docs: docs update (#911)
Thank you for opening a Pull Request! Before submitting your PR, there are a few things you can do to make sure it goes smoothly:
- [ ] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/google-api-python-client/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea
- [ ] Ensure the tests and linter pass
- [ ] Code coverage does not decrease (if any source code was changed)
- [ ] Appropriate docs were updated (if necessary)
Fixes #<issue_number_goes_here> 🦕
diff --git a/docs/dyn/osconfig_v1beta.projects.guestPolicies.html b/docs/dyn/osconfig_v1beta.projects.guestPolicies.html
new file mode 100644
index 0000000..5752ba5
--- /dev/null
+++ b/docs/dyn/osconfig_v1beta.projects.guestPolicies.html
@@ -0,0 +1,2597 @@
+<html><body>
+<style>
+
+body, h1, h2, h3, div, span, p, pre, a {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-weight: inherit;
+ font-style: inherit;
+ font-size: 100%;
+ font-family: inherit;
+ vertical-align: baseline;
+}
+
+body {
+ font-size: 13px;
+ padding: 1em;
+}
+
+h1 {
+ font-size: 26px;
+ margin-bottom: 1em;
+}
+
+h2 {
+ font-size: 24px;
+ margin-bottom: 1em;
+}
+
+h3 {
+ font-size: 20px;
+ margin-bottom: 1em;
+ margin-top: 1em;
+}
+
+pre, code {
+ line-height: 1.5;
+ font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
+}
+
+pre {
+ margin-top: 0.5em;
+}
+
+h1, h2, h3, p {
+ font-family: Arial, sans serif;
+}
+
+h1, h2, h3 {
+ border-bottom: solid #CCC 1px;
+}
+
+.toc_element {
+ margin-top: 0.5em;
+}
+
+.firstline {
+ margin-left: 2 em;
+}
+
+.method {
+ margin-top: 1em;
+ border: solid 1px #CCC;
+ padding: 1em;
+ background: #EEE;
+}
+
+.details {
+ font-weight: bold;
+ font-size: 14px;
+}
+
+</style>
+
+<h1><a href="osconfig_v1beta.html">Cloud OS Config API</a> . <a href="osconfig_v1beta.projects.html">projects</a> . <a href="osconfig_v1beta.projects.guestPolicies.html">guestPolicies</a></h1>
+<h2>Instance Methods</h2>
+<p class="toc_element">
+ <code><a href="#create">create(parent, body=None, guestPolicyId=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Create an OS Config guest policy.</p>
+<p class="toc_element">
+ <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Delete an OS Config guest policy.</p>
+<p class="toc_element">
+ <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Get an OS Config guest policy.</p>
+<p class="toc_element">
+ <code><a href="#list">list(parent, pageToken=None, pageSize=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Get a page of OS Config guest policies.</p>
+<p class="toc_element">
+ <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
+<p class="firstline">Retrieves the next page of results.</p>
+<p class="toc_element">
+ <code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Update an OS Config guest policy.</p>
+<h3>Method Details</h3>
+<div class="method">
+ <code class="details" id="create">create(parent, body=None, guestPolicyId=None, x__xgafv=None)</code>
+ <pre>Create an OS Config guest policy.
+
+Args:
+ parent: string, Required. The resource name of the parent using one of the following forms:
+`projects/{project_number}`. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # An OS Config resource representing a guest configuration policy. These
+ # policies represent the desired state for VM instance guest environments
+ # including packages to install or remove, package repository configurations,
+ # and software to install.
+ "recipes": [ # A list of Recipes to install on the VM instance.
+ { # A software recipe is a set of instructions for installing and configuring a
+ # piece of software. It consists of a set of artifacts that are
+ # downloaded, and a set of steps that install, configure, and/or update the
+ # software.
+ #
+ # Recipes support installing and updating software from artifacts in the
+ # following formats:
+ # Zip archive, Tar archive, Windows MSI, Debian package, and RPM package.
+ #
+ # Additionally, recipes support executing a script (either defined in a file or
+ # directly in this api) in bash, sh, cmd, and powershell.
+ #
+ # Updating a software recipe
+ #
+ # If a recipe is assigned to an instance and there is a recipe with the same
+ # name but a lower version already installed and the assigned state
+ # of the recipe is `UPDATED`, then the recipe is updated to
+ # the new version.
+ #
+ # Script Working Directories
+ #
+ # Each script or execution step is run in its own temporary directory which
+ # is deleted after completing the step.
+ "name": "A String", # Required. Unique identifier for the recipe. Only one recipe with a given name is
+ # installed on an instance.
+ #
+ # Names are also used to identify resources which helps to determine whether
+ # guest policies have conflicts. This means that requests to create multiple
+ # recipes with the same name and version are rejected since they
+ # could potentially have conflicting assignments.
+ "updateSteps": [ # Actions to be taken for updating this recipe. On failure it stops
+ # executing steps and does not attempt another update for this recipe. Any
+ # steps taken (including partially completed steps) are not rolled back.
+ { # An action that can be taken as part of installing or updating a recipe.
+ "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
+ # false and the file already exists the file is not overwritten
+ # and the step is considered a success. Defaults to false.
+ "destination": "A String", # Required. The absolute path on the instance to put the file.
+ "permissions": "A String", # Consists of three octal digits which represent, in
+ # order, the permissions of the owner, group, and other users for the
+ # file (similarly to the numeric mode used in the linux chmod utility).
+ # Each digit represents a three bit number with the 4 bit
+ # corresponding to the read permissions, the 2 bit corresponds to the
+ # write bit, and the one bit corresponds to the execute permission.
+ # Default behavior is 755.
+ #
+ # Below are some examples of permissions and their associated values:
+ # read, write, and execute: 7
+ # read and execute: 5
+ # read and write: 6
+ # read only: 4
+ },
+ "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
+ "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
+ # can return to indicate a success.
+ 42,
+ ],
+ "artifactId": "A String", # The id of the relevant artifact in the recipe.
+ "args": [ # Arguments to be passed to the provided executable.
+ "A String",
+ ],
+ "localPath": "A String", # The absolute path of the file on the local filesystem.
+ },
+ "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
+ "type": "A String", # Required. The type of the archive to extract.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "destination": "A String", # Directory to extract archive to.
+ # Defaults to `/` on Linux or `C:\` on Windows.
+ },
+ "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
+ "flags": [ # The flags to use when installing the MSI
+ # defaults to ["/i"] (i.e. the install flag).
+ "A String",
+ ],
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
+ # specified the script is executed directly, which likely
+ # only succeed for scripts with
+ # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
+ "script": "A String", # Required. The shell script to be executed.
+ },
+ "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ },
+ ],
+ "desiredState": "A String", # Default is INSTALLED. The desired state the agent should maintain for this
+ # recipe.
+ #
+ # INSTALLED: The software recipe is installed on the instance but
+ # won't be updated to new versions.
+ # UPDATED: The software recipe is installed on the instance. The recipe is
+ # updated to a higher version, if a higher version of the recipe is
+ # assigned to this instance.
+ # REMOVE: Remove is unsupported for software recipes and attempts to
+ # create or update a recipe to the REMOVE state is rejected.
+ "version": "A String", # The version of this software recipe. Version can be up to 4 period
+ # separated numbers (e.g. 12.34.56.78).
+ "artifacts": [ # Resources available to be used in the steps in the recipe.
+ { # Specifies a resource to be used in the recipe.
+ "remote": { # Specifies an artifact available via some URI. # A generic remote artifact.
+ "checksum": "A String", # Must be provided if `allow_insecure` is `false`.
+ # SHA256 checksum in hex format, to compare to the checksum of the
+ # artifact. If the checksum is not empty and it doesn't match the
+ # artifact then the recipe installation fails before running any of the
+ # steps.
+ "uri": "A String", # URI from which to fetch the object. It should contain both the protocol
+ # and path following the format {protocol}://{location}.
+ },
+ "gcs": { # Specifies an artifact available as a Google Cloud Storage object. # A Google Cloud Storage artifact.
+ "generation": "A String", # Must be provided if allow_insecure is false.
+ # Generation number of the Google Cloud Storage object.
+ # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
+ # this value would be `1234567`.
+ "bucket": "A String", # Bucket of the Google Cloud Storage object.
+ # Given an example URL:
+ # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
+ # this value would be `my-bucket`.
+ "object": "A String", # Name of the Google Cloud Storage object.
+ # As specified [here]
+ # (https://cloud.google.com/storage/docs/naming#objectnames)
+ # Given an example URL:
+ # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
+ # this value would be `foo/bar`.
+ },
+ "id": "A String", # Required. Id of the artifact, which the installation and update steps of this
+ # recipe can reference. Artifacts in a recipe cannot have the same id.
+ "allowInsecure": True or False, # Defaults to false. When false, recipes are subject to validations
+ # based on the artifact type:
+ #
+ # Remote: A checksum must be specified, and only protocols with
+ # transport-layer security are permitted.
+ # GCS: An object generation number must be specified.
+ },
+ ],
+ "installSteps": [ # Actions to be taken for installing this recipe. On failure it stops
+ # executing steps and does not attempt another installation. Any steps taken
+ # (including partially completed steps) are not rolled back.
+ { # An action that can be taken as part of installing or updating a recipe.
+ "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
+ # false and the file already exists the file is not overwritten
+ # and the step is considered a success. Defaults to false.
+ "destination": "A String", # Required. The absolute path on the instance to put the file.
+ "permissions": "A String", # Consists of three octal digits which represent, in
+ # order, the permissions of the owner, group, and other users for the
+ # file (similarly to the numeric mode used in the linux chmod utility).
+ # Each digit represents a three bit number with the 4 bit
+ # corresponding to the read permissions, the 2 bit corresponds to the
+ # write bit, and the one bit corresponds to the execute permission.
+ # Default behavior is 755.
+ #
+ # Below are some examples of permissions and their associated values:
+ # read, write, and execute: 7
+ # read and execute: 5
+ # read and write: 6
+ # read only: 4
+ },
+ "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
+ "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
+ # can return to indicate a success.
+ 42,
+ ],
+ "artifactId": "A String", # The id of the relevant artifact in the recipe.
+ "args": [ # Arguments to be passed to the provided executable.
+ "A String",
+ ],
+ "localPath": "A String", # The absolute path of the file on the local filesystem.
+ },
+ "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
+ "type": "A String", # Required. The type of the archive to extract.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "destination": "A String", # Directory to extract archive to.
+ # Defaults to `/` on Linux or `C:\` on Windows.
+ },
+ "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
+ "flags": [ # The flags to use when installing the MSI
+ # defaults to ["/i"] (i.e. the install flag).
+ "A String",
+ ],
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
+ # specified the script is executed directly, which likely
+ # only succeed for scripts with
+ # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
+ "script": "A String", # Required. The shell script to be executed.
+ },
+ "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ },
+ ],
+ },
+ ],
+ "assignment": { # An assignment represents the group or groups of VM instances that the policy # Required. Specifies the VM instances that are assigned to this policy. This allows
+ # you to target sets or groups of VM instances by different parameters such
+ # as labels, names, OS, or zones.
+ #
+ # If left empty, all VM instances underneath this policy are targeted.
+ #
+ # At the same level in the resource hierarchy (that is within a project), the
+ # service prevents the creation of multiple policies that conflict with
+ # each other. For more information, see how the service [handles assignment
+ # conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts).
+ # applies to.
+ #
+ # If an assignment is empty, it applies to all VM instances. Otherwise, the
+ # targeted VM instances must meet all the criteria specified. So if both
+ # labels and zones are specified, the policy applies to VM instances with those
+ # labels and in those zones.
+ "groupLabels": [ # Targets instances matching at least one of these label sets. This allows
+ # an assignment to target disparate groups, for example "env=prod or
+ # env=staging".
+ { # Represents a group of VM intances that can be identified as having all
+ # these labels, for example "env=prod and app=web".
+ "labels": { # Google Compute Engine instance labels that must be present for an
+ # instance to be included in this assignment group.
+ "a_key": "A String",
+ },
+ },
+ ],
+ "osTypes": [ # Targets VM instances matching at least one of the following OS types.
+ #
+ # VM instances must match all supplied criteria for a given OsType to be
+ # included.
+ { # Defines the criteria for selecting VM Instances by OS type.
+ "osShortName": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # OS short name, for example "debian" or "windows".
+ "osArchitecture": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # OS architecture.
+ "osVersion": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # following OS version.
+ },
+ ],
+ "instances": [ # Targets any of the instances specified. Instances are specified by their
+ # URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`.
+ #
+ # Instance targeting is uncommon and is supported to facilitate the
+ # management of changes by the instance or to target specific VM instances
+ # for development and testing.
+ #
+ # Only supported for project-level policies and must reference instances
+ # within this project.
+ "A String",
+ ],
+ "instanceNamePrefixes": [ # Targets VM instances whose name starts with one of these prefixes.
+ #
+ # Like labels, this is another way to group VM instances when targeting
+ # configs, for example prefix="prod-".
+ #
+ # Only supported for project-level policies.
+ "A String",
+ ],
+ "zones": [ # Targets instances in any of these zones. Leave empty to target instances
+ # in any zone.
+ #
+ # Zonal targeting is uncommon and is supported to facilitate the management
+ # of changes by zone.
+ "A String",
+ ],
+ },
+ "description": "A String", # Description of the guest policy. Length of the description is limited
+ # to 1024 characters.
+ "packageRepositories": [ # A list of package repositories to configure on the VM instance. This is
+ # done before any other configs are applied so they can use these repos.
+ # Package repositories are only configured if the corresponding package
+ # manager(s) are available.
+ { # A package repository.
+ "zypper": { # Represents a single Zypper package repository. This repository is added to a # A Zypper Repository.
+ # repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`.
+ "id": "A String", # Required. A one word, unique name for this repository. This is
+ # the `repo id` in the zypper config file and also the `display_name` if
+ # `display_name` is omitted. This id is also used as the unique identifier
+ # when checking for guest policy conflicts.
+ "baseUrl": "A String", # Required. The location of the repository directory.
+ "gpgKeys": [ # URIs of GPG keys.
+ "A String",
+ ],
+ "displayName": "A String", # The display name of the repository.
+ },
+ "apt": { # Represents a single Apt package repository. This repository is added to # An Apt Repository.
+ # a repo file that is stored at
+ # `/etc/apt/sources.list.d/google_osconfig.list`.
+ "archiveType": "A String", # Type of archive files in this repository. The default behavior is DEB.
+ "uri": "A String", # Required. URI for this repository.
+ "gpgKey": "A String", # URI of the key file for this repository. The agent maintains
+ # a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing
+ # all the keys in any applied guest policy.
+ "distribution": "A String", # Required. Distribution of this repository.
+ "components": [ # Required. List of components for this repository. Must contain at least one item.
+ "A String",
+ ],
+ },
+ "yum": { # Represents a single Yum package repository. This repository is added to a # A Yum Repository.
+ # repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`.
+ "displayName": "A String", # The display name of the repository.
+ "id": "A String", # Required. A one word, unique name for this repository. This is
+ # the `repo id` in the Yum config file and also the `display_name` if
+ # `display_name` is omitted. This id is also used as the unique identifier
+ # when checking for guest policy conflicts.
+ "baseUrl": "A String", # Required. The location of the repository directory.
+ "gpgKeys": [ # URIs of GPG keys.
+ "A String",
+ ],
+ },
+ "goo": { # Represents a Goo package repository. These is added to a repo file # A Goo Repository.
+ # that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo.
+ "name": "A String", # Required. The name of the repository.
+ "url": "A String", # Required. The url of the repository.
+ },
+ },
+ ],
+ "etag": "A String", # The etag for this guest policy.
+ # If this is provided on update, it must match the server's etag.
+ "createTime": "A String", # Output only. Time this guest policy was created.
+ "packages": [ # The software packages to be managed by this policy.
+ { # Package is a reference to the software package to be installed or removed.
+ # The agent on the VM instance uses the system package manager to apply the
+ # config.
+ #
+ #
+ # These are the commands that the agent uses to install or remove
+ # packages.
+ #
+ # Apt
+ # install: `apt-get update && apt-get -y install package1 package2 package3`
+ # remove: `apt-get -y remove package1 package2 package3`
+ #
+ # Yum
+ # install: `yum -y install package1 package2 package3`
+ # remove: `yum -y remove package1 package2 package3`
+ #
+ # Zypper
+ # install: `zypper install package1 package2 package3`
+ # remove: `zypper rm package1 package2`
+ #
+ # Googet
+ # install: `googet -noconfirm install package1 package2 package3`
+ # remove: `googet -noconfirm remove package1 package2 package3`
+ "name": "A String", # Required. The name of the package. A package is uniquely identified for conflict
+ # validation by checking the package name and the manager(s) that the
+ # package targets.
+ "manager": "A String", # Type of package manager that can be used to install this package.
+ # If a system does not have the package manager, the package is not
+ # installed or removed no error message is returned. By default,
+ # or if you specify `ANY`,
+ # the agent attempts to install and remove this package using the default
+ # package manager. This is useful when creating a policy that applies to
+ # different types of systems.
+ #
+ # The default behavior is ANY.
+ "desiredState": "A String", # The desired_state the agent should maintain for this package. The
+ # default is to ensure the package is installed.
+ },
+ ],
+ "updateTime": "A String", # Output only. Last time this guest policy was updated.
+ "name": "A String", # Required. Unique name of the resource in this project using one of the following
+ # forms:
+ # `projects/{project_number}/guestPolicies/{guest_policy_id}`.
+}
+
+ guestPolicyId: string, Required. The logical name of the guest policy in the project
+with the following restrictions:
+
+* Must contain only lowercase letters, numbers, and hyphens.
+* Must start with a letter.
+* Must be between 1-63 characters.
+* Must end with a number or a letter.
+* Must be unique within the project.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # An OS Config resource representing a guest configuration policy. These
+ # policies represent the desired state for VM instance guest environments
+ # including packages to install or remove, package repository configurations,
+ # and software to install.
+ "recipes": [ # A list of Recipes to install on the VM instance.
+ { # A software recipe is a set of instructions for installing and configuring a
+ # piece of software. It consists of a set of artifacts that are
+ # downloaded, and a set of steps that install, configure, and/or update the
+ # software.
+ #
+ # Recipes support installing and updating software from artifacts in the
+ # following formats:
+ # Zip archive, Tar archive, Windows MSI, Debian package, and RPM package.
+ #
+ # Additionally, recipes support executing a script (either defined in a file or
+ # directly in this api) in bash, sh, cmd, and powershell.
+ #
+ # Updating a software recipe
+ #
+ # If a recipe is assigned to an instance and there is a recipe with the same
+ # name but a lower version already installed and the assigned state
+ # of the recipe is `UPDATED`, then the recipe is updated to
+ # the new version.
+ #
+ # Script Working Directories
+ #
+ # Each script or execution step is run in its own temporary directory which
+ # is deleted after completing the step.
+ "name": "A String", # Required. Unique identifier for the recipe. Only one recipe with a given name is
+ # installed on an instance.
+ #
+ # Names are also used to identify resources which helps to determine whether
+ # guest policies have conflicts. This means that requests to create multiple
+ # recipes with the same name and version are rejected since they
+ # could potentially have conflicting assignments.
+ "updateSteps": [ # Actions to be taken for updating this recipe. On failure it stops
+ # executing steps and does not attempt another update for this recipe. Any
+ # steps taken (including partially completed steps) are not rolled back.
+ { # An action that can be taken as part of installing or updating a recipe.
+ "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
+ # false and the file already exists the file is not overwritten
+ # and the step is considered a success. Defaults to false.
+ "destination": "A String", # Required. The absolute path on the instance to put the file.
+ "permissions": "A String", # Consists of three octal digits which represent, in
+ # order, the permissions of the owner, group, and other users for the
+ # file (similarly to the numeric mode used in the linux chmod utility).
+ # Each digit represents a three bit number with the 4 bit
+ # corresponding to the read permissions, the 2 bit corresponds to the
+ # write bit, and the one bit corresponds to the execute permission.
+ # Default behavior is 755.
+ #
+ # Below are some examples of permissions and their associated values:
+ # read, write, and execute: 7
+ # read and execute: 5
+ # read and write: 6
+ # read only: 4
+ },
+ "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
+ "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
+ # can return to indicate a success.
+ 42,
+ ],
+ "artifactId": "A String", # The id of the relevant artifact in the recipe.
+ "args": [ # Arguments to be passed to the provided executable.
+ "A String",
+ ],
+ "localPath": "A String", # The absolute path of the file on the local filesystem.
+ },
+ "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
+ "type": "A String", # Required. The type of the archive to extract.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "destination": "A String", # Directory to extract archive to.
+ # Defaults to `/` on Linux or `C:\` on Windows.
+ },
+ "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
+ "flags": [ # The flags to use when installing the MSI
+ # defaults to ["/i"] (i.e. the install flag).
+ "A String",
+ ],
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
+ # specified the script is executed directly, which likely
+ # only succeed for scripts with
+ # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
+ "script": "A String", # Required. The shell script to be executed.
+ },
+ "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ },
+ ],
+ "desiredState": "A String", # Default is INSTALLED. The desired state the agent should maintain for this
+ # recipe.
+ #
+ # INSTALLED: The software recipe is installed on the instance but
+ # won't be updated to new versions.
+ # UPDATED: The software recipe is installed on the instance. The recipe is
+ # updated to a higher version, if a higher version of the recipe is
+ # assigned to this instance.
+ # REMOVE: Remove is unsupported for software recipes and attempts to
+ # create or update a recipe to the REMOVE state is rejected.
+ "version": "A String", # The version of this software recipe. Version can be up to 4 period
+ # separated numbers (e.g. 12.34.56.78).
+ "artifacts": [ # Resources available to be used in the steps in the recipe.
+ { # Specifies a resource to be used in the recipe.
+ "remote": { # Specifies an artifact available via some URI. # A generic remote artifact.
+ "checksum": "A String", # Must be provided if `allow_insecure` is `false`.
+ # SHA256 checksum in hex format, to compare to the checksum of the
+ # artifact. If the checksum is not empty and it doesn't match the
+ # artifact then the recipe installation fails before running any of the
+ # steps.
+ "uri": "A String", # URI from which to fetch the object. It should contain both the protocol
+ # and path following the format {protocol}://{location}.
+ },
+ "gcs": { # Specifies an artifact available as a Google Cloud Storage object. # A Google Cloud Storage artifact.
+ "generation": "A String", # Must be provided if allow_insecure is false.
+ # Generation number of the Google Cloud Storage object.
+ # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
+ # this value would be `1234567`.
+ "bucket": "A String", # Bucket of the Google Cloud Storage object.
+ # Given an example URL:
+ # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
+ # this value would be `my-bucket`.
+ "object": "A String", # Name of the Google Cloud Storage object.
+ # As specified [here]
+ # (https://cloud.google.com/storage/docs/naming#objectnames)
+ # Given an example URL:
+ # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
+ # this value would be `foo/bar`.
+ },
+ "id": "A String", # Required. Id of the artifact, which the installation and update steps of this
+ # recipe can reference. Artifacts in a recipe cannot have the same id.
+ "allowInsecure": True or False, # Defaults to false. When false, recipes are subject to validations
+ # based on the artifact type:
+ #
+ # Remote: A checksum must be specified, and only protocols with
+ # transport-layer security are permitted.
+ # GCS: An object generation number must be specified.
+ },
+ ],
+ "installSteps": [ # Actions to be taken for installing this recipe. On failure it stops
+ # executing steps and does not attempt another installation. Any steps taken
+ # (including partially completed steps) are not rolled back.
+ { # An action that can be taken as part of installing or updating a recipe.
+ "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
+ # false and the file already exists the file is not overwritten
+ # and the step is considered a success. Defaults to false.
+ "destination": "A String", # Required. The absolute path on the instance to put the file.
+ "permissions": "A String", # Consists of three octal digits which represent, in
+ # order, the permissions of the owner, group, and other users for the
+ # file (similarly to the numeric mode used in the linux chmod utility).
+ # Each digit represents a three bit number with the 4 bit
+ # corresponding to the read permissions, the 2 bit corresponds to the
+ # write bit, and the one bit corresponds to the execute permission.
+ # Default behavior is 755.
+ #
+ # Below are some examples of permissions and their associated values:
+ # read, write, and execute: 7
+ # read and execute: 5
+ # read and write: 6
+ # read only: 4
+ },
+ "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
+ "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
+ # can return to indicate a success.
+ 42,
+ ],
+ "artifactId": "A String", # The id of the relevant artifact in the recipe.
+ "args": [ # Arguments to be passed to the provided executable.
+ "A String",
+ ],
+ "localPath": "A String", # The absolute path of the file on the local filesystem.
+ },
+ "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
+ "type": "A String", # Required. The type of the archive to extract.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "destination": "A String", # Directory to extract archive to.
+ # Defaults to `/` on Linux or `C:\` on Windows.
+ },
+ "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
+ "flags": [ # The flags to use when installing the MSI
+ # defaults to ["/i"] (i.e. the install flag).
+ "A String",
+ ],
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
+ # specified the script is executed directly, which likely
+ # only succeed for scripts with
+ # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
+ "script": "A String", # Required. The shell script to be executed.
+ },
+ "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ },
+ ],
+ },
+ ],
+ "assignment": { # An assignment represents the group or groups of VM instances that the policy # Required. Specifies the VM instances that are assigned to this policy. This allows
+ # you to target sets or groups of VM instances by different parameters such
+ # as labels, names, OS, or zones.
+ #
+ # If left empty, all VM instances underneath this policy are targeted.
+ #
+ # At the same level in the resource hierarchy (that is within a project), the
+ # service prevents the creation of multiple policies that conflict with
+ # each other. For more information, see how the service [handles assignment
+ # conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts).
+ # applies to.
+ #
+ # If an assignment is empty, it applies to all VM instances. Otherwise, the
+ # targeted VM instances must meet all the criteria specified. So if both
+ # labels and zones are specified, the policy applies to VM instances with those
+ # labels and in those zones.
+ "groupLabels": [ # Targets instances matching at least one of these label sets. This allows
+ # an assignment to target disparate groups, for example "env=prod or
+ # env=staging".
+ { # Represents a group of VM intances that can be identified as having all
+ # these labels, for example "env=prod and app=web".
+ "labels": { # Google Compute Engine instance labels that must be present for an
+ # instance to be included in this assignment group.
+ "a_key": "A String",
+ },
+ },
+ ],
+ "osTypes": [ # Targets VM instances matching at least one of the following OS types.
+ #
+ # VM instances must match all supplied criteria for a given OsType to be
+ # included.
+ { # Defines the criteria for selecting VM Instances by OS type.
+ "osShortName": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # OS short name, for example "debian" or "windows".
+ "osArchitecture": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # OS architecture.
+ "osVersion": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # following OS version.
+ },
+ ],
+ "instances": [ # Targets any of the instances specified. Instances are specified by their
+ # URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`.
+ #
+ # Instance targeting is uncommon and is supported to facilitate the
+ # management of changes by the instance or to target specific VM instances
+ # for development and testing.
+ #
+ # Only supported for project-level policies and must reference instances
+ # within this project.
+ "A String",
+ ],
+ "instanceNamePrefixes": [ # Targets VM instances whose name starts with one of these prefixes.
+ #
+ # Like labels, this is another way to group VM instances when targeting
+ # configs, for example prefix="prod-".
+ #
+ # Only supported for project-level policies.
+ "A String",
+ ],
+ "zones": [ # Targets instances in any of these zones. Leave empty to target instances
+ # in any zone.
+ #
+ # Zonal targeting is uncommon and is supported to facilitate the management
+ # of changes by zone.
+ "A String",
+ ],
+ },
+ "description": "A String", # Description of the guest policy. Length of the description is limited
+ # to 1024 characters.
+ "packageRepositories": [ # A list of package repositories to configure on the VM instance. This is
+ # done before any other configs are applied so they can use these repos.
+ # Package repositories are only configured if the corresponding package
+ # manager(s) are available.
+ { # A package repository.
+ "zypper": { # Represents a single Zypper package repository. This repository is added to a # A Zypper Repository.
+ # repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`.
+ "id": "A String", # Required. A one word, unique name for this repository. This is
+ # the `repo id` in the zypper config file and also the `display_name` if
+ # `display_name` is omitted. This id is also used as the unique identifier
+ # when checking for guest policy conflicts.
+ "baseUrl": "A String", # Required. The location of the repository directory.
+ "gpgKeys": [ # URIs of GPG keys.
+ "A String",
+ ],
+ "displayName": "A String", # The display name of the repository.
+ },
+ "apt": { # Represents a single Apt package repository. This repository is added to # An Apt Repository.
+ # a repo file that is stored at
+ # `/etc/apt/sources.list.d/google_osconfig.list`.
+ "archiveType": "A String", # Type of archive files in this repository. The default behavior is DEB.
+ "uri": "A String", # Required. URI for this repository.
+ "gpgKey": "A String", # URI of the key file for this repository. The agent maintains
+ # a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing
+ # all the keys in any applied guest policy.
+ "distribution": "A String", # Required. Distribution of this repository.
+ "components": [ # Required. List of components for this repository. Must contain at least one item.
+ "A String",
+ ],
+ },
+ "yum": { # Represents a single Yum package repository. This repository is added to a # A Yum Repository.
+ # repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`.
+ "displayName": "A String", # The display name of the repository.
+ "id": "A String", # Required. A one word, unique name for this repository. This is
+ # the `repo id` in the Yum config file and also the `display_name` if
+ # `display_name` is omitted. This id is also used as the unique identifier
+ # when checking for guest policy conflicts.
+ "baseUrl": "A String", # Required. The location of the repository directory.
+ "gpgKeys": [ # URIs of GPG keys.
+ "A String",
+ ],
+ },
+ "goo": { # Represents a Goo package repository. These is added to a repo file # A Goo Repository.
+ # that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo.
+ "name": "A String", # Required. The name of the repository.
+ "url": "A String", # Required. The url of the repository.
+ },
+ },
+ ],
+ "etag": "A String", # The etag for this guest policy.
+ # If this is provided on update, it must match the server's etag.
+ "createTime": "A String", # Output only. Time this guest policy was created.
+ "packages": [ # The software packages to be managed by this policy.
+ { # Package is a reference to the software package to be installed or removed.
+ # The agent on the VM instance uses the system package manager to apply the
+ # config.
+ #
+ #
+ # These are the commands that the agent uses to install or remove
+ # packages.
+ #
+ # Apt
+ # install: `apt-get update && apt-get -y install package1 package2 package3`
+ # remove: `apt-get -y remove package1 package2 package3`
+ #
+ # Yum
+ # install: `yum -y install package1 package2 package3`
+ # remove: `yum -y remove package1 package2 package3`
+ #
+ # Zypper
+ # install: `zypper install package1 package2 package3`
+ # remove: `zypper rm package1 package2`
+ #
+ # Googet
+ # install: `googet -noconfirm install package1 package2 package3`
+ # remove: `googet -noconfirm remove package1 package2 package3`
+ "name": "A String", # Required. The name of the package. A package is uniquely identified for conflict
+ # validation by checking the package name and the manager(s) that the
+ # package targets.
+ "manager": "A String", # Type of package manager that can be used to install this package.
+ # If a system does not have the package manager, the package is not
+ # installed or removed no error message is returned. By default,
+ # or if you specify `ANY`,
+ # the agent attempts to install and remove this package using the default
+ # package manager. This is useful when creating a policy that applies to
+ # different types of systems.
+ #
+ # The default behavior is ANY.
+ "desiredState": "A String", # The desired_state the agent should maintain for this package. The
+ # default is to ensure the package is installed.
+ },
+ ],
+ "updateTime": "A String", # Output only. Last time this guest policy was updated.
+ "name": "A String", # Required. Unique name of the resource in this project using one of the following
+ # forms:
+ # `projects/{project_number}/guestPolicies/{guest_policy_id}`.
+ }</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="delete">delete(name, x__xgafv=None)</code>
+ <pre>Delete an OS Config guest policy.
+
+Args:
+ name: string, Required. The resource name of the guest policy using one of the following forms:
+`projects/{project_number}/guestPolicies/{guest_policy_id}`. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # A generic empty message that you can re-use to avoid defining duplicated
+ # empty messages in your APIs. A typical example is to use it as the request
+ # or the response type of an API method. For instance:
+ #
+ # service Foo {
+ # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
+ # }
+ #
+ # The JSON representation for `Empty` is empty JSON object `{}`.
+ }</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="get">get(name, x__xgafv=None)</code>
+ <pre>Get an OS Config guest policy.
+
+Args:
+ name: string, Required. The resource name of the guest policy using one of the following forms:
+`projects/{project_number}/guestPolicies/{guest_policy_id}`. (required)
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # An OS Config resource representing a guest configuration policy. These
+ # policies represent the desired state for VM instance guest environments
+ # including packages to install or remove, package repository configurations,
+ # and software to install.
+ "recipes": [ # A list of Recipes to install on the VM instance.
+ { # A software recipe is a set of instructions for installing and configuring a
+ # piece of software. It consists of a set of artifacts that are
+ # downloaded, and a set of steps that install, configure, and/or update the
+ # software.
+ #
+ # Recipes support installing and updating software from artifacts in the
+ # following formats:
+ # Zip archive, Tar archive, Windows MSI, Debian package, and RPM package.
+ #
+ # Additionally, recipes support executing a script (either defined in a file or
+ # directly in this api) in bash, sh, cmd, and powershell.
+ #
+ # Updating a software recipe
+ #
+ # If a recipe is assigned to an instance and there is a recipe with the same
+ # name but a lower version already installed and the assigned state
+ # of the recipe is `UPDATED`, then the recipe is updated to
+ # the new version.
+ #
+ # Script Working Directories
+ #
+ # Each script or execution step is run in its own temporary directory which
+ # is deleted after completing the step.
+ "name": "A String", # Required. Unique identifier for the recipe. Only one recipe with a given name is
+ # installed on an instance.
+ #
+ # Names are also used to identify resources which helps to determine whether
+ # guest policies have conflicts. This means that requests to create multiple
+ # recipes with the same name and version are rejected since they
+ # could potentially have conflicting assignments.
+ "updateSteps": [ # Actions to be taken for updating this recipe. On failure it stops
+ # executing steps and does not attempt another update for this recipe. Any
+ # steps taken (including partially completed steps) are not rolled back.
+ { # An action that can be taken as part of installing or updating a recipe.
+ "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
+ # false and the file already exists the file is not overwritten
+ # and the step is considered a success. Defaults to false.
+ "destination": "A String", # Required. The absolute path on the instance to put the file.
+ "permissions": "A String", # Consists of three octal digits which represent, in
+ # order, the permissions of the owner, group, and other users for the
+ # file (similarly to the numeric mode used in the linux chmod utility).
+ # Each digit represents a three bit number with the 4 bit
+ # corresponding to the read permissions, the 2 bit corresponds to the
+ # write bit, and the one bit corresponds to the execute permission.
+ # Default behavior is 755.
+ #
+ # Below are some examples of permissions and their associated values:
+ # read, write, and execute: 7
+ # read and execute: 5
+ # read and write: 6
+ # read only: 4
+ },
+ "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
+ "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
+ # can return to indicate a success.
+ 42,
+ ],
+ "artifactId": "A String", # The id of the relevant artifact in the recipe.
+ "args": [ # Arguments to be passed to the provided executable.
+ "A String",
+ ],
+ "localPath": "A String", # The absolute path of the file on the local filesystem.
+ },
+ "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
+ "type": "A String", # Required. The type of the archive to extract.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "destination": "A String", # Directory to extract archive to.
+ # Defaults to `/` on Linux or `C:\` on Windows.
+ },
+ "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
+ "flags": [ # The flags to use when installing the MSI
+ # defaults to ["/i"] (i.e. the install flag).
+ "A String",
+ ],
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
+ # specified the script is executed directly, which likely
+ # only succeed for scripts with
+ # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
+ "script": "A String", # Required. The shell script to be executed.
+ },
+ "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ },
+ ],
+ "desiredState": "A String", # Default is INSTALLED. The desired state the agent should maintain for this
+ # recipe.
+ #
+ # INSTALLED: The software recipe is installed on the instance but
+ # won't be updated to new versions.
+ # UPDATED: The software recipe is installed on the instance. The recipe is
+ # updated to a higher version, if a higher version of the recipe is
+ # assigned to this instance.
+ # REMOVE: Remove is unsupported for software recipes and attempts to
+ # create or update a recipe to the REMOVE state is rejected.
+ "version": "A String", # The version of this software recipe. Version can be up to 4 period
+ # separated numbers (e.g. 12.34.56.78).
+ "artifacts": [ # Resources available to be used in the steps in the recipe.
+ { # Specifies a resource to be used in the recipe.
+ "remote": { # Specifies an artifact available via some URI. # A generic remote artifact.
+ "checksum": "A String", # Must be provided if `allow_insecure` is `false`.
+ # SHA256 checksum in hex format, to compare to the checksum of the
+ # artifact. If the checksum is not empty and it doesn't match the
+ # artifact then the recipe installation fails before running any of the
+ # steps.
+ "uri": "A String", # URI from which to fetch the object. It should contain both the protocol
+ # and path following the format {protocol}://{location}.
+ },
+ "gcs": { # Specifies an artifact available as a Google Cloud Storage object. # A Google Cloud Storage artifact.
+ "generation": "A String", # Must be provided if allow_insecure is false.
+ # Generation number of the Google Cloud Storage object.
+ # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
+ # this value would be `1234567`.
+ "bucket": "A String", # Bucket of the Google Cloud Storage object.
+ # Given an example URL:
+ # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
+ # this value would be `my-bucket`.
+ "object": "A String", # Name of the Google Cloud Storage object.
+ # As specified [here]
+ # (https://cloud.google.com/storage/docs/naming#objectnames)
+ # Given an example URL:
+ # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
+ # this value would be `foo/bar`.
+ },
+ "id": "A String", # Required. Id of the artifact, which the installation and update steps of this
+ # recipe can reference. Artifacts in a recipe cannot have the same id.
+ "allowInsecure": True or False, # Defaults to false. When false, recipes are subject to validations
+ # based on the artifact type:
+ #
+ # Remote: A checksum must be specified, and only protocols with
+ # transport-layer security are permitted.
+ # GCS: An object generation number must be specified.
+ },
+ ],
+ "installSteps": [ # Actions to be taken for installing this recipe. On failure it stops
+ # executing steps and does not attempt another installation. Any steps taken
+ # (including partially completed steps) are not rolled back.
+ { # An action that can be taken as part of installing or updating a recipe.
+ "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
+ # false and the file already exists the file is not overwritten
+ # and the step is considered a success. Defaults to false.
+ "destination": "A String", # Required. The absolute path on the instance to put the file.
+ "permissions": "A String", # Consists of three octal digits which represent, in
+ # order, the permissions of the owner, group, and other users for the
+ # file (similarly to the numeric mode used in the linux chmod utility).
+ # Each digit represents a three bit number with the 4 bit
+ # corresponding to the read permissions, the 2 bit corresponds to the
+ # write bit, and the one bit corresponds to the execute permission.
+ # Default behavior is 755.
+ #
+ # Below are some examples of permissions and their associated values:
+ # read, write, and execute: 7
+ # read and execute: 5
+ # read and write: 6
+ # read only: 4
+ },
+ "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
+ "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
+ # can return to indicate a success.
+ 42,
+ ],
+ "artifactId": "A String", # The id of the relevant artifact in the recipe.
+ "args": [ # Arguments to be passed to the provided executable.
+ "A String",
+ ],
+ "localPath": "A String", # The absolute path of the file on the local filesystem.
+ },
+ "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
+ "type": "A String", # Required. The type of the archive to extract.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "destination": "A String", # Directory to extract archive to.
+ # Defaults to `/` on Linux or `C:\` on Windows.
+ },
+ "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
+ "flags": [ # The flags to use when installing the MSI
+ # defaults to ["/i"] (i.e. the install flag).
+ "A String",
+ ],
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
+ # specified the script is executed directly, which likely
+ # only succeed for scripts with
+ # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
+ "script": "A String", # Required. The shell script to be executed.
+ },
+ "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ },
+ ],
+ },
+ ],
+ "assignment": { # An assignment represents the group or groups of VM instances that the policy # Required. Specifies the VM instances that are assigned to this policy. This allows
+ # you to target sets or groups of VM instances by different parameters such
+ # as labels, names, OS, or zones.
+ #
+ # If left empty, all VM instances underneath this policy are targeted.
+ #
+ # At the same level in the resource hierarchy (that is within a project), the
+ # service prevents the creation of multiple policies that conflict with
+ # each other. For more information, see how the service [handles assignment
+ # conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts).
+ # applies to.
+ #
+ # If an assignment is empty, it applies to all VM instances. Otherwise, the
+ # targeted VM instances must meet all the criteria specified. So if both
+ # labels and zones are specified, the policy applies to VM instances with those
+ # labels and in those zones.
+ "groupLabels": [ # Targets instances matching at least one of these label sets. This allows
+ # an assignment to target disparate groups, for example "env=prod or
+ # env=staging".
+ { # Represents a group of VM intances that can be identified as having all
+ # these labels, for example "env=prod and app=web".
+ "labels": { # Google Compute Engine instance labels that must be present for an
+ # instance to be included in this assignment group.
+ "a_key": "A String",
+ },
+ },
+ ],
+ "osTypes": [ # Targets VM instances matching at least one of the following OS types.
+ #
+ # VM instances must match all supplied criteria for a given OsType to be
+ # included.
+ { # Defines the criteria for selecting VM Instances by OS type.
+ "osShortName": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # OS short name, for example "debian" or "windows".
+ "osArchitecture": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # OS architecture.
+ "osVersion": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # following OS version.
+ },
+ ],
+ "instances": [ # Targets any of the instances specified. Instances are specified by their
+ # URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`.
+ #
+ # Instance targeting is uncommon and is supported to facilitate the
+ # management of changes by the instance or to target specific VM instances
+ # for development and testing.
+ #
+ # Only supported for project-level policies and must reference instances
+ # within this project.
+ "A String",
+ ],
+ "instanceNamePrefixes": [ # Targets VM instances whose name starts with one of these prefixes.
+ #
+ # Like labels, this is another way to group VM instances when targeting
+ # configs, for example prefix="prod-".
+ #
+ # Only supported for project-level policies.
+ "A String",
+ ],
+ "zones": [ # Targets instances in any of these zones. Leave empty to target instances
+ # in any zone.
+ #
+ # Zonal targeting is uncommon and is supported to facilitate the management
+ # of changes by zone.
+ "A String",
+ ],
+ },
+ "description": "A String", # Description of the guest policy. Length of the description is limited
+ # to 1024 characters.
+ "packageRepositories": [ # A list of package repositories to configure on the VM instance. This is
+ # done before any other configs are applied so they can use these repos.
+ # Package repositories are only configured if the corresponding package
+ # manager(s) are available.
+ { # A package repository.
+ "zypper": { # Represents a single Zypper package repository. This repository is added to a # A Zypper Repository.
+ # repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`.
+ "id": "A String", # Required. A one word, unique name for this repository. This is
+ # the `repo id` in the zypper config file and also the `display_name` if
+ # `display_name` is omitted. This id is also used as the unique identifier
+ # when checking for guest policy conflicts.
+ "baseUrl": "A String", # Required. The location of the repository directory.
+ "gpgKeys": [ # URIs of GPG keys.
+ "A String",
+ ],
+ "displayName": "A String", # The display name of the repository.
+ },
+ "apt": { # Represents a single Apt package repository. This repository is added to # An Apt Repository.
+ # a repo file that is stored at
+ # `/etc/apt/sources.list.d/google_osconfig.list`.
+ "archiveType": "A String", # Type of archive files in this repository. The default behavior is DEB.
+ "uri": "A String", # Required. URI for this repository.
+ "gpgKey": "A String", # URI of the key file for this repository. The agent maintains
+ # a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing
+ # all the keys in any applied guest policy.
+ "distribution": "A String", # Required. Distribution of this repository.
+ "components": [ # Required. List of components for this repository. Must contain at least one item.
+ "A String",
+ ],
+ },
+ "yum": { # Represents a single Yum package repository. This repository is added to a # A Yum Repository.
+ # repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`.
+ "displayName": "A String", # The display name of the repository.
+ "id": "A String", # Required. A one word, unique name for this repository. This is
+ # the `repo id` in the Yum config file and also the `display_name` if
+ # `display_name` is omitted. This id is also used as the unique identifier
+ # when checking for guest policy conflicts.
+ "baseUrl": "A String", # Required. The location of the repository directory.
+ "gpgKeys": [ # URIs of GPG keys.
+ "A String",
+ ],
+ },
+ "goo": { # Represents a Goo package repository. These is added to a repo file # A Goo Repository.
+ # that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo.
+ "name": "A String", # Required. The name of the repository.
+ "url": "A String", # Required. The url of the repository.
+ },
+ },
+ ],
+ "etag": "A String", # The etag for this guest policy.
+ # If this is provided on update, it must match the server's etag.
+ "createTime": "A String", # Output only. Time this guest policy was created.
+ "packages": [ # The software packages to be managed by this policy.
+ { # Package is a reference to the software package to be installed or removed.
+ # The agent on the VM instance uses the system package manager to apply the
+ # config.
+ #
+ #
+ # These are the commands that the agent uses to install or remove
+ # packages.
+ #
+ # Apt
+ # install: `apt-get update && apt-get -y install package1 package2 package3`
+ # remove: `apt-get -y remove package1 package2 package3`
+ #
+ # Yum
+ # install: `yum -y install package1 package2 package3`
+ # remove: `yum -y remove package1 package2 package3`
+ #
+ # Zypper
+ # install: `zypper install package1 package2 package3`
+ # remove: `zypper rm package1 package2`
+ #
+ # Googet
+ # install: `googet -noconfirm install package1 package2 package3`
+ # remove: `googet -noconfirm remove package1 package2 package3`
+ "name": "A String", # Required. The name of the package. A package is uniquely identified for conflict
+ # validation by checking the package name and the manager(s) that the
+ # package targets.
+ "manager": "A String", # Type of package manager that can be used to install this package.
+ # If a system does not have the package manager, the package is not
+ # installed or removed no error message is returned. By default,
+ # or if you specify `ANY`,
+ # the agent attempts to install and remove this package using the default
+ # package manager. This is useful when creating a policy that applies to
+ # different types of systems.
+ #
+ # The default behavior is ANY.
+ "desiredState": "A String", # The desired_state the agent should maintain for this package. The
+ # default is to ensure the package is installed.
+ },
+ ],
+ "updateTime": "A String", # Output only. Last time this guest policy was updated.
+ "name": "A String", # Required. Unique name of the resource in this project using one of the following
+ # forms:
+ # `projects/{project_number}/guestPolicies/{guest_policy_id}`.
+ }</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list">list(parent, pageToken=None, pageSize=None, x__xgafv=None)</code>
+ <pre>Get a page of OS Config guest policies.
+
+Args:
+ parent: string, Required. The resource name of the parent using one of the following forms:
+`projects/{project_number}`. (required)
+ pageToken: string, A pagination token returned from a previous call to `ListGuestPolicies`
+that indicates where this listing should continue from.
+ pageSize: integer, The maximum number of guest policies to return.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # A response message for listing guest policies.
+ "nextPageToken": "A String", # A pagination token that can be used to get the next page
+ # of guest policies.
+ "guestPolicies": [ # The list of GuestPolicies.
+ { # An OS Config resource representing a guest configuration policy. These
+ # policies represent the desired state for VM instance guest environments
+ # including packages to install or remove, package repository configurations,
+ # and software to install.
+ "recipes": [ # A list of Recipes to install on the VM instance.
+ { # A software recipe is a set of instructions for installing and configuring a
+ # piece of software. It consists of a set of artifacts that are
+ # downloaded, and a set of steps that install, configure, and/or update the
+ # software.
+ #
+ # Recipes support installing and updating software from artifacts in the
+ # following formats:
+ # Zip archive, Tar archive, Windows MSI, Debian package, and RPM package.
+ #
+ # Additionally, recipes support executing a script (either defined in a file or
+ # directly in this api) in bash, sh, cmd, and powershell.
+ #
+ # Updating a software recipe
+ #
+ # If a recipe is assigned to an instance and there is a recipe with the same
+ # name but a lower version already installed and the assigned state
+ # of the recipe is `UPDATED`, then the recipe is updated to
+ # the new version.
+ #
+ # Script Working Directories
+ #
+ # Each script or execution step is run in its own temporary directory which
+ # is deleted after completing the step.
+ "name": "A String", # Required. Unique identifier for the recipe. Only one recipe with a given name is
+ # installed on an instance.
+ #
+ # Names are also used to identify resources which helps to determine whether
+ # guest policies have conflicts. This means that requests to create multiple
+ # recipes with the same name and version are rejected since they
+ # could potentially have conflicting assignments.
+ "updateSteps": [ # Actions to be taken for updating this recipe. On failure it stops
+ # executing steps and does not attempt another update for this recipe. Any
+ # steps taken (including partially completed steps) are not rolled back.
+ { # An action that can be taken as part of installing or updating a recipe.
+ "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
+ # false and the file already exists the file is not overwritten
+ # and the step is considered a success. Defaults to false.
+ "destination": "A String", # Required. The absolute path on the instance to put the file.
+ "permissions": "A String", # Consists of three octal digits which represent, in
+ # order, the permissions of the owner, group, and other users for the
+ # file (similarly to the numeric mode used in the linux chmod utility).
+ # Each digit represents a three bit number with the 4 bit
+ # corresponding to the read permissions, the 2 bit corresponds to the
+ # write bit, and the one bit corresponds to the execute permission.
+ # Default behavior is 755.
+ #
+ # Below are some examples of permissions and their associated values:
+ # read, write, and execute: 7
+ # read and execute: 5
+ # read and write: 6
+ # read only: 4
+ },
+ "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
+ "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
+ # can return to indicate a success.
+ 42,
+ ],
+ "artifactId": "A String", # The id of the relevant artifact in the recipe.
+ "args": [ # Arguments to be passed to the provided executable.
+ "A String",
+ ],
+ "localPath": "A String", # The absolute path of the file on the local filesystem.
+ },
+ "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
+ "type": "A String", # Required. The type of the archive to extract.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "destination": "A String", # Directory to extract archive to.
+ # Defaults to `/` on Linux or `C:\` on Windows.
+ },
+ "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
+ "flags": [ # The flags to use when installing the MSI
+ # defaults to ["/i"] (i.e. the install flag).
+ "A String",
+ ],
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
+ # specified the script is executed directly, which likely
+ # only succeed for scripts with
+ # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
+ "script": "A String", # Required. The shell script to be executed.
+ },
+ "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ },
+ ],
+ "desiredState": "A String", # Default is INSTALLED. The desired state the agent should maintain for this
+ # recipe.
+ #
+ # INSTALLED: The software recipe is installed on the instance but
+ # won't be updated to new versions.
+ # UPDATED: The software recipe is installed on the instance. The recipe is
+ # updated to a higher version, if a higher version of the recipe is
+ # assigned to this instance.
+ # REMOVE: Remove is unsupported for software recipes and attempts to
+ # create or update a recipe to the REMOVE state is rejected.
+ "version": "A String", # The version of this software recipe. Version can be up to 4 period
+ # separated numbers (e.g. 12.34.56.78).
+ "artifacts": [ # Resources available to be used in the steps in the recipe.
+ { # Specifies a resource to be used in the recipe.
+ "remote": { # Specifies an artifact available via some URI. # A generic remote artifact.
+ "checksum": "A String", # Must be provided if `allow_insecure` is `false`.
+ # SHA256 checksum in hex format, to compare to the checksum of the
+ # artifact. If the checksum is not empty and it doesn't match the
+ # artifact then the recipe installation fails before running any of the
+ # steps.
+ "uri": "A String", # URI from which to fetch the object. It should contain both the protocol
+ # and path following the format {protocol}://{location}.
+ },
+ "gcs": { # Specifies an artifact available as a Google Cloud Storage object. # A Google Cloud Storage artifact.
+ "generation": "A String", # Must be provided if allow_insecure is false.
+ # Generation number of the Google Cloud Storage object.
+ # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
+ # this value would be `1234567`.
+ "bucket": "A String", # Bucket of the Google Cloud Storage object.
+ # Given an example URL:
+ # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
+ # this value would be `my-bucket`.
+ "object": "A String", # Name of the Google Cloud Storage object.
+ # As specified [here]
+ # (https://cloud.google.com/storage/docs/naming#objectnames)
+ # Given an example URL:
+ # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
+ # this value would be `foo/bar`.
+ },
+ "id": "A String", # Required. Id of the artifact, which the installation and update steps of this
+ # recipe can reference. Artifacts in a recipe cannot have the same id.
+ "allowInsecure": True or False, # Defaults to false. When false, recipes are subject to validations
+ # based on the artifact type:
+ #
+ # Remote: A checksum must be specified, and only protocols with
+ # transport-layer security are permitted.
+ # GCS: An object generation number must be specified.
+ },
+ ],
+ "installSteps": [ # Actions to be taken for installing this recipe. On failure it stops
+ # executing steps and does not attempt another installation. Any steps taken
+ # (including partially completed steps) are not rolled back.
+ { # An action that can be taken as part of installing or updating a recipe.
+ "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
+ # false and the file already exists the file is not overwritten
+ # and the step is considered a success. Defaults to false.
+ "destination": "A String", # Required. The absolute path on the instance to put the file.
+ "permissions": "A String", # Consists of three octal digits which represent, in
+ # order, the permissions of the owner, group, and other users for the
+ # file (similarly to the numeric mode used in the linux chmod utility).
+ # Each digit represents a three bit number with the 4 bit
+ # corresponding to the read permissions, the 2 bit corresponds to the
+ # write bit, and the one bit corresponds to the execute permission.
+ # Default behavior is 755.
+ #
+ # Below are some examples of permissions and their associated values:
+ # read, write, and execute: 7
+ # read and execute: 5
+ # read and write: 6
+ # read only: 4
+ },
+ "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
+ "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
+ # can return to indicate a success.
+ 42,
+ ],
+ "artifactId": "A String", # The id of the relevant artifact in the recipe.
+ "args": [ # Arguments to be passed to the provided executable.
+ "A String",
+ ],
+ "localPath": "A String", # The absolute path of the file on the local filesystem.
+ },
+ "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
+ "type": "A String", # Required. The type of the archive to extract.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "destination": "A String", # Directory to extract archive to.
+ # Defaults to `/` on Linux or `C:\` on Windows.
+ },
+ "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
+ "flags": [ # The flags to use when installing the MSI
+ # defaults to ["/i"] (i.e. the install flag).
+ "A String",
+ ],
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
+ # specified the script is executed directly, which likely
+ # only succeed for scripts with
+ # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
+ "script": "A String", # Required. The shell script to be executed.
+ },
+ "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ },
+ ],
+ },
+ ],
+ "assignment": { # An assignment represents the group or groups of VM instances that the policy # Required. Specifies the VM instances that are assigned to this policy. This allows
+ # you to target sets or groups of VM instances by different parameters such
+ # as labels, names, OS, or zones.
+ #
+ # If left empty, all VM instances underneath this policy are targeted.
+ #
+ # At the same level in the resource hierarchy (that is within a project), the
+ # service prevents the creation of multiple policies that conflict with
+ # each other. For more information, see how the service [handles assignment
+ # conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts).
+ # applies to.
+ #
+ # If an assignment is empty, it applies to all VM instances. Otherwise, the
+ # targeted VM instances must meet all the criteria specified. So if both
+ # labels and zones are specified, the policy applies to VM instances with those
+ # labels and in those zones.
+ "groupLabels": [ # Targets instances matching at least one of these label sets. This allows
+ # an assignment to target disparate groups, for example "env=prod or
+ # env=staging".
+ { # Represents a group of VM intances that can be identified as having all
+ # these labels, for example "env=prod and app=web".
+ "labels": { # Google Compute Engine instance labels that must be present for an
+ # instance to be included in this assignment group.
+ "a_key": "A String",
+ },
+ },
+ ],
+ "osTypes": [ # Targets VM instances matching at least one of the following OS types.
+ #
+ # VM instances must match all supplied criteria for a given OsType to be
+ # included.
+ { # Defines the criteria for selecting VM Instances by OS type.
+ "osShortName": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # OS short name, for example "debian" or "windows".
+ "osArchitecture": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # OS architecture.
+ "osVersion": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # following OS version.
+ },
+ ],
+ "instances": [ # Targets any of the instances specified. Instances are specified by their
+ # URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`.
+ #
+ # Instance targeting is uncommon and is supported to facilitate the
+ # management of changes by the instance or to target specific VM instances
+ # for development and testing.
+ #
+ # Only supported for project-level policies and must reference instances
+ # within this project.
+ "A String",
+ ],
+ "instanceNamePrefixes": [ # Targets VM instances whose name starts with one of these prefixes.
+ #
+ # Like labels, this is another way to group VM instances when targeting
+ # configs, for example prefix="prod-".
+ #
+ # Only supported for project-level policies.
+ "A String",
+ ],
+ "zones": [ # Targets instances in any of these zones. Leave empty to target instances
+ # in any zone.
+ #
+ # Zonal targeting is uncommon and is supported to facilitate the management
+ # of changes by zone.
+ "A String",
+ ],
+ },
+ "description": "A String", # Description of the guest policy. Length of the description is limited
+ # to 1024 characters.
+ "packageRepositories": [ # A list of package repositories to configure on the VM instance. This is
+ # done before any other configs are applied so they can use these repos.
+ # Package repositories are only configured if the corresponding package
+ # manager(s) are available.
+ { # A package repository.
+ "zypper": { # Represents a single Zypper package repository. This repository is added to a # A Zypper Repository.
+ # repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`.
+ "id": "A String", # Required. A one word, unique name for this repository. This is
+ # the `repo id` in the zypper config file and also the `display_name` if
+ # `display_name` is omitted. This id is also used as the unique identifier
+ # when checking for guest policy conflicts.
+ "baseUrl": "A String", # Required. The location of the repository directory.
+ "gpgKeys": [ # URIs of GPG keys.
+ "A String",
+ ],
+ "displayName": "A String", # The display name of the repository.
+ },
+ "apt": { # Represents a single Apt package repository. This repository is added to # An Apt Repository.
+ # a repo file that is stored at
+ # `/etc/apt/sources.list.d/google_osconfig.list`.
+ "archiveType": "A String", # Type of archive files in this repository. The default behavior is DEB.
+ "uri": "A String", # Required. URI for this repository.
+ "gpgKey": "A String", # URI of the key file for this repository. The agent maintains
+ # a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing
+ # all the keys in any applied guest policy.
+ "distribution": "A String", # Required. Distribution of this repository.
+ "components": [ # Required. List of components for this repository. Must contain at least one item.
+ "A String",
+ ],
+ },
+ "yum": { # Represents a single Yum package repository. This repository is added to a # A Yum Repository.
+ # repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`.
+ "displayName": "A String", # The display name of the repository.
+ "id": "A String", # Required. A one word, unique name for this repository. This is
+ # the `repo id` in the Yum config file and also the `display_name` if
+ # `display_name` is omitted. This id is also used as the unique identifier
+ # when checking for guest policy conflicts.
+ "baseUrl": "A String", # Required. The location of the repository directory.
+ "gpgKeys": [ # URIs of GPG keys.
+ "A String",
+ ],
+ },
+ "goo": { # Represents a Goo package repository. These is added to a repo file # A Goo Repository.
+ # that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo.
+ "name": "A String", # Required. The name of the repository.
+ "url": "A String", # Required. The url of the repository.
+ },
+ },
+ ],
+ "etag": "A String", # The etag for this guest policy.
+ # If this is provided on update, it must match the server's etag.
+ "createTime": "A String", # Output only. Time this guest policy was created.
+ "packages": [ # The software packages to be managed by this policy.
+ { # Package is a reference to the software package to be installed or removed.
+ # The agent on the VM instance uses the system package manager to apply the
+ # config.
+ #
+ #
+ # These are the commands that the agent uses to install or remove
+ # packages.
+ #
+ # Apt
+ # install: `apt-get update && apt-get -y install package1 package2 package3`
+ # remove: `apt-get -y remove package1 package2 package3`
+ #
+ # Yum
+ # install: `yum -y install package1 package2 package3`
+ # remove: `yum -y remove package1 package2 package3`
+ #
+ # Zypper
+ # install: `zypper install package1 package2 package3`
+ # remove: `zypper rm package1 package2`
+ #
+ # Googet
+ # install: `googet -noconfirm install package1 package2 package3`
+ # remove: `googet -noconfirm remove package1 package2 package3`
+ "name": "A String", # Required. The name of the package. A package is uniquely identified for conflict
+ # validation by checking the package name and the manager(s) that the
+ # package targets.
+ "manager": "A String", # Type of package manager that can be used to install this package.
+ # If a system does not have the package manager, the package is not
+ # installed or removed no error message is returned. By default,
+ # or if you specify `ANY`,
+ # the agent attempts to install and remove this package using the default
+ # package manager. This is useful when creating a policy that applies to
+ # different types of systems.
+ #
+ # The default behavior is ANY.
+ "desiredState": "A String", # The desired_state the agent should maintain for this package. The
+ # default is to ensure the package is installed.
+ },
+ ],
+ "updateTime": "A String", # Output only. Last time this guest policy was updated.
+ "name": "A String", # Required. Unique name of the resource in this project using one of the following
+ # forms:
+ # `projects/{project_number}/guestPolicies/{guest_policy_id}`.
+ },
+ ],
+ }</pre>
+</div>
+
+<div class="method">
+ <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
+ <pre>Retrieves the next page of results.
+
+Args:
+ previous_request: The request for the previous page. (required)
+ previous_response: The response from the request for the previous page. (required)
+
+Returns:
+ A request object that you can call 'execute()' on to request the next
+ page. Returns None if there are no more items in the collection.
+ </pre>
+</div>
+
+<div class="method">
+ <code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code>
+ <pre>Update an OS Config guest policy.
+
+Args:
+ name: string, Required. Unique name of the resource in this project using one of the following
+forms:
+`projects/{project_number}/guestPolicies/{guest_policy_id}`. (required)
+ body: object, The request body.
+ The object takes the form of:
+
+{ # An OS Config resource representing a guest configuration policy. These
+ # policies represent the desired state for VM instance guest environments
+ # including packages to install or remove, package repository configurations,
+ # and software to install.
+ "recipes": [ # A list of Recipes to install on the VM instance.
+ { # A software recipe is a set of instructions for installing and configuring a
+ # piece of software. It consists of a set of artifacts that are
+ # downloaded, and a set of steps that install, configure, and/or update the
+ # software.
+ #
+ # Recipes support installing and updating software from artifacts in the
+ # following formats:
+ # Zip archive, Tar archive, Windows MSI, Debian package, and RPM package.
+ #
+ # Additionally, recipes support executing a script (either defined in a file or
+ # directly in this api) in bash, sh, cmd, and powershell.
+ #
+ # Updating a software recipe
+ #
+ # If a recipe is assigned to an instance and there is a recipe with the same
+ # name but a lower version already installed and the assigned state
+ # of the recipe is `UPDATED`, then the recipe is updated to
+ # the new version.
+ #
+ # Script Working Directories
+ #
+ # Each script or execution step is run in its own temporary directory which
+ # is deleted after completing the step.
+ "name": "A String", # Required. Unique identifier for the recipe. Only one recipe with a given name is
+ # installed on an instance.
+ #
+ # Names are also used to identify resources which helps to determine whether
+ # guest policies have conflicts. This means that requests to create multiple
+ # recipes with the same name and version are rejected since they
+ # could potentially have conflicting assignments.
+ "updateSteps": [ # Actions to be taken for updating this recipe. On failure it stops
+ # executing steps and does not attempt another update for this recipe. Any
+ # steps taken (including partially completed steps) are not rolled back.
+ { # An action that can be taken as part of installing or updating a recipe.
+ "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
+ # false and the file already exists the file is not overwritten
+ # and the step is considered a success. Defaults to false.
+ "destination": "A String", # Required. The absolute path on the instance to put the file.
+ "permissions": "A String", # Consists of three octal digits which represent, in
+ # order, the permissions of the owner, group, and other users for the
+ # file (similarly to the numeric mode used in the linux chmod utility).
+ # Each digit represents a three bit number with the 4 bit
+ # corresponding to the read permissions, the 2 bit corresponds to the
+ # write bit, and the one bit corresponds to the execute permission.
+ # Default behavior is 755.
+ #
+ # Below are some examples of permissions and their associated values:
+ # read, write, and execute: 7
+ # read and execute: 5
+ # read and write: 6
+ # read only: 4
+ },
+ "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
+ "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
+ # can return to indicate a success.
+ 42,
+ ],
+ "artifactId": "A String", # The id of the relevant artifact in the recipe.
+ "args": [ # Arguments to be passed to the provided executable.
+ "A String",
+ ],
+ "localPath": "A String", # The absolute path of the file on the local filesystem.
+ },
+ "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
+ "type": "A String", # Required. The type of the archive to extract.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "destination": "A String", # Directory to extract archive to.
+ # Defaults to `/` on Linux or `C:\` on Windows.
+ },
+ "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
+ "flags": [ # The flags to use when installing the MSI
+ # defaults to ["/i"] (i.e. the install flag).
+ "A String",
+ ],
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
+ # specified the script is executed directly, which likely
+ # only succeed for scripts with
+ # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
+ "script": "A String", # Required. The shell script to be executed.
+ },
+ "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ },
+ ],
+ "desiredState": "A String", # Default is INSTALLED. The desired state the agent should maintain for this
+ # recipe.
+ #
+ # INSTALLED: The software recipe is installed on the instance but
+ # won't be updated to new versions.
+ # UPDATED: The software recipe is installed on the instance. The recipe is
+ # updated to a higher version, if a higher version of the recipe is
+ # assigned to this instance.
+ # REMOVE: Remove is unsupported for software recipes and attempts to
+ # create or update a recipe to the REMOVE state is rejected.
+ "version": "A String", # The version of this software recipe. Version can be up to 4 period
+ # separated numbers (e.g. 12.34.56.78).
+ "artifacts": [ # Resources available to be used in the steps in the recipe.
+ { # Specifies a resource to be used in the recipe.
+ "remote": { # Specifies an artifact available via some URI. # A generic remote artifact.
+ "checksum": "A String", # Must be provided if `allow_insecure` is `false`.
+ # SHA256 checksum in hex format, to compare to the checksum of the
+ # artifact. If the checksum is not empty and it doesn't match the
+ # artifact then the recipe installation fails before running any of the
+ # steps.
+ "uri": "A String", # URI from which to fetch the object. It should contain both the protocol
+ # and path following the format {protocol}://{location}.
+ },
+ "gcs": { # Specifies an artifact available as a Google Cloud Storage object. # A Google Cloud Storage artifact.
+ "generation": "A String", # Must be provided if allow_insecure is false.
+ # Generation number of the Google Cloud Storage object.
+ # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
+ # this value would be `1234567`.
+ "bucket": "A String", # Bucket of the Google Cloud Storage object.
+ # Given an example URL:
+ # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
+ # this value would be `my-bucket`.
+ "object": "A String", # Name of the Google Cloud Storage object.
+ # As specified [here]
+ # (https://cloud.google.com/storage/docs/naming#objectnames)
+ # Given an example URL:
+ # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
+ # this value would be `foo/bar`.
+ },
+ "id": "A String", # Required. Id of the artifact, which the installation and update steps of this
+ # recipe can reference. Artifacts in a recipe cannot have the same id.
+ "allowInsecure": True or False, # Defaults to false. When false, recipes are subject to validations
+ # based on the artifact type:
+ #
+ # Remote: A checksum must be specified, and only protocols with
+ # transport-layer security are permitted.
+ # GCS: An object generation number must be specified.
+ },
+ ],
+ "installSteps": [ # Actions to be taken for installing this recipe. On failure it stops
+ # executing steps and does not attempt another installation. Any steps taken
+ # (including partially completed steps) are not rolled back.
+ { # An action that can be taken as part of installing or updating a recipe.
+ "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
+ # false and the file already exists the file is not overwritten
+ # and the step is considered a success. Defaults to false.
+ "destination": "A String", # Required. The absolute path on the instance to put the file.
+ "permissions": "A String", # Consists of three octal digits which represent, in
+ # order, the permissions of the owner, group, and other users for the
+ # file (similarly to the numeric mode used in the linux chmod utility).
+ # Each digit represents a three bit number with the 4 bit
+ # corresponding to the read permissions, the 2 bit corresponds to the
+ # write bit, and the one bit corresponds to the execute permission.
+ # Default behavior is 755.
+ #
+ # Below are some examples of permissions and their associated values:
+ # read, write, and execute: 7
+ # read and execute: 5
+ # read and write: 6
+ # read only: 4
+ },
+ "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
+ "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
+ # can return to indicate a success.
+ 42,
+ ],
+ "artifactId": "A String", # The id of the relevant artifact in the recipe.
+ "args": [ # Arguments to be passed to the provided executable.
+ "A String",
+ ],
+ "localPath": "A String", # The absolute path of the file on the local filesystem.
+ },
+ "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
+ "type": "A String", # Required. The type of the archive to extract.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "destination": "A String", # Directory to extract archive to.
+ # Defaults to `/` on Linux or `C:\` on Windows.
+ },
+ "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
+ "flags": [ # The flags to use when installing the MSI
+ # defaults to ["/i"] (i.e. the install flag).
+ "A String",
+ ],
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
+ # specified the script is executed directly, which likely
+ # only succeed for scripts with
+ # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
+ "script": "A String", # Required. The shell script to be executed.
+ },
+ "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ },
+ ],
+ },
+ ],
+ "assignment": { # An assignment represents the group or groups of VM instances that the policy # Required. Specifies the VM instances that are assigned to this policy. This allows
+ # you to target sets or groups of VM instances by different parameters such
+ # as labels, names, OS, or zones.
+ #
+ # If left empty, all VM instances underneath this policy are targeted.
+ #
+ # At the same level in the resource hierarchy (that is within a project), the
+ # service prevents the creation of multiple policies that conflict with
+ # each other. For more information, see how the service [handles assignment
+ # conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts).
+ # applies to.
+ #
+ # If an assignment is empty, it applies to all VM instances. Otherwise, the
+ # targeted VM instances must meet all the criteria specified. So if both
+ # labels and zones are specified, the policy applies to VM instances with those
+ # labels and in those zones.
+ "groupLabels": [ # Targets instances matching at least one of these label sets. This allows
+ # an assignment to target disparate groups, for example "env=prod or
+ # env=staging".
+ { # Represents a group of VM intances that can be identified as having all
+ # these labels, for example "env=prod and app=web".
+ "labels": { # Google Compute Engine instance labels that must be present for an
+ # instance to be included in this assignment group.
+ "a_key": "A String",
+ },
+ },
+ ],
+ "osTypes": [ # Targets VM instances matching at least one of the following OS types.
+ #
+ # VM instances must match all supplied criteria for a given OsType to be
+ # included.
+ { # Defines the criteria for selecting VM Instances by OS type.
+ "osShortName": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # OS short name, for example "debian" or "windows".
+ "osArchitecture": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # OS architecture.
+ "osVersion": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # following OS version.
+ },
+ ],
+ "instances": [ # Targets any of the instances specified. Instances are specified by their
+ # URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`.
+ #
+ # Instance targeting is uncommon and is supported to facilitate the
+ # management of changes by the instance or to target specific VM instances
+ # for development and testing.
+ #
+ # Only supported for project-level policies and must reference instances
+ # within this project.
+ "A String",
+ ],
+ "instanceNamePrefixes": [ # Targets VM instances whose name starts with one of these prefixes.
+ #
+ # Like labels, this is another way to group VM instances when targeting
+ # configs, for example prefix="prod-".
+ #
+ # Only supported for project-level policies.
+ "A String",
+ ],
+ "zones": [ # Targets instances in any of these zones. Leave empty to target instances
+ # in any zone.
+ #
+ # Zonal targeting is uncommon and is supported to facilitate the management
+ # of changes by zone.
+ "A String",
+ ],
+ },
+ "description": "A String", # Description of the guest policy. Length of the description is limited
+ # to 1024 characters.
+ "packageRepositories": [ # A list of package repositories to configure on the VM instance. This is
+ # done before any other configs are applied so they can use these repos.
+ # Package repositories are only configured if the corresponding package
+ # manager(s) are available.
+ { # A package repository.
+ "zypper": { # Represents a single Zypper package repository. This repository is added to a # A Zypper Repository.
+ # repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`.
+ "id": "A String", # Required. A one word, unique name for this repository. This is
+ # the `repo id` in the zypper config file and also the `display_name` if
+ # `display_name` is omitted. This id is also used as the unique identifier
+ # when checking for guest policy conflicts.
+ "baseUrl": "A String", # Required. The location of the repository directory.
+ "gpgKeys": [ # URIs of GPG keys.
+ "A String",
+ ],
+ "displayName": "A String", # The display name of the repository.
+ },
+ "apt": { # Represents a single Apt package repository. This repository is added to # An Apt Repository.
+ # a repo file that is stored at
+ # `/etc/apt/sources.list.d/google_osconfig.list`.
+ "archiveType": "A String", # Type of archive files in this repository. The default behavior is DEB.
+ "uri": "A String", # Required. URI for this repository.
+ "gpgKey": "A String", # URI of the key file for this repository. The agent maintains
+ # a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing
+ # all the keys in any applied guest policy.
+ "distribution": "A String", # Required. Distribution of this repository.
+ "components": [ # Required. List of components for this repository. Must contain at least one item.
+ "A String",
+ ],
+ },
+ "yum": { # Represents a single Yum package repository. This repository is added to a # A Yum Repository.
+ # repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`.
+ "displayName": "A String", # The display name of the repository.
+ "id": "A String", # Required. A one word, unique name for this repository. This is
+ # the `repo id` in the Yum config file and also the `display_name` if
+ # `display_name` is omitted. This id is also used as the unique identifier
+ # when checking for guest policy conflicts.
+ "baseUrl": "A String", # Required. The location of the repository directory.
+ "gpgKeys": [ # URIs of GPG keys.
+ "A String",
+ ],
+ },
+ "goo": { # Represents a Goo package repository. These is added to a repo file # A Goo Repository.
+ # that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo.
+ "name": "A String", # Required. The name of the repository.
+ "url": "A String", # Required. The url of the repository.
+ },
+ },
+ ],
+ "etag": "A String", # The etag for this guest policy.
+ # If this is provided on update, it must match the server's etag.
+ "createTime": "A String", # Output only. Time this guest policy was created.
+ "packages": [ # The software packages to be managed by this policy.
+ { # Package is a reference to the software package to be installed or removed.
+ # The agent on the VM instance uses the system package manager to apply the
+ # config.
+ #
+ #
+ # These are the commands that the agent uses to install or remove
+ # packages.
+ #
+ # Apt
+ # install: `apt-get update && apt-get -y install package1 package2 package3`
+ # remove: `apt-get -y remove package1 package2 package3`
+ #
+ # Yum
+ # install: `yum -y install package1 package2 package3`
+ # remove: `yum -y remove package1 package2 package3`
+ #
+ # Zypper
+ # install: `zypper install package1 package2 package3`
+ # remove: `zypper rm package1 package2`
+ #
+ # Googet
+ # install: `googet -noconfirm install package1 package2 package3`
+ # remove: `googet -noconfirm remove package1 package2 package3`
+ "name": "A String", # Required. The name of the package. A package is uniquely identified for conflict
+ # validation by checking the package name and the manager(s) that the
+ # package targets.
+ "manager": "A String", # Type of package manager that can be used to install this package.
+ # If a system does not have the package manager, the package is not
+ # installed or removed no error message is returned. By default,
+ # or if you specify `ANY`,
+ # the agent attempts to install and remove this package using the default
+ # package manager. This is useful when creating a policy that applies to
+ # different types of systems.
+ #
+ # The default behavior is ANY.
+ "desiredState": "A String", # The desired_state the agent should maintain for this package. The
+ # default is to ensure the package is installed.
+ },
+ ],
+ "updateTime": "A String", # Output only. Last time this guest policy was updated.
+ "name": "A String", # Required. Unique name of the resource in this project using one of the following
+ # forms:
+ # `projects/{project_number}/guestPolicies/{guest_policy_id}`.
+}
+
+ updateMask: string, Field mask that controls which fields of the guest policy should be
+updated.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # An OS Config resource representing a guest configuration policy. These
+ # policies represent the desired state for VM instance guest environments
+ # including packages to install or remove, package repository configurations,
+ # and software to install.
+ "recipes": [ # A list of Recipes to install on the VM instance.
+ { # A software recipe is a set of instructions for installing and configuring a
+ # piece of software. It consists of a set of artifacts that are
+ # downloaded, and a set of steps that install, configure, and/or update the
+ # software.
+ #
+ # Recipes support installing and updating software from artifacts in the
+ # following formats:
+ # Zip archive, Tar archive, Windows MSI, Debian package, and RPM package.
+ #
+ # Additionally, recipes support executing a script (either defined in a file or
+ # directly in this api) in bash, sh, cmd, and powershell.
+ #
+ # Updating a software recipe
+ #
+ # If a recipe is assigned to an instance and there is a recipe with the same
+ # name but a lower version already installed and the assigned state
+ # of the recipe is `UPDATED`, then the recipe is updated to
+ # the new version.
+ #
+ # Script Working Directories
+ #
+ # Each script or execution step is run in its own temporary directory which
+ # is deleted after completing the step.
+ "name": "A String", # Required. Unique identifier for the recipe. Only one recipe with a given name is
+ # installed on an instance.
+ #
+ # Names are also used to identify resources which helps to determine whether
+ # guest policies have conflicts. This means that requests to create multiple
+ # recipes with the same name and version are rejected since they
+ # could potentially have conflicting assignments.
+ "updateSteps": [ # Actions to be taken for updating this recipe. On failure it stops
+ # executing steps and does not attempt another update for this recipe. Any
+ # steps taken (including partially completed steps) are not rolled back.
+ { # An action that can be taken as part of installing or updating a recipe.
+ "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
+ # false and the file already exists the file is not overwritten
+ # and the step is considered a success. Defaults to false.
+ "destination": "A String", # Required. The absolute path on the instance to put the file.
+ "permissions": "A String", # Consists of three octal digits which represent, in
+ # order, the permissions of the owner, group, and other users for the
+ # file (similarly to the numeric mode used in the linux chmod utility).
+ # Each digit represents a three bit number with the 4 bit
+ # corresponding to the read permissions, the 2 bit corresponds to the
+ # write bit, and the one bit corresponds to the execute permission.
+ # Default behavior is 755.
+ #
+ # Below are some examples of permissions and their associated values:
+ # read, write, and execute: 7
+ # read and execute: 5
+ # read and write: 6
+ # read only: 4
+ },
+ "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
+ "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
+ # can return to indicate a success.
+ 42,
+ ],
+ "artifactId": "A String", # The id of the relevant artifact in the recipe.
+ "args": [ # Arguments to be passed to the provided executable.
+ "A String",
+ ],
+ "localPath": "A String", # The absolute path of the file on the local filesystem.
+ },
+ "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
+ "type": "A String", # Required. The type of the archive to extract.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "destination": "A String", # Directory to extract archive to.
+ # Defaults to `/` on Linux or `C:\` on Windows.
+ },
+ "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
+ "flags": [ # The flags to use when installing the MSI
+ # defaults to ["/i"] (i.e. the install flag).
+ "A String",
+ ],
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
+ # specified the script is executed directly, which likely
+ # only succeed for scripts with
+ # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
+ "script": "A String", # Required. The shell script to be executed.
+ },
+ "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ },
+ ],
+ "desiredState": "A String", # Default is INSTALLED. The desired state the agent should maintain for this
+ # recipe.
+ #
+ # INSTALLED: The software recipe is installed on the instance but
+ # won't be updated to new versions.
+ # UPDATED: The software recipe is installed on the instance. The recipe is
+ # updated to a higher version, if a higher version of the recipe is
+ # assigned to this instance.
+ # REMOVE: Remove is unsupported for software recipes and attempts to
+ # create or update a recipe to the REMOVE state is rejected.
+ "version": "A String", # The version of this software recipe. Version can be up to 4 period
+ # separated numbers (e.g. 12.34.56.78).
+ "artifacts": [ # Resources available to be used in the steps in the recipe.
+ { # Specifies a resource to be used in the recipe.
+ "remote": { # Specifies an artifact available via some URI. # A generic remote artifact.
+ "checksum": "A String", # Must be provided if `allow_insecure` is `false`.
+ # SHA256 checksum in hex format, to compare to the checksum of the
+ # artifact. If the checksum is not empty and it doesn't match the
+ # artifact then the recipe installation fails before running any of the
+ # steps.
+ "uri": "A String", # URI from which to fetch the object. It should contain both the protocol
+ # and path following the format {protocol}://{location}.
+ },
+ "gcs": { # Specifies an artifact available as a Google Cloud Storage object. # A Google Cloud Storage artifact.
+ "generation": "A String", # Must be provided if allow_insecure is false.
+ # Generation number of the Google Cloud Storage object.
+ # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
+ # this value would be `1234567`.
+ "bucket": "A String", # Bucket of the Google Cloud Storage object.
+ # Given an example URL:
+ # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
+ # this value would be `my-bucket`.
+ "object": "A String", # Name of the Google Cloud Storage object.
+ # As specified [here]
+ # (https://cloud.google.com/storage/docs/naming#objectnames)
+ # Given an example URL:
+ # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
+ # this value would be `foo/bar`.
+ },
+ "id": "A String", # Required. Id of the artifact, which the installation and update steps of this
+ # recipe can reference. Artifacts in a recipe cannot have the same id.
+ "allowInsecure": True or False, # Defaults to false. When false, recipes are subject to validations
+ # based on the artifact type:
+ #
+ # Remote: A checksum must be specified, and only protocols with
+ # transport-layer security are permitted.
+ # GCS: An object generation number must be specified.
+ },
+ ],
+ "installSteps": [ # Actions to be taken for installing this recipe. On failure it stops
+ # executing steps and does not attempt another installation. Any steps taken
+ # (including partially completed steps) are not rolled back.
+ { # An action that can be taken as part of installing or updating a recipe.
+ "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
+ # false and the file already exists the file is not overwritten
+ # and the step is considered a success. Defaults to false.
+ "destination": "A String", # Required. The absolute path on the instance to put the file.
+ "permissions": "A String", # Consists of three octal digits which represent, in
+ # order, the permissions of the owner, group, and other users for the
+ # file (similarly to the numeric mode used in the linux chmod utility).
+ # Each digit represents a three bit number with the 4 bit
+ # corresponding to the read permissions, the 2 bit corresponds to the
+ # write bit, and the one bit corresponds to the execute permission.
+ # Default behavior is 755.
+ #
+ # Below are some examples of permissions and their associated values:
+ # read, write, and execute: 7
+ # read and execute: 5
+ # read and write: 6
+ # read only: 4
+ },
+ "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
+ "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
+ # can return to indicate a success.
+ 42,
+ ],
+ "artifactId": "A String", # The id of the relevant artifact in the recipe.
+ "args": [ # Arguments to be passed to the provided executable.
+ "A String",
+ ],
+ "localPath": "A String", # The absolute path of the file on the local filesystem.
+ },
+ "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
+ "type": "A String", # Required. The type of the archive to extract.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "destination": "A String", # Directory to extract archive to.
+ # Defaults to `/` on Linux or `C:\` on Windows.
+ },
+ "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
+ "flags": [ # The flags to use when installing the MSI
+ # defaults to ["/i"] (i.e. the install flag).
+ "A String",
+ ],
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
+ # specified the script is executed directly, which likely
+ # only succeed for scripts with
+ # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
+ "script": "A String", # Required. The shell script to be executed.
+ },
+ "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ },
+ ],
+ },
+ ],
+ "assignment": { # An assignment represents the group or groups of VM instances that the policy # Required. Specifies the VM instances that are assigned to this policy. This allows
+ # you to target sets or groups of VM instances by different parameters such
+ # as labels, names, OS, or zones.
+ #
+ # If left empty, all VM instances underneath this policy are targeted.
+ #
+ # At the same level in the resource hierarchy (that is within a project), the
+ # service prevents the creation of multiple policies that conflict with
+ # each other. For more information, see how the service [handles assignment
+ # conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts).
+ # applies to.
+ #
+ # If an assignment is empty, it applies to all VM instances. Otherwise, the
+ # targeted VM instances must meet all the criteria specified. So if both
+ # labels and zones are specified, the policy applies to VM instances with those
+ # labels and in those zones.
+ "groupLabels": [ # Targets instances matching at least one of these label sets. This allows
+ # an assignment to target disparate groups, for example "env=prod or
+ # env=staging".
+ { # Represents a group of VM intances that can be identified as having all
+ # these labels, for example "env=prod and app=web".
+ "labels": { # Google Compute Engine instance labels that must be present for an
+ # instance to be included in this assignment group.
+ "a_key": "A String",
+ },
+ },
+ ],
+ "osTypes": [ # Targets VM instances matching at least one of the following OS types.
+ #
+ # VM instances must match all supplied criteria for a given OsType to be
+ # included.
+ { # Defines the criteria for selecting VM Instances by OS type.
+ "osShortName": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # OS short name, for example "debian" or "windows".
+ "osArchitecture": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # OS architecture.
+ "osVersion": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # following OS version.
+ },
+ ],
+ "instances": [ # Targets any of the instances specified. Instances are specified by their
+ # URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`.
+ #
+ # Instance targeting is uncommon and is supported to facilitate the
+ # management of changes by the instance or to target specific VM instances
+ # for development and testing.
+ #
+ # Only supported for project-level policies and must reference instances
+ # within this project.
+ "A String",
+ ],
+ "instanceNamePrefixes": [ # Targets VM instances whose name starts with one of these prefixes.
+ #
+ # Like labels, this is another way to group VM instances when targeting
+ # configs, for example prefix="prod-".
+ #
+ # Only supported for project-level policies.
+ "A String",
+ ],
+ "zones": [ # Targets instances in any of these zones. Leave empty to target instances
+ # in any zone.
+ #
+ # Zonal targeting is uncommon and is supported to facilitate the management
+ # of changes by zone.
+ "A String",
+ ],
+ },
+ "description": "A String", # Description of the guest policy. Length of the description is limited
+ # to 1024 characters.
+ "packageRepositories": [ # A list of package repositories to configure on the VM instance. This is
+ # done before any other configs are applied so they can use these repos.
+ # Package repositories are only configured if the corresponding package
+ # manager(s) are available.
+ { # A package repository.
+ "zypper": { # Represents a single Zypper package repository. This repository is added to a # A Zypper Repository.
+ # repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`.
+ "id": "A String", # Required. A one word, unique name for this repository. This is
+ # the `repo id` in the zypper config file and also the `display_name` if
+ # `display_name` is omitted. This id is also used as the unique identifier
+ # when checking for guest policy conflicts.
+ "baseUrl": "A String", # Required. The location of the repository directory.
+ "gpgKeys": [ # URIs of GPG keys.
+ "A String",
+ ],
+ "displayName": "A String", # The display name of the repository.
+ },
+ "apt": { # Represents a single Apt package repository. This repository is added to # An Apt Repository.
+ # a repo file that is stored at
+ # `/etc/apt/sources.list.d/google_osconfig.list`.
+ "archiveType": "A String", # Type of archive files in this repository. The default behavior is DEB.
+ "uri": "A String", # Required. URI for this repository.
+ "gpgKey": "A String", # URI of the key file for this repository. The agent maintains
+ # a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing
+ # all the keys in any applied guest policy.
+ "distribution": "A String", # Required. Distribution of this repository.
+ "components": [ # Required. List of components for this repository. Must contain at least one item.
+ "A String",
+ ],
+ },
+ "yum": { # Represents a single Yum package repository. This repository is added to a # A Yum Repository.
+ # repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`.
+ "displayName": "A String", # The display name of the repository.
+ "id": "A String", # Required. A one word, unique name for this repository. This is
+ # the `repo id` in the Yum config file and also the `display_name` if
+ # `display_name` is omitted. This id is also used as the unique identifier
+ # when checking for guest policy conflicts.
+ "baseUrl": "A String", # Required. The location of the repository directory.
+ "gpgKeys": [ # URIs of GPG keys.
+ "A String",
+ ],
+ },
+ "goo": { # Represents a Goo package repository. These is added to a repo file # A Goo Repository.
+ # that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo.
+ "name": "A String", # Required. The name of the repository.
+ "url": "A String", # Required. The url of the repository.
+ },
+ },
+ ],
+ "etag": "A String", # The etag for this guest policy.
+ # If this is provided on update, it must match the server's etag.
+ "createTime": "A String", # Output only. Time this guest policy was created.
+ "packages": [ # The software packages to be managed by this policy.
+ { # Package is a reference to the software package to be installed or removed.
+ # The agent on the VM instance uses the system package manager to apply the
+ # config.
+ #
+ #
+ # These are the commands that the agent uses to install or remove
+ # packages.
+ #
+ # Apt
+ # install: `apt-get update && apt-get -y install package1 package2 package3`
+ # remove: `apt-get -y remove package1 package2 package3`
+ #
+ # Yum
+ # install: `yum -y install package1 package2 package3`
+ # remove: `yum -y remove package1 package2 package3`
+ #
+ # Zypper
+ # install: `zypper install package1 package2 package3`
+ # remove: `zypper rm package1 package2`
+ #
+ # Googet
+ # install: `googet -noconfirm install package1 package2 package3`
+ # remove: `googet -noconfirm remove package1 package2 package3`
+ "name": "A String", # Required. The name of the package. A package is uniquely identified for conflict
+ # validation by checking the package name and the manager(s) that the
+ # package targets.
+ "manager": "A String", # Type of package manager that can be used to install this package.
+ # If a system does not have the package manager, the package is not
+ # installed or removed no error message is returned. By default,
+ # or if you specify `ANY`,
+ # the agent attempts to install and remove this package using the default
+ # package manager. This is useful when creating a policy that applies to
+ # different types of systems.
+ #
+ # The default behavior is ANY.
+ "desiredState": "A String", # The desired_state the agent should maintain for this package. The
+ # default is to ensure the package is installed.
+ },
+ ],
+ "updateTime": "A String", # Output only. Last time this guest policy was updated.
+ "name": "A String", # Required. Unique name of the resource in this project using one of the following
+ # forms:
+ # `projects/{project_number}/guestPolicies/{guest_policy_id}`.
+ }</pre>
+</div>
+
+</body></html>
\ No newline at end of file