google-cloud-os_config-v1alpha 0.1.2 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.yardopts +1 -1
- data/AUTHENTICATION.md +7 -25
- data/README.md +1 -1
- data/lib/google/cloud/os_config/v1alpha/os_config_zonal_service/client.rb +529 -43
- data/lib/google/cloud/os_config/v1alpha/os_config_zonal_service/operations.rb +115 -12
- data/lib/google/cloud/os_config/v1alpha/os_config_zonal_service/paths.rb +42 -0
- data/lib/google/cloud/os_config/v1alpha/version.rb +1 -1
- data/lib/google/cloud/osconfig/v1alpha/config_common_pb.rb +1 -0
- data/lib/google/cloud/osconfig/v1alpha/instance_os_policies_compliance_pb.rb +3 -2
- data/lib/google/cloud/osconfig/v1alpha/inventory_pb.rb +13 -2
- data/lib/google/cloud/osconfig/v1alpha/os_policy_assignment_reports_pb.rb +93 -0
- data/lib/google/cloud/osconfig/v1alpha/os_policy_assignments_pb.rb +10 -2
- data/lib/google/cloud/osconfig/v1alpha/os_policy_pb.rb +8 -1
- data/lib/google/cloud/osconfig/v1alpha/osconfig_common_pb.rb +1 -0
- data/lib/google/cloud/osconfig/v1alpha/osconfig_zonal_service_pb.rb +3 -2
- data/lib/google/cloud/osconfig/v1alpha/osconfig_zonal_service_services_pb.rb +7 -1
- data/lib/google/cloud/osconfig/v1alpha/vulnerability_pb.rb +12 -2
- data/proto_docs/google/api/resource.rb +10 -71
- data/proto_docs/google/cloud/osconfig/v1alpha/inventory.rb +30 -4
- data/proto_docs/google/cloud/osconfig/v1alpha/os_policy.rb +44 -11
- data/proto_docs/google/cloud/osconfig/v1alpha/os_policy_assignment_reports.rb +293 -0
- data/proto_docs/google/cloud/osconfig/v1alpha/os_policy_assignments.rb +33 -5
- data/proto_docs/google/cloud/osconfig/v1alpha/vulnerability.rb +38 -5
- data/proto_docs/google/type/date.rb +53 -0
- metadata +6 -3
@@ -33,11 +33,7 @@ module Google
|
|
33
33
|
# // For Kubernetes resources, the format is {api group}/{kind}.
|
34
34
|
# option (google.api.resource) = {
|
35
35
|
# type: "pubsub.googleapis.com/Topic"
|
36
|
-
#
|
37
|
-
# pattern: "projects/{project}/topics/{topic}"
|
38
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
39
|
-
# parent_name_extractor: "projects/{project}"
|
40
|
-
# }
|
36
|
+
# pattern: "projects/{project}/topics/{topic}"
|
41
37
|
# };
|
42
38
|
# }
|
43
39
|
#
|
@@ -45,10 +41,7 @@ module Google
|
|
45
41
|
#
|
46
42
|
# resources:
|
47
43
|
# - type: "pubsub.googleapis.com/Topic"
|
48
|
-
#
|
49
|
-
# - pattern: "projects/{project}/topics/{topic}"
|
50
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
51
|
-
# parent_name_extractor: "projects/{project}"
|
44
|
+
# pattern: "projects/{project}/topics/{topic}"
|
52
45
|
#
|
53
46
|
# Sometimes, resources have multiple patterns, typically because they can
|
54
47
|
# live under multiple parents.
|
@@ -58,26 +51,10 @@ module Google
|
|
58
51
|
# message LogEntry {
|
59
52
|
# option (google.api.resource) = {
|
60
53
|
# type: "logging.googleapis.com/LogEntry"
|
61
|
-
#
|
62
|
-
#
|
63
|
-
#
|
64
|
-
#
|
65
|
-
# }
|
66
|
-
# name_descriptor: {
|
67
|
-
# pattern: "folders/{folder}/logs/{log}"
|
68
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
69
|
-
# parent_name_extractor: "folders/{folder}"
|
70
|
-
# }
|
71
|
-
# name_descriptor: {
|
72
|
-
# pattern: "organizations/{organization}/logs/{log}"
|
73
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Organization"
|
74
|
-
# parent_name_extractor: "organizations/{organization}"
|
75
|
-
# }
|
76
|
-
# name_descriptor: {
|
77
|
-
# pattern: "billingAccounts/{billing_account}/logs/{log}"
|
78
|
-
# parent_type: "billing.googleapis.com/BillingAccount"
|
79
|
-
# parent_name_extractor: "billingAccounts/{billing_account}"
|
80
|
-
# }
|
54
|
+
# pattern: "projects/{project}/logs/{log}"
|
55
|
+
# pattern: "folders/{folder}/logs/{log}"
|
56
|
+
# pattern: "organizations/{organization}/logs/{log}"
|
57
|
+
# pattern: "billingAccounts/{billing_account}/logs/{log}"
|
81
58
|
# };
|
82
59
|
# }
|
83
60
|
#
|
@@ -85,48 +62,10 @@ module Google
|
|
85
62
|
#
|
86
63
|
# resources:
|
87
64
|
# - type: 'logging.googleapis.com/LogEntry'
|
88
|
-
#
|
89
|
-
#
|
90
|
-
#
|
91
|
-
#
|
92
|
-
# - pattern: "folders/{folder}/logs/{log}"
|
93
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
94
|
-
# parent_name_extractor: "folders/{folder}"
|
95
|
-
# - pattern: "organizations/{organization}/logs/{log}"
|
96
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Organization"
|
97
|
-
# parent_name_extractor: "organizations/{organization}"
|
98
|
-
# - pattern: "billingAccounts/{billing_account}/logs/{log}"
|
99
|
-
# parent_type: "billing.googleapis.com/BillingAccount"
|
100
|
-
# parent_name_extractor: "billingAccounts/{billing_account}"
|
101
|
-
#
|
102
|
-
# For flexible resources, the resource name doesn't contain parent names, but
|
103
|
-
# the resource itself has parents for policy evaluation.
|
104
|
-
#
|
105
|
-
# Example:
|
106
|
-
#
|
107
|
-
# message Shelf {
|
108
|
-
# option (google.api.resource) = {
|
109
|
-
# type: "library.googleapis.com/Shelf"
|
110
|
-
# name_descriptor: {
|
111
|
-
# pattern: "shelves/{shelf}"
|
112
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
113
|
-
# }
|
114
|
-
# name_descriptor: {
|
115
|
-
# pattern: "shelves/{shelf}"
|
116
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
117
|
-
# }
|
118
|
-
# };
|
119
|
-
# }
|
120
|
-
#
|
121
|
-
# The ResourceDescriptor Yaml config will look like:
|
122
|
-
#
|
123
|
-
# resources:
|
124
|
-
# - type: 'library.googleapis.com/Shelf'
|
125
|
-
# name_descriptor:
|
126
|
-
# - pattern: "shelves/{shelf}"
|
127
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
128
|
-
# - pattern: "shelves/{shelf}"
|
129
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
65
|
+
# pattern: "projects/{project}/logs/{log}"
|
66
|
+
# pattern: "folders/{folder}/logs/{log}"
|
67
|
+
# pattern: "organizations/{organization}/logs/{log}"
|
68
|
+
# pattern: "billingAccounts/{billing_account}/logs/{log}"
|
130
69
|
# @!attribute [rw] type
|
131
70
|
# @return [::String]
|
132
71
|
# The resource type. It must be in the format of
|
@@ -172,6 +172,9 @@ module Google
|
|
172
172
|
# @!attribute [rw] cos_package
|
173
173
|
# @return [::Google::Cloud::OsConfig::V1alpha::Inventory::VersionedPackage]
|
174
174
|
# Details of a COS package.
|
175
|
+
# @!attribute [rw] windows_application
|
176
|
+
# @return [::Google::Cloud::OsConfig::V1alpha::Inventory::WindowsApplication]
|
177
|
+
# Details of Windows Application.
|
175
178
|
class SoftwarePackage
|
176
179
|
include ::Google::Protobuf::MessageExts
|
177
180
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -284,6 +287,31 @@ module Google
|
|
284
287
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
285
288
|
end
|
286
289
|
|
290
|
+
# Contains information about a Windows application that is retrieved from the
|
291
|
+
# Windows Registry. For more information about these fields, see:
|
292
|
+
# https://docs.microsoft.com/en-us/windows/win32/msi/uninstall-registry-key
|
293
|
+
# @!attribute [rw] display_name
|
294
|
+
# @return [::String]
|
295
|
+
# The name of the application or product.
|
296
|
+
# @!attribute [rw] display_version
|
297
|
+
# @return [::String]
|
298
|
+
# The version of the product or application in string format.
|
299
|
+
# @!attribute [rw] publisher
|
300
|
+
# @return [::String]
|
301
|
+
# The name of the manufacturer for the product or application.
|
302
|
+
# @!attribute [rw] install_date
|
303
|
+
# @return [::Google::Type::Date]
|
304
|
+
# The last time this product received service. The value of this property
|
305
|
+
# is replaced each time a patch is applied or removed from the product or
|
306
|
+
# the command-line option is used to repair the product.
|
307
|
+
# @!attribute [rw] help_link
|
308
|
+
# @return [::String]
|
309
|
+
# The internet address for technical support.
|
310
|
+
class WindowsApplication
|
311
|
+
include ::Google::Protobuf::MessageExts
|
312
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
313
|
+
end
|
314
|
+
|
287
315
|
# @!attribute [rw] key
|
288
316
|
# @return [::String]
|
289
317
|
# @!attribute [rw] value
|
@@ -320,11 +348,9 @@ module Google
|
|
320
348
|
# @return [::String]
|
321
349
|
# Required. The parent resource name.
|
322
350
|
#
|
323
|
-
# Format: `projects/{project}/locations/{location}/instances
|
351
|
+
# Format: `projects/{project}/locations/{location}/instances/-`
|
324
352
|
#
|
325
|
-
# For `{project}`, either `project-number` or `project-id` can be
|
326
|
-
# provided. For `{instance}`, only hyphen or dash character is supported to
|
327
|
-
# list inventories across VMs.
|
353
|
+
# For `{project}`, either `project-number` or `project-id` can be provided.
|
328
354
|
# @!attribute [rw] view
|
329
355
|
# @return [::Google::Cloud::OsConfig::V1alpha::InventoryView]
|
330
356
|
# Inventory view indicating what information should be included in the
|
@@ -58,8 +58,7 @@ module Google
|
|
58
58
|
include ::Google::Protobuf::MessageExts
|
59
59
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
60
60
|
|
61
|
-
#
|
62
|
-
# resource group.
|
61
|
+
# Filtering criteria to select VMs based on OS details.
|
63
62
|
# @!attribute [rw] os_short_name
|
64
63
|
# @return [::String]
|
65
64
|
# This should match OS short name emitted by the OS inventory agent.
|
@@ -76,6 +75,24 @@ module Google
|
|
76
75
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
77
76
|
end
|
78
77
|
|
78
|
+
# Filtering criteria to select VMs based on inventory details.
|
79
|
+
# @!attribute [rw] os_short_name
|
80
|
+
# @return [::String]
|
81
|
+
# Required. The OS short name
|
82
|
+
# @!attribute [rw] os_version
|
83
|
+
# @return [::String]
|
84
|
+
# The OS version
|
85
|
+
#
|
86
|
+
# Prefix matches are supported if asterisk(*) is provided as the
|
87
|
+
# last character. For example, to match all versions with a major
|
88
|
+
# version of `7`, specify the following value for this field `7.*`
|
89
|
+
#
|
90
|
+
# An empty string matches all OS versions.
|
91
|
+
class InventoryFilter
|
92
|
+
include ::Google::Protobuf::MessageExts
|
93
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
94
|
+
end
|
95
|
+
|
79
96
|
# An OS policy resource is used to define the desired state configuration
|
80
97
|
# and provides a specific functionality like installing/removing packages,
|
81
98
|
# executing a script etc.
|
@@ -473,21 +490,21 @@ module Google
|
|
473
490
|
|
474
491
|
# The interpreter to use.
|
475
492
|
module Interpreter
|
476
|
-
#
|
493
|
+
# Invalid value, the request will return validation error.
|
477
494
|
INTERPRETER_UNSPECIFIED = 0
|
478
495
|
|
479
|
-
# If
|
480
|
-
# source
|
481
|
-
#
|
482
|
-
#
|
483
|
-
# shebang
|
496
|
+
# If an interpreter is not specified, the
|
497
|
+
# source is executed directly. This execution, without an
|
498
|
+
# interpreter, only succeeds for executables and scripts that have <a
|
499
|
+
# href="https://en.wikipedia.org/wiki/Shebang_(Unix)"
|
500
|
+
# class="external">shebang lines</a>.
|
484
501
|
NONE = 1
|
485
502
|
|
486
|
-
# Indicates that the script
|
487
|
-
# cmd.exe on
|
503
|
+
# Indicates that the script runs with `/bin/sh` on Linux and
|
504
|
+
# `cmd.exe` on Windows.
|
488
505
|
SHELL = 2
|
489
506
|
|
490
|
-
# Indicates that the script
|
507
|
+
# Indicates that the script runs with PowerShell.
|
491
508
|
POWERSHELL = 3
|
492
509
|
end
|
493
510
|
end
|
@@ -554,7 +571,23 @@ module Google
|
|
554
571
|
# within the resource group.
|
555
572
|
# @!attribute [rw] os_filter
|
556
573
|
# @return [::Google::Cloud::OsConfig::V1alpha::OSPolicy::OSFilter]
|
574
|
+
# Deprecated. Use the `inventory_filters` field instead.
|
557
575
|
# Used to specify the OS filter for a resource group
|
576
|
+
# @!attribute [rw] inventory_filters
|
577
|
+
# @return [::Array<::Google::Cloud::OsConfig::V1alpha::OSPolicy::InventoryFilter>]
|
578
|
+
# List of inventory filters for the resource group.
|
579
|
+
#
|
580
|
+
# The resources in this resource group are applied to the target VM if it
|
581
|
+
# satisfies at least one of the following inventory filters.
|
582
|
+
#
|
583
|
+
# For example, to apply this resource group to VMs running either `RHEL` or
|
584
|
+
# `CentOS` operating systems, specify 2 items for the list with following
|
585
|
+
# values:
|
586
|
+
# inventory_filters[0].os_short_name='rhel' and
|
587
|
+
# inventory_filters[1].os_short_name='centos'
|
588
|
+
#
|
589
|
+
# If the list is empty, this resource group will be applied to the target
|
590
|
+
# VM unconditionally.
|
558
591
|
# @!attribute [rw] resources
|
559
592
|
# @return [::Array<::Google::Cloud::OsConfig::V1alpha::OSPolicy::Resource>]
|
560
593
|
# Required. List of resources configured for this resource group.
|
@@ -0,0 +1,293 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2022 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Google
|
21
|
+
module Cloud
|
22
|
+
module OsConfig
|
23
|
+
module V1alpha
|
24
|
+
# Get a report of the OS policy assignment for a VM instance.
|
25
|
+
# @!attribute [rw] name
|
26
|
+
# @return [::String]
|
27
|
+
# Required. API resource name for OS policy assignment report.
|
28
|
+
#
|
29
|
+
# Format:
|
30
|
+
# `/projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/{assignment}/report`
|
31
|
+
#
|
32
|
+
# For `{project}`, either `project-number` or `project-id` can be provided.
|
33
|
+
# For `{instance_id}`, either Compute Engine `instance-id` or `instance-name`
|
34
|
+
# can be provided.
|
35
|
+
# For `{assignment_id}`, the OSPolicyAssignment id must be provided.
|
36
|
+
class GetOSPolicyAssignmentReportRequest
|
37
|
+
include ::Google::Protobuf::MessageExts
|
38
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
39
|
+
end
|
40
|
+
|
41
|
+
# List the OS policy assignment reports for VM instances.
|
42
|
+
# @!attribute [rw] parent
|
43
|
+
# @return [::String]
|
44
|
+
# Required. The parent resource name.
|
45
|
+
#
|
46
|
+
# Format:
|
47
|
+
# `projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/{assignment}/reports`
|
48
|
+
#
|
49
|
+
# For `{project}`, either `project-number` or `project-id` can be provided.
|
50
|
+
# For `{instance}`, either `instance-name`, `instance-id`, or `-` can be
|
51
|
+
# provided. If '-' is provided, the response will include
|
52
|
+
# OSPolicyAssignmentReports for all instances in the project/location.
|
53
|
+
# For `{assignment}`, either `assignment-id` or `-` can be provided. If '-'
|
54
|
+
# is provided, the response will include OSPolicyAssignmentReports for all
|
55
|
+
# OSPolicyAssignments in the project/location.
|
56
|
+
# Either \\{instance} or \\{assignment} must be `-`.
|
57
|
+
#
|
58
|
+
# For example:
|
59
|
+
# `projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/-/reports`
|
60
|
+
# returns all reports for the instance
|
61
|
+
# `projects/{project}/locations/{location}/instances/-/osPolicyAssignments/{assignment-id}/reports`
|
62
|
+
# returns all the reports for the given assignment across all instances.
|
63
|
+
# `projects/{project}/locations/{location}/instances/-/osPolicyAssignments/-/reports`
|
64
|
+
# returns all the reports for all assignments across all instances.
|
65
|
+
# @!attribute [rw] page_size
|
66
|
+
# @return [::Integer]
|
67
|
+
# The maximum number of results to return.
|
68
|
+
# @!attribute [rw] filter
|
69
|
+
# @return [::String]
|
70
|
+
# If provided, this field specifies the criteria that must be met by the
|
71
|
+
# `OSPolicyAssignmentReport` API resource that is included in the response.
|
72
|
+
# @!attribute [rw] page_token
|
73
|
+
# @return [::String]
|
74
|
+
# A pagination token returned from a previous call to the
|
75
|
+
# `ListOSPolicyAssignmentReports` method that indicates where this listing
|
76
|
+
# should continue from.
|
77
|
+
class ListOSPolicyAssignmentReportsRequest
|
78
|
+
include ::Google::Protobuf::MessageExts
|
79
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
80
|
+
end
|
81
|
+
|
82
|
+
# A response message for listing OS Policy assignment reports including the
|
83
|
+
# page of results and page token.
|
84
|
+
# @!attribute [rw] os_policy_assignment_reports
|
85
|
+
# @return [::Array<::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignmentReport>]
|
86
|
+
# List of OS policy assignment reports.
|
87
|
+
# @!attribute [rw] next_page_token
|
88
|
+
# @return [::String]
|
89
|
+
# The pagination token to retrieve the next page of OS policy assignment
|
90
|
+
# report objects.
|
91
|
+
class ListOSPolicyAssignmentReportsResponse
|
92
|
+
include ::Google::Protobuf::MessageExts
|
93
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
94
|
+
end
|
95
|
+
|
96
|
+
# A report of the OS policy assignment status for a given instance.
|
97
|
+
# @!attribute [rw] name
|
98
|
+
# @return [::String]
|
99
|
+
# The `OSPolicyAssignmentReport` API resource name.
|
100
|
+
#
|
101
|
+
# Format:
|
102
|
+
# `projects/{project_number}/locations/{location}/instances/{instance_id}/osPolicyAssignments/{os_policy_assignment_id}/report`
|
103
|
+
# @!attribute [rw] instance
|
104
|
+
# @return [::String]
|
105
|
+
# The Compute Engine VM instance name.
|
106
|
+
# @!attribute [rw] os_policy_assignment
|
107
|
+
# @return [::String]
|
108
|
+
# Reference to the `OSPolicyAssignment` API resource that the `OSPolicy`
|
109
|
+
# belongs to.
|
110
|
+
#
|
111
|
+
# Format:
|
112
|
+
# `projects/{project_number}/locations/{location}/osPolicyAssignments/{os_policy_assignment_id@revision_id}`
|
113
|
+
# @!attribute [rw] os_policy_compliances
|
114
|
+
# @return [::Array<::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignmentReport::OSPolicyCompliance>]
|
115
|
+
# Compliance data for each `OSPolicy` that is applied to the VM.
|
116
|
+
# @!attribute [rw] update_time
|
117
|
+
# @return [::Google::Protobuf::Timestamp]
|
118
|
+
# Timestamp for when the report was last generated.
|
119
|
+
# @!attribute [rw] last_run_id
|
120
|
+
# @return [::String]
|
121
|
+
# Unique identifier of the last attempted run to apply the OS policies
|
122
|
+
# associated with this assignment on the VM.
|
123
|
+
#
|
124
|
+
# This ID is logged by the OS Config agent while applying the OS
|
125
|
+
# policies associated with this assignment on the VM.
|
126
|
+
# NOTE: If the service is unable to successfully connect to the agent for
|
127
|
+
# this run, then this id will not be available in the agent logs.
|
128
|
+
class OSPolicyAssignmentReport
|
129
|
+
include ::Google::Protobuf::MessageExts
|
130
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
131
|
+
|
132
|
+
# Compliance data for an OS policy
|
133
|
+
# @!attribute [rw] os_policy_id
|
134
|
+
# @return [::String]
|
135
|
+
# The OS policy id
|
136
|
+
# @!attribute [rw] compliance_state
|
137
|
+
# @return [::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignmentReport::OSPolicyCompliance::ComplianceState]
|
138
|
+
# The compliance state of the OS policy.
|
139
|
+
# @!attribute [rw] compliance_state_reason
|
140
|
+
# @return [::String]
|
141
|
+
# The reason for the OS policy to be in an unknown compliance state.
|
142
|
+
# This field is always populated when `compliance_state` is `UNKNOWN`.
|
143
|
+
#
|
144
|
+
# If populated, the field can contain one of the following values:
|
145
|
+
#
|
146
|
+
# * `vm-not-running`: The VM was not running.
|
147
|
+
# * `os-policies-not-supported-by-agent`: The version of the OS Config
|
148
|
+
# agent running on the VM does not support running OS policies.
|
149
|
+
# * `no-agent-detected`: The OS Config agent is not detected for the VM.
|
150
|
+
# * `resource-execution-errors`: The OS Config agent encountered errors
|
151
|
+
# while executing one or more resources in the policy. See
|
152
|
+
# `os_policy_resource_compliances` for details.
|
153
|
+
# * `task-timeout`: The task sent to the agent to apply the policy timed
|
154
|
+
# out.
|
155
|
+
# * `unexpected-agent-state`: The OS Config agent did not report the final
|
156
|
+
# status of the task that attempted to apply the policy. Instead, the agent
|
157
|
+
# unexpectedly started working on a different task. This mostly happens
|
158
|
+
# when the agent or VM unexpectedly restarts while applying OS policies.
|
159
|
+
# * `internal-service-errors`: Internal service errors were encountered
|
160
|
+
# while attempting to apply the policy.
|
161
|
+
# @!attribute [rw] os_policy_resource_compliances
|
162
|
+
# @return [::Array<::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignmentReport::OSPolicyCompliance::OSPolicyResourceCompliance>]
|
163
|
+
# Compliance data for each resource within the policy that is applied to
|
164
|
+
# the VM.
|
165
|
+
class OSPolicyCompliance
|
166
|
+
include ::Google::Protobuf::MessageExts
|
167
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
168
|
+
|
169
|
+
# Compliance data for an OS policy resource.
|
170
|
+
# @!attribute [rw] os_policy_resource_id
|
171
|
+
# @return [::String]
|
172
|
+
# The ID of the OS policy resource.
|
173
|
+
# @!attribute [rw] config_steps
|
174
|
+
# @return [::Array<::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignmentReport::OSPolicyCompliance::OSPolicyResourceCompliance::OSPolicyResourceConfigStep>]
|
175
|
+
# Ordered list of configuration completed by the agent for the OS policy
|
176
|
+
# resource.
|
177
|
+
# @!attribute [rw] compliance_state
|
178
|
+
# @return [::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignmentReport::OSPolicyCompliance::OSPolicyResourceCompliance::ComplianceState]
|
179
|
+
# The compliance state of the resource.
|
180
|
+
# @!attribute [rw] compliance_state_reason
|
181
|
+
# @return [::String]
|
182
|
+
# A reason for the resource to be in the given compliance state.
|
183
|
+
# This field is always populated when `compliance_state` is `UNKNOWN`.
|
184
|
+
#
|
185
|
+
# The following values are supported when `compliance_state == UNKNOWN`
|
186
|
+
#
|
187
|
+
# * `execution-errors`: Errors were encountered by the agent while
|
188
|
+
# executing the resource and the compliance state couldn't be
|
189
|
+
# determined.
|
190
|
+
# * `execution-skipped-by-agent`: Resource execution was skipped by the
|
191
|
+
# agent because errors were encountered while executing prior resources
|
192
|
+
# in the OS policy.
|
193
|
+
# * `os-policy-execution-attempt-failed`: The execution of the OS policy
|
194
|
+
# containing this resource failed and the compliance state couldn't be
|
195
|
+
# determined.
|
196
|
+
# @!attribute [rw] exec_resource_output
|
197
|
+
# @return [::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignmentReport::OSPolicyCompliance::OSPolicyResourceCompliance::ExecResourceOutput]
|
198
|
+
# ExecResource specific output.
|
199
|
+
class OSPolicyResourceCompliance
|
200
|
+
include ::Google::Protobuf::MessageExts
|
201
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
202
|
+
|
203
|
+
# Step performed by the OS Config agent for configuring an
|
204
|
+
# `OSPolicy` resource to its desired state.
|
205
|
+
# @!attribute [rw] type
|
206
|
+
# @return [::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignmentReport::OSPolicyCompliance::OSPolicyResourceCompliance::OSPolicyResourceConfigStep::Type]
|
207
|
+
# Configuration step type.
|
208
|
+
# @!attribute [rw] error_message
|
209
|
+
# @return [::String]
|
210
|
+
# An error message recorded during the execution of this step.
|
211
|
+
# Only populated if errors were encountered during this step execution.
|
212
|
+
class OSPolicyResourceConfigStep
|
213
|
+
include ::Google::Protobuf::MessageExts
|
214
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
215
|
+
|
216
|
+
# Supported configuration step types
|
217
|
+
module Type
|
218
|
+
# Default value. This value is unused.
|
219
|
+
TYPE_UNSPECIFIED = 0
|
220
|
+
|
221
|
+
# Checks for resource conflicts such as schema errors.
|
222
|
+
VALIDATION = 1
|
223
|
+
|
224
|
+
# Checks the current status of the desired state for a resource.
|
225
|
+
DESIRED_STATE_CHECK = 2
|
226
|
+
|
227
|
+
# Enforces the desired state for a resource that is not in desired
|
228
|
+
# state.
|
229
|
+
DESIRED_STATE_ENFORCEMENT = 3
|
230
|
+
|
231
|
+
# Re-checks the status of the desired state. This check is done
|
232
|
+
# for a resource after the enforcement of all OS policies.
|
233
|
+
#
|
234
|
+
# This step is used to determine the final desired state status for
|
235
|
+
# the resource. It accounts for any resources that might have drifted
|
236
|
+
# from their desired state due to side effects from executing other
|
237
|
+
# resources.
|
238
|
+
DESIRED_STATE_CHECK_POST_ENFORCEMENT = 4
|
239
|
+
end
|
240
|
+
end
|
241
|
+
|
242
|
+
# ExecResource specific output.
|
243
|
+
# @!attribute [rw] enforcement_output
|
244
|
+
# @return [::String]
|
245
|
+
# Output from enforcement phase output file (if run).
|
246
|
+
# Output size is limited to 100K bytes.
|
247
|
+
class ExecResourceOutput
|
248
|
+
include ::Google::Protobuf::MessageExts
|
249
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
250
|
+
end
|
251
|
+
|
252
|
+
# Possible compliance states for a resource.
|
253
|
+
module ComplianceState
|
254
|
+
# The resource is in an unknown compliance state.
|
255
|
+
#
|
256
|
+
# To get more details about why the policy is in this state, review
|
257
|
+
# the output of the `compliance_state_reason` field.
|
258
|
+
UNKNOWN = 0
|
259
|
+
|
260
|
+
# Resource is compliant.
|
261
|
+
COMPLIANT = 1
|
262
|
+
|
263
|
+
# Resource is non-compliant.
|
264
|
+
NON_COMPLIANT = 2
|
265
|
+
end
|
266
|
+
end
|
267
|
+
|
268
|
+
# Possible compliance states for an os policy.
|
269
|
+
module ComplianceState
|
270
|
+
# The policy is in an unknown compliance state.
|
271
|
+
#
|
272
|
+
# Refer to the field `compliance_state_reason` to learn the exact reason
|
273
|
+
# for the policy to be in this compliance state.
|
274
|
+
UNKNOWN = 0
|
275
|
+
|
276
|
+
# Policy is compliant.
|
277
|
+
#
|
278
|
+
# The policy is compliant if all the underlying resources are also
|
279
|
+
# compliant.
|
280
|
+
COMPLIANT = 1
|
281
|
+
|
282
|
+
# Policy is non-compliant.
|
283
|
+
#
|
284
|
+
# The policy is non-compliant if one or more underlying resources are
|
285
|
+
# non-compliant.
|
286
|
+
NON_COMPLIANT = 2
|
287
|
+
end
|
288
|
+
end
|
289
|
+
end
|
290
|
+
end
|
291
|
+
end
|
292
|
+
end
|
293
|
+
end
|
@@ -68,6 +68,10 @@ module Google
|
|
68
68
|
# @!attribute [r] revision_create_time
|
69
69
|
# @return [::Google::Protobuf::Timestamp]
|
70
70
|
# Output only. The timestamp that the revision was created.
|
71
|
+
# @!attribute [rw] etag
|
72
|
+
# @return [::String]
|
73
|
+
# The etag for this OS policy assignment.
|
74
|
+
# If this is provided on update, it must match the server's etag.
|
71
75
|
# @!attribute [r] rollout_state
|
72
76
|
# @return [::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignment::RolloutState]
|
73
77
|
# Output only. OS policy assignment rollout state
|
@@ -122,14 +126,18 @@ module Google
|
|
122
126
|
end
|
123
127
|
end
|
124
128
|
|
125
|
-
#
|
129
|
+
# Filters to select target VMs for an assignment.
|
130
|
+
#
|
131
|
+
# If more than one filter criteria is specified below, a VM will be selected
|
132
|
+
# if and only if it satisfies all of them.
|
126
133
|
# @!attribute [rw] all
|
127
134
|
# @return [::Boolean]
|
128
135
|
# Target all VMs in the project. If true, no other criteria is
|
129
136
|
# permitted.
|
130
137
|
# @!attribute [rw] os_short_names
|
131
138
|
# @return [::Array<::String>]
|
132
|
-
#
|
139
|
+
# Deprecated. Use the `inventories` field instead.
|
140
|
+
# A VM is selected if it's OS short name matches with any of the
|
133
141
|
# values provided in this list.
|
134
142
|
# @!attribute [rw] inclusion_labels
|
135
143
|
# @return [::Array<::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignment::LabelSet>]
|
@@ -143,13 +151,33 @@ module Google
|
|
143
151
|
#
|
144
152
|
# If the list has more than one label set, the VM is excluded if any
|
145
153
|
# of the label sets are applicable for the VM.
|
154
|
+
# @!attribute [rw] inventories
|
155
|
+
# @return [::Array<::Google::Cloud::OsConfig::V1alpha::OSPolicyAssignment::InstanceFilter::Inventory>]
|
156
|
+
# List of inventories to select VMs.
|
146
157
|
#
|
147
|
-
#
|
148
|
-
#
|
149
|
-
# label sets.
|
158
|
+
# A VM is selected if its inventory data matches at least one of the
|
159
|
+
# following inventories.
|
150
160
|
class InstanceFilter
|
151
161
|
include ::Google::Protobuf::MessageExts
|
152
162
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
163
|
+
|
164
|
+
# VM inventory details.
|
165
|
+
# @!attribute [rw] os_short_name
|
166
|
+
# @return [::String]
|
167
|
+
# Required. The OS short name
|
168
|
+
# @!attribute [rw] os_version
|
169
|
+
# @return [::String]
|
170
|
+
# The OS version
|
171
|
+
#
|
172
|
+
# Prefix matches are supported if asterisk(*) is provided as the
|
173
|
+
# last character. For example, to match all versions with a major
|
174
|
+
# version of `7`, specify the following value for this field `7.*`
|
175
|
+
#
|
176
|
+
# An empty string matches all OS versions.
|
177
|
+
class Inventory
|
178
|
+
include ::Google::Protobuf::MessageExts
|
179
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
180
|
+
end
|
153
181
|
end
|
154
182
|
|
155
183
|
# Message to configure the rollout at the zonal level for the OS policy
|