google-cloud-os_config-v1alpha 0.1.2 → 0.3.0

data/proto_docs/google/api/resource.rb

@@ -33,11 +33,7 @@ module Google
     #       // For Kubernetes resources, the format is {api group}/{kind}.
     #       option (google.api.resource) = {
     #         type: "pubsub.googleapis.com/Topic"
-    #         name_descriptor: {
-    #           pattern: "projects/{project}/topics/{topic}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #           parent_name_extractor: "projects/{project}"
-    #         }
+    #         pattern: "projects/{project}/topics/{topic}"
     #       };
     #     }
     #
@@ -45,10 +41,7 @@ module Google
     #
     #     resources:
     #     - type: "pubsub.googleapis.com/Topic"
-    #       name_descriptor:
-    #         - pattern: "projects/{project}/topics/{topic}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #           parent_name_extractor: "projects/{project}"
+    #       pattern: "projects/{project}/topics/{topic}"
     #
     # Sometimes, resources have multiple patterns, typically because they can
     # live under multiple parents.
@@ -58,26 +51,10 @@ module Google
     #     message LogEntry {
     #       option (google.api.resource) = {
     #         type: "logging.googleapis.com/LogEntry"
-    #         name_descriptor: {
-    #           pattern: "projects/{project}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #           parent_name_extractor: "projects/{project}"
-    #         }
-    #         name_descriptor: {
-    #           pattern: "folders/{folder}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
-    #           parent_name_extractor: "folders/{folder}"
-    #         }
-    #         name_descriptor: {
-    #           pattern: "organizations/{organization}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Organization"
-    #           parent_name_extractor: "organizations/{organization}"
-    #         }
-    #         name_descriptor: {
-    #           pattern: "billingAccounts/{billing_account}/logs/{log}"
-    #           parent_type: "billing.googleapis.com/BillingAccount"
-    #           parent_name_extractor: "billingAccounts/{billing_account}"
-    #         }
+    #         pattern: "projects/{project}/logs/{log}"
+    #         pattern: "folders/{folder}/logs/{log}"
+    #         pattern: "organizations/{organization}/logs/{log}"
+    #         pattern: "billingAccounts/{billing_account}/logs/{log}"
     #       };
     #     }
     #
@@ -85,48 +62,10 @@ module Google
     #
     #     resources:
     #     - type: 'logging.googleapis.com/LogEntry'
-    #       name_descriptor:
-    #         - pattern: "projects/{project}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #           parent_name_extractor: "projects/{project}"
-    #         - pattern: "folders/{folder}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
-    #           parent_name_extractor: "folders/{folder}"
-    #         - pattern: "organizations/{organization}/logs/{log}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Organization"
-    #           parent_name_extractor: "organizations/{organization}"
-    #         - pattern: "billingAccounts/{billing_account}/logs/{log}"
-    #           parent_type: "billing.googleapis.com/BillingAccount"
-    #           parent_name_extractor: "billingAccounts/{billing_account}"
-    #
-    # For flexible resources, the resource name doesn't contain parent names, but
-    # the resource itself has parents for policy evaluation.
-    #
-    # Example:
-    #
-    #     message Shelf {
-    #       option (google.api.resource) = {
-    #         type: "library.googleapis.com/Shelf"
-    #         name_descriptor: {
-    #           pattern: "shelves/{shelf}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #         }
-    #         name_descriptor: {
-    #           pattern: "shelves/{shelf}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
-    #         }
-    #       };
-    #     }
-    #
-    # The ResourceDescriptor Yaml config will look like:
-    #
-    #     resources:
-    #     - type: 'library.googleapis.com/Shelf'
-    #       name_descriptor:
-    #         - pattern: "shelves/{shelf}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #         - pattern: "shelves/{shelf}"
-    #           parent_type: "cloudresourcemanager.googleapis.com/Folder"
+    #       pattern: "projects/{project}/logs/{log}"
+    #       pattern: "folders/{folder}/logs/{log}"
+    #       pattern: "organizations/{organization}/logs/{log}"
+    #       pattern: "billingAccounts/{billing_account}/logs/{log}"
     # @!attribute [rw] type
     #   @return [::String]
     #     The resource type. It must be in the format of

data/proto_docs/google/cloud/osconfig/v1alpha/inventory.rb

@@ -172,6 +172,9 @@ module Google
           # @!attribute [rw] cos_package
           #   @return [::Google::Cloud::OsConfig::V1alpha::Inventory::VersionedPackage]
           #     Details of a COS package.
+          # @!attribute [rw] windows_application
+          #   @return [::Google::Cloud::OsConfig::V1alpha::Inventory::WindowsApplication]
+          #     Details of Windows Application.
           class SoftwarePackage
             include ::Google::Protobuf::MessageExts
             extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -284,6 +287,31 @@ module Google
             extend ::Google::Protobuf::MessageExts::ClassMethods
           end
 
+          # Contains information about a Windows application that is retrieved from the
+          # Windows Registry. For more information about these fields, see:
+          # https://docs.microsoft.com/en-us/windows/win32/msi/uninstall-registry-key
+          # @!attribute [rw] display_name
+          #   @return [::String]
+          #     The name of the application or product.
+          # @!attribute [rw] display_version
+          #   @return [::String]
+          #     The version of the product or application in string format.
+          # @!attribute [rw] publisher
+          #   @return [::String]
+          #     The name of the manufacturer for the product or application.
+          # @!attribute [rw] install_date
+          #   @return [::Google::Type::Date]
+          #     The last time this product received service. The value of this property
+          #     is replaced each time a patch is applied or removed from the product or
+          #     the command-line option is used to repair the product.
+          # @!attribute [rw] help_link
+          #   @return [::String]
+          #     The internet address for technical support.
+          class WindowsApplication
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
           # @!attribute [rw] key
           #   @return [::String]
           # @!attribute [rw] value
@@ -320,11 +348,9 @@ module Google
         #   @return [::String]
         #     Required. The parent resource name.
         #
-        #     Format: `projects/{project}/locations/{location}/instances/{instance}`
+        #     Format: `projects/{project}/locations/{location}/instances/-`
         #
-        #     For `{project}`, either `project-number` or `project-id` can be
-        #     provided. For `{instance}`, only hyphen or dash character is supported to
-        #     list inventories across VMs.
+        #     For `{project}`, either `project-number` or `project-id` can be provided.
         # @!attribute [rw] view
         #   @return [::Google::Cloud::OsConfig::V1alpha::InventoryView]
         #     Inventory view indicating what information should be included in the

data/proto_docs/google/cloud/osconfig/v1alpha/os_policy.rb

@@ -58,8 +58,7 @@ module Google
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
 
-          # The `OSFilter` is used to specify the OS filtering criteria for the
-          # resource group.
+          # Filtering criteria to select VMs based on OS details.
           # @!attribute [rw] os_short_name
           #   @return [::String]
           #     This should match OS short name emitted by the OS inventory agent.
@@ -76,6 +75,24 @@ module Google
             extend ::Google::Protobuf::MessageExts::ClassMethods
           end
 
+          # Filtering criteria to select VMs based on inventory details.
+          # @!attribute [rw] os_short_name
+          #   @return [::String]
+          #     Required. The OS short name
+          # @!attribute [rw] os_version
+          #   @return [::String]
+          #     The OS version
+          #
+          #     Prefix matches are supported if asterisk(*) is provided as the
+          #     last character. For example, to match all versions with a major
+          #     version of `7`, specify the following value for this field `7.*`
+          #
+          #     An empty string matches all OS versions.
+          class InventoryFilter
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
           # An OS policy resource is used to define the desired state configuration
           # and provides a specific functionality like installing/removing packages,
           # executing a script etc.
@@ -473,21 +490,21 @@ module Google
 
                 # The interpreter to use.
                 module Interpreter
-                  # Defaults to NONE.
+                  # Invalid value, the request will return validation error.
                   INTERPRETER_UNSPECIFIED = 0
 
-                  # If no interpreter is specified the
-                  # source will be executed directly, which will likely only
-                  # succeed for executables and scripts with shebang lines.
-                  # [Wikipedia
-                  # shebang](https://en.wikipedia.org/wiki/Shebang_(Unix)).
+                  # If an interpreter is not specified, the
+                  # source is executed directly. This execution, without an
+                  # interpreter, only succeeds for executables and scripts that have <a
+                  # href="https://en.wikipedia.org/wiki/Shebang_(Unix)"
+                  # class="external">shebang lines</a>.
                   NONE = 1
 
-                  # Indicates that the script will be run with /bin/sh on Linux and
-                  # cmd.exe on windows.
+                  # Indicates that the script runs with `/bin/sh` on Linux and
+                  # `cmd.exe` on Windows.
                   SHELL = 2
 
-                  # Indicates that the script will be run with powershell.
+                  # Indicates that the script runs with PowerShell.
                   POWERSHELL = 3
                 end
               end
@@ -554,7 +571,23 @@ module Google
           # within the resource group.
           # @!attribute [rw] os_filter
           #   @return [::Google::Cloud::OsConfig::V1alpha::OSPolicy::OSFilter]
+          #     Deprecated. Use the `inventory_filters` field instead.
           #     Used to specify the OS filter for a resource group
+          # @!attribute [rw] inventory_filters
+          #   @return [::Array<::Google::Cloud::OsConfig::V1alpha::OSPolicy::InventoryFilter>]
+          #     List of inventory filters for the resource group.
+          #
+          #     The resources in this resource group are applied to the target VM if it
+          #     satisfies at least one of the following inventory filters.
+          #
+          #     For example, to apply this resource group to VMs running either `RHEL` or
+          #     `CentOS` operating systems, specify 2 items for the list with following
+          #     values:
+          #     inventory_filters[0].os_short_name='rhel' and
+          #     inventory_filters[1].os_short_name='centos'
+          #
+          #     If the list is empty, this resource group will be applied to the target
+          #     VM unconditionally.
           # @!attribute [rw] resources
           #   @return [::Array<::Google::Cloud::OsConfig::V1alpha::OSPolicy::Resource>]
           #     Required. List of resources configured for this resource group.

data/proto_docs/google/cloud/osconfig/v1alpha/os_policy_assignment_reports.rb

@@ -0,0 +1,293 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module OsConfig
+      module V1alpha
+        # Get a report of the OS policy assignment for a VM instance.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. API resource name for OS policy assignment report.
+        #
+        #     Format:
+        #     `/projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/{assignment}/report`
+        #
+        #     For `{project}`, either `project-number` or `project-id` can be provided.
+        #     For `{instance_id}`, either Compute Engine `instance-id` or `instance-name`
+        #     can be provided.
+        #     For `{assignment_id}`, the OSPolicyAssignment id must be provided.
+        class GetOSPolicyAssignmentReportRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # List the OS policy assignment reports for VM instances.
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     Required. The parent resource name.
+        #
+        #     Format:
+        #     `projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/{assignment}/reports`
+        #
+        #     For `{project}`, either `project-number` or `project-id` can be provided.
+        #     For `{instance}`, either `instance-name`, `instance-id`, or `-` can be
+        #     provided. If '-' is provided, the response will include
+        #     OSPolicyAssignmentReports for all instances in the project/location.
+        #     For `{assignment}`, either `assignment-id` or `-` can be provided. If '-'
+        #     is provided, the response will include OSPolicyAssignmentReports for all
+        #     OSPolicyAssignments in the project/location.
+        #     Either \\{instance} or \\{assignment} must be `-`.
+        #
+        #     For example:
+        #     `projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/-/reports`
+        #      returns all reports for the instance
+        #     `projects/{project}/locations/{location}/instances/-/osPolicyAssignments/{assignment-id}/reports`
+        #      returns all the reports for the given assignment across all instances.
+        #     `projects/{project}/locations/{location}/instances/-/osPolicyAssignments/-/reports`
+        #      returns all the reports for all assignments across all instances.
+        # @!attribute [rw] page_size
+        #   @return [::Integer]
+        #     The maximum number of results to return.
+        # @!attribute [rw] filter
+        #   @return [::String]
+        #     If provided, this field specifies the criteria that must be met by the
+        #     `OSPolicyAssignmentReport` API resource that is included in the response.
+        # @!attribute [rw] page_token
+        #   @return [::String]
+        #     A pagination token returned from a previous call to the
+        #     `ListOSPolicyAssignmentReports` method that indicates where this listing
+        #     should continue from.
+        class ListOSPolicyAssignmentReportsRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A response message for listing OS Policy assignment reports including the
+        # page of results and page token.
+        # @!attribute [rw] os_policy_assignment_reports
+        #   @return [::Array<::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignmentReport>]
+        #     List of OS policy assignment reports.
+        # @!attribute [rw] next_page_token
+        #   @return [::String]
+        #     The pagination token to retrieve the next page of OS policy assignment
+        #     report objects.
+        class ListOSPolicyAssignmentReportsResponse
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # A report of the OS policy assignment status for a given instance.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     The `OSPolicyAssignmentReport` API resource name.
+        #
+        #     Format:
+        #     `projects/{project_number}/locations/{location}/instances/{instance_id}/osPolicyAssignments/{os_policy_assignment_id}/report`
+        # @!attribute [rw] instance
+        #   @return [::String]
+        #     The Compute Engine VM instance name.
+        # @!attribute [rw] os_policy_assignment
+        #   @return [::String]
+        #     Reference to the `OSPolicyAssignment` API resource that the `OSPolicy`
+        #     belongs to.
+        #
+        #     Format:
+        #     `projects/{project_number}/locations/{location}/osPolicyAssignments/{os_policy_assignment_id@revision_id}`
+        # @!attribute [rw] os_policy_compliances
+        #   @return [::Array<::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignmentReport::OSPolicyCompliance>]
+        #     Compliance data for each `OSPolicy` that is applied to the VM.
+        # @!attribute [rw] update_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Timestamp for when the report was last generated.
+        # @!attribute [rw] last_run_id
+        #   @return [::String]
+        #     Unique identifier of the last attempted run to apply the OS policies
+        #     associated with this assignment on the VM.
+        #
+        #     This ID is logged by the OS Config agent while applying the OS
+        #     policies associated with this assignment on the VM.
+        #     NOTE: If the service is unable to successfully connect to the agent for
+        #     this run, then this id will not be available in the agent logs.
+        class OSPolicyAssignmentReport
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # Compliance data for an OS policy
+          # @!attribute [rw] os_policy_id
+          #   @return [::String]
+          #     The OS policy id
+          # @!attribute [rw] compliance_state
+          #   @return [::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignmentReport::OSPolicyCompliance::ComplianceState]
+          #     The compliance state of the OS policy.
+          # @!attribute [rw] compliance_state_reason
+          #   @return [::String]
+          #     The reason for the OS policy to be in an unknown compliance state.
+          #     This field is always populated when `compliance_state` is `UNKNOWN`.
+          #
+          #     If populated, the field can contain one of the following values:
+          #
+          #     * `vm-not-running`: The VM was not running.
+          #     * `os-policies-not-supported-by-agent`: The version of the OS Config
+          #     agent running on the VM does not support running OS policies.
+          #     * `no-agent-detected`: The OS Config agent is not detected for the VM.
+          #     * `resource-execution-errors`: The OS Config agent encountered errors
+          #     while executing one or more resources in the policy. See
+          #     `os_policy_resource_compliances` for details.
+          #     * `task-timeout`: The task sent to the agent to apply the policy timed
+          #     out.
+          #     * `unexpected-agent-state`: The OS Config agent did not report the final
+          #     status of the task that attempted to apply the policy. Instead, the agent
+          #     unexpectedly started working on a different task. This mostly happens
+          #     when the agent or VM unexpectedly restarts while applying OS policies.
+          #     * `internal-service-errors`: Internal service errors were encountered
+          #     while attempting to apply the policy.
+          # @!attribute [rw] os_policy_resource_compliances
+          #   @return [::Array<::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignmentReport::OSPolicyCompliance::OSPolicyResourceCompliance>]
+          #     Compliance data for each resource within the policy that is applied to
+          #     the VM.
+          class OSPolicyCompliance
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+
+            # Compliance data for an OS policy resource.
+            # @!attribute [rw] os_policy_resource_id
+            #   @return [::String]
+            #     The ID of the OS policy resource.
+            # @!attribute [rw] config_steps
+            #   @return [::Array<::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignmentReport::OSPolicyCompliance::OSPolicyResourceCompliance::OSPolicyResourceConfigStep>]
+            #     Ordered list of configuration completed by the agent for the OS policy
+            #     resource.
+            # @!attribute [rw] compliance_state
+            #   @return [::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignmentReport::OSPolicyCompliance::OSPolicyResourceCompliance::ComplianceState]
+            #     The compliance state of the resource.
+            # @!attribute [rw] compliance_state_reason
+            #   @return [::String]
+            #     A reason for the resource to be in the given compliance state.
+            #     This field is always populated when `compliance_state` is `UNKNOWN`.
+            #
+            #     The following values are supported when `compliance_state == UNKNOWN`
+            #
+            #     * `execution-errors`: Errors were encountered by the agent while
+            #     executing the resource and the compliance state couldn't be
+            #     determined.
+            #     * `execution-skipped-by-agent`: Resource execution was skipped by the
+            #     agent because errors were encountered while executing prior resources
+            #     in the OS policy.
+            #     * `os-policy-execution-attempt-failed`: The execution of the OS policy
+            #     containing this resource failed and the compliance state couldn't be
+            #     determined.
+            # @!attribute [rw] exec_resource_output
+            #   @return [::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignmentReport::OSPolicyCompliance::OSPolicyResourceCompliance::ExecResourceOutput]
+            #     ExecResource specific output.
+            class OSPolicyResourceCompliance
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+
+              # Step performed by the OS Config agent for configuring an
+              # `OSPolicy` resource to its desired state.
+              # @!attribute [rw] type
+              #   @return [::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignmentReport::OSPolicyCompliance::OSPolicyResourceCompliance::OSPolicyResourceConfigStep::Type]
+              #     Configuration step type.
+              # @!attribute [rw] error_message
+              #   @return [::String]
+              #     An error message recorded during the execution of this step.
+              #     Only populated if errors were encountered during this step execution.
+              class OSPolicyResourceConfigStep
+                include ::Google::Protobuf::MessageExts
+                extend ::Google::Protobuf::MessageExts::ClassMethods
+
+                # Supported configuration step types
+                module Type
+                  # Default value. This value is unused.
+                  TYPE_UNSPECIFIED = 0
+
+                  # Checks for resource conflicts such as schema errors.
+                  VALIDATION = 1
+
+                  # Checks the current status of the desired state for a resource.
+                  DESIRED_STATE_CHECK = 2
+
+                  # Enforces the desired state for a resource that is not in desired
+                  # state.
+                  DESIRED_STATE_ENFORCEMENT = 3
+
+                  # Re-checks the status of the desired state. This check is done
+                  # for a resource after the enforcement of all OS policies.
+                  #
+                  # This step is used to determine the final desired state status for
+                  # the resource. It accounts for any resources that might have drifted
+                  # from their desired state due to side effects from executing other
+                  # resources.
+                  DESIRED_STATE_CHECK_POST_ENFORCEMENT = 4
+                end
+              end
+
+              # ExecResource specific output.
+              # @!attribute [rw] enforcement_output
+              #   @return [::String]
+              #     Output from enforcement phase output file (if run).
+              #     Output size is limited to 100K bytes.
+              class ExecResourceOutput
+                include ::Google::Protobuf::MessageExts
+                extend ::Google::Protobuf::MessageExts::ClassMethods
+              end
+
+              # Possible compliance states for a resource.
+              module ComplianceState
+                # The resource is in an unknown compliance state.
+                #
+                # To get more details about why the policy is in this state, review
+                # the output of the `compliance_state_reason` field.
+                UNKNOWN = 0
+
+                # Resource is compliant.
+                COMPLIANT = 1
+
+                # Resource is non-compliant.
+                NON_COMPLIANT = 2
+              end
+            end
+
+            # Possible compliance states for an os policy.
+            module ComplianceState
+              # The policy is in an unknown compliance state.
+              #
+              # Refer to the field `compliance_state_reason` to learn the exact reason
+              # for the policy to be in this compliance state.
+              UNKNOWN = 0
+
+              # Policy is compliant.
+              #
+              # The policy is compliant if all the underlying resources are also
+              # compliant.
+              COMPLIANT = 1
+
+              # Policy is non-compliant.
+              #
+              # The policy is non-compliant if one or more underlying resources are
+              # non-compliant.
+              NON_COMPLIANT = 2
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/osconfig/v1alpha/os_policy_assignments.rb

@@ -68,6 +68,10 @@ module Google
         # @!attribute [r] revision_create_time
         #   @return [::Google::Protobuf::Timestamp]
         #     Output only. The timestamp that the revision was created.
+        # @!attribute [rw] etag
+        #   @return [::String]
+        #     The etag for this OS policy assignment.
+        #     If this is provided on update, it must match the server's etag.
         # @!attribute [r] rollout_state
         #   @return [::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignment::RolloutState]
         #     Output only. OS policy assignment rollout state
@@ -122,14 +126,18 @@ module Google
             end
           end
 
-          # Message to represent the filters to select VMs for an assignment
+          # Filters to select target VMs for an assignment.
+          #
+          # If more than one filter criteria is specified below, a VM will be selected
+          # if and only if it satisfies all of them.
           # @!attribute [rw] all
           #   @return [::Boolean]
           #     Target all VMs in the project. If true, no other criteria is
           #     permitted.
           # @!attribute [rw] os_short_names
           #   @return [::Array<::String>]
-          #     A VM is included if it's OS short name matches with any of the
+          #     Deprecated. Use the `inventories` field instead.
+          #     A VM is selected if it's OS short name matches with any of the
           #     values provided in this list.
           # @!attribute [rw] inclusion_labels
           #   @return [::Array<::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignment::LabelSet>]
@@ -143,13 +151,33 @@ module Google
           #
           #     If the list has more than one label set, the VM is excluded if any
           #     of the label sets are applicable for the VM.
+          # @!attribute [rw] inventories
+          #   @return [::Array<::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignment::InstanceFilter::Inventory>]
+          #     List of inventories to select VMs.
           #
-          #     This filter is applied last in the filtering chain and therefore a
-          #     VM is guaranteed to be excluded if it satisfies one of the below
-          #     label sets.
+          #     A VM is selected if its inventory data matches at least one of the
+          #     following inventories.
           class InstanceFilter
             include ::Google::Protobuf::MessageExts
             extend ::Google::Protobuf::MessageExts::ClassMethods
+
+            # VM inventory details.
+            # @!attribute [rw] os_short_name
+            #   @return [::String]
+            #     Required. The OS short name
+            # @!attribute [rw] os_version
+            #   @return [::String]
+            #     The OS version
+            #
+            #     Prefix matches are supported if asterisk(*) is provided as the
+            #     last character. For example, to match all versions with a major
+            #     version of `7`, specify the following value for this field `7.*`
+            #
+            #     An empty string matches all OS versions.
+            class Inventory
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+            end
           end
 
           # Message to configure the rollout at the zonal level for the OS policy