1// Copyright 2020 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.osconfig.v1beta; 18 19import "google/api/field_behavior.proto"; 20import "google/api/resource.proto"; 21import "google/protobuf/field_mask.proto"; 22import "google/protobuf/timestamp.proto"; 23 24option go_package = "cloud.google.com/go/osconfig/apiv1beta/osconfigpb;osconfigpb"; 25option java_outer_classname = "GuestPolicies"; 26option java_package = "com.google.cloud.osconfig.v1beta"; 27 28// An OS Config resource representing a guest configuration policy. These 29// policies represent the desired state for VM instance guest environments 30// including packages to install or remove, package repository configurations, 31// and software to install. 32message GuestPolicy { 33 option (google.api.resource) = { 34 type: "osconfig.googleapis.com/GuestPolicy" 35 pattern: "projects/{project}/guestPolicies/{guest_policy}" 36 }; 37 38 // Required. Unique name of the resource in this project using one of the following 39 // forms: 40 // `projects/{project_number}/guestPolicies/{guest_policy_id}`. 41 string name = 1 [(google.api.field_behavior) = REQUIRED]; 42 43 // Description of the guest policy. Length of the description is limited 44 // to 1024 characters. 45 string description = 2; 46 47 // Output only. Time this guest policy was created. 48 google.protobuf.Timestamp create_time = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; 49 50 // Output only. Last time this guest policy was updated. 51 google.protobuf.Timestamp update_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; 52 53 // Required. Specifies the VM instances that are assigned to this policy. This allows 54 // you to target sets or groups of VM instances by different parameters such 55 // as labels, names, OS, or zones. 56 // 57 // If left empty, all VM instances underneath this policy are targeted. 58 // 59 // At the same level in the resource hierarchy (that is within a project), the 60 // service prevents the creation of multiple policies that conflict with 61 // each other. For more information, see how the service [handles assignment 62 // conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts). 63 Assignment assignment = 6 [(google.api.field_behavior) = REQUIRED]; 64 65 // The software packages to be managed by this policy. 66 repeated Package packages = 7; 67 68 // A list of package repositories to configure on the VM instance. This is 69 // done before any other configs are applied so they can use these repos. 70 // Package repositories are only configured if the corresponding package 71 // manager(s) are available. 72 repeated PackageRepository package_repositories = 8; 73 74 // A list of Recipes to install on the VM instance. 75 repeated SoftwareRecipe recipes = 9; 76 77 // The etag for this guest policy. 78 // If this is provided on update, it must match the server's etag. 79 string etag = 10; 80} 81 82// An assignment represents the group or groups of VM instances that the policy 83// applies to. 84// 85// If an assignment is empty, it applies to all VM instances. Otherwise, the 86// targeted VM instances must meet all the criteria specified. So if both 87// labels and zones are specified, the policy applies to VM instances with those 88// labels and in those zones. 89message Assignment { 90 // Represents a group of VM intances that can be identified as having all 91 // these labels, for example "env=prod and app=web". 92 message GroupLabel { 93 // Google Compute Engine instance labels that must be present for an 94 // instance to be included in this assignment group. 95 map<string, string> labels = 1; 96 } 97 98 // Defines the criteria for selecting VM Instances by OS type. 99 message OsType { 100 // Targets VM instances with OS Inventory enabled and having the following 101 // OS short name, for example "debian" or "windows". 102 string os_short_name = 1; 103 104 // Targets VM instances with OS Inventory enabled and having the following 105 // following OS version. 106 string os_version = 2; 107 108 // Targets VM instances with OS Inventory enabled and having the following 109 // OS architecture. 110 string os_architecture = 3; 111 } 112 113 // Targets instances matching at least one of these label sets. This allows 114 // an assignment to target disparate groups, for example "env=prod or 115 // env=staging". 116 repeated GroupLabel group_labels = 1; 117 118 // Targets instances in any of these zones. Leave empty to target instances 119 // in any zone. 120 // 121 // Zonal targeting is uncommon and is supported to facilitate the management 122 // of changes by zone. 123 repeated string zones = 2; 124 125 // Targets any of the instances specified. Instances are specified by their 126 // URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`. 127 // 128 // Instance targeting is uncommon and is supported to facilitate the 129 // management of changes by the instance or to target specific VM instances 130 // for development and testing. 131 // 132 // Only supported for project-level policies and must reference instances 133 // within this project. 134 repeated string instances = 3; 135 136 // Targets VM instances whose name starts with one of these prefixes. 137 // 138 // Like labels, this is another way to group VM instances when targeting 139 // configs, for example prefix="prod-". 140 // 141 // Only supported for project-level policies. 142 repeated string instance_name_prefixes = 4; 143 144 // Targets VM instances matching at least one of the following OS types. 145 // 146 // VM instances must match all supplied criteria for a given OsType to be 147 // included. 148 repeated OsType os_types = 5; 149} 150 151// The desired state that the OS Config agent maintains on the VM instance. 152enum DesiredState { 153 // The default is to ensure the package is installed. 154 DESIRED_STATE_UNSPECIFIED = 0; 155 156 // The agent ensures that the package is installed. 157 INSTALLED = 1; 158 159 // The agent ensures that the package is installed and 160 // periodically checks for and install any updates. 161 UPDATED = 2; 162 163 // The agent ensures that the package is not installed and uninstall it 164 // if detected. 165 REMOVED = 3; 166} 167 168// Package is a reference to the software package to be installed or removed. 169// The agent on the VM instance uses the system package manager to apply the 170// config. 171// 172// 173// These are the commands that the agent uses to install or remove 174// packages. 175// 176// Apt 177// install: `apt-get update && apt-get -y install package1 package2 package3` 178// remove: `apt-get -y remove package1 package2 package3` 179// 180// Yum 181// install: `yum -y install package1 package2 package3` 182// remove: `yum -y remove package1 package2 package3` 183// 184// Zypper 185// install: `zypper install package1 package2 package3` 186// remove: `zypper rm package1 package2` 187// 188// Googet 189// install: `googet -noconfirm install package1 package2 package3` 190// remove: `googet -noconfirm remove package1 package2 package3` 191message Package { 192 // Types of package managers that may be used to manage this package. 193 enum Manager { 194 // The default behavior is ANY. 195 MANAGER_UNSPECIFIED = 0; 196 197 // Apply this package config using the default system package manager. 198 ANY = 1; 199 200 // Apply this package config only if Apt is available on the system. 201 APT = 2; 202 203 // Apply this package config only if Yum is available on the system. 204 YUM = 3; 205 206 // Apply this package config only if Zypper is available on the system. 207 ZYPPER = 4; 208 209 // Apply this package config only if GooGet is available on the system. 210 GOO = 5; 211 } 212 213 // Required. The name of the package. A package is uniquely identified for conflict 214 // validation by checking the package name and the manager(s) that the 215 // package targets. 216 string name = 1 [(google.api.field_behavior) = REQUIRED]; 217 218 // The desired_state the agent should maintain for this package. The 219 // default is to ensure the package is installed. 220 DesiredState desired_state = 2; 221 222 // Type of package manager that can be used to install this package. 223 // If a system does not have the package manager, the package is not 224 // installed or removed no error message is returned. By default, 225 // or if you specify `ANY`, 226 // the agent attempts to install and remove this package using the default 227 // package manager. This is useful when creating a policy that applies to 228 // different types of systems. 229 // 230 // The default behavior is ANY. 231 Manager manager = 3; 232} 233 234// Represents a single Apt package repository. This repository is added to 235// a repo file that is stored at 236// `/etc/apt/sources.list.d/google_osconfig.list`. 237message AptRepository { 238 // Type of archive. 239 enum ArchiveType { 240 // Unspecified. 241 ARCHIVE_TYPE_UNSPECIFIED = 0; 242 243 // DEB indicates that the archive contains binary files. 244 DEB = 1; 245 246 // DEB_SRC indicates that the archive contains source files. 247 DEB_SRC = 2; 248 } 249 250 // Type of archive files in this repository. The default behavior is DEB. 251 ArchiveType archive_type = 1; 252 253 // Required. URI for this repository. 254 string uri = 2 [(google.api.field_behavior) = REQUIRED]; 255 256 // Required. Distribution of this repository. 257 string distribution = 3 [(google.api.field_behavior) = REQUIRED]; 258 259 // Required. List of components for this repository. Must contain at least one item. 260 repeated string components = 4 [(google.api.field_behavior) = REQUIRED]; 261 262 // URI of the key file for this repository. The agent maintains 263 // a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing 264 // all the keys in any applied guest policy. 265 string gpg_key = 5; 266} 267 268// Represents a single Yum package repository. This repository is added to a 269// repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`. 270message YumRepository { 271 // Required. A one word, unique name for this repository. This is 272 // the `repo id` in the Yum config file and also the `display_name` if 273 // `display_name` is omitted. This id is also used as the unique identifier 274 // when checking for guest policy conflicts. 275 string id = 1 [(google.api.field_behavior) = REQUIRED]; 276 277 // The display name of the repository. 278 string display_name = 2; 279 280 // Required. The location of the repository directory. 281 string base_url = 3 [(google.api.field_behavior) = REQUIRED]; 282 283 // URIs of GPG keys. 284 repeated string gpg_keys = 4; 285} 286 287// Represents a single Zypper package repository. This repository is added to a 288// repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`. 289message ZypperRepository { 290 // Required. A one word, unique name for this repository. This is 291 // the `repo id` in the zypper config file and also the `display_name` if 292 // `display_name` is omitted. This id is also used as the unique identifier 293 // when checking for guest policy conflicts. 294 string id = 1 [(google.api.field_behavior) = REQUIRED]; 295 296 // The display name of the repository. 297 string display_name = 2; 298 299 // Required. The location of the repository directory. 300 string base_url = 3 [(google.api.field_behavior) = REQUIRED]; 301 302 // URIs of GPG keys. 303 repeated string gpg_keys = 4; 304} 305 306// Represents a Goo package repository. These is added to a repo file 307// that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo. 308message GooRepository { 309 // Required. The name of the repository. 310 string name = 1 [(google.api.field_behavior) = REQUIRED]; 311 312 // Required. The url of the repository. 313 string url = 2 [(google.api.field_behavior) = REQUIRED]; 314} 315 316// A package repository. 317message PackageRepository { 318 // A specific type of repository. 319 oneof repository { 320 // An Apt Repository. 321 AptRepository apt = 1; 322 323 // A Yum Repository. 324 YumRepository yum = 2; 325 326 // A Zypper Repository. 327 ZypperRepository zypper = 3; 328 329 // A Goo Repository. 330 GooRepository goo = 4; 331 } 332} 333 334// A software recipe is a set of instructions for installing and configuring a 335// piece of software. It consists of a set of artifacts that are 336// downloaded, and a set of steps that install, configure, and/or update the 337// software. 338// 339// Recipes support installing and updating software from artifacts in the 340// following formats: 341// Zip archive, Tar archive, Windows MSI, Debian package, and RPM package. 342// 343// Additionally, recipes support executing a script (either defined in a file or 344// directly in this api) in bash, sh, cmd, and powershell. 345// 346// Updating a software recipe 347// 348// If a recipe is assigned to an instance and there is a recipe with the same 349// name but a lower version already installed and the assigned state 350// of the recipe is `UPDATED`, then the recipe is updated to 351// the new version. 352// 353// Script Working Directories 354// 355// Each script or execution step is run in its own temporary directory which 356// is deleted after completing the step. 357message SoftwareRecipe { 358 // Specifies a resource to be used in the recipe. 359 message Artifact { 360 // Specifies an artifact available via some URI. 361 message Remote { 362 // URI from which to fetch the object. It should contain both the protocol 363 // and path following the format {protocol}://{location}. 364 string uri = 1; 365 366 // Must be provided if `allow_insecure` is `false`. 367 // SHA256 checksum in hex format, to compare to the checksum of the 368 // artifact. If the checksum is not empty and it doesn't match the 369 // artifact then the recipe installation fails before running any of the 370 // steps. 371 string checksum = 2; 372 } 373 374 // Specifies an artifact available as a Google Cloud Storage object. 375 message Gcs { 376 // Bucket of the Google Cloud Storage object. 377 // Given an example URL: 378 // `https://storage.googleapis.com/my-bucket/foo/bar#1234567` 379 // this value would be `my-bucket`. 380 string bucket = 1; 381 382 // Name of the Google Cloud Storage object. 383 // As specified [here] 384 // (https://cloud.google.com/storage/docs/naming#objectnames) 385 // Given an example URL: 386 // `https://storage.googleapis.com/my-bucket/foo/bar#1234567` 387 // this value would be `foo/bar`. 388 string object = 2; 389 390 // Must be provided if allow_insecure is false. 391 // Generation number of the Google Cloud Storage object. 392 // `https://storage.googleapis.com/my-bucket/foo/bar#1234567` 393 // this value would be `1234567`. 394 int64 generation = 3; 395 } 396 397 // Required. Id of the artifact, which the installation and update steps of this 398 // recipe can reference. Artifacts in a recipe cannot have the same id. 399 string id = 1 [(google.api.field_behavior) = REQUIRED]; 400 401 // A specific type of artifact. 402 oneof artifact { 403 // A generic remote artifact. 404 Remote remote = 2; 405 406 // A Google Cloud Storage artifact. 407 Gcs gcs = 3; 408 } 409 410 // Defaults to false. When false, recipes are subject to validations 411 // based on the artifact type: 412 // 413 // Remote: A checksum must be specified, and only protocols with 414 // transport-layer security are permitted. 415 // GCS: An object generation number must be specified. 416 bool allow_insecure = 4; 417 } 418 419 // An action that can be taken as part of installing or updating a recipe. 420 message Step { 421 // Copies the artifact to the specified path on the instance. 422 message CopyFile { 423 // Required. The id of the relevant artifact in the recipe. 424 string artifact_id = 1 [(google.api.field_behavior) = REQUIRED]; 425 426 // Required. The absolute path on the instance to put the file. 427 string destination = 2 [(google.api.field_behavior) = REQUIRED]; 428 429 // Whether to allow this step to overwrite existing files. If this is 430 // false and the file already exists the file is not overwritten 431 // and the step is considered a success. Defaults to false. 432 bool overwrite = 3; 433 434 // Consists of three octal digits which represent, in 435 // order, the permissions of the owner, group, and other users for the 436 // file (similarly to the numeric mode used in the linux chmod utility). 437 // Each digit represents a three bit number with the 4 bit 438 // corresponding to the read permissions, the 2 bit corresponds to the 439 // write bit, and the one bit corresponds to the execute permission. 440 // Default behavior is 755. 441 // 442 // Below are some examples of permissions and their associated values: 443 // read, write, and execute: 7 444 // read and execute: 5 445 // read and write: 6 446 // read only: 4 447 string permissions = 4; 448 } 449 450 // Extracts an archive of the type specified in the specified directory. 451 message ExtractArchive { 452 // Specifying the type of archive. 453 enum ArchiveType { 454 // Indicates that the archive type isn't specified. 455 ARCHIVE_TYPE_UNSPECIFIED = 0; 456 457 // Indicates that the archive is a tar archive with no encryption. 458 TAR = 1; 459 460 // Indicates that the archive is a tar archive with gzip encryption. 461 TAR_GZIP = 2; 462 463 // Indicates that the archive is a tar archive with bzip encryption. 464 TAR_BZIP = 3; 465 466 // Indicates that the archive is a tar archive with lzma encryption. 467 TAR_LZMA = 4; 468 469 // Indicates that the archive is a tar archive with xz encryption. 470 TAR_XZ = 5; 471 472 // Indicates that the archive is a zip archive. 473 ZIP = 11; 474 } 475 476 // Required. The id of the relevant artifact in the recipe. 477 string artifact_id = 1 [(google.api.field_behavior) = REQUIRED]; 478 479 // Directory to extract archive to. 480 // Defaults to `/` on Linux or `C:\` on Windows. 481 string destination = 2; 482 483 // Required. The type of the archive to extract. 484 ArchiveType type = 3 [(google.api.field_behavior) = REQUIRED]; 485 } 486 487 // Installs an MSI file. 488 message InstallMsi { 489 // Required. The id of the relevant artifact in the recipe. 490 string artifact_id = 1 [(google.api.field_behavior) = REQUIRED]; 491 492 // The flags to use when installing the MSI 493 // defaults to ["/i"] (i.e. the install flag). 494 repeated string flags = 2; 495 496 // Return codes that indicate that the software installed or updated 497 // successfully. Behaviour defaults to [0] 498 repeated int32 allowed_exit_codes = 3; 499 } 500 501 // Installs a deb via dpkg. 502 message InstallDpkg { 503 // Required. The id of the relevant artifact in the recipe. 504 string artifact_id = 1 [(google.api.field_behavior) = REQUIRED]; 505 } 506 507 // Installs an rpm file via the rpm utility. 508 message InstallRpm { 509 // Required. The id of the relevant artifact in the recipe. 510 string artifact_id = 1 [(google.api.field_behavior) = REQUIRED]; 511 } 512 513 // Executes an artifact or local file. 514 message ExecFile { 515 // Location of the file to execute. 516 oneof location_type { 517 // The id of the relevant artifact in the recipe. 518 string artifact_id = 1; 519 520 // The absolute path of the file on the local filesystem. 521 string local_path = 2; 522 } 523 524 // Arguments to be passed to the provided executable. 525 repeated string args = 3; 526 527 // Defaults to [0]. A list of possible return values that the program 528 // can return to indicate a success. 529 repeated int32 allowed_exit_codes = 4; 530 } 531 532 // Runs a script through an interpreter. 533 message RunScript { 534 // The interpreter used to execute a script. 535 enum Interpreter { 536 // Default value for ScriptType. 537 INTERPRETER_UNSPECIFIED = 0; 538 539 // Indicates that the script is run with `/bin/sh` on Linux and `cmd` 540 // on windows. 541 SHELL = 1; 542 543 // Indicates that the script is run with powershell. 544 POWERSHELL = 3; 545 } 546 547 // Required. The shell script to be executed. 548 string script = 1 [(google.api.field_behavior) = REQUIRED]; 549 550 // Return codes that indicate that the software installed or updated 551 // successfully. Behaviour defaults to [0] 552 repeated int32 allowed_exit_codes = 2; 553 554 // The script interpreter to use to run the script. If no interpreter is 555 // specified the script is executed directly, which likely 556 // only succeed for scripts with 557 // [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)). 558 Interpreter interpreter = 3; 559 } 560 561 // A specific type of step. 562 oneof step { 563 // Copies a file onto the instance. 564 CopyFile file_copy = 1; 565 566 // Extracts an archive into the specified directory. 567 ExtractArchive archive_extraction = 2; 568 569 // Installs an MSI file. 570 InstallMsi msi_installation = 3; 571 572 // Installs a deb file via dpkg. 573 InstallDpkg dpkg_installation = 4; 574 575 // Installs an rpm file via the rpm utility. 576 InstallRpm rpm_installation = 5; 577 578 // Executes an artifact or local file. 579 ExecFile file_exec = 6; 580 581 // Runs commands in a shell. 582 RunScript script_run = 7; 583 } 584 } 585 586 // Required. Unique identifier for the recipe. Only one recipe with a given name is 587 // installed on an instance. 588 // 589 // Names are also used to identify resources which helps to determine whether 590 // guest policies have conflicts. This means that requests to create multiple 591 // recipes with the same name and version are rejected since they 592 // could potentially have conflicting assignments. 593 string name = 1 [(google.api.field_behavior) = REQUIRED]; 594 595 // The version of this software recipe. Version can be up to 4 period 596 // separated numbers (e.g. 12.34.56.78). 597 string version = 2; 598 599 // Resources available to be used in the steps in the recipe. 600 repeated Artifact artifacts = 3; 601 602 // Actions to be taken for installing this recipe. On failure it stops 603 // executing steps and does not attempt another installation. Any steps taken 604 // (including partially completed steps) are not rolled back. 605 repeated Step install_steps = 4; 606 607 // Actions to be taken for updating this recipe. On failure it stops 608 // executing steps and does not attempt another update for this recipe. Any 609 // steps taken (including partially completed steps) are not rolled back. 610 repeated Step update_steps = 5; 611 612 // Default is INSTALLED. The desired state the agent should maintain for this 613 // recipe. 614 // 615 // INSTALLED: The software recipe is installed on the instance but 616 // won't be updated to new versions. 617 // UPDATED: The software recipe is installed on the instance. The recipe is 618 // updated to a higher version, if a higher version of the recipe is 619 // assigned to this instance. 620 // REMOVE: Remove is unsupported for software recipes and attempts to 621 // create or update a recipe to the REMOVE state is rejected. 622 DesiredState desired_state = 6; 623} 624 625// A request message for creating a guest policy. 626message CreateGuestPolicyRequest { 627 // Required. The resource name of the parent using one of the following forms: 628 // `projects/{project_number}`. 629 string parent = 1 [ 630 (google.api.field_behavior) = REQUIRED, 631 (google.api.resource_reference) = { 632 child_type: "osconfig.googleapis.com/GuestPolicy" 633 } 634 ]; 635 636 // Required. The logical name of the guest policy in the project 637 // with the following restrictions: 638 // 639 // * Must contain only lowercase letters, numbers, and hyphens. 640 // * Must start with a letter. 641 // * Must be between 1-63 characters. 642 // * Must end with a number or a letter. 643 // * Must be unique within the project. 644 string guest_policy_id = 2 [(google.api.field_behavior) = REQUIRED]; 645 646 // Required. The GuestPolicy to create. 647 GuestPolicy guest_policy = 3 [(google.api.field_behavior) = REQUIRED]; 648} 649 650// A request message for retrieving a guest policy. 651message GetGuestPolicyRequest { 652 // Required. The resource name of the guest policy using one of the following forms: 653 // `projects/{project_number}/guestPolicies/{guest_policy_id}`. 654 string name = 1 [ 655 (google.api.field_behavior) = REQUIRED, 656 (google.api.resource_reference) = { 657 type: "osconfig.googleapis.com/GuestPolicy" 658 } 659 ]; 660} 661 662// A request message for listing guest policies. 663message ListGuestPoliciesRequest { 664 // Required. The resource name of the parent using one of the following forms: 665 // `projects/{project_number}`. 666 string parent = 1 [ 667 (google.api.field_behavior) = REQUIRED, 668 (google.api.resource_reference) = { 669 child_type: "osconfig.googleapis.com/GuestPolicy" 670 } 671 ]; 672 673 // The maximum number of guest policies to return. 674 int32 page_size = 2; 675 676 // A pagination token returned from a previous call to `ListGuestPolicies` 677 // that indicates where this listing should continue from. 678 string page_token = 3; 679} 680 681// A response message for listing guest policies. 682message ListGuestPoliciesResponse { 683 // The list of GuestPolicies. 684 repeated GuestPolicy guest_policies = 1; 685 686 // A pagination token that can be used to get the next page 687 // of guest policies. 688 string next_page_token = 2; 689} 690 691// A request message for updating a guest policy. 692message UpdateGuestPolicyRequest { 693 // Required. The updated GuestPolicy. 694 GuestPolicy guest_policy = 1 [(google.api.field_behavior) = REQUIRED]; 695 696 // Field mask that controls which fields of the guest policy should be 697 // updated. 698 google.protobuf.FieldMask update_mask = 2; 699} 700 701// A request message for deleting a guest policy. 702message DeleteGuestPolicyRequest { 703 // Required. The resource name of the guest policy using one of the following forms: 704 // `projects/{project_number}/guestPolicies/{guest_policy_id}`. 705 string name = 1 [ 706 (google.api.field_behavior) = REQUIRED, 707 (google.api.resource_reference) = { 708 type: "osconfig.googleapis.com/GuestPolicy" 709 } 710 ]; 711} 712 713// A request message for getting the effective guest policy assigned to the 714// instance. 715message LookupEffectiveGuestPolicyRequest { 716 // Required. The VM instance whose policies are being looked up. 717 string instance = 1 [(google.api.field_behavior) = REQUIRED]; 718 719 // Short name of the OS running on the instance. The OS Config agent only 720 // provides this field for targeting if OS Inventory is enabled for that 721 // instance. 722 string os_short_name = 2; 723 724 // Version of the OS running on the instance. The OS Config agent only 725 // provides this field for targeting if OS Inventory is enabled for that 726 // VM instance. 727 string os_version = 3; 728 729 // Architecture of OS running on the instance. The OS Config agent only 730 // provides this field for targeting if OS Inventory is enabled for that 731 // instance. 732 string os_architecture = 4; 733} 734 735// The effective guest policy that applies to a VM instance. 736message EffectiveGuestPolicy { 737 // A guest policy package including its source. 738 message SourcedPackage { 739 // Name of the guest policy providing this config. 740 string source = 1; 741 742 // A software package to configure on the VM instance. 743 Package package = 2; 744 } 745 746 // A guest policy package repository including its source. 747 message SourcedPackageRepository { 748 // Name of the guest policy providing this config. 749 string source = 1; 750 751 // A software package repository to configure on the VM instance. 752 PackageRepository package_repository = 2; 753 } 754 755 // A guest policy recipe including its source. 756 message SourcedSoftwareRecipe { 757 // Name of the guest policy providing this config. 758 string source = 1; 759 760 // A software recipe to configure on the VM instance. 761 SoftwareRecipe software_recipe = 2; 762 } 763 764 // List of package configurations assigned to the VM instance. 765 repeated SourcedPackage packages = 1; 766 767 // List of package repository configurations assigned to the VM instance. 768 repeated SourcedPackageRepository package_repositories = 2; 769 770 // List of recipes assigned to the VM instance. 771 repeated SourcedSoftwareRecipe software_recipes = 3; 772} 773