xref: /aosp_15_r20/external/googleapis/google/cloud/osconfig/agentendpoint/v1beta/patch_jobs.proto (revision d5c09012810ac0c9f33fe448fb6da8260d444cc9) 
1// Copyright 2020 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17package google.cloud.osconfig.agentendpoint.v1beta;
18
19
20option go_package = "cloud.google.com/go/osconfig/agentendpoint/apiv1beta/agentendpointpb;agentendpointpb";
21option java_outer_classname = "PatchJobs";
22option java_package = "com.google.cloud.osconfig.agentendpoint.v1beta";
23option php_namespace = "Google\\Cloud\\OsConfig\\V1beta";
24
25// Patch configuration specifications. Contains details on how to
26// apply patches to a VM instance.
27message PatchConfig {
28  // Post-patch reboot settings.
29  enum RebootConfig {
30    // The default behavior is DEFAULT.
31    REBOOT_CONFIG_UNSPECIFIED = 0;
32
33    // The agent decides if a reboot is necessary by checking
34    // signals such as registry keys on Windows or `/var/run/reboot-required` on
35    // APT based systems. On RPM based systems, a set of core system package
36    // install times are compared with system boot time.
37    DEFAULT = 1;
38
39    // Always reboot the machine after the update completes.
40    ALWAYS = 2;
41
42    // Never reboot the machine after the update completes.
43    NEVER = 3;
44  }
45
46  // Post-patch reboot settings.
47  RebootConfig reboot_config = 1;
48
49  // Retry strategy can be defined to have the agent retry patching
50  // during the window if patching fails. If omitted, the agent will use its
51  // default retry strategy.
52  RetryStrategy retry_strategy = 2;
53
54  // Apt update settings. Use this override the default apt patch rules.
55  AptSettings apt = 3;
56
57  // Yum update settings. Use this override the default yum patch rules.
58  YumSettings yum = 4;
59
60  // Goo update settings. Use this override the default goo patch rules.
61  GooSettings goo = 5;
62
63  // Zypper update settings. Use this override the default zypper patch rules.
64  ZypperSettings zypper = 6;
65
66  // Windows update settings. Use this override the default windows patch rules.
67  WindowsUpdateSettings windows_update = 7;
68
69  // The ExecStep to run before the patch update.
70  ExecStep pre_step = 8;
71
72  // The ExecStep to run after the patch update.
73  ExecStep post_step = 9;
74
75  // Allows the patch job to run on Managed instance groups (MIGs).
76  bool mig_instances_allowed = 10;
77}
78
79// Apt patching will be performed by executing `apt-get update && apt-get
80// upgrade`. Additional options can be set to control how this is executed.
81message AptSettings {
82  // Apt patch type.
83  enum Type {
84    // By default, upgrade will be performed.
85    TYPE_UNSPECIFIED = 0;
86
87    // Runs `apt-get dist-upgrade`.
88    DIST = 1;
89
90    // Runs `apt-get upgrade`.
91    UPGRADE = 2;
92  }
93
94  // By changing the type to DIST, the patching will be performed
95  // using `apt-get dist-upgrade` instead.
96  Type type = 1;
97
98  // List of packages to exclude from update.
99  repeated string excludes = 2;
100
101  // An exclusive list of packages to be updated. These are the only packages
102  // that will be updated. If these packages are not installed, they will be
103  // ignored. This field cannot be specified with any other patch configuration
104  // fields.
105  repeated string exclusive_packages = 3;
106}
107
108// Yum patching will be performed by executing `yum update`. Additional options
109// can be set to control how this is executed.
110//
111// Note that not all settings are supported on all platforms.
112message YumSettings {
113  // Adds the `--security` flag to `yum update`. Not supported on
114  // all platforms.
115  bool security = 1;
116
117  // Will cause patch to run `yum update-minimal` instead.
118  bool minimal = 2;
119
120  // List of packages to exclude from update. These packages will be excluded by
121  // using the yum `--exclude` flag.
122  repeated string excludes = 3;
123
124  // An exclusive list of packages to be updated. These are the only packages
125  // that will be updated. If these packages are not installed, they will be
126  // ignored. This field must not be specified with any other patch
127  // configuration fields.
128  repeated string exclusive_packages = 4;
129}
130
131// Googet patching is performed by running `googet update`.
132message GooSettings {
133
134}
135
136// Zypper patching is performed by running `zypper patch`.
137// See also https://en.opensuse.org/SDB:Zypper_manual.
138message ZypperSettings {
139  // Adds the `--with-optional` flag to `zypper patch`.
140  bool with_optional = 1;
141
142  // Adds the `--with-update` flag, to `zypper patch`.
143  bool with_update = 2;
144
145  // Install only patches with these categories.
146  // Common categories include security, recommended, and feature.
147  repeated string categories = 3;
148
149  // Install only patches with these severities.
150  // Common severities include critical, important, moderate, and low.
151  repeated string severities = 4;
152
153  // List of patches to exclude from update.
154  repeated string excludes = 5;
155
156  // An exclusive list of patches to be updated. These are the only patches
157  // that will be installed using 'zypper patch patch:<patch_name>' command.
158  // This field must not be used with any other patch configuration fields.
159  repeated string exclusive_patches = 6;
160}
161
162// Windows patching is performed using the Windows Update Agent.
163message WindowsUpdateSettings {
164  // Microsoft Windows update classifications as defined in
165  // [1]
166  // https://support.microsoft.com/en-us/help/824684/description-of-the-standard-terminology-that-is-used-to-describe-micro
167  enum Classification {
168    // Invalid. If classifications are included, they must be specified.
169    CLASSIFICATION_UNSPECIFIED = 0;
170
171    // "A widely released fix for a specific problem that addresses a critical,
172    // non-security-related bug." [1]
173    CRITICAL = 1;
174
175    // "A widely released fix for a product-specific, security-related
176    // vulnerability. Security vulnerabilities are rated by their severity. The
177    // severity rating is indicated in the Microsoft security bulletin as
178    // critical, important, moderate, or low." [1]
179    SECURITY = 2;
180
181    // "A widely released and frequent software update that contains additions
182    // to a product’s definition database. Definition databases are often used
183    // to detect objects that have specific attributes, such as malicious code,
184    // phishing websites, or junk mail." [1]
185    DEFINITION = 3;
186
187    // "Software that controls the input and output of a device." [1]
188    DRIVER = 4;
189
190    // "New product functionality that is first distributed outside the context
191    // of a product release and that is typically included in the next full
192    // product release." [1]
193    FEATURE_PACK = 5;
194
195    // "A tested, cumulative set of all hotfixes, security updates, critical
196    // updates, and updates. Additionally, service packs may contain additional
197    // fixes for problems that are found internally since the release of the
198    // product. Service packs my also contain a limited number of
199    // customer-requested design changes or features." [1]
200    SERVICE_PACK = 6;
201
202    // "A utility or feature that helps complete a task or set of tasks." [1]
203    TOOL = 7;
204
205    // "A tested, cumulative set of hotfixes, security updates, critical
206    // updates, and updates that are packaged together for easy deployment. A
207    // rollup generally targets a specific area, such as security, or a
208    // component of a product, such as Internet Information Services (IIS)." [1]
209    UPDATE_ROLLUP = 8;
210
211    // "A widely released fix for a specific problem. An update addresses a
212    // noncritical, non-security-related bug." [1]
213    UPDATE = 9;
214  }
215
216  // Only apply updates of these windows update classifications. If empty, all
217  // updates will be applied.
218  repeated Classification classifications = 1;
219
220  // List of KBs to exclude from update.
221  repeated string excludes = 2;
222
223  // An exclusive list of kbs to be updated. These are the only patches
224  // that will be updated. This field must not be used with other
225  // patch configurations.
226  repeated string exclusive_patches = 3;
227}
228
229// The strategy for retrying failed patches during the patch window.
230message RetryStrategy {
231  // If true, the agent will continue to try and patch until the window has
232  // ended.
233  bool enabled = 1;
234}
235
236// A step that runs an executable for a PatchJob.
237message ExecStep {
238  // The ExecStepConfig for all Linux VMs targeted by the PatchJob.
239  ExecStepConfig linux_exec_step_config = 1;
240
241  // The ExecStepConfig for all Windows VMs targeted by the PatchJob.
242  ExecStepConfig windows_exec_step_config = 2;
243}
244
245// Common configurations for an ExecStep.
246message ExecStepConfig {
247  // The interpreter used to execute the a file.
248  enum Interpreter {
249    // Deprecated, defaults to NONE for compatibility reasons.
250    INTERPRETER_UNSPECIFIED = 0;
251
252    // Invalid for a Windows ExecStepConfig. For a Linux ExecStepConfig, the
253    // interpreter will be parsed from the shebang line of the script if
254    // unspecified.
255    NONE = 3;
256
257    // Indicates that the script will be run with /bin/sh on Linux and cmd
258    // on windows.
259    SHELL = 1;
260
261    // Indicates that the file will be run with PowerShell.
262    POWERSHELL = 2;
263  }
264
265  // Location of the executable.
266  oneof executable {
267    // An absolute path to the executable on the VM.
268    string local_path = 1;
269
270    // A GCS object containing the executable.
271    GcsObject gcs_object = 2;
272  }
273
274  // Defaults to [0]. A list of possible return values that the
275  // execution can return to indicate a success.
276  repeated int32 allowed_success_codes = 3;
277
278  // The script interpreter to use to run the script. If no interpreter is
279  // specified the script will be executed directly, which will likely
280  // only succeed for scripts with shebang lines.
281  // [Wikipedia shebang](https://en.wikipedia.org/wiki/Shebang_(Unix)).
282  Interpreter interpreter = 4;
283}
284
285// GCS object representation.
286message GcsObject {
287  // Bucket of the GCS object.
288  string bucket = 1;
289
290  // Name of the GCS object.
291  string object = 2;
292
293  // Generation number of the GCS object. This is used to ensure that the
294  // ExecStep specified by this PatchJob does not change.
295  int64 generation_number = 3;
296}
297