 1
485
+
486
+ # Indicates that the script runs with `/bin/sh` on Linux and
487
+ # `cmd.exe` on Windows.
488
+ SHELL = 2
489
+
490
+ # Indicates that the script runs with PowerShell.
491
+ POWERSHELL = 3
492
+ end
493
+ end
494
+ end
495
+
496
+ # A resource that manages the state of a file.
497
+ # @!attribute [rw] file
498
+ # @return [::Google::Cloud::OsConfig::V1::OSPolicy::Resource::File]
499
+ # A remote or local source.
500
+ # @!attribute [rw] content
501
+ # @return [::String]
502
+ # A a file with this content.
503
+ # The size of the content is limited to 1024 characters.
504
+ # @!attribute [rw] path
505
+ # @return [::String]
506
+ # Required. The absolute path of the file within the VM.
507
+ # @!attribute [rw] state
508
+ # @return [::Google::Cloud::OsConfig::V1::OSPolicy::Resource::FileResource::DesiredState]
509
+ # Required. Desired state of the file.
510
+ # @!attribute [rw] permissions
511
+ # @return [::String]
512
+ # Consists of three octal digits which represent, in
513
+ # order, the permissions of the owner, group, and other users for the
514
+ # file (similarly to the numeric mode used in the linux chmod
515
+ # utility). Each digit represents a three bit number with the 4 bit
516
+ # corresponding to the read permissions, the 2 bit corresponds to the
517
+ # write bit, and the one bit corresponds to the execute permission.
518
+ # Default behavior is 755.
519
+ #
520
+ # Below are some examples of permissions and their associated values:
521
+ # read, write, and execute: 7
522
+ # read and execute: 5
523
+ # read and write: 6
524
+ # read only: 4
525
+ class FileResource
526
+ include ::Google::Protobuf::MessageExts
527
+ extend ::Google::Protobuf::MessageExts::ClassMethods
528
+
529
+ # Desired state of the file.
530
+ module DesiredState
531
+ # Unspecified is invalid.
532
+ DESIRED_STATE_UNSPECIFIED = 0
533
+
534
+ # Ensure file at path is present.
535
+ PRESENT = 1
536
+
537
+ # Ensure file at path is absent.
538
+ ABSENT = 2
539
+
540
+ # Ensure the contents of the file at path matches. If the file does
541
+ # not exist it will be created.
542
+ CONTENTS_MATCH = 3
543
+ end
544
+ end
545
+ end
546
+
547
+ # Resource groups provide a mechanism to group OS policy resources.
548
+ #
549
+ # Resource groups enable OS policy authors to create a single OS policy
550
+ # to be applied to VMs running different operating Systems.
551
+ #
552
+ # When the OS policy is applied to a target VM, the appropriate resource
553
+ # group within the OS policy is selected based on the `OSFilter` specified
554
+ # within the resource group.
555
+ # @!attribute [rw] inventory_filters
556
+ # @return [::Array<::Google::Cloud::OsConfig::V1::OSPolicy::InventoryFilter>]
557
+ # List of inventory filters for the resource group.
558
+ #
559
+ # The resources in this resource group are applied to the target VM if it
560
+ # satisfies at least one of the following inventory filters.
561
+ #
562
+ # For example, to apply this resource group to VMs running either `RHEL` or
563
+ # `CentOS` operating systems, specify 2 items for the list with following
564
+ # values:
565
+ # inventory_filters[0].os_short_name='rhel' and
566
+ # inventory_filters[1].os_short_name='centos'
567
+ #
568
+ # If the list is empty, this resource group will be applied to the target
569
+ # VM unconditionally.
570
+ # @!attribute [rw] resources
571
+ # @return [::Array<::Google::Cloud::OsConfig::V1::OSPolicy::Resource>]
572
+ # Required. List of resources configured for this resource group.
573
+ # The resources are executed in the exact order specified here.
574
+ class ResourceGroup
575
+ include ::Google::Protobuf::MessageExts
576
+ extend ::Google::Protobuf::MessageExts::ClassMethods
577
+ end
578
+
579
+ # Policy mode
580
+ module Mode
581
+ # Invalid mode
582
+ MODE_UNSPECIFIED = 0
583
+
584
+ # This mode checks if the configuration resources in the policy are in
585
+ # their desired state. No actions are performed if they are not in the
586
+ # desired state. This mode is used for reporting purposes.
587
+ VALIDATION = 1
588
+
589
+ # This mode checks if the configuration resources in the policy are in
590
+ # their desired state, and if not, enforces the desired state.
591
+ ENFORCEMENT = 2
592
+ end
593
+ end
594
+ end
595
+ end
596
+ end
597
+ end