docs: update generated docs (#981)
diff --git a/docs/dyn/osconfig_v1beta.projects.guestPolicies.html b/docs/dyn/osconfig_v1beta.projects.guestPolicies.html
index 81633fd..c252f18 100644
--- a/docs/dyn/osconfig_v1beta.projects.guestPolicies.html
+++ b/docs/dyn/osconfig_v1beta.projects.guestPolicies.html
@@ -84,7 +84,7 @@
<code><a href="#get">get(name, x__xgafv=None)</a></code></p>
<p class="firstline">Get an OS Config guest policy.</p>
<p class="toc_element">
- <code><a href="#list">list(parent, pageToken=None, pageSize=None, x__xgafv=None)</a></code></p>
+ <code><a href="#list">list(parent, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
<p class="firstline">Get a page of OS Config guest policies.</p>
<p class="toc_element">
<code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
@@ -104,421 +104,58 @@
The object takes the form of:
{ # An OS Config resource representing a guest configuration policy. These
- # policies represent the desired state for VM instance guest environments
- # including packages to install or remove, package repository configurations,
- # and software to install.
- "createTime": "A String", # Output only. Time this guest policy was created.
- "packages": [ # The software packages to be managed by this policy.
- { # Package is a reference to the software package to be installed or removed.
- # The agent on the VM instance uses the system package manager to apply the
- # config.
- #
- #
- # These are the commands that the agent uses to install or remove
- # packages.
- #
- # Apt
- # install: `apt-get update && apt-get -y install package1 package2 package3`
- # remove: `apt-get -y remove package1 package2 package3`
- #
- # Yum
- # install: `yum -y install package1 package2 package3`
- # remove: `yum -y remove package1 package2 package3`
- #
- # Zypper
- # install: `zypper install package1 package2 package3`
- # remove: `zypper rm package1 package2`
- #
- # Googet
- # install: `googet -noconfirm install package1 package2 package3`
- # remove: `googet -noconfirm remove package1 package2 package3`
- "desiredState": "A String", # The desired_state the agent should maintain for this package. The
- # default is to ensure the package is installed.
- "name": "A String", # Required. The name of the package. A package is uniquely identified for conflict
- # validation by checking the package name and the manager(s) that the
- # package targets.
- "manager": "A String", # Type of package manager that can be used to install this package.
- # If a system does not have the package manager, the package is not
- # installed or removed no error message is returned. By default,
- # or if you specify `ANY`,
- # the agent attempts to install and remove this package using the default
- # package manager. This is useful when creating a policy that applies to
- # different types of systems.
- #
- # The default behavior is ANY.
- },
- ],
- "updateTime": "A String", # Output only. Last time this guest policy was updated.
- "name": "A String", # Required. Unique name of the resource in this project using one of the following
- # forms:
- # `projects/{project_number}/guestPolicies/{guest_policy_id}`.
- "recipes": [ # A list of Recipes to install on the VM instance.
- { # A software recipe is a set of instructions for installing and configuring a
- # piece of software. It consists of a set of artifacts that are
- # downloaded, and a set of steps that install, configure, and/or update the
- # software.
- #
- # Recipes support installing and updating software from artifacts in the
- # following formats:
- # Zip archive, Tar archive, Windows MSI, Debian package, and RPM package.
- #
- # Additionally, recipes support executing a script (either defined in a file or
- # directly in this api) in bash, sh, cmd, and powershell.
- #
- # Updating a software recipe
- #
- # If a recipe is assigned to an instance and there is a recipe with the same
- # name but a lower version already installed and the assigned state
- # of the recipe is `UPDATED`, then the recipe is updated to
- # the new version.
- #
- # Script Working Directories
- #
- # Each script or execution step is run in its own temporary directory which
- # is deleted after completing the step.
- "artifacts": [ # Resources available to be used in the steps in the recipe.
- { # Specifies a resource to be used in the recipe.
- "remote": { # Specifies an artifact available via some URI. # A generic remote artifact.
- "checksum": "A String", # Must be provided if `allow_insecure` is `false`.
- # SHA256 checksum in hex format, to compare to the checksum of the
- # artifact. If the checksum is not empty and it doesn't match the
- # artifact then the recipe installation fails before running any of the
- # steps.
- "uri": "A String", # URI from which to fetch the object. It should contain both the protocol
- # and path following the format {protocol}://{location}.
- },
- "gcs": { # Specifies an artifact available as a Google Cloud Storage object. # A Google Cloud Storage artifact.
- "object": "A String", # Name of the Google Cloud Storage object.
- # As specified [here]
- # (https://cloud.google.com/storage/docs/naming#objectnames)
- # Given an example URL:
- # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
- # this value would be `foo/bar`.
- "generation": "A String", # Must be provided if allow_insecure is false.
- # Generation number of the Google Cloud Storage object.
- # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
- # this value would be `1234567`.
- "bucket": "A String", # Bucket of the Google Cloud Storage object.
- # Given an example URL:
- # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
- # this value would be `my-bucket`.
- },
- "id": "A String", # Required. Id of the artifact, which the installation and update steps of this
- # recipe can reference. Artifacts in a recipe cannot have the same id.
- "allowInsecure": True or False, # Defaults to false. When false, recipes are subject to validations
- # based on the artifact type:
- #
- # Remote: A checksum must be specified, and only protocols with
- # transport-layer security are permitted.
- # GCS: An object generation number must be specified.
- },
- ],
- "installSteps": [ # Actions to be taken for installing this recipe. On failure it stops
- # executing steps and does not attempt another installation. Any steps taken
- # (including partially completed steps) are not rolled back.
- { # An action that can be taken as part of installing or updating a recipe.
- "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "destination": "A String", # Directory to extract archive to.
- # Defaults to `/` on Linux or `C:\` on Windows.
- "type": "A String", # Required. The type of the archive to extract.
- },
- "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
- "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
- # successfully. Behaviour defaults to [0]
- 42,
- ],
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "flags": [ # The flags to use when installing the MSI
- # defaults to ["/i"] (i.e. the install flag).
- "A String",
- ],
- },
- "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
- "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
- # successfully. Behaviour defaults to [0]
- 42,
- ],
- "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
- # specified the script is executed directly, which likely
- # only succeed for scripts with
- # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
- "script": "A String", # Required. The shell script to be executed.
- },
- "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- },
- "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- },
- "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
- # false and the file already exists the file is not overwritten
- # and the step is considered a success. Defaults to false.
- "destination": "A String", # Required. The absolute path on the instance to put the file.
- "permissions": "A String", # Consists of three octal digits which represent, in
- # order, the permissions of the owner, group, and other users for the
- # file (similarly to the numeric mode used in the linux chmod utility).
- # Each digit represents a three bit number with the 4 bit
- # corresponding to the read permissions, the 2 bit corresponds to the
- # write bit, and the one bit corresponds to the execute permission.
- # Default behavior is 755.
- #
- # Below are some examples of permissions and their associated values:
- # read, write, and execute: 7
- # read and execute: 5
- # read and write: 6
- # read only: 4
- },
- "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
- "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
- # can return to indicate a success.
- 42,
- ],
- "artifactId": "A String", # The id of the relevant artifact in the recipe.
- "args": [ # Arguments to be passed to the provided executable.
- "A String",
- ],
- "localPath": "A String", # The absolute path of the file on the local filesystem.
- },
- },
- ],
- "name": "A String", # Required. Unique identifier for the recipe. Only one recipe with a given name is
- # installed on an instance.
- #
- # Names are also used to identify resources which helps to determine whether
- # guest policies have conflicts. This means that requests to create multiple
- # recipes with the same name and version are rejected since they
- # could potentially have conflicting assignments.
- "updateSteps": [ # Actions to be taken for updating this recipe. On failure it stops
- # executing steps and does not attempt another update for this recipe. Any
- # steps taken (including partially completed steps) are not rolled back.
- { # An action that can be taken as part of installing or updating a recipe.
- "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "destination": "A String", # Directory to extract archive to.
- # Defaults to `/` on Linux or `C:\` on Windows.
- "type": "A String", # Required. The type of the archive to extract.
- },
- "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
- "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
- # successfully. Behaviour defaults to [0]
- 42,
- ],
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "flags": [ # The flags to use when installing the MSI
- # defaults to ["/i"] (i.e. the install flag).
- "A String",
- ],
- },
- "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
- "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
- # successfully. Behaviour defaults to [0]
- 42,
- ],
- "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
- # specified the script is executed directly, which likely
- # only succeed for scripts with
- # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
- "script": "A String", # Required. The shell script to be executed.
- },
- "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- },
- "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- },
- "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
- # false and the file already exists the file is not overwritten
- # and the step is considered a success. Defaults to false.
- "destination": "A String", # Required. The absolute path on the instance to put the file.
- "permissions": "A String", # Consists of three octal digits which represent, in
- # order, the permissions of the owner, group, and other users for the
- # file (similarly to the numeric mode used in the linux chmod utility).
- # Each digit represents a three bit number with the 4 bit
- # corresponding to the read permissions, the 2 bit corresponds to the
- # write bit, and the one bit corresponds to the execute permission.
- # Default behavior is 755.
- #
- # Below are some examples of permissions and their associated values:
- # read, write, and execute: 7
- # read and execute: 5
- # read and write: 6
- # read only: 4
- },
- "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
- "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
- # can return to indicate a success.
- 42,
- ],
- "artifactId": "A String", # The id of the relevant artifact in the recipe.
- "args": [ # Arguments to be passed to the provided executable.
- "A String",
- ],
- "localPath": "A String", # The absolute path of the file on the local filesystem.
- },
- },
- ],
- "version": "A String", # The version of this software recipe. Version can be up to 4 period
- # separated numbers (e.g. 12.34.56.78).
- "desiredState": "A String", # Default is INSTALLED. The desired state the agent should maintain for this
- # recipe.
- #
- # INSTALLED: The software recipe is installed on the instance but
- # won't be updated to new versions.
- # UPDATED: The software recipe is installed on the instance. The recipe is
- # updated to a higher version, if a higher version of the recipe is
- # assigned to this instance.
- # REMOVE: Remove is unsupported for software recipes and attempts to
- # create or update a recipe to the REMOVE state is rejected.
- },
- ],
- "assignment": { # An assignment represents the group or groups of VM instances that the policy # Required. Specifies the VM instances that are assigned to this policy. This allows
- # you to target sets or groups of VM instances by different parameters such
- # as labels, names, OS, or zones.
- #
- # If left empty, all VM instances underneath this policy are targeted.
- #
- # At the same level in the resource hierarchy (that is within a project), the
- # service prevents the creation of multiple policies that conflict with
- # each other. For more information, see how the service [handles assignment
- # conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts).
- # applies to.
- #
- # If an assignment is empty, it applies to all VM instances. Otherwise, the
- # targeted VM instances must meet all the criteria specified. So if both
- # labels and zones are specified, the policy applies to VM instances with those
- # labels and in those zones.
- "instances": [ # Targets any of the instances specified. Instances are specified by their
- # URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`.
- #
- # Instance targeting is uncommon and is supported to facilitate the
- # management of changes by the instance or to target specific VM instances
- # for development and testing.
- #
- # Only supported for project-level policies and must reference instances
- # within this project.
- "A String",
- ],
- "instanceNamePrefixes": [ # Targets VM instances whose name starts with one of these prefixes.
- #
- # Like labels, this is another way to group VM instances when targeting
- # configs, for example prefix="prod-".
- #
- # Only supported for project-level policies.
- "A String",
- ],
- "zones": [ # Targets instances in any of these zones. Leave empty to target instances
- # in any zone.
- #
- # Zonal targeting is uncommon and is supported to facilitate the management
- # of changes by zone.
- "A String",
- ],
- "groupLabels": [ # Targets instances matching at least one of these label sets. This allows
- # an assignment to target disparate groups, for example "env=prod or
- # env=staging".
- { # Represents a group of VM intances that can be identified as having all
- # these labels, for example "env=prod and app=web".
- "labels": { # Google Compute Engine instance labels that must be present for an
- # instance to be included in this assignment group.
- "a_key": "A String",
- },
- },
- ],
- "osTypes": [ # Targets VM instances matching at least one of the following OS types.
- #
- # VM instances must match all supplied criteria for a given OsType to be
- # included.
- { # Defines the criteria for selecting VM Instances by OS type.
- "osShortName": "A String", # Targets VM instances with OS Inventory enabled and having the following
- # OS short name, for example "debian" or "windows".
- "osArchitecture": "A String", # Targets VM instances with OS Inventory enabled and having the following
- # OS architecture.
- "osVersion": "A String", # Targets VM instances with OS Inventory enabled and having the following
- # following OS version.
- },
- ],
- },
- "description": "A String", # Description of the guest policy. Length of the description is limited
- # to 1024 characters.
- "packageRepositories": [ # A list of package repositories to configure on the VM instance. This is
- # done before any other configs are applied so they can use these repos.
- # Package repositories are only configured if the corresponding package
- # manager(s) are available.
- { # A package repository.
- "zypper": { # Represents a single Zypper package repository. This repository is added to a # A Zypper Repository.
- # repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`.
- "displayName": "A String", # The display name of the repository.
- "id": "A String", # Required. A one word, unique name for this repository. This is
- # the `repo id` in the zypper config file and also the `display_name` if
- # `display_name` is omitted. This id is also used as the unique identifier
- # when checking for guest policy conflicts.
- "baseUrl": "A String", # Required. The location of the repository directory.
- "gpgKeys": [ # URIs of GPG keys.
- "A String",
- ],
- },
- "apt": { # Represents a single Apt package repository. This repository is added to # An Apt Repository.
- # a repo file that is stored at
- # `/etc/apt/sources.list.d/google_osconfig.list`.
- "gpgKey": "A String", # URI of the key file for this repository. The agent maintains
- # a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing
- # all the keys in any applied guest policy.
- "distribution": "A String", # Required. Distribution of this repository.
- "components": [ # Required. List of components for this repository. Must contain at least one item.
- "A String",
- ],
- "archiveType": "A String", # Type of archive files in this repository. The default behavior is DEB.
- "uri": "A String", # Required. URI for this repository.
- },
- "yum": { # Represents a single Yum package repository. This repository is added to a # A Yum Repository.
- # repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`.
- "id": "A String", # Required. A one word, unique name for this repository. This is
- # the `repo id` in the Yum config file and also the `display_name` if
- # `display_name` is omitted. This id is also used as the unique identifier
- # when checking for guest policy conflicts.
- "baseUrl": "A String", # Required. The location of the repository directory.
- "gpgKeys": [ # URIs of GPG keys.
- "A String",
- ],
- "displayName": "A String", # The display name of the repository.
- },
- "goo": { # Represents a Goo package repository. These is added to a repo file # A Goo Repository.
- # that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo.
- "url": "A String", # Required. The url of the repository.
- "name": "A String", # Required. The name of the repository.
- },
- },
- ],
- "etag": "A String", # The etag for this guest policy.
- # If this is provided on update, it must match the server's etag.
-}
-
- guestPolicyId: string, Required. The logical name of the guest policy in the project
-with the following restrictions:
-
-* Must contain only lowercase letters, numbers, and hyphens.
-* Must start with a letter.
-* Must be between 1-63 characters.
-* Must end with a number or a letter.
-* Must be unique within the project.
- x__xgafv: string, V1 error format.
- Allowed values
- 1 - v1 error format
- 2 - v2 error format
-
-Returns:
- An object of the form:
-
- { # An OS Config resource representing a guest configuration policy. These
# policies represent the desired state for VM instance guest environments
# including packages to install or remove, package repository configurations,
# and software to install.
- "createTime": "A String", # Output only. Time this guest policy was created.
+ "packageRepositories": [ # A list of package repositories to configure on the VM instance. This is
+ # done before any other configs are applied so they can use these repos.
+ # Package repositories are only configured if the corresponding package
+ # manager(s) are available.
+ { # A package repository.
+ "goo": { # Represents a Goo package repository. These is added to a repo file # A Goo Repository.
+ # that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo.
+ "url": "A String", # Required. The url of the repository.
+ "name": "A String", # Required. The name of the repository.
+ },
+ "apt": { # Represents a single Apt package repository. This repository is added to # An Apt Repository.
+ # a repo file that is stored at
+ # `/etc/apt/sources.list.d/google_osconfig.list`.
+ "archiveType": "A String", # Type of archive files in this repository. The default behavior is DEB.
+ "gpgKey": "A String", # URI of the key file for this repository. The agent maintains
+ # a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing
+ # all the keys in any applied guest policy.
+ "uri": "A String", # Required. URI for this repository.
+ "components": [ # Required. List of components for this repository. Must contain at least one item.
+ "A String",
+ ],
+ "distribution": "A String", # Required. Distribution of this repository.
+ },
+ "zypper": { # Represents a single Zypper package repository. This repository is added to a # A Zypper Repository.
+ # repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`.
+ "gpgKeys": [ # URIs of GPG keys.
+ "A String",
+ ],
+ "id": "A String", # Required. A one word, unique name for this repository. This is
+ # the `repo id` in the zypper config file and also the `display_name` if
+ # `display_name` is omitted. This id is also used as the unique identifier
+ # when checking for guest policy conflicts.
+ "displayName": "A String", # The display name of the repository.
+ "baseUrl": "A String", # Required. The location of the repository directory.
+ },
+ "yum": { # Represents a single Yum package repository. This repository is added to a # A Yum Repository.
+ # repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`.
+ "id": "A String", # Required. A one word, unique name for this repository. This is
+ # the `repo id` in the Yum config file and also the `display_name` if
+ # `display_name` is omitted. This id is also used as the unique identifier
+ # when checking for guest policy conflicts.
+ "displayName": "A String", # The display name of the repository.
+ "baseUrl": "A String", # Required. The location of the repository directory.
+ "gpgKeys": [ # URIs of GPG keys.
+ "A String",
+ ],
+ },
+ },
+ ],
"packages": [ # The software packages to be managed by this policy.
{ # Package is a reference to the software package to be installed or removed.
# The agent on the VM instance uses the system package manager to apply the
@@ -559,6 +196,76 @@
# The default behavior is ANY.
},
],
+ "assignment": { # An assignment represents the group or groups of VM instances that the policy # Required. Specifies the VM instances that are assigned to this policy. This allows
+ # you to target sets or groups of VM instances by different parameters such
+ # as labels, names, OS, or zones.
+ #
+ # If left empty, all VM instances underneath this policy are targeted.
+ #
+ # At the same level in the resource hierarchy (that is within a project), the
+ # service prevents the creation of multiple policies that conflict with
+ # each other. For more information, see how the service [handles assignment
+ # conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts).
+ # applies to.
+ #
+ # If an assignment is empty, it applies to all VM instances. Otherwise, the
+ # targeted VM instances must meet all the criteria specified. So if both
+ # labels and zones are specified, the policy applies to VM instances with those
+ # labels and in those zones.
+ "instanceNamePrefixes": [ # Targets VM instances whose name starts with one of these prefixes.
+ #
+ # Like labels, this is another way to group VM instances when targeting
+ # configs, for example prefix="prod-".
+ #
+ # Only supported for project-level policies.
+ "A String",
+ ],
+ "groupLabels": [ # Targets instances matching at least one of these label sets. This allows
+ # an assignment to target disparate groups, for example "env=prod or
+ # env=staging".
+ { # Represents a group of VM intances that can be identified as having all
+ # these labels, for example "env=prod and app=web".
+ "labels": { # Google Compute Engine instance labels that must be present for an
+ # instance to be included in this assignment group.
+ "a_key": "A String",
+ },
+ },
+ ],
+ "osTypes": [ # Targets VM instances matching at least one of the following OS types.
+ #
+ # VM instances must match all supplied criteria for a given OsType to be
+ # included.
+ { # Defines the criteria for selecting VM Instances by OS type.
+ "osVersion": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # following OS version.
+ "osShortName": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # OS short name, for example "debian" or "windows".
+ "osArchitecture": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # OS architecture.
+ },
+ ],
+ "instances": [ # Targets any of the instances specified. Instances are specified by their
+ # URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`.
+ #
+ # Instance targeting is uncommon and is supported to facilitate the
+ # management of changes by the instance or to target specific VM instances
+ # for development and testing.
+ #
+ # Only supported for project-level policies and must reference instances
+ # within this project.
+ "A String",
+ ],
+ "zones": [ # Targets instances in any of these zones. Leave empty to target instances
+ # in any zone.
+ #
+ # Zonal targeting is uncommon and is supported to facilitate the management
+ # of changes by zone.
+ "A String",
+ ],
+ },
+ "createTime": "A String", # Output only. Time this guest policy was created.
+ "etag": "A String", # The etag for this guest policy.
+ # If this is provided on update, it must match the server's etag.
"updateTime": "A String", # Output only. Last time this guest policy was updated.
"name": "A String", # Required. Unique name of the resource in this project using one of the following
# forms:
@@ -587,8 +294,81 @@
#
# Each script or execution step is run in its own temporary directory which
# is deleted after completing the step.
+ "updateSteps": [ # Actions to be taken for updating this recipe. On failure it stops
+ # executing steps and does not attempt another update for this recipe. Any
+ # steps taken (including partially completed steps) are not rolled back.
+ { # An action that can be taken as part of installing or updating a recipe.
+ "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
+ "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
+ # can return to indicate a success.
+ 42,
+ ],
+ "localPath": "A String", # The absolute path of the file on the local filesystem.
+ "args": [ # Arguments to be passed to the provided executable.
+ "A String",
+ ],
+ "artifactId": "A String", # The id of the relevant artifact in the recipe.
+ },
+ "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
+ "type": "A String", # Required. The type of the archive to extract.
+ "destination": "A String", # Directory to extract archive to.
+ # Defaults to `/` on Linux or `C:\` on Windows.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
+ "flags": [ # The flags to use when installing the MSI
+ # defaults to ["/i"] (i.e. the install flag).
+ "A String",
+ ],
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ },
+ "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
+ "permissions": "A String", # Consists of three octal digits which represent, in
+ # order, the permissions of the owner, group, and other users for the
+ # file (similarly to the numeric mode used in the linux chmod utility).
+ # Each digit represents a three bit number with the 4 bit
+ # corresponding to the read permissions, the 2 bit corresponds to the
+ # write bit, and the one bit corresponds to the execute permission.
+ # Default behavior is 755.
+ #
+ # Below are some examples of permissions and their associated values:
+ # read, write, and execute: 7
+ # read and execute: 5
+ # read and write: 6
+ # read only: 4
+ "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
+ # false and the file already exists the file is not overwritten
+ # and the step is considered a success. Defaults to false.
+ "destination": "A String", # Required. The absolute path on the instance to put the file.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
+ "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
+ # specified the script is executed directly, which likely
+ # only succeed for scripts with
+ # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
+ "script": "A String", # Required. The shell script to be executed.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ },
+ "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ },
+ ],
"artifacts": [ # Resources available to be used in the steps in the recipe.
{ # Specifies a resource to be used in the recipe.
+ "id": "A String", # Required. Id of the artifact, which the installation and update steps of this
+ # recipe can reference. Artifacts in a recipe cannot have the same id.
"remote": { # Specifies an artifact available via some URI. # A generic remote artifact.
"checksum": "A String", # Must be provided if `allow_insecure` is `false`.
# SHA256 checksum in hex format, to compare to the checksum of the
@@ -598,6 +378,12 @@
"uri": "A String", # URI from which to fetch the object. It should contain both the protocol
# and path following the format {protocol}://{location}.
},
+ "allowInsecure": True or False, # Defaults to false. When false, recipes are subject to validations
+ # based on the artifact type:
+ #
+ # Remote: A checksum must be specified, and only protocols with
+ # transport-layer security are permitted.
+ # GCS: An object generation number must be specified.
"gcs": { # Specifies an artifact available as a Google Cloud Storage object. # A Google Cloud Storage artifact.
"object": "A String", # Name of the Google Cloud Storage object.
# As specified [here]
@@ -614,167 +400,8 @@
# `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
# this value would be `my-bucket`.
},
- "id": "A String", # Required. Id of the artifact, which the installation and update steps of this
- # recipe can reference. Artifacts in a recipe cannot have the same id.
- "allowInsecure": True or False, # Defaults to false. When false, recipes are subject to validations
- # based on the artifact type:
- #
- # Remote: A checksum must be specified, and only protocols with
- # transport-layer security are permitted.
- # GCS: An object generation number must be specified.
},
],
- "installSteps": [ # Actions to be taken for installing this recipe. On failure it stops
- # executing steps and does not attempt another installation. Any steps taken
- # (including partially completed steps) are not rolled back.
- { # An action that can be taken as part of installing or updating a recipe.
- "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "destination": "A String", # Directory to extract archive to.
- # Defaults to `/` on Linux or `C:\` on Windows.
- "type": "A String", # Required. The type of the archive to extract.
- },
- "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
- "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
- # successfully. Behaviour defaults to [0]
- 42,
- ],
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "flags": [ # The flags to use when installing the MSI
- # defaults to ["/i"] (i.e. the install flag).
- "A String",
- ],
- },
- "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
- "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
- # successfully. Behaviour defaults to [0]
- 42,
- ],
- "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
- # specified the script is executed directly, which likely
- # only succeed for scripts with
- # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
- "script": "A String", # Required. The shell script to be executed.
- },
- "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- },
- "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- },
- "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
- # false and the file already exists the file is not overwritten
- # and the step is considered a success. Defaults to false.
- "destination": "A String", # Required. The absolute path on the instance to put the file.
- "permissions": "A String", # Consists of three octal digits which represent, in
- # order, the permissions of the owner, group, and other users for the
- # file (similarly to the numeric mode used in the linux chmod utility).
- # Each digit represents a three bit number with the 4 bit
- # corresponding to the read permissions, the 2 bit corresponds to the
- # write bit, and the one bit corresponds to the execute permission.
- # Default behavior is 755.
- #
- # Below are some examples of permissions and their associated values:
- # read, write, and execute: 7
- # read and execute: 5
- # read and write: 6
- # read only: 4
- },
- "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
- "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
- # can return to indicate a success.
- 42,
- ],
- "artifactId": "A String", # The id of the relevant artifact in the recipe.
- "args": [ # Arguments to be passed to the provided executable.
- "A String",
- ],
- "localPath": "A String", # The absolute path of the file on the local filesystem.
- },
- },
- ],
- "name": "A String", # Required. Unique identifier for the recipe. Only one recipe with a given name is
- # installed on an instance.
- #
- # Names are also used to identify resources which helps to determine whether
- # guest policies have conflicts. This means that requests to create multiple
- # recipes with the same name and version are rejected since they
- # could potentially have conflicting assignments.
- "updateSteps": [ # Actions to be taken for updating this recipe. On failure it stops
- # executing steps and does not attempt another update for this recipe. Any
- # steps taken (including partially completed steps) are not rolled back.
- { # An action that can be taken as part of installing or updating a recipe.
- "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "destination": "A String", # Directory to extract archive to.
- # Defaults to `/` on Linux or `C:\` on Windows.
- "type": "A String", # Required. The type of the archive to extract.
- },
- "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
- "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
- # successfully. Behaviour defaults to [0]
- 42,
- ],
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "flags": [ # The flags to use when installing the MSI
- # defaults to ["/i"] (i.e. the install flag).
- "A String",
- ],
- },
- "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
- "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
- # successfully. Behaviour defaults to [0]
- 42,
- ],
- "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
- # specified the script is executed directly, which likely
- # only succeed for scripts with
- # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
- "script": "A String", # Required. The shell script to be executed.
- },
- "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- },
- "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- },
- "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
- # false and the file already exists the file is not overwritten
- # and the step is considered a success. Defaults to false.
- "destination": "A String", # Required. The absolute path on the instance to put the file.
- "permissions": "A String", # Consists of three octal digits which represent, in
- # order, the permissions of the owner, group, and other users for the
- # file (similarly to the numeric mode used in the linux chmod utility).
- # Each digit represents a three bit number with the 4 bit
- # corresponding to the read permissions, the 2 bit corresponds to the
- # write bit, and the one bit corresponds to the execute permission.
- # Default behavior is 755.
- #
- # Below are some examples of permissions and their associated values:
- # read, write, and execute: 7
- # read and execute: 5
- # read and write: 6
- # read only: 4
- },
- "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
- "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
- # can return to indicate a success.
- 42,
- ],
- "artifactId": "A String", # The id of the relevant artifact in the recipe.
- "args": [ # Arguments to be passed to the provided executable.
- "A String",
- ],
- "localPath": "A String", # The absolute path of the file on the local filesystem.
- },
- },
- ],
- "version": "A String", # The version of this software recipe. Version can be up to 4 period
- # separated numbers (e.g. 12.34.56.78).
"desiredState": "A String", # Default is INSTALLED. The desired state the agent should maintain for this
# recipe.
#
@@ -785,129 +412,502 @@
# assigned to this instance.
# REMOVE: Remove is unsupported for software recipes and attempts to
# create or update a recipe to the REMOVE state is rejected.
+ "name": "A String", # Required. Unique identifier for the recipe. Only one recipe with a given name is
+ # installed on an instance.
+ #
+ # Names are also used to identify resources which helps to determine whether
+ # guest policies have conflicts. This means that requests to create multiple
+ # recipes with the same name and version are rejected since they
+ # could potentially have conflicting assignments.
+ "version": "A String", # The version of this software recipe. Version can be up to 4 period
+ # separated numbers (e.g. 12.34.56.78).
+ "installSteps": [ # Actions to be taken for installing this recipe. On failure it stops
+ # executing steps and does not attempt another installation. Any steps taken
+ # (including partially completed steps) are not rolled back.
+ { # An action that can be taken as part of installing or updating a recipe.
+ "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
+ "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
+ # can return to indicate a success.
+ 42,
+ ],
+ "localPath": "A String", # The absolute path of the file on the local filesystem.
+ "args": [ # Arguments to be passed to the provided executable.
+ "A String",
+ ],
+ "artifactId": "A String", # The id of the relevant artifact in the recipe.
+ },
+ "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
+ "type": "A String", # Required. The type of the archive to extract.
+ "destination": "A String", # Directory to extract archive to.
+ # Defaults to `/` on Linux or `C:\` on Windows.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
+ "flags": [ # The flags to use when installing the MSI
+ # defaults to ["/i"] (i.e. the install flag).
+ "A String",
+ ],
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ },
+ "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
+ "permissions": "A String", # Consists of three octal digits which represent, in
+ # order, the permissions of the owner, group, and other users for the
+ # file (similarly to the numeric mode used in the linux chmod utility).
+ # Each digit represents a three bit number with the 4 bit
+ # corresponding to the read permissions, the 2 bit corresponds to the
+ # write bit, and the one bit corresponds to the execute permission.
+ # Default behavior is 755.
+ #
+ # Below are some examples of permissions and their associated values:
+ # read, write, and execute: 7
+ # read and execute: 5
+ # read and write: 6
+ # read only: 4
+ "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
+ # false and the file already exists the file is not overwritten
+ # and the step is considered a success. Defaults to false.
+ "destination": "A String", # Required. The absolute path on the instance to put the file.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
+ "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
+ # specified the script is executed directly, which likely
+ # only succeed for scripts with
+ # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
+ "script": "A String", # Required. The shell script to be executed.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ },
+ "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ },
+ ],
},
],
- "assignment": { # An assignment represents the group or groups of VM instances that the policy # Required. Specifies the VM instances that are assigned to this policy. This allows
- # you to target sets or groups of VM instances by different parameters such
- # as labels, names, OS, or zones.
- #
- # If left empty, all VM instances underneath this policy are targeted.
- #
- # At the same level in the resource hierarchy (that is within a project), the
- # service prevents the creation of multiple policies that conflict with
- # each other. For more information, see how the service [handles assignment
- # conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts).
- # applies to.
- #
- # If an assignment is empty, it applies to all VM instances. Otherwise, the
- # targeted VM instances must meet all the criteria specified. So if both
- # labels and zones are specified, the policy applies to VM instances with those
- # labels and in those zones.
- "instances": [ # Targets any of the instances specified. Instances are specified by their
- # URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`.
- #
- # Instance targeting is uncommon and is supported to facilitate the
- # management of changes by the instance or to target specific VM instances
- # for development and testing.
- #
- # Only supported for project-level policies and must reference instances
- # within this project.
- "A String",
- ],
- "instanceNamePrefixes": [ # Targets VM instances whose name starts with one of these prefixes.
- #
- # Like labels, this is another way to group VM instances when targeting
- # configs, for example prefix="prod-".
- #
- # Only supported for project-level policies.
- "A String",
- ],
- "zones": [ # Targets instances in any of these zones. Leave empty to target instances
- # in any zone.
- #
- # Zonal targeting is uncommon and is supported to facilitate the management
- # of changes by zone.
- "A String",
- ],
- "groupLabels": [ # Targets instances matching at least one of these label sets. This allows
- # an assignment to target disparate groups, for example "env=prod or
- # env=staging".
- { # Represents a group of VM intances that can be identified as having all
- # these labels, for example "env=prod and app=web".
- "labels": { # Google Compute Engine instance labels that must be present for an
- # instance to be included in this assignment group.
- "a_key": "A String",
+ "description": "A String", # Description of the guest policy. Length of the description is limited
+ # to 1024 characters.
+ }
+
+ guestPolicyId: string, Required. The logical name of the guest policy in the project
+with the following restrictions:
+
+* Must contain only lowercase letters, numbers, and hyphens.
+* Must start with a letter.
+* Must be between 1-63 characters.
+* Must end with a number or a letter.
+* Must be unique within the project.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # An OS Config resource representing a guest configuration policy. These
+ # policies represent the desired state for VM instance guest environments
+ # including packages to install or remove, package repository configurations,
+ # and software to install.
+ "packageRepositories": [ # A list of package repositories to configure on the VM instance. This is
+ # done before any other configs are applied so they can use these repos.
+ # Package repositories are only configured if the corresponding package
+ # manager(s) are available.
+ { # A package repository.
+ "goo": { # Represents a Goo package repository. These is added to a repo file # A Goo Repository.
+ # that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo.
+ "url": "A String", # Required. The url of the repository.
+ "name": "A String", # Required. The name of the repository.
+ },
+ "apt": { # Represents a single Apt package repository. This repository is added to # An Apt Repository.
+ # a repo file that is stored at
+ # `/etc/apt/sources.list.d/google_osconfig.list`.
+ "archiveType": "A String", # Type of archive files in this repository. The default behavior is DEB.
+ "gpgKey": "A String", # URI of the key file for this repository. The agent maintains
+ # a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing
+ # all the keys in any applied guest policy.
+ "uri": "A String", # Required. URI for this repository.
+ "components": [ # Required. List of components for this repository. Must contain at least one item.
+ "A String",
+ ],
+ "distribution": "A String", # Required. Distribution of this repository.
+ },
+ "zypper": { # Represents a single Zypper package repository. This repository is added to a # A Zypper Repository.
+ # repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`.
+ "gpgKeys": [ # URIs of GPG keys.
+ "A String",
+ ],
+ "id": "A String", # Required. A one word, unique name for this repository. This is
+ # the `repo id` in the zypper config file and also the `display_name` if
+ # `display_name` is omitted. This id is also used as the unique identifier
+ # when checking for guest policy conflicts.
+ "displayName": "A String", # The display name of the repository.
+ "baseUrl": "A String", # Required. The location of the repository directory.
+ },
+ "yum": { # Represents a single Yum package repository. This repository is added to a # A Yum Repository.
+ # repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`.
+ "id": "A String", # Required. A one word, unique name for this repository. This is
+ # the `repo id` in the Yum config file and also the `display_name` if
+ # `display_name` is omitted. This id is also used as the unique identifier
+ # when checking for guest policy conflicts.
+ "displayName": "A String", # The display name of the repository.
+ "baseUrl": "A String", # Required. The location of the repository directory.
+ "gpgKeys": [ # URIs of GPG keys.
+ "A String",
+ ],
},
},
],
- "osTypes": [ # Targets VM instances matching at least one of the following OS types.
- #
- # VM instances must match all supplied criteria for a given OsType to be
- # included.
- { # Defines the criteria for selecting VM Instances by OS type.
- "osShortName": "A String", # Targets VM instances with OS Inventory enabled and having the following
- # OS short name, for example "debian" or "windows".
- "osArchitecture": "A String", # Targets VM instances with OS Inventory enabled and having the following
- # OS architecture.
- "osVersion": "A String", # Targets VM instances with OS Inventory enabled and having the following
- # following OS version.
+ "packages": [ # The software packages to be managed by this policy.
+ { # Package is a reference to the software package to be installed or removed.
+ # The agent on the VM instance uses the system package manager to apply the
+ # config.
+ #
+ #
+ # These are the commands that the agent uses to install or remove
+ # packages.
+ #
+ # Apt
+ # install: `apt-get update && apt-get -y install package1 package2 package3`
+ # remove: `apt-get -y remove package1 package2 package3`
+ #
+ # Yum
+ # install: `yum -y install package1 package2 package3`
+ # remove: `yum -y remove package1 package2 package3`
+ #
+ # Zypper
+ # install: `zypper install package1 package2 package3`
+ # remove: `zypper rm package1 package2`
+ #
+ # Googet
+ # install: `googet -noconfirm install package1 package2 package3`
+ # remove: `googet -noconfirm remove package1 package2 package3`
+ "desiredState": "A String", # The desired_state the agent should maintain for this package. The
+ # default is to ensure the package is installed.
+ "name": "A String", # Required. The name of the package. A package is uniquely identified for conflict
+ # validation by checking the package name and the manager(s) that the
+ # package targets.
+ "manager": "A String", # Type of package manager that can be used to install this package.
+ # If a system does not have the package manager, the package is not
+ # installed or removed no error message is returned. By default,
+ # or if you specify `ANY`,
+ # the agent attempts to install and remove this package using the default
+ # package manager. This is useful when creating a policy that applies to
+ # different types of systems.
+ #
+ # The default behavior is ANY.
},
],
- },
- "description": "A String", # Description of the guest policy. Length of the description is limited
- # to 1024 characters.
- "packageRepositories": [ # A list of package repositories to configure on the VM instance. This is
- # done before any other configs are applied so they can use these repos.
- # Package repositories are only configured if the corresponding package
- # manager(s) are available.
- { # A package repository.
- "zypper": { # Represents a single Zypper package repository. This repository is added to a # A Zypper Repository.
- # repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`.
- "displayName": "A String", # The display name of the repository.
- "id": "A String", # Required. A one word, unique name for this repository. This is
- # the `repo id` in the zypper config file and also the `display_name` if
- # `display_name` is omitted. This id is also used as the unique identifier
- # when checking for guest policy conflicts.
- "baseUrl": "A String", # Required. The location of the repository directory.
- "gpgKeys": [ # URIs of GPG keys.
- "A String",
- ],
- },
- "apt": { # Represents a single Apt package repository. This repository is added to # An Apt Repository.
- # a repo file that is stored at
- # `/etc/apt/sources.list.d/google_osconfig.list`.
- "gpgKey": "A String", # URI of the key file for this repository. The agent maintains
- # a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing
- # all the keys in any applied guest policy.
- "distribution": "A String", # Required. Distribution of this repository.
- "components": [ # Required. List of components for this repository. Must contain at least one item.
- "A String",
- ],
- "archiveType": "A String", # Type of archive files in this repository. The default behavior is DEB.
- "uri": "A String", # Required. URI for this repository.
- },
- "yum": { # Represents a single Yum package repository. This repository is added to a # A Yum Repository.
- # repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`.
- "id": "A String", # Required. A one word, unique name for this repository. This is
- # the `repo id` in the Yum config file and also the `display_name` if
- # `display_name` is omitted. This id is also used as the unique identifier
- # when checking for guest policy conflicts.
- "baseUrl": "A String", # Required. The location of the repository directory.
- "gpgKeys": [ # URIs of GPG keys.
- "A String",
- ],
- "displayName": "A String", # The display name of the repository.
- },
- "goo": { # Represents a Goo package repository. These is added to a repo file # A Goo Repository.
- # that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo.
- "url": "A String", # Required. The url of the repository.
- "name": "A String", # Required. The name of the repository.
- },
+ "assignment": { # An assignment represents the group or groups of VM instances that the policy # Required. Specifies the VM instances that are assigned to this policy. This allows
+ # you to target sets or groups of VM instances by different parameters such
+ # as labels, names, OS, or zones.
+ #
+ # If left empty, all VM instances underneath this policy are targeted.
+ #
+ # At the same level in the resource hierarchy (that is within a project), the
+ # service prevents the creation of multiple policies that conflict with
+ # each other. For more information, see how the service [handles assignment
+ # conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts).
+ # applies to.
+ #
+ # If an assignment is empty, it applies to all VM instances. Otherwise, the
+ # targeted VM instances must meet all the criteria specified. So if both
+ # labels and zones are specified, the policy applies to VM instances with those
+ # labels and in those zones.
+ "instanceNamePrefixes": [ # Targets VM instances whose name starts with one of these prefixes.
+ #
+ # Like labels, this is another way to group VM instances when targeting
+ # configs, for example prefix="prod-".
+ #
+ # Only supported for project-level policies.
+ "A String",
+ ],
+ "groupLabels": [ # Targets instances matching at least one of these label sets. This allows
+ # an assignment to target disparate groups, for example "env=prod or
+ # env=staging".
+ { # Represents a group of VM intances that can be identified as having all
+ # these labels, for example "env=prod and app=web".
+ "labels": { # Google Compute Engine instance labels that must be present for an
+ # instance to be included in this assignment group.
+ "a_key": "A String",
+ },
+ },
+ ],
+ "osTypes": [ # Targets VM instances matching at least one of the following OS types.
+ #
+ # VM instances must match all supplied criteria for a given OsType to be
+ # included.
+ { # Defines the criteria for selecting VM Instances by OS type.
+ "osVersion": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # following OS version.
+ "osShortName": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # OS short name, for example "debian" or "windows".
+ "osArchitecture": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # OS architecture.
+ },
+ ],
+ "instances": [ # Targets any of the instances specified. Instances are specified by their
+ # URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`.
+ #
+ # Instance targeting is uncommon and is supported to facilitate the
+ # management of changes by the instance or to target specific VM instances
+ # for development and testing.
+ #
+ # Only supported for project-level policies and must reference instances
+ # within this project.
+ "A String",
+ ],
+ "zones": [ # Targets instances in any of these zones. Leave empty to target instances
+ # in any zone.
+ #
+ # Zonal targeting is uncommon and is supported to facilitate the management
+ # of changes by zone.
+ "A String",
+ ],
},
- ],
- "etag": "A String", # The etag for this guest policy.
- # If this is provided on update, it must match the server's etag.
- }</pre>
+ "createTime": "A String", # Output only. Time this guest policy was created.
+ "etag": "A String", # The etag for this guest policy.
+ # If this is provided on update, it must match the server's etag.
+ "updateTime": "A String", # Output only. Last time this guest policy was updated.
+ "name": "A String", # Required. Unique name of the resource in this project using one of the following
+ # forms:
+ # `projects/{project_number}/guestPolicies/{guest_policy_id}`.
+ "recipes": [ # A list of Recipes to install on the VM instance.
+ { # A software recipe is a set of instructions for installing and configuring a
+ # piece of software. It consists of a set of artifacts that are
+ # downloaded, and a set of steps that install, configure, and/or update the
+ # software.
+ #
+ # Recipes support installing and updating software from artifacts in the
+ # following formats:
+ # Zip archive, Tar archive, Windows MSI, Debian package, and RPM package.
+ #
+ # Additionally, recipes support executing a script (either defined in a file or
+ # directly in this api) in bash, sh, cmd, and powershell.
+ #
+ # Updating a software recipe
+ #
+ # If a recipe is assigned to an instance and there is a recipe with the same
+ # name but a lower version already installed and the assigned state
+ # of the recipe is `UPDATED`, then the recipe is updated to
+ # the new version.
+ #
+ # Script Working Directories
+ #
+ # Each script or execution step is run in its own temporary directory which
+ # is deleted after completing the step.
+ "updateSteps": [ # Actions to be taken for updating this recipe. On failure it stops
+ # executing steps and does not attempt another update for this recipe. Any
+ # steps taken (including partially completed steps) are not rolled back.
+ { # An action that can be taken as part of installing or updating a recipe.
+ "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
+ "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
+ # can return to indicate a success.
+ 42,
+ ],
+ "localPath": "A String", # The absolute path of the file on the local filesystem.
+ "args": [ # Arguments to be passed to the provided executable.
+ "A String",
+ ],
+ "artifactId": "A String", # The id of the relevant artifact in the recipe.
+ },
+ "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
+ "type": "A String", # Required. The type of the archive to extract.
+ "destination": "A String", # Directory to extract archive to.
+ # Defaults to `/` on Linux or `C:\` on Windows.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
+ "flags": [ # The flags to use when installing the MSI
+ # defaults to ["/i"] (i.e. the install flag).
+ "A String",
+ ],
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ },
+ "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
+ "permissions": "A String", # Consists of three octal digits which represent, in
+ # order, the permissions of the owner, group, and other users for the
+ # file (similarly to the numeric mode used in the linux chmod utility).
+ # Each digit represents a three bit number with the 4 bit
+ # corresponding to the read permissions, the 2 bit corresponds to the
+ # write bit, and the one bit corresponds to the execute permission.
+ # Default behavior is 755.
+ #
+ # Below are some examples of permissions and their associated values:
+ # read, write, and execute: 7
+ # read and execute: 5
+ # read and write: 6
+ # read only: 4
+ "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
+ # false and the file already exists the file is not overwritten
+ # and the step is considered a success. Defaults to false.
+ "destination": "A String", # Required. The absolute path on the instance to put the file.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
+ "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
+ # specified the script is executed directly, which likely
+ # only succeed for scripts with
+ # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
+ "script": "A String", # Required. The shell script to be executed.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ },
+ "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ },
+ ],
+ "artifacts": [ # Resources available to be used in the steps in the recipe.
+ { # Specifies a resource to be used in the recipe.
+ "id": "A String", # Required. Id of the artifact, which the installation and update steps of this
+ # recipe can reference. Artifacts in a recipe cannot have the same id.
+ "remote": { # Specifies an artifact available via some URI. # A generic remote artifact.
+ "checksum": "A String", # Must be provided if `allow_insecure` is `false`.
+ # SHA256 checksum in hex format, to compare to the checksum of the
+ # artifact. If the checksum is not empty and it doesn't match the
+ # artifact then the recipe installation fails before running any of the
+ # steps.
+ "uri": "A String", # URI from which to fetch the object. It should contain both the protocol
+ # and path following the format {protocol}://{location}.
+ },
+ "allowInsecure": True or False, # Defaults to false. When false, recipes are subject to validations
+ # based on the artifact type:
+ #
+ # Remote: A checksum must be specified, and only protocols with
+ # transport-layer security are permitted.
+ # GCS: An object generation number must be specified.
+ "gcs": { # Specifies an artifact available as a Google Cloud Storage object. # A Google Cloud Storage artifact.
+ "object": "A String", # Name of the Google Cloud Storage object.
+ # As specified [here]
+ # (https://cloud.google.com/storage/docs/naming#objectnames)
+ # Given an example URL:
+ # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
+ # this value would be `foo/bar`.
+ "generation": "A String", # Must be provided if allow_insecure is false.
+ # Generation number of the Google Cloud Storage object.
+ # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
+ # this value would be `1234567`.
+ "bucket": "A String", # Bucket of the Google Cloud Storage object.
+ # Given an example URL:
+ # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
+ # this value would be `my-bucket`.
+ },
+ },
+ ],
+ "desiredState": "A String", # Default is INSTALLED. The desired state the agent should maintain for this
+ # recipe.
+ #
+ # INSTALLED: The software recipe is installed on the instance but
+ # won't be updated to new versions.
+ # UPDATED: The software recipe is installed on the instance. The recipe is
+ # updated to a higher version, if a higher version of the recipe is
+ # assigned to this instance.
+ # REMOVE: Remove is unsupported for software recipes and attempts to
+ # create or update a recipe to the REMOVE state is rejected.
+ "name": "A String", # Required. Unique identifier for the recipe. Only one recipe with a given name is
+ # installed on an instance.
+ #
+ # Names are also used to identify resources which helps to determine whether
+ # guest policies have conflicts. This means that requests to create multiple
+ # recipes with the same name and version are rejected since they
+ # could potentially have conflicting assignments.
+ "version": "A String", # The version of this software recipe. Version can be up to 4 period
+ # separated numbers (e.g. 12.34.56.78).
+ "installSteps": [ # Actions to be taken for installing this recipe. On failure it stops
+ # executing steps and does not attempt another installation. Any steps taken
+ # (including partially completed steps) are not rolled back.
+ { # An action that can be taken as part of installing or updating a recipe.
+ "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
+ "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
+ # can return to indicate a success.
+ 42,
+ ],
+ "localPath": "A String", # The absolute path of the file on the local filesystem.
+ "args": [ # Arguments to be passed to the provided executable.
+ "A String",
+ ],
+ "artifactId": "A String", # The id of the relevant artifact in the recipe.
+ },
+ "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
+ "type": "A String", # Required. The type of the archive to extract.
+ "destination": "A String", # Directory to extract archive to.
+ # Defaults to `/` on Linux or `C:\` on Windows.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
+ "flags": [ # The flags to use when installing the MSI
+ # defaults to ["/i"] (i.e. the install flag).
+ "A String",
+ ],
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ },
+ "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
+ "permissions": "A String", # Consists of three octal digits which represent, in
+ # order, the permissions of the owner, group, and other users for the
+ # file (similarly to the numeric mode used in the linux chmod utility).
+ # Each digit represents a three bit number with the 4 bit
+ # corresponding to the read permissions, the 2 bit corresponds to the
+ # write bit, and the one bit corresponds to the execute permission.
+ # Default behavior is 755.
+ #
+ # Below are some examples of permissions and their associated values:
+ # read, write, and execute: 7
+ # read and execute: 5
+ # read and write: 6
+ # read only: 4
+ "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
+ # false and the file already exists the file is not overwritten
+ # and the step is considered a success. Defaults to false.
+ "destination": "A String", # Required. The absolute path on the instance to put the file.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
+ "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
+ # specified the script is executed directly, which likely
+ # only succeed for scripts with
+ # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
+ "script": "A String", # Required. The shell script to be executed.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ },
+ "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ },
+ ],
+ },
+ ],
+ "description": "A String", # Description of the guest policy. Length of the description is limited
+ # to 1024 characters.
+ }</pre>
</div>
<div class="method">
@@ -953,411 +953,411 @@
An object of the form:
{ # An OS Config resource representing a guest configuration policy. These
- # policies represent the desired state for VM instance guest environments
- # including packages to install or remove, package repository configurations,
- # and software to install.
- "createTime": "A String", # Output only. Time this guest policy was created.
- "packages": [ # The software packages to be managed by this policy.
- { # Package is a reference to the software package to be installed or removed.
- # The agent on the VM instance uses the system package manager to apply the
- # config.
- #
- #
- # These are the commands that the agent uses to install or remove
- # packages.
- #
- # Apt
- # install: `apt-get update && apt-get -y install package1 package2 package3`
- # remove: `apt-get -y remove package1 package2 package3`
- #
- # Yum
- # install: `yum -y install package1 package2 package3`
- # remove: `yum -y remove package1 package2 package3`
- #
- # Zypper
- # install: `zypper install package1 package2 package3`
- # remove: `zypper rm package1 package2`
- #
- # Googet
- # install: `googet -noconfirm install package1 package2 package3`
- # remove: `googet -noconfirm remove package1 package2 package3`
- "desiredState": "A String", # The desired_state the agent should maintain for this package. The
- # default is to ensure the package is installed.
- "name": "A String", # Required. The name of the package. A package is uniquely identified for conflict
- # validation by checking the package name and the manager(s) that the
- # package targets.
- "manager": "A String", # Type of package manager that can be used to install this package.
- # If a system does not have the package manager, the package is not
- # installed or removed no error message is returned. By default,
- # or if you specify `ANY`,
- # the agent attempts to install and remove this package using the default
- # package manager. This is useful when creating a policy that applies to
- # different types of systems.
+ # policies represent the desired state for VM instance guest environments
+ # including packages to install or remove, package repository configurations,
+ # and software to install.
+ "packageRepositories": [ # A list of package repositories to configure on the VM instance. This is
+ # done before any other configs are applied so they can use these repos.
+ # Package repositories are only configured if the corresponding package
+ # manager(s) are available.
+ { # A package repository.
+ "goo": { # Represents a Goo package repository. These is added to a repo file # A Goo Repository.
+ # that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo.
+ "url": "A String", # Required. The url of the repository.
+ "name": "A String", # Required. The name of the repository.
+ },
+ "apt": { # Represents a single Apt package repository. This repository is added to # An Apt Repository.
+ # a repo file that is stored at
+ # `/etc/apt/sources.list.d/google_osconfig.list`.
+ "archiveType": "A String", # Type of archive files in this repository. The default behavior is DEB.
+ "gpgKey": "A String", # URI of the key file for this repository. The agent maintains
+ # a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing
+ # all the keys in any applied guest policy.
+ "uri": "A String", # Required. URI for this repository.
+ "components": [ # Required. List of components for this repository. Must contain at least one item.
+ "A String",
+ ],
+ "distribution": "A String", # Required. Distribution of this repository.
+ },
+ "zypper": { # Represents a single Zypper package repository. This repository is added to a # A Zypper Repository.
+ # repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`.
+ "gpgKeys": [ # URIs of GPG keys.
+ "A String",
+ ],
+ "id": "A String", # Required. A one word, unique name for this repository. This is
+ # the `repo id` in the zypper config file and also the `display_name` if
+ # `display_name` is omitted. This id is also used as the unique identifier
+ # when checking for guest policy conflicts.
+ "displayName": "A String", # The display name of the repository.
+ "baseUrl": "A String", # Required. The location of the repository directory.
+ },
+ "yum": { # Represents a single Yum package repository. This repository is added to a # A Yum Repository.
+ # repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`.
+ "id": "A String", # Required. A one word, unique name for this repository. This is
+ # the `repo id` in the Yum config file and also the `display_name` if
+ # `display_name` is omitted. This id is also used as the unique identifier
+ # when checking for guest policy conflicts.
+ "displayName": "A String", # The display name of the repository.
+ "baseUrl": "A String", # Required. The location of the repository directory.
+ "gpgKeys": [ # URIs of GPG keys.
+ "A String",
+ ],
+ },
+ },
+ ],
+ "packages": [ # The software packages to be managed by this policy.
+ { # Package is a reference to the software package to be installed or removed.
+ # The agent on the VM instance uses the system package manager to apply the
+ # config.
#
- # The default behavior is ANY.
- },
- ],
- "updateTime": "A String", # Output only. Last time this guest policy was updated.
- "name": "A String", # Required. Unique name of the resource in this project using one of the following
- # forms:
- # `projects/{project_number}/guestPolicies/{guest_policy_id}`.
- "recipes": [ # A list of Recipes to install on the VM instance.
- { # A software recipe is a set of instructions for installing and configuring a
- # piece of software. It consists of a set of artifacts that are
- # downloaded, and a set of steps that install, configure, and/or update the
- # software.
+ #
+ # These are the commands that the agent uses to install or remove
+ # packages.
+ #
+ # Apt
+ # install: `apt-get update && apt-get -y install package1 package2 package3`
+ # remove: `apt-get -y remove package1 package2 package3`
+ #
+ # Yum
+ # install: `yum -y install package1 package2 package3`
+ # remove: `yum -y remove package1 package2 package3`
+ #
+ # Zypper
+ # install: `zypper install package1 package2 package3`
+ # remove: `zypper rm package1 package2`
+ #
+ # Googet
+ # install: `googet -noconfirm install package1 package2 package3`
+ # remove: `googet -noconfirm remove package1 package2 package3`
+ "desiredState": "A String", # The desired_state the agent should maintain for this package. The
+ # default is to ensure the package is installed.
+ "name": "A String", # Required. The name of the package. A package is uniquely identified for conflict
+ # validation by checking the package name and the manager(s) that the
+ # package targets.
+ "manager": "A String", # Type of package manager that can be used to install this package.
+ # If a system does not have the package manager, the package is not
+ # installed or removed no error message is returned. By default,
+ # or if you specify `ANY`,
+ # the agent attempts to install and remove this package using the default
+ # package manager. This is useful when creating a policy that applies to
+ # different types of systems.
+ #
+ # The default behavior is ANY.
+ },
+ ],
+ "assignment": { # An assignment represents the group or groups of VM instances that the policy # Required. Specifies the VM instances that are assigned to this policy. This allows
+ # you to target sets or groups of VM instances by different parameters such
+ # as labels, names, OS, or zones.
#
- # Recipes support installing and updating software from artifacts in the
- # following formats:
- # Zip archive, Tar archive, Windows MSI, Debian package, and RPM package.
+ # If left empty, all VM instances underneath this policy are targeted.
#
- # Additionally, recipes support executing a script (either defined in a file or
- # directly in this api) in bash, sh, cmd, and powershell.
+ # At the same level in the resource hierarchy (that is within a project), the
+ # service prevents the creation of multiple policies that conflict with
+ # each other. For more information, see how the service [handles assignment
+ # conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts).
+ # applies to.
#
- # Updating a software recipe
- #
- # If a recipe is assigned to an instance and there is a recipe with the same
- # name but a lower version already installed and the assigned state
- # of the recipe is `UPDATED`, then the recipe is updated to
- # the new version.
- #
- # Script Working Directories
- #
- # Each script or execution step is run in its own temporary directory which
- # is deleted after completing the step.
- "artifacts": [ # Resources available to be used in the steps in the recipe.
- { # Specifies a resource to be used in the recipe.
- "remote": { # Specifies an artifact available via some URI. # A generic remote artifact.
- "checksum": "A String", # Must be provided if `allow_insecure` is `false`.
- # SHA256 checksum in hex format, to compare to the checksum of the
- # artifact. If the checksum is not empty and it doesn't match the
- # artifact then the recipe installation fails before running any of the
- # steps.
- "uri": "A String", # URI from which to fetch the object. It should contain both the protocol
- # and path following the format {protocol}://{location}.
+ # If an assignment is empty, it applies to all VM instances. Otherwise, the
+ # targeted VM instances must meet all the criteria specified. So if both
+ # labels and zones are specified, the policy applies to VM instances with those
+ # labels and in those zones.
+ "instanceNamePrefixes": [ # Targets VM instances whose name starts with one of these prefixes.
+ #
+ # Like labels, this is another way to group VM instances when targeting
+ # configs, for example prefix="prod-".
+ #
+ # Only supported for project-level policies.
+ "A String",
+ ],
+ "groupLabels": [ # Targets instances matching at least one of these label sets. This allows
+ # an assignment to target disparate groups, for example "env=prod or
+ # env=staging".
+ { # Represents a group of VM intances that can be identified as having all
+ # these labels, for example "env=prod and app=web".
+ "labels": { # Google Compute Engine instance labels that must be present for an
+ # instance to be included in this assignment group.
+ "a_key": "A String",
},
- "gcs": { # Specifies an artifact available as a Google Cloud Storage object. # A Google Cloud Storage artifact.
- "object": "A String", # Name of the Google Cloud Storage object.
- # As specified [here]
- # (https://cloud.google.com/storage/docs/naming#objectnames)
- # Given an example URL:
- # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
- # this value would be `foo/bar`.
- "generation": "A String", # Must be provided if allow_insecure is false.
- # Generation number of the Google Cloud Storage object.
- # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
- # this value would be `1234567`.
- "bucket": "A String", # Bucket of the Google Cloud Storage object.
- # Given an example URL:
- # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
- # this value would be `my-bucket`.
- },
- "id": "A String", # Required. Id of the artifact, which the installation and update steps of this
- # recipe can reference. Artifacts in a recipe cannot have the same id.
- "allowInsecure": True or False, # Defaults to false. When false, recipes are subject to validations
- # based on the artifact type:
- #
- # Remote: A checksum must be specified, and only protocols with
- # transport-layer security are permitted.
- # GCS: An object generation number must be specified.
},
],
- "installSteps": [ # Actions to be taken for installing this recipe. On failure it stops
- # executing steps and does not attempt another installation. Any steps taken
- # (including partially completed steps) are not rolled back.
- { # An action that can be taken as part of installing or updating a recipe.
- "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "destination": "A String", # Directory to extract archive to.
- # Defaults to `/` on Linux or `C:\` on Windows.
- "type": "A String", # Required. The type of the archive to extract.
+ "osTypes": [ # Targets VM instances matching at least one of the following OS types.
+ #
+ # VM instances must match all supplied criteria for a given OsType to be
+ # included.
+ { # Defines the criteria for selecting VM Instances by OS type.
+ "osVersion": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # following OS version.
+ "osShortName": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # OS short name, for example "debian" or "windows".
+ "osArchitecture": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # OS architecture.
+ },
+ ],
+ "instances": [ # Targets any of the instances specified. Instances are specified by their
+ # URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`.
+ #
+ # Instance targeting is uncommon and is supported to facilitate the
+ # management of changes by the instance or to target specific VM instances
+ # for development and testing.
+ #
+ # Only supported for project-level policies and must reference instances
+ # within this project.
+ "A String",
+ ],
+ "zones": [ # Targets instances in any of these zones. Leave empty to target instances
+ # in any zone.
+ #
+ # Zonal targeting is uncommon and is supported to facilitate the management
+ # of changes by zone.
+ "A String",
+ ],
+ },
+ "createTime": "A String", # Output only. Time this guest policy was created.
+ "etag": "A String", # The etag for this guest policy.
+ # If this is provided on update, it must match the server's etag.
+ "updateTime": "A String", # Output only. Last time this guest policy was updated.
+ "name": "A String", # Required. Unique name of the resource in this project using one of the following
+ # forms:
+ # `projects/{project_number}/guestPolicies/{guest_policy_id}`.
+ "recipes": [ # A list of Recipes to install on the VM instance.
+ { # A software recipe is a set of instructions for installing and configuring a
+ # piece of software. It consists of a set of artifacts that are
+ # downloaded, and a set of steps that install, configure, and/or update the
+ # software.
+ #
+ # Recipes support installing and updating software from artifacts in the
+ # following formats:
+ # Zip archive, Tar archive, Windows MSI, Debian package, and RPM package.
+ #
+ # Additionally, recipes support executing a script (either defined in a file or
+ # directly in this api) in bash, sh, cmd, and powershell.
+ #
+ # Updating a software recipe
+ #
+ # If a recipe is assigned to an instance and there is a recipe with the same
+ # name but a lower version already installed and the assigned state
+ # of the recipe is `UPDATED`, then the recipe is updated to
+ # the new version.
+ #
+ # Script Working Directories
+ #
+ # Each script or execution step is run in its own temporary directory which
+ # is deleted after completing the step.
+ "updateSteps": [ # Actions to be taken for updating this recipe. On failure it stops
+ # executing steps and does not attempt another update for this recipe. Any
+ # steps taken (including partially completed steps) are not rolled back.
+ { # An action that can be taken as part of installing or updating a recipe.
+ "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
+ "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
+ # can return to indicate a success.
+ 42,
+ ],
+ "localPath": "A String", # The absolute path of the file on the local filesystem.
+ "args": [ # Arguments to be passed to the provided executable.
+ "A String",
+ ],
+ "artifactId": "A String", # The id of the relevant artifact in the recipe.
+ },
+ "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
+ "type": "A String", # Required. The type of the archive to extract.
+ "destination": "A String", # Directory to extract archive to.
+ # Defaults to `/` on Linux or `C:\` on Windows.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
+ "flags": [ # The flags to use when installing the MSI
+ # defaults to ["/i"] (i.e. the install flag).
+ "A String",
+ ],
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ },
+ "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
+ "permissions": "A String", # Consists of three octal digits which represent, in
+ # order, the permissions of the owner, group, and other users for the
+ # file (similarly to the numeric mode used in the linux chmod utility).
+ # Each digit represents a three bit number with the 4 bit
+ # corresponding to the read permissions, the 2 bit corresponds to the
+ # write bit, and the one bit corresponds to the execute permission.
+ # Default behavior is 755.
+ #
+ # Below are some examples of permissions and their associated values:
+ # read, write, and execute: 7
+ # read and execute: 5
+ # read and write: 6
+ # read only: 4
+ "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
+ # false and the file already exists the file is not overwritten
+ # and the step is considered a success. Defaults to false.
+ "destination": "A String", # Required. The absolute path on the instance to put the file.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
+ "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
+ # specified the script is executed directly, which likely
+ # only succeed for scripts with
+ # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
+ "script": "A String", # Required. The shell script to be executed.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ },
+ "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
},
- "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
- "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
- # successfully. Behaviour defaults to [0]
- 42,
- ],
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "flags": [ # The flags to use when installing the MSI
- # defaults to ["/i"] (i.e. the install flag).
- "A String",
- ],
- },
- "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
- "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
- # successfully. Behaviour defaults to [0]
- 42,
- ],
- "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
- # specified the script is executed directly, which likely
- # only succeed for scripts with
- # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
- "script": "A String", # Required. The shell script to be executed.
- },
- "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- },
- "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- },
- "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
- # false and the file already exists the file is not overwritten
- # and the step is considered a success. Defaults to false.
- "destination": "A String", # Required. The absolute path on the instance to put the file.
- "permissions": "A String", # Consists of three octal digits which represent, in
- # order, the permissions of the owner, group, and other users for the
- # file (similarly to the numeric mode used in the linux chmod utility).
- # Each digit represents a three bit number with the 4 bit
- # corresponding to the read permissions, the 2 bit corresponds to the
- # write bit, and the one bit corresponds to the execute permission.
- # Default behavior is 755.
+ ],
+ "artifacts": [ # Resources available to be used in the steps in the recipe.
+ { # Specifies a resource to be used in the recipe.
+ "id": "A String", # Required. Id of the artifact, which the installation and update steps of this
+ # recipe can reference. Artifacts in a recipe cannot have the same id.
+ "remote": { # Specifies an artifact available via some URI. # A generic remote artifact.
+ "checksum": "A String", # Must be provided if `allow_insecure` is `false`.
+ # SHA256 checksum in hex format, to compare to the checksum of the
+ # artifact. If the checksum is not empty and it doesn't match the
+ # artifact then the recipe installation fails before running any of the
+ # steps.
+ "uri": "A String", # URI from which to fetch the object. It should contain both the protocol
+ # and path following the format {protocol}://{location}.
+ },
+ "allowInsecure": True or False, # Defaults to false. When false, recipes are subject to validations
+ # based on the artifact type:
#
- # Below are some examples of permissions and their associated values:
- # read, write, and execute: 7
- # read and execute: 5
- # read and write: 6
- # read only: 4
+ # Remote: A checksum must be specified, and only protocols with
+ # transport-layer security are permitted.
+ # GCS: An object generation number must be specified.
+ "gcs": { # Specifies an artifact available as a Google Cloud Storage object. # A Google Cloud Storage artifact.
+ "object": "A String", # Name of the Google Cloud Storage object.
+ # As specified [here]
+ # (https://cloud.google.com/storage/docs/naming#objectnames)
+ # Given an example URL:
+ # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
+ # this value would be `foo/bar`.
+ "generation": "A String", # Must be provided if allow_insecure is false.
+ # Generation number of the Google Cloud Storage object.
+ # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
+ # this value would be `1234567`.
+ "bucket": "A String", # Bucket of the Google Cloud Storage object.
+ # Given an example URL:
+ # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
+ # this value would be `my-bucket`.
+ },
},
- "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
- "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
- # can return to indicate a success.
- 42,
- ],
- "artifactId": "A String", # The id of the relevant artifact in the recipe.
- "args": [ # Arguments to be passed to the provided executable.
- "A String",
- ],
- "localPath": "A String", # The absolute path of the file on the local filesystem.
+ ],
+ "desiredState": "A String", # Default is INSTALLED. The desired state the agent should maintain for this
+ # recipe.
+ #
+ # INSTALLED: The software recipe is installed on the instance but
+ # won't be updated to new versions.
+ # UPDATED: The software recipe is installed on the instance. The recipe is
+ # updated to a higher version, if a higher version of the recipe is
+ # assigned to this instance.
+ # REMOVE: Remove is unsupported for software recipes and attempts to
+ # create or update a recipe to the REMOVE state is rejected.
+ "name": "A String", # Required. Unique identifier for the recipe. Only one recipe with a given name is
+ # installed on an instance.
+ #
+ # Names are also used to identify resources which helps to determine whether
+ # guest policies have conflicts. This means that requests to create multiple
+ # recipes with the same name and version are rejected since they
+ # could potentially have conflicting assignments.
+ "version": "A String", # The version of this software recipe. Version can be up to 4 period
+ # separated numbers (e.g. 12.34.56.78).
+ "installSteps": [ # Actions to be taken for installing this recipe. On failure it stops
+ # executing steps and does not attempt another installation. Any steps taken
+ # (including partially completed steps) are not rolled back.
+ { # An action that can be taken as part of installing or updating a recipe.
+ "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
+ "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
+ # can return to indicate a success.
+ 42,
+ ],
+ "localPath": "A String", # The absolute path of the file on the local filesystem.
+ "args": [ # Arguments to be passed to the provided executable.
+ "A String",
+ ],
+ "artifactId": "A String", # The id of the relevant artifact in the recipe.
+ },
+ "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
+ "type": "A String", # Required. The type of the archive to extract.
+ "destination": "A String", # Directory to extract archive to.
+ # Defaults to `/` on Linux or `C:\` on Windows.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
+ "flags": [ # The flags to use when installing the MSI
+ # defaults to ["/i"] (i.e. the install flag).
+ "A String",
+ ],
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ },
+ "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
+ "permissions": "A String", # Consists of three octal digits which represent, in
+ # order, the permissions of the owner, group, and other users for the
+ # file (similarly to the numeric mode used in the linux chmod utility).
+ # Each digit represents a three bit number with the 4 bit
+ # corresponding to the read permissions, the 2 bit corresponds to the
+ # write bit, and the one bit corresponds to the execute permission.
+ # Default behavior is 755.
+ #
+ # Below are some examples of permissions and their associated values:
+ # read, write, and execute: 7
+ # read and execute: 5
+ # read and write: 6
+ # read only: 4
+ "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
+ # false and the file already exists the file is not overwritten
+ # and the step is considered a success. Defaults to false.
+ "destination": "A String", # Required. The absolute path on the instance to put the file.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
+ "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
+ # specified the script is executed directly, which likely
+ # only succeed for scripts with
+ # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
+ "script": "A String", # Required. The shell script to be executed.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ },
+ "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
},
- },
- ],
- "name": "A String", # Required. Unique identifier for the recipe. Only one recipe with a given name is
- # installed on an instance.
- #
- # Names are also used to identify resources which helps to determine whether
- # guest policies have conflicts. This means that requests to create multiple
- # recipes with the same name and version are rejected since they
- # could potentially have conflicting assignments.
- "updateSteps": [ # Actions to be taken for updating this recipe. On failure it stops
- # executing steps and does not attempt another update for this recipe. Any
- # steps taken (including partially completed steps) are not rolled back.
- { # An action that can be taken as part of installing or updating a recipe.
- "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "destination": "A String", # Directory to extract archive to.
- # Defaults to `/` on Linux or `C:\` on Windows.
- "type": "A String", # Required. The type of the archive to extract.
- },
- "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
- "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
- # successfully. Behaviour defaults to [0]
- 42,
- ],
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "flags": [ # The flags to use when installing the MSI
- # defaults to ["/i"] (i.e. the install flag).
- "A String",
- ],
- },
- "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
- "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
- # successfully. Behaviour defaults to [0]
- 42,
- ],
- "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
- # specified the script is executed directly, which likely
- # only succeed for scripts with
- # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
- "script": "A String", # Required. The shell script to be executed.
- },
- "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- },
- "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- },
- "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
- # false and the file already exists the file is not overwritten
- # and the step is considered a success. Defaults to false.
- "destination": "A String", # Required. The absolute path on the instance to put the file.
- "permissions": "A String", # Consists of three octal digits which represent, in
- # order, the permissions of the owner, group, and other users for the
- # file (similarly to the numeric mode used in the linux chmod utility).
- # Each digit represents a three bit number with the 4 bit
- # corresponding to the read permissions, the 2 bit corresponds to the
- # write bit, and the one bit corresponds to the execute permission.
- # Default behavior is 755.
- #
- # Below are some examples of permissions and their associated values:
- # read, write, and execute: 7
- # read and execute: 5
- # read and write: 6
- # read only: 4
- },
- "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
- "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
- # can return to indicate a success.
- 42,
- ],
- "artifactId": "A String", # The id of the relevant artifact in the recipe.
- "args": [ # Arguments to be passed to the provided executable.
- "A String",
- ],
- "localPath": "A String", # The absolute path of the file on the local filesystem.
- },
- },
- ],
- "version": "A String", # The version of this software recipe. Version can be up to 4 period
- # separated numbers (e.g. 12.34.56.78).
- "desiredState": "A String", # Default is INSTALLED. The desired state the agent should maintain for this
- # recipe.
- #
- # INSTALLED: The software recipe is installed on the instance but
- # won't be updated to new versions.
- # UPDATED: The software recipe is installed on the instance. The recipe is
- # updated to a higher version, if a higher version of the recipe is
- # assigned to this instance.
- # REMOVE: Remove is unsupported for software recipes and attempts to
- # create or update a recipe to the REMOVE state is rejected.
- },
- ],
- "assignment": { # An assignment represents the group or groups of VM instances that the policy # Required. Specifies the VM instances that are assigned to this policy. This allows
- # you to target sets or groups of VM instances by different parameters such
- # as labels, names, OS, or zones.
- #
- # If left empty, all VM instances underneath this policy are targeted.
- #
- # At the same level in the resource hierarchy (that is within a project), the
- # service prevents the creation of multiple policies that conflict with
- # each other. For more information, see how the service [handles assignment
- # conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts).
- # applies to.
- #
- # If an assignment is empty, it applies to all VM instances. Otherwise, the
- # targeted VM instances must meet all the criteria specified. So if both
- # labels and zones are specified, the policy applies to VM instances with those
- # labels and in those zones.
- "instances": [ # Targets any of the instances specified. Instances are specified by their
- # URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`.
- #
- # Instance targeting is uncommon and is supported to facilitate the
- # management of changes by the instance or to target specific VM instances
- # for development and testing.
- #
- # Only supported for project-level policies and must reference instances
- # within this project.
- "A String",
- ],
- "instanceNamePrefixes": [ # Targets VM instances whose name starts with one of these prefixes.
- #
- # Like labels, this is another way to group VM instances when targeting
- # configs, for example prefix="prod-".
- #
- # Only supported for project-level policies.
- "A String",
- ],
- "zones": [ # Targets instances in any of these zones. Leave empty to target instances
- # in any zone.
- #
- # Zonal targeting is uncommon and is supported to facilitate the management
- # of changes by zone.
- "A String",
- ],
- "groupLabels": [ # Targets instances matching at least one of these label sets. This allows
- # an assignment to target disparate groups, for example "env=prod or
- # env=staging".
- { # Represents a group of VM intances that can be identified as having all
- # these labels, for example "env=prod and app=web".
- "labels": { # Google Compute Engine instance labels that must be present for an
- # instance to be included in this assignment group.
- "a_key": "A String",
- },
- },
- ],
- "osTypes": [ # Targets VM instances matching at least one of the following OS types.
- #
- # VM instances must match all supplied criteria for a given OsType to be
- # included.
- { # Defines the criteria for selecting VM Instances by OS type.
- "osShortName": "A String", # Targets VM instances with OS Inventory enabled and having the following
- # OS short name, for example "debian" or "windows".
- "osArchitecture": "A String", # Targets VM instances with OS Inventory enabled and having the following
- # OS architecture.
- "osVersion": "A String", # Targets VM instances with OS Inventory enabled and having the following
- # following OS version.
- },
- ],
- },
- "description": "A String", # Description of the guest policy. Length of the description is limited
- # to 1024 characters.
- "packageRepositories": [ # A list of package repositories to configure on the VM instance. This is
- # done before any other configs are applied so they can use these repos.
- # Package repositories are only configured if the corresponding package
- # manager(s) are available.
- { # A package repository.
- "zypper": { # Represents a single Zypper package repository. This repository is added to a # A Zypper Repository.
- # repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`.
- "displayName": "A String", # The display name of the repository.
- "id": "A String", # Required. A one word, unique name for this repository. This is
- # the `repo id` in the zypper config file and also the `display_name` if
- # `display_name` is omitted. This id is also used as the unique identifier
- # when checking for guest policy conflicts.
- "baseUrl": "A String", # Required. The location of the repository directory.
- "gpgKeys": [ # URIs of GPG keys.
- "A String",
],
},
- "apt": { # Represents a single Apt package repository. This repository is added to # An Apt Repository.
- # a repo file that is stored at
- # `/etc/apt/sources.list.d/google_osconfig.list`.
- "gpgKey": "A String", # URI of the key file for this repository. The agent maintains
- # a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing
- # all the keys in any applied guest policy.
- "distribution": "A String", # Required. Distribution of this repository.
- "components": [ # Required. List of components for this repository. Must contain at least one item.
- "A String",
- ],
- "archiveType": "A String", # Type of archive files in this repository. The default behavior is DEB.
- "uri": "A String", # Required. URI for this repository.
- },
- "yum": { # Represents a single Yum package repository. This repository is added to a # A Yum Repository.
- # repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`.
- "id": "A String", # Required. A one word, unique name for this repository. This is
- # the `repo id` in the Yum config file and also the `display_name` if
- # `display_name` is omitted. This id is also used as the unique identifier
- # when checking for guest policy conflicts.
- "baseUrl": "A String", # Required. The location of the repository directory.
- "gpgKeys": [ # URIs of GPG keys.
- "A String",
- ],
- "displayName": "A String", # The display name of the repository.
- },
- "goo": { # Represents a Goo package repository. These is added to a repo file # A Goo Repository.
- # that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo.
- "url": "A String", # Required. The url of the repository.
- "name": "A String", # Required. The name of the repository.
- },
- },
- ],
- "etag": "A String", # The etag for this guest policy.
- # If this is provided on update, it must match the server's etag.
- }</pre>
+ ],
+ "description": "A String", # Description of the guest policy. Length of the description is limited
+ # to 1024 characters.
+ }</pre>
</div>
<div class="method">
- <code class="details" id="list">list(parent, pageToken=None, pageSize=None, x__xgafv=None)</code>
+ <code class="details" id="list">list(parent, pageSize=None, pageToken=None, x__xgafv=None)</code>
<pre>Get a page of OS Config guest policies.
Args:
parent: string, Required. The resource name of the parent using one of the following forms:
`projects/{project_number}`. (required)
+ pageSize: integer, The maximum number of guest policies to return.
pageToken: string, A pagination token returned from a previous call to `ListGuestPolicies`
that indicates where this listing should continue from.
- pageSize: integer, The maximum number of guest policies to return.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
@@ -1371,399 +1371,399 @@
# of guest policies.
"guestPolicies": [ # The list of GuestPolicies.
{ # An OS Config resource representing a guest configuration policy. These
- # policies represent the desired state for VM instance guest environments
- # including packages to install or remove, package repository configurations,
- # and software to install.
- "createTime": "A String", # Output only. Time this guest policy was created.
- "packages": [ # The software packages to be managed by this policy.
- { # Package is a reference to the software package to be installed or removed.
- # The agent on the VM instance uses the system package manager to apply the
- # config.
- #
- #
- # These are the commands that the agent uses to install or remove
- # packages.
- #
- # Apt
- # install: `apt-get update && apt-get -y install package1 package2 package3`
- # remove: `apt-get -y remove package1 package2 package3`
- #
- # Yum
- # install: `yum -y install package1 package2 package3`
- # remove: `yum -y remove package1 package2 package3`
- #
- # Zypper
- # install: `zypper install package1 package2 package3`
- # remove: `zypper rm package1 package2`
- #
- # Googet
- # install: `googet -noconfirm install package1 package2 package3`
- # remove: `googet -noconfirm remove package1 package2 package3`
- "desiredState": "A String", # The desired_state the agent should maintain for this package. The
- # default is to ensure the package is installed.
- "name": "A String", # Required. The name of the package. A package is uniquely identified for conflict
- # validation by checking the package name and the manager(s) that the
- # package targets.
- "manager": "A String", # Type of package manager that can be used to install this package.
- # If a system does not have the package manager, the package is not
- # installed or removed no error message is returned. By default,
- # or if you specify `ANY`,
- # the agent attempts to install and remove this package using the default
- # package manager. This is useful when creating a policy that applies to
- # different types of systems.
- #
- # The default behavior is ANY.
- },
- ],
- "updateTime": "A String", # Output only. Last time this guest policy was updated.
- "name": "A String", # Required. Unique name of the resource in this project using one of the following
- # forms:
- # `projects/{project_number}/guestPolicies/{guest_policy_id}`.
- "recipes": [ # A list of Recipes to install on the VM instance.
- { # A software recipe is a set of instructions for installing and configuring a
- # piece of software. It consists of a set of artifacts that are
- # downloaded, and a set of steps that install, configure, and/or update the
- # software.
- #
- # Recipes support installing and updating software from artifacts in the
- # following formats:
- # Zip archive, Tar archive, Windows MSI, Debian package, and RPM package.
- #
- # Additionally, recipes support executing a script (either defined in a file or
- # directly in this api) in bash, sh, cmd, and powershell.
- #
- # Updating a software recipe
- #
- # If a recipe is assigned to an instance and there is a recipe with the same
- # name but a lower version already installed and the assigned state
- # of the recipe is `UPDATED`, then the recipe is updated to
- # the new version.
- #
- # Script Working Directories
- #
- # Each script or execution step is run in its own temporary directory which
- # is deleted after completing the step.
- "artifacts": [ # Resources available to be used in the steps in the recipe.
- { # Specifies a resource to be used in the recipe.
- "remote": { # Specifies an artifact available via some URI. # A generic remote artifact.
- "checksum": "A String", # Must be provided if `allow_insecure` is `false`.
- # SHA256 checksum in hex format, to compare to the checksum of the
- # artifact. If the checksum is not empty and it doesn't match the
- # artifact then the recipe installation fails before running any of the
- # steps.
- "uri": "A String", # URI from which to fetch the object. It should contain both the protocol
- # and path following the format {protocol}://{location}.
- },
- "gcs": { # Specifies an artifact available as a Google Cloud Storage object. # A Google Cloud Storage artifact.
- "object": "A String", # Name of the Google Cloud Storage object.
- # As specified [here]
- # (https://cloud.google.com/storage/docs/naming#objectnames)
- # Given an example URL:
- # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
- # this value would be `foo/bar`.
- "generation": "A String", # Must be provided if allow_insecure is false.
- # Generation number of the Google Cloud Storage object.
- # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
- # this value would be `1234567`.
- "bucket": "A String", # Bucket of the Google Cloud Storage object.
- # Given an example URL:
- # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
- # this value would be `my-bucket`.
- },
- "id": "A String", # Required. Id of the artifact, which the installation and update steps of this
- # recipe can reference. Artifacts in a recipe cannot have the same id.
- "allowInsecure": True or False, # Defaults to false. When false, recipes are subject to validations
- # based on the artifact type:
- #
- # Remote: A checksum must be specified, and only protocols with
- # transport-layer security are permitted.
- # GCS: An object generation number must be specified.
+ # policies represent the desired state for VM instance guest environments
+ # including packages to install or remove, package repository configurations,
+ # and software to install.
+ "packageRepositories": [ # A list of package repositories to configure on the VM instance. This is
+ # done before any other configs are applied so they can use these repos.
+ # Package repositories are only configured if the corresponding package
+ # manager(s) are available.
+ { # A package repository.
+ "goo": { # Represents a Goo package repository. These is added to a repo file # A Goo Repository.
+ # that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo.
+ "url": "A String", # Required. The url of the repository.
+ "name": "A String", # Required. The name of the repository.
},
- ],
- "installSteps": [ # Actions to be taken for installing this recipe. On failure it stops
- # executing steps and does not attempt another installation. Any steps taken
- # (including partially completed steps) are not rolled back.
- { # An action that can be taken as part of installing or updating a recipe.
- "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "destination": "A String", # Directory to extract archive to.
- # Defaults to `/` on Linux or `C:\` on Windows.
- "type": "A String", # Required. The type of the archive to extract.
- },
- "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
- "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
- # successfully. Behaviour defaults to [0]
- 42,
- ],
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "flags": [ # The flags to use when installing the MSI
- # defaults to ["/i"] (i.e. the install flag).
- "A String",
- ],
- },
- "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
- "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
- # successfully. Behaviour defaults to [0]
- 42,
- ],
- "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
- # specified the script is executed directly, which likely
- # only succeed for scripts with
- # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
- "script": "A String", # Required. The shell script to be executed.
- },
- "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- },
- "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- },
- "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
- # false and the file already exists the file is not overwritten
- # and the step is considered a success. Defaults to false.
- "destination": "A String", # Required. The absolute path on the instance to put the file.
- "permissions": "A String", # Consists of three octal digits which represent, in
- # order, the permissions of the owner, group, and other users for the
- # file (similarly to the numeric mode used in the linux chmod utility).
- # Each digit represents a three bit number with the 4 bit
- # corresponding to the read permissions, the 2 bit corresponds to the
- # write bit, and the one bit corresponds to the execute permission.
- # Default behavior is 755.
- #
- # Below are some examples of permissions and their associated values:
- # read, write, and execute: 7
- # read and execute: 5
- # read and write: 6
- # read only: 4
- },
- "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
- "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
- # can return to indicate a success.
- 42,
- ],
- "artifactId": "A String", # The id of the relevant artifact in the recipe.
- "args": [ # Arguments to be passed to the provided executable.
- "A String",
- ],
- "localPath": "A String", # The absolute path of the file on the local filesystem.
- },
+ "apt": { # Represents a single Apt package repository. This repository is added to # An Apt Repository.
+ # a repo file that is stored at
+ # `/etc/apt/sources.list.d/google_osconfig.list`.
+ "archiveType": "A String", # Type of archive files in this repository. The default behavior is DEB.
+ "gpgKey": "A String", # URI of the key file for this repository. The agent maintains
+ # a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing
+ # all the keys in any applied guest policy.
+ "uri": "A String", # Required. URI for this repository.
+ "components": [ # Required. List of components for this repository. Must contain at least one item.
+ "A String",
+ ],
+ "distribution": "A String", # Required. Distribution of this repository.
},
- ],
- "name": "A String", # Required. Unique identifier for the recipe. Only one recipe with a given name is
- # installed on an instance.
- #
- # Names are also used to identify resources which helps to determine whether
- # guest policies have conflicts. This means that requests to create multiple
- # recipes with the same name and version are rejected since they
- # could potentially have conflicting assignments.
- "updateSteps": [ # Actions to be taken for updating this recipe. On failure it stops
- # executing steps and does not attempt another update for this recipe. Any
- # steps taken (including partially completed steps) are not rolled back.
- { # An action that can be taken as part of installing or updating a recipe.
- "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "destination": "A String", # Directory to extract archive to.
- # Defaults to `/` on Linux or `C:\` on Windows.
- "type": "A String", # Required. The type of the archive to extract.
- },
- "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
- "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
- # successfully. Behaviour defaults to [0]
- 42,
- ],
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "flags": [ # The flags to use when installing the MSI
- # defaults to ["/i"] (i.e. the install flag).
- "A String",
- ],
- },
- "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
- "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
- # successfully. Behaviour defaults to [0]
- 42,
- ],
- "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
- # specified the script is executed directly, which likely
- # only succeed for scripts with
- # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
- "script": "A String", # Required. The shell script to be executed.
- },
- "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- },
- "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- },
- "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
- # false and the file already exists the file is not overwritten
- # and the step is considered a success. Defaults to false.
- "destination": "A String", # Required. The absolute path on the instance to put the file.
- "permissions": "A String", # Consists of three octal digits which represent, in
- # order, the permissions of the owner, group, and other users for the
- # file (similarly to the numeric mode used in the linux chmod utility).
- # Each digit represents a three bit number with the 4 bit
- # corresponding to the read permissions, the 2 bit corresponds to the
- # write bit, and the one bit corresponds to the execute permission.
- # Default behavior is 755.
- #
- # Below are some examples of permissions and their associated values:
- # read, write, and execute: 7
- # read and execute: 5
- # read and write: 6
- # read only: 4
- },
- "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
- "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
- # can return to indicate a success.
- 42,
- ],
- "artifactId": "A String", # The id of the relevant artifact in the recipe.
- "args": [ # Arguments to be passed to the provided executable.
- "A String",
- ],
- "localPath": "A String", # The absolute path of the file on the local filesystem.
- },
+ "zypper": { # Represents a single Zypper package repository. This repository is added to a # A Zypper Repository.
+ # repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`.
+ "gpgKeys": [ # URIs of GPG keys.
+ "A String",
+ ],
+ "id": "A String", # Required. A one word, unique name for this repository. This is
+ # the `repo id` in the zypper config file and also the `display_name` if
+ # `display_name` is omitted. This id is also used as the unique identifier
+ # when checking for guest policy conflicts.
+ "displayName": "A String", # The display name of the repository.
+ "baseUrl": "A String", # Required. The location of the repository directory.
},
- ],
- "version": "A String", # The version of this software recipe. Version can be up to 4 period
- # separated numbers (e.g. 12.34.56.78).
- "desiredState": "A String", # Default is INSTALLED. The desired state the agent should maintain for this
- # recipe.
- #
- # INSTALLED: The software recipe is installed on the instance but
- # won't be updated to new versions.
- # UPDATED: The software recipe is installed on the instance. The recipe is
- # updated to a higher version, if a higher version of the recipe is
- # assigned to this instance.
- # REMOVE: Remove is unsupported for software recipes and attempts to
- # create or update a recipe to the REMOVE state is rejected.
- },
- ],
- "assignment": { # An assignment represents the group or groups of VM instances that the policy # Required. Specifies the VM instances that are assigned to this policy. This allows
- # you to target sets or groups of VM instances by different parameters such
- # as labels, names, OS, or zones.
- #
- # If left empty, all VM instances underneath this policy are targeted.
- #
- # At the same level in the resource hierarchy (that is within a project), the
- # service prevents the creation of multiple policies that conflict with
- # each other. For more information, see how the service [handles assignment
- # conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts).
- # applies to.
- #
- # If an assignment is empty, it applies to all VM instances. Otherwise, the
- # targeted VM instances must meet all the criteria specified. So if both
- # labels and zones are specified, the policy applies to VM instances with those
- # labels and in those zones.
- "instances": [ # Targets any of the instances specified. Instances are specified by their
- # URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`.
- #
- # Instance targeting is uncommon and is supported to facilitate the
- # management of changes by the instance or to target specific VM instances
- # for development and testing.
- #
- # Only supported for project-level policies and must reference instances
- # within this project.
- "A String",
- ],
- "instanceNamePrefixes": [ # Targets VM instances whose name starts with one of these prefixes.
- #
- # Like labels, this is another way to group VM instances when targeting
- # configs, for example prefix="prod-".
- #
- # Only supported for project-level policies.
- "A String",
- ],
- "zones": [ # Targets instances in any of these zones. Leave empty to target instances
- # in any zone.
- #
- # Zonal targeting is uncommon and is supported to facilitate the management
- # of changes by zone.
- "A String",
- ],
- "groupLabels": [ # Targets instances matching at least one of these label sets. This allows
- # an assignment to target disparate groups, for example "env=prod or
- # env=staging".
- { # Represents a group of VM intances that can be identified as having all
- # these labels, for example "env=prod and app=web".
- "labels": { # Google Compute Engine instance labels that must be present for an
- # instance to be included in this assignment group.
- "a_key": "A String",
+ "yum": { # Represents a single Yum package repository. This repository is added to a # A Yum Repository.
+ # repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`.
+ "id": "A String", # Required. A one word, unique name for this repository. This is
+ # the `repo id` in the Yum config file and also the `display_name` if
+ # `display_name` is omitted. This id is also used as the unique identifier
+ # when checking for guest policy conflicts.
+ "displayName": "A String", # The display name of the repository.
+ "baseUrl": "A String", # Required. The location of the repository directory.
+ "gpgKeys": [ # URIs of GPG keys.
+ "A String",
+ ],
},
},
],
- "osTypes": [ # Targets VM instances matching at least one of the following OS types.
- #
- # VM instances must match all supplied criteria for a given OsType to be
- # included.
- { # Defines the criteria for selecting VM Instances by OS type.
- "osShortName": "A String", # Targets VM instances with OS Inventory enabled and having the following
- # OS short name, for example "debian" or "windows".
- "osArchitecture": "A String", # Targets VM instances with OS Inventory enabled and having the following
- # OS architecture.
- "osVersion": "A String", # Targets VM instances with OS Inventory enabled and having the following
- # following OS version.
+ "packages": [ # The software packages to be managed by this policy.
+ { # Package is a reference to the software package to be installed or removed.
+ # The agent on the VM instance uses the system package manager to apply the
+ # config.
+ #
+ #
+ # These are the commands that the agent uses to install or remove
+ # packages.
+ #
+ # Apt
+ # install: `apt-get update && apt-get -y install package1 package2 package3`
+ # remove: `apt-get -y remove package1 package2 package3`
+ #
+ # Yum
+ # install: `yum -y install package1 package2 package3`
+ # remove: `yum -y remove package1 package2 package3`
+ #
+ # Zypper
+ # install: `zypper install package1 package2 package3`
+ # remove: `zypper rm package1 package2`
+ #
+ # Googet
+ # install: `googet -noconfirm install package1 package2 package3`
+ # remove: `googet -noconfirm remove package1 package2 package3`
+ "desiredState": "A String", # The desired_state the agent should maintain for this package. The
+ # default is to ensure the package is installed.
+ "name": "A String", # Required. The name of the package. A package is uniquely identified for conflict
+ # validation by checking the package name and the manager(s) that the
+ # package targets.
+ "manager": "A String", # Type of package manager that can be used to install this package.
+ # If a system does not have the package manager, the package is not
+ # installed or removed no error message is returned. By default,
+ # or if you specify `ANY`,
+ # the agent attempts to install and remove this package using the default
+ # package manager. This is useful when creating a policy that applies to
+ # different types of systems.
+ #
+ # The default behavior is ANY.
},
],
+ "assignment": { # An assignment represents the group or groups of VM instances that the policy # Required. Specifies the VM instances that are assigned to this policy. This allows
+ # you to target sets or groups of VM instances by different parameters such
+ # as labels, names, OS, or zones.
+ #
+ # If left empty, all VM instances underneath this policy are targeted.
+ #
+ # At the same level in the resource hierarchy (that is within a project), the
+ # service prevents the creation of multiple policies that conflict with
+ # each other. For more information, see how the service [handles assignment
+ # conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts).
+ # applies to.
+ #
+ # If an assignment is empty, it applies to all VM instances. Otherwise, the
+ # targeted VM instances must meet all the criteria specified. So if both
+ # labels and zones are specified, the policy applies to VM instances with those
+ # labels and in those zones.
+ "instanceNamePrefixes": [ # Targets VM instances whose name starts with one of these prefixes.
+ #
+ # Like labels, this is another way to group VM instances when targeting
+ # configs, for example prefix="prod-".
+ #
+ # Only supported for project-level policies.
+ "A String",
+ ],
+ "groupLabels": [ # Targets instances matching at least one of these label sets. This allows
+ # an assignment to target disparate groups, for example "env=prod or
+ # env=staging".
+ { # Represents a group of VM intances that can be identified as having all
+ # these labels, for example "env=prod and app=web".
+ "labels": { # Google Compute Engine instance labels that must be present for an
+ # instance to be included in this assignment group.
+ "a_key": "A String",
+ },
+ },
+ ],
+ "osTypes": [ # Targets VM instances matching at least one of the following OS types.
+ #
+ # VM instances must match all supplied criteria for a given OsType to be
+ # included.
+ { # Defines the criteria for selecting VM Instances by OS type.
+ "osVersion": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # following OS version.
+ "osShortName": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # OS short name, for example "debian" or "windows".
+ "osArchitecture": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # OS architecture.
+ },
+ ],
+ "instances": [ # Targets any of the instances specified. Instances are specified by their
+ # URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`.
+ #
+ # Instance targeting is uncommon and is supported to facilitate the
+ # management of changes by the instance or to target specific VM instances
+ # for development and testing.
+ #
+ # Only supported for project-level policies and must reference instances
+ # within this project.
+ "A String",
+ ],
+ "zones": [ # Targets instances in any of these zones. Leave empty to target instances
+ # in any zone.
+ #
+ # Zonal targeting is uncommon and is supported to facilitate the management
+ # of changes by zone.
+ "A String",
+ ],
+ },
+ "createTime": "A String", # Output only. Time this guest policy was created.
+ "etag": "A String", # The etag for this guest policy.
+ # If this is provided on update, it must match the server's etag.
+ "updateTime": "A String", # Output only. Last time this guest policy was updated.
+ "name": "A String", # Required. Unique name of the resource in this project using one of the following
+ # forms:
+ # `projects/{project_number}/guestPolicies/{guest_policy_id}`.
+ "recipes": [ # A list of Recipes to install on the VM instance.
+ { # A software recipe is a set of instructions for installing and configuring a
+ # piece of software. It consists of a set of artifacts that are
+ # downloaded, and a set of steps that install, configure, and/or update the
+ # software.
+ #
+ # Recipes support installing and updating software from artifacts in the
+ # following formats:
+ # Zip archive, Tar archive, Windows MSI, Debian package, and RPM package.
+ #
+ # Additionally, recipes support executing a script (either defined in a file or
+ # directly in this api) in bash, sh, cmd, and powershell.
+ #
+ # Updating a software recipe
+ #
+ # If a recipe is assigned to an instance and there is a recipe with the same
+ # name but a lower version already installed and the assigned state
+ # of the recipe is `UPDATED`, then the recipe is updated to
+ # the new version.
+ #
+ # Script Working Directories
+ #
+ # Each script or execution step is run in its own temporary directory which
+ # is deleted after completing the step.
+ "updateSteps": [ # Actions to be taken for updating this recipe. On failure it stops
+ # executing steps and does not attempt another update for this recipe. Any
+ # steps taken (including partially completed steps) are not rolled back.
+ { # An action that can be taken as part of installing or updating a recipe.
+ "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
+ "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
+ # can return to indicate a success.
+ 42,
+ ],
+ "localPath": "A String", # The absolute path of the file on the local filesystem.
+ "args": [ # Arguments to be passed to the provided executable.
+ "A String",
+ ],
+ "artifactId": "A String", # The id of the relevant artifact in the recipe.
+ },
+ "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
+ "type": "A String", # Required. The type of the archive to extract.
+ "destination": "A String", # Directory to extract archive to.
+ # Defaults to `/` on Linux or `C:\` on Windows.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
+ "flags": [ # The flags to use when installing the MSI
+ # defaults to ["/i"] (i.e. the install flag).
+ "A String",
+ ],
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ },
+ "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
+ "permissions": "A String", # Consists of three octal digits which represent, in
+ # order, the permissions of the owner, group, and other users for the
+ # file (similarly to the numeric mode used in the linux chmod utility).
+ # Each digit represents a three bit number with the 4 bit
+ # corresponding to the read permissions, the 2 bit corresponds to the
+ # write bit, and the one bit corresponds to the execute permission.
+ # Default behavior is 755.
+ #
+ # Below are some examples of permissions and their associated values:
+ # read, write, and execute: 7
+ # read and execute: 5
+ # read and write: 6
+ # read only: 4
+ "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
+ # false and the file already exists the file is not overwritten
+ # and the step is considered a success. Defaults to false.
+ "destination": "A String", # Required. The absolute path on the instance to put the file.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
+ "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
+ # specified the script is executed directly, which likely
+ # only succeed for scripts with
+ # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
+ "script": "A String", # Required. The shell script to be executed.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ },
+ "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ },
+ ],
+ "artifacts": [ # Resources available to be used in the steps in the recipe.
+ { # Specifies a resource to be used in the recipe.
+ "id": "A String", # Required. Id of the artifact, which the installation and update steps of this
+ # recipe can reference. Artifacts in a recipe cannot have the same id.
+ "remote": { # Specifies an artifact available via some URI. # A generic remote artifact.
+ "checksum": "A String", # Must be provided if `allow_insecure` is `false`.
+ # SHA256 checksum in hex format, to compare to the checksum of the
+ # artifact. If the checksum is not empty and it doesn't match the
+ # artifact then the recipe installation fails before running any of the
+ # steps.
+ "uri": "A String", # URI from which to fetch the object. It should contain both the protocol
+ # and path following the format {protocol}://{location}.
+ },
+ "allowInsecure": True or False, # Defaults to false. When false, recipes are subject to validations
+ # based on the artifact type:
+ #
+ # Remote: A checksum must be specified, and only protocols with
+ # transport-layer security are permitted.
+ # GCS: An object generation number must be specified.
+ "gcs": { # Specifies an artifact available as a Google Cloud Storage object. # A Google Cloud Storage artifact.
+ "object": "A String", # Name of the Google Cloud Storage object.
+ # As specified [here]
+ # (https://cloud.google.com/storage/docs/naming#objectnames)
+ # Given an example URL:
+ # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
+ # this value would be `foo/bar`.
+ "generation": "A String", # Must be provided if allow_insecure is false.
+ # Generation number of the Google Cloud Storage object.
+ # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
+ # this value would be `1234567`.
+ "bucket": "A String", # Bucket of the Google Cloud Storage object.
+ # Given an example URL:
+ # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
+ # this value would be `my-bucket`.
+ },
+ },
+ ],
+ "desiredState": "A String", # Default is INSTALLED. The desired state the agent should maintain for this
+ # recipe.
+ #
+ # INSTALLED: The software recipe is installed on the instance but
+ # won't be updated to new versions.
+ # UPDATED: The software recipe is installed on the instance. The recipe is
+ # updated to a higher version, if a higher version of the recipe is
+ # assigned to this instance.
+ # REMOVE: Remove is unsupported for software recipes and attempts to
+ # create or update a recipe to the REMOVE state is rejected.
+ "name": "A String", # Required. Unique identifier for the recipe. Only one recipe with a given name is
+ # installed on an instance.
+ #
+ # Names are also used to identify resources which helps to determine whether
+ # guest policies have conflicts. This means that requests to create multiple
+ # recipes with the same name and version are rejected since they
+ # could potentially have conflicting assignments.
+ "version": "A String", # The version of this software recipe. Version can be up to 4 period
+ # separated numbers (e.g. 12.34.56.78).
+ "installSteps": [ # Actions to be taken for installing this recipe. On failure it stops
+ # executing steps and does not attempt another installation. Any steps taken
+ # (including partially completed steps) are not rolled back.
+ { # An action that can be taken as part of installing or updating a recipe.
+ "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
+ "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
+ # can return to indicate a success.
+ 42,
+ ],
+ "localPath": "A String", # The absolute path of the file on the local filesystem.
+ "args": [ # Arguments to be passed to the provided executable.
+ "A String",
+ ],
+ "artifactId": "A String", # The id of the relevant artifact in the recipe.
+ },
+ "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
+ "type": "A String", # Required. The type of the archive to extract.
+ "destination": "A String", # Directory to extract archive to.
+ # Defaults to `/` on Linux or `C:\` on Windows.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
+ "flags": [ # The flags to use when installing the MSI
+ # defaults to ["/i"] (i.e. the install flag).
+ "A String",
+ ],
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ },
+ "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
+ "permissions": "A String", # Consists of three octal digits which represent, in
+ # order, the permissions of the owner, group, and other users for the
+ # file (similarly to the numeric mode used in the linux chmod utility).
+ # Each digit represents a three bit number with the 4 bit
+ # corresponding to the read permissions, the 2 bit corresponds to the
+ # write bit, and the one bit corresponds to the execute permission.
+ # Default behavior is 755.
+ #
+ # Below are some examples of permissions and their associated values:
+ # read, write, and execute: 7
+ # read and execute: 5
+ # read and write: 6
+ # read only: 4
+ "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
+ # false and the file already exists the file is not overwritten
+ # and the step is considered a success. Defaults to false.
+ "destination": "A String", # Required. The absolute path on the instance to put the file.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
+ "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
+ # specified the script is executed directly, which likely
+ # only succeed for scripts with
+ # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
+ "script": "A String", # Required. The shell script to be executed.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ },
+ "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ },
+ ],
+ },
+ ],
+ "description": "A String", # Description of the guest policy. Length of the description is limited
+ # to 1024 characters.
},
- "description": "A String", # Description of the guest policy. Length of the description is limited
- # to 1024 characters.
- "packageRepositories": [ # A list of package repositories to configure on the VM instance. This is
- # done before any other configs are applied so they can use these repos.
- # Package repositories are only configured if the corresponding package
- # manager(s) are available.
- { # A package repository.
- "zypper": { # Represents a single Zypper package repository. This repository is added to a # A Zypper Repository.
- # repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`.
- "displayName": "A String", # The display name of the repository.
- "id": "A String", # Required. A one word, unique name for this repository. This is
- # the `repo id` in the zypper config file and also the `display_name` if
- # `display_name` is omitted. This id is also used as the unique identifier
- # when checking for guest policy conflicts.
- "baseUrl": "A String", # Required. The location of the repository directory.
- "gpgKeys": [ # URIs of GPG keys.
- "A String",
- ],
- },
- "apt": { # Represents a single Apt package repository. This repository is added to # An Apt Repository.
- # a repo file that is stored at
- # `/etc/apt/sources.list.d/google_osconfig.list`.
- "gpgKey": "A String", # URI of the key file for this repository. The agent maintains
- # a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing
- # all the keys in any applied guest policy.
- "distribution": "A String", # Required. Distribution of this repository.
- "components": [ # Required. List of components for this repository. Must contain at least one item.
- "A String",
- ],
- "archiveType": "A String", # Type of archive files in this repository. The default behavior is DEB.
- "uri": "A String", # Required. URI for this repository.
- },
- "yum": { # Represents a single Yum package repository. This repository is added to a # A Yum Repository.
- # repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`.
- "id": "A String", # Required. A one word, unique name for this repository. This is
- # the `repo id` in the Yum config file and also the `display_name` if
- # `display_name` is omitted. This id is also used as the unique identifier
- # when checking for guest policy conflicts.
- "baseUrl": "A String", # Required. The location of the repository directory.
- "gpgKeys": [ # URIs of GPG keys.
- "A String",
- ],
- "displayName": "A String", # The display name of the repository.
- },
- "goo": { # Represents a Goo package repository. These is added to a repo file # A Goo Repository.
- # that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo.
- "url": "A String", # Required. The url of the repository.
- "name": "A String", # Required. The name of the repository.
- },
- },
- ],
- "etag": "A String", # The etag for this guest policy.
- # If this is provided on update, it must match the server's etag.
- },
],
}</pre>
</div>
@@ -1794,415 +1794,58 @@
The object takes the form of:
{ # An OS Config resource representing a guest configuration policy. These
- # policies represent the desired state for VM instance guest environments
- # including packages to install or remove, package repository configurations,
- # and software to install.
- "createTime": "A String", # Output only. Time this guest policy was created.
- "packages": [ # The software packages to be managed by this policy.
- { # Package is a reference to the software package to be installed or removed.
- # The agent on the VM instance uses the system package manager to apply the
- # config.
- #
- #
- # These are the commands that the agent uses to install or remove
- # packages.
- #
- # Apt
- # install: `apt-get update && apt-get -y install package1 package2 package3`
- # remove: `apt-get -y remove package1 package2 package3`
- #
- # Yum
- # install: `yum -y install package1 package2 package3`
- # remove: `yum -y remove package1 package2 package3`
- #
- # Zypper
- # install: `zypper install package1 package2 package3`
- # remove: `zypper rm package1 package2`
- #
- # Googet
- # install: `googet -noconfirm install package1 package2 package3`
- # remove: `googet -noconfirm remove package1 package2 package3`
- "desiredState": "A String", # The desired_state the agent should maintain for this package. The
- # default is to ensure the package is installed.
- "name": "A String", # Required. The name of the package. A package is uniquely identified for conflict
- # validation by checking the package name and the manager(s) that the
- # package targets.
- "manager": "A String", # Type of package manager that can be used to install this package.
- # If a system does not have the package manager, the package is not
- # installed or removed no error message is returned. By default,
- # or if you specify `ANY`,
- # the agent attempts to install and remove this package using the default
- # package manager. This is useful when creating a policy that applies to
- # different types of systems.
- #
- # The default behavior is ANY.
- },
- ],
- "updateTime": "A String", # Output only. Last time this guest policy was updated.
- "name": "A String", # Required. Unique name of the resource in this project using one of the following
- # forms:
- # `projects/{project_number}/guestPolicies/{guest_policy_id}`.
- "recipes": [ # A list of Recipes to install on the VM instance.
- { # A software recipe is a set of instructions for installing and configuring a
- # piece of software. It consists of a set of artifacts that are
- # downloaded, and a set of steps that install, configure, and/or update the
- # software.
- #
- # Recipes support installing and updating software from artifacts in the
- # following formats:
- # Zip archive, Tar archive, Windows MSI, Debian package, and RPM package.
- #
- # Additionally, recipes support executing a script (either defined in a file or
- # directly in this api) in bash, sh, cmd, and powershell.
- #
- # Updating a software recipe
- #
- # If a recipe is assigned to an instance and there is a recipe with the same
- # name but a lower version already installed and the assigned state
- # of the recipe is `UPDATED`, then the recipe is updated to
- # the new version.
- #
- # Script Working Directories
- #
- # Each script or execution step is run in its own temporary directory which
- # is deleted after completing the step.
- "artifacts": [ # Resources available to be used in the steps in the recipe.
- { # Specifies a resource to be used in the recipe.
- "remote": { # Specifies an artifact available via some URI. # A generic remote artifact.
- "checksum": "A String", # Must be provided if `allow_insecure` is `false`.
- # SHA256 checksum in hex format, to compare to the checksum of the
- # artifact. If the checksum is not empty and it doesn't match the
- # artifact then the recipe installation fails before running any of the
- # steps.
- "uri": "A String", # URI from which to fetch the object. It should contain both the protocol
- # and path following the format {protocol}://{location}.
- },
- "gcs": { # Specifies an artifact available as a Google Cloud Storage object. # A Google Cloud Storage artifact.
- "object": "A String", # Name of the Google Cloud Storage object.
- # As specified [here]
- # (https://cloud.google.com/storage/docs/naming#objectnames)
- # Given an example URL:
- # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
- # this value would be `foo/bar`.
- "generation": "A String", # Must be provided if allow_insecure is false.
- # Generation number of the Google Cloud Storage object.
- # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
- # this value would be `1234567`.
- "bucket": "A String", # Bucket of the Google Cloud Storage object.
- # Given an example URL:
- # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
- # this value would be `my-bucket`.
- },
- "id": "A String", # Required. Id of the artifact, which the installation and update steps of this
- # recipe can reference. Artifacts in a recipe cannot have the same id.
- "allowInsecure": True or False, # Defaults to false. When false, recipes are subject to validations
- # based on the artifact type:
- #
- # Remote: A checksum must be specified, and only protocols with
- # transport-layer security are permitted.
- # GCS: An object generation number must be specified.
- },
- ],
- "installSteps": [ # Actions to be taken for installing this recipe. On failure it stops
- # executing steps and does not attempt another installation. Any steps taken
- # (including partially completed steps) are not rolled back.
- { # An action that can be taken as part of installing or updating a recipe.
- "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "destination": "A String", # Directory to extract archive to.
- # Defaults to `/` on Linux or `C:\` on Windows.
- "type": "A String", # Required. The type of the archive to extract.
- },
- "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
- "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
- # successfully. Behaviour defaults to [0]
- 42,
- ],
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "flags": [ # The flags to use when installing the MSI
- # defaults to ["/i"] (i.e. the install flag).
- "A String",
- ],
- },
- "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
- "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
- # successfully. Behaviour defaults to [0]
- 42,
- ],
- "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
- # specified the script is executed directly, which likely
- # only succeed for scripts with
- # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
- "script": "A String", # Required. The shell script to be executed.
- },
- "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- },
- "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- },
- "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
- # false and the file already exists the file is not overwritten
- # and the step is considered a success. Defaults to false.
- "destination": "A String", # Required. The absolute path on the instance to put the file.
- "permissions": "A String", # Consists of three octal digits which represent, in
- # order, the permissions of the owner, group, and other users for the
- # file (similarly to the numeric mode used in the linux chmod utility).
- # Each digit represents a three bit number with the 4 bit
- # corresponding to the read permissions, the 2 bit corresponds to the
- # write bit, and the one bit corresponds to the execute permission.
- # Default behavior is 755.
- #
- # Below are some examples of permissions and their associated values:
- # read, write, and execute: 7
- # read and execute: 5
- # read and write: 6
- # read only: 4
- },
- "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
- "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
- # can return to indicate a success.
- 42,
- ],
- "artifactId": "A String", # The id of the relevant artifact in the recipe.
- "args": [ # Arguments to be passed to the provided executable.
- "A String",
- ],
- "localPath": "A String", # The absolute path of the file on the local filesystem.
- },
- },
- ],
- "name": "A String", # Required. Unique identifier for the recipe. Only one recipe with a given name is
- # installed on an instance.
- #
- # Names are also used to identify resources which helps to determine whether
- # guest policies have conflicts. This means that requests to create multiple
- # recipes with the same name and version are rejected since they
- # could potentially have conflicting assignments.
- "updateSteps": [ # Actions to be taken for updating this recipe. On failure it stops
- # executing steps and does not attempt another update for this recipe. Any
- # steps taken (including partially completed steps) are not rolled back.
- { # An action that can be taken as part of installing or updating a recipe.
- "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "destination": "A String", # Directory to extract archive to.
- # Defaults to `/` on Linux or `C:\` on Windows.
- "type": "A String", # Required. The type of the archive to extract.
- },
- "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
- "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
- # successfully. Behaviour defaults to [0]
- 42,
- ],
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "flags": [ # The flags to use when installing the MSI
- # defaults to ["/i"] (i.e. the install flag).
- "A String",
- ],
- },
- "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
- "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
- # successfully. Behaviour defaults to [0]
- 42,
- ],
- "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
- # specified the script is executed directly, which likely
- # only succeed for scripts with
- # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
- "script": "A String", # Required. The shell script to be executed.
- },
- "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- },
- "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- },
- "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
- # false and the file already exists the file is not overwritten
- # and the step is considered a success. Defaults to false.
- "destination": "A String", # Required. The absolute path on the instance to put the file.
- "permissions": "A String", # Consists of three octal digits which represent, in
- # order, the permissions of the owner, group, and other users for the
- # file (similarly to the numeric mode used in the linux chmod utility).
- # Each digit represents a three bit number with the 4 bit
- # corresponding to the read permissions, the 2 bit corresponds to the
- # write bit, and the one bit corresponds to the execute permission.
- # Default behavior is 755.
- #
- # Below are some examples of permissions and their associated values:
- # read, write, and execute: 7
- # read and execute: 5
- # read and write: 6
- # read only: 4
- },
- "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
- "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
- # can return to indicate a success.
- 42,
- ],
- "artifactId": "A String", # The id of the relevant artifact in the recipe.
- "args": [ # Arguments to be passed to the provided executable.
- "A String",
- ],
- "localPath": "A String", # The absolute path of the file on the local filesystem.
- },
- },
- ],
- "version": "A String", # The version of this software recipe. Version can be up to 4 period
- # separated numbers (e.g. 12.34.56.78).
- "desiredState": "A String", # Default is INSTALLED. The desired state the agent should maintain for this
- # recipe.
- #
- # INSTALLED: The software recipe is installed on the instance but
- # won't be updated to new versions.
- # UPDATED: The software recipe is installed on the instance. The recipe is
- # updated to a higher version, if a higher version of the recipe is
- # assigned to this instance.
- # REMOVE: Remove is unsupported for software recipes and attempts to
- # create or update a recipe to the REMOVE state is rejected.
- },
- ],
- "assignment": { # An assignment represents the group or groups of VM instances that the policy # Required. Specifies the VM instances that are assigned to this policy. This allows
- # you to target sets or groups of VM instances by different parameters such
- # as labels, names, OS, or zones.
- #
- # If left empty, all VM instances underneath this policy are targeted.
- #
- # At the same level in the resource hierarchy (that is within a project), the
- # service prevents the creation of multiple policies that conflict with
- # each other. For more information, see how the service [handles assignment
- # conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts).
- # applies to.
- #
- # If an assignment is empty, it applies to all VM instances. Otherwise, the
- # targeted VM instances must meet all the criteria specified. So if both
- # labels and zones are specified, the policy applies to VM instances with those
- # labels and in those zones.
- "instances": [ # Targets any of the instances specified. Instances are specified by their
- # URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`.
- #
- # Instance targeting is uncommon and is supported to facilitate the
- # management of changes by the instance or to target specific VM instances
- # for development and testing.
- #
- # Only supported for project-level policies and must reference instances
- # within this project.
- "A String",
- ],
- "instanceNamePrefixes": [ # Targets VM instances whose name starts with one of these prefixes.
- #
- # Like labels, this is another way to group VM instances when targeting
- # configs, for example prefix="prod-".
- #
- # Only supported for project-level policies.
- "A String",
- ],
- "zones": [ # Targets instances in any of these zones. Leave empty to target instances
- # in any zone.
- #
- # Zonal targeting is uncommon and is supported to facilitate the management
- # of changes by zone.
- "A String",
- ],
- "groupLabels": [ # Targets instances matching at least one of these label sets. This allows
- # an assignment to target disparate groups, for example "env=prod or
- # env=staging".
- { # Represents a group of VM intances that can be identified as having all
- # these labels, for example "env=prod and app=web".
- "labels": { # Google Compute Engine instance labels that must be present for an
- # instance to be included in this assignment group.
- "a_key": "A String",
- },
- },
- ],
- "osTypes": [ # Targets VM instances matching at least one of the following OS types.
- #
- # VM instances must match all supplied criteria for a given OsType to be
- # included.
- { # Defines the criteria for selecting VM Instances by OS type.
- "osShortName": "A String", # Targets VM instances with OS Inventory enabled and having the following
- # OS short name, for example "debian" or "windows".
- "osArchitecture": "A String", # Targets VM instances with OS Inventory enabled and having the following
- # OS architecture.
- "osVersion": "A String", # Targets VM instances with OS Inventory enabled and having the following
- # following OS version.
- },
- ],
- },
- "description": "A String", # Description of the guest policy. Length of the description is limited
- # to 1024 characters.
- "packageRepositories": [ # A list of package repositories to configure on the VM instance. This is
- # done before any other configs are applied so they can use these repos.
- # Package repositories are only configured if the corresponding package
- # manager(s) are available.
- { # A package repository.
- "zypper": { # Represents a single Zypper package repository. This repository is added to a # A Zypper Repository.
- # repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`.
- "displayName": "A String", # The display name of the repository.
- "id": "A String", # Required. A one word, unique name for this repository. This is
- # the `repo id` in the zypper config file and also the `display_name` if
- # `display_name` is omitted. This id is also used as the unique identifier
- # when checking for guest policy conflicts.
- "baseUrl": "A String", # Required. The location of the repository directory.
- "gpgKeys": [ # URIs of GPG keys.
- "A String",
- ],
- },
- "apt": { # Represents a single Apt package repository. This repository is added to # An Apt Repository.
- # a repo file that is stored at
- # `/etc/apt/sources.list.d/google_osconfig.list`.
- "gpgKey": "A String", # URI of the key file for this repository. The agent maintains
- # a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing
- # all the keys in any applied guest policy.
- "distribution": "A String", # Required. Distribution of this repository.
- "components": [ # Required. List of components for this repository. Must contain at least one item.
- "A String",
- ],
- "archiveType": "A String", # Type of archive files in this repository. The default behavior is DEB.
- "uri": "A String", # Required. URI for this repository.
- },
- "yum": { # Represents a single Yum package repository. This repository is added to a # A Yum Repository.
- # repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`.
- "id": "A String", # Required. A one word, unique name for this repository. This is
- # the `repo id` in the Yum config file and also the `display_name` if
- # `display_name` is omitted. This id is also used as the unique identifier
- # when checking for guest policy conflicts.
- "baseUrl": "A String", # Required. The location of the repository directory.
- "gpgKeys": [ # URIs of GPG keys.
- "A String",
- ],
- "displayName": "A String", # The display name of the repository.
- },
- "goo": { # Represents a Goo package repository. These is added to a repo file # A Goo Repository.
- # that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo.
- "url": "A String", # Required. The url of the repository.
- "name": "A String", # Required. The name of the repository.
- },
- },
- ],
- "etag": "A String", # The etag for this guest policy.
- # If this is provided on update, it must match the server's etag.
-}
-
- updateMask: string, Field mask that controls which fields of the guest policy should be
-updated.
- x__xgafv: string, V1 error format.
- Allowed values
- 1 - v1 error format
- 2 - v2 error format
-
-Returns:
- An object of the form:
-
- { # An OS Config resource representing a guest configuration policy. These
# policies represent the desired state for VM instance guest environments
# including packages to install or remove, package repository configurations,
# and software to install.
- "createTime": "A String", # Output only. Time this guest policy was created.
+ "packageRepositories": [ # A list of package repositories to configure on the VM instance. This is
+ # done before any other configs are applied so they can use these repos.
+ # Package repositories are only configured if the corresponding package
+ # manager(s) are available.
+ { # A package repository.
+ "goo": { # Represents a Goo package repository. These is added to a repo file # A Goo Repository.
+ # that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo.
+ "url": "A String", # Required. The url of the repository.
+ "name": "A String", # Required. The name of the repository.
+ },
+ "apt": { # Represents a single Apt package repository. This repository is added to # An Apt Repository.
+ # a repo file that is stored at
+ # `/etc/apt/sources.list.d/google_osconfig.list`.
+ "archiveType": "A String", # Type of archive files in this repository. The default behavior is DEB.
+ "gpgKey": "A String", # URI of the key file for this repository. The agent maintains
+ # a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing
+ # all the keys in any applied guest policy.
+ "uri": "A String", # Required. URI for this repository.
+ "components": [ # Required. List of components for this repository. Must contain at least one item.
+ "A String",
+ ],
+ "distribution": "A String", # Required. Distribution of this repository.
+ },
+ "zypper": { # Represents a single Zypper package repository. This repository is added to a # A Zypper Repository.
+ # repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`.
+ "gpgKeys": [ # URIs of GPG keys.
+ "A String",
+ ],
+ "id": "A String", # Required. A one word, unique name for this repository. This is
+ # the `repo id` in the zypper config file and also the `display_name` if
+ # `display_name` is omitted. This id is also used as the unique identifier
+ # when checking for guest policy conflicts.
+ "displayName": "A String", # The display name of the repository.
+ "baseUrl": "A String", # Required. The location of the repository directory.
+ },
+ "yum": { # Represents a single Yum package repository. This repository is added to a # A Yum Repository.
+ # repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`.
+ "id": "A String", # Required. A one word, unique name for this repository. This is
+ # the `repo id` in the Yum config file and also the `display_name` if
+ # `display_name` is omitted. This id is also used as the unique identifier
+ # when checking for guest policy conflicts.
+ "displayName": "A String", # The display name of the repository.
+ "baseUrl": "A String", # Required. The location of the repository directory.
+ "gpgKeys": [ # URIs of GPG keys.
+ "A String",
+ ],
+ },
+ },
+ ],
"packages": [ # The software packages to be managed by this policy.
{ # Package is a reference to the software package to be installed or removed.
# The agent on the VM instance uses the system package manager to apply the
@@ -2243,6 +1886,76 @@
# The default behavior is ANY.
},
],
+ "assignment": { # An assignment represents the group or groups of VM instances that the policy # Required. Specifies the VM instances that are assigned to this policy. This allows
+ # you to target sets or groups of VM instances by different parameters such
+ # as labels, names, OS, or zones.
+ #
+ # If left empty, all VM instances underneath this policy are targeted.
+ #
+ # At the same level in the resource hierarchy (that is within a project), the
+ # service prevents the creation of multiple policies that conflict with
+ # each other. For more information, see how the service [handles assignment
+ # conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts).
+ # applies to.
+ #
+ # If an assignment is empty, it applies to all VM instances. Otherwise, the
+ # targeted VM instances must meet all the criteria specified. So if both
+ # labels and zones are specified, the policy applies to VM instances with those
+ # labels and in those zones.
+ "instanceNamePrefixes": [ # Targets VM instances whose name starts with one of these prefixes.
+ #
+ # Like labels, this is another way to group VM instances when targeting
+ # configs, for example prefix="prod-".
+ #
+ # Only supported for project-level policies.
+ "A String",
+ ],
+ "groupLabels": [ # Targets instances matching at least one of these label sets. This allows
+ # an assignment to target disparate groups, for example "env=prod or
+ # env=staging".
+ { # Represents a group of VM intances that can be identified as having all
+ # these labels, for example "env=prod and app=web".
+ "labels": { # Google Compute Engine instance labels that must be present for an
+ # instance to be included in this assignment group.
+ "a_key": "A String",
+ },
+ },
+ ],
+ "osTypes": [ # Targets VM instances matching at least one of the following OS types.
+ #
+ # VM instances must match all supplied criteria for a given OsType to be
+ # included.
+ { # Defines the criteria for selecting VM Instances by OS type.
+ "osVersion": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # following OS version.
+ "osShortName": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # OS short name, for example "debian" or "windows".
+ "osArchitecture": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # OS architecture.
+ },
+ ],
+ "instances": [ # Targets any of the instances specified. Instances are specified by their
+ # URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`.
+ #
+ # Instance targeting is uncommon and is supported to facilitate the
+ # management of changes by the instance or to target specific VM instances
+ # for development and testing.
+ #
+ # Only supported for project-level policies and must reference instances
+ # within this project.
+ "A String",
+ ],
+ "zones": [ # Targets instances in any of these zones. Leave empty to target instances
+ # in any zone.
+ #
+ # Zonal targeting is uncommon and is supported to facilitate the management
+ # of changes by zone.
+ "A String",
+ ],
+ },
+ "createTime": "A String", # Output only. Time this guest policy was created.
+ "etag": "A String", # The etag for this guest policy.
+ # If this is provided on update, it must match the server's etag.
"updateTime": "A String", # Output only. Last time this guest policy was updated.
"name": "A String", # Required. Unique name of the resource in this project using one of the following
# forms:
@@ -2271,8 +1984,81 @@
#
# Each script or execution step is run in its own temporary directory which
# is deleted after completing the step.
+ "updateSteps": [ # Actions to be taken for updating this recipe. On failure it stops
+ # executing steps and does not attempt another update for this recipe. Any
+ # steps taken (including partially completed steps) are not rolled back.
+ { # An action that can be taken as part of installing or updating a recipe.
+ "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
+ "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
+ # can return to indicate a success.
+ 42,
+ ],
+ "localPath": "A String", # The absolute path of the file on the local filesystem.
+ "args": [ # Arguments to be passed to the provided executable.
+ "A String",
+ ],
+ "artifactId": "A String", # The id of the relevant artifact in the recipe.
+ },
+ "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
+ "type": "A String", # Required. The type of the archive to extract.
+ "destination": "A String", # Directory to extract archive to.
+ # Defaults to `/` on Linux or `C:\` on Windows.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
+ "flags": [ # The flags to use when installing the MSI
+ # defaults to ["/i"] (i.e. the install flag).
+ "A String",
+ ],
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ },
+ "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
+ "permissions": "A String", # Consists of three octal digits which represent, in
+ # order, the permissions of the owner, group, and other users for the
+ # file (similarly to the numeric mode used in the linux chmod utility).
+ # Each digit represents a three bit number with the 4 bit
+ # corresponding to the read permissions, the 2 bit corresponds to the
+ # write bit, and the one bit corresponds to the execute permission.
+ # Default behavior is 755.
+ #
+ # Below are some examples of permissions and their associated values:
+ # read, write, and execute: 7
+ # read and execute: 5
+ # read and write: 6
+ # read only: 4
+ "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
+ # false and the file already exists the file is not overwritten
+ # and the step is considered a success. Defaults to false.
+ "destination": "A String", # Required. The absolute path on the instance to put the file.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
+ "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
+ # specified the script is executed directly, which likely
+ # only succeed for scripts with
+ # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
+ "script": "A String", # Required. The shell script to be executed.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ },
+ "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ },
+ ],
"artifacts": [ # Resources available to be used in the steps in the recipe.
{ # Specifies a resource to be used in the recipe.
+ "id": "A String", # Required. Id of the artifact, which the installation and update steps of this
+ # recipe can reference. Artifacts in a recipe cannot have the same id.
"remote": { # Specifies an artifact available via some URI. # A generic remote artifact.
"checksum": "A String", # Must be provided if `allow_insecure` is `false`.
# SHA256 checksum in hex format, to compare to the checksum of the
@@ -2282,6 +2068,12 @@
"uri": "A String", # URI from which to fetch the object. It should contain both the protocol
# and path following the format {protocol}://{location}.
},
+ "allowInsecure": True or False, # Defaults to false. When false, recipes are subject to validations
+ # based on the artifact type:
+ #
+ # Remote: A checksum must be specified, and only protocols with
+ # transport-layer security are permitted.
+ # GCS: An object generation number must be specified.
"gcs": { # Specifies an artifact available as a Google Cloud Storage object. # A Google Cloud Storage artifact.
"object": "A String", # Name of the Google Cloud Storage object.
# As specified [here]
@@ -2298,167 +2090,8 @@
# `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
# this value would be `my-bucket`.
},
- "id": "A String", # Required. Id of the artifact, which the installation and update steps of this
- # recipe can reference. Artifacts in a recipe cannot have the same id.
- "allowInsecure": True or False, # Defaults to false. When false, recipes are subject to validations
- # based on the artifact type:
- #
- # Remote: A checksum must be specified, and only protocols with
- # transport-layer security are permitted.
- # GCS: An object generation number must be specified.
},
],
- "installSteps": [ # Actions to be taken for installing this recipe. On failure it stops
- # executing steps and does not attempt another installation. Any steps taken
- # (including partially completed steps) are not rolled back.
- { # An action that can be taken as part of installing or updating a recipe.
- "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "destination": "A String", # Directory to extract archive to.
- # Defaults to `/` on Linux or `C:\` on Windows.
- "type": "A String", # Required. The type of the archive to extract.
- },
- "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
- "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
- # successfully. Behaviour defaults to [0]
- 42,
- ],
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "flags": [ # The flags to use when installing the MSI
- # defaults to ["/i"] (i.e. the install flag).
- "A String",
- ],
- },
- "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
- "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
- # successfully. Behaviour defaults to [0]
- 42,
- ],
- "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
- # specified the script is executed directly, which likely
- # only succeed for scripts with
- # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
- "script": "A String", # Required. The shell script to be executed.
- },
- "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- },
- "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- },
- "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
- # false and the file already exists the file is not overwritten
- # and the step is considered a success. Defaults to false.
- "destination": "A String", # Required. The absolute path on the instance to put the file.
- "permissions": "A String", # Consists of three octal digits which represent, in
- # order, the permissions of the owner, group, and other users for the
- # file (similarly to the numeric mode used in the linux chmod utility).
- # Each digit represents a three bit number with the 4 bit
- # corresponding to the read permissions, the 2 bit corresponds to the
- # write bit, and the one bit corresponds to the execute permission.
- # Default behavior is 755.
- #
- # Below are some examples of permissions and their associated values:
- # read, write, and execute: 7
- # read and execute: 5
- # read and write: 6
- # read only: 4
- },
- "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
- "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
- # can return to indicate a success.
- 42,
- ],
- "artifactId": "A String", # The id of the relevant artifact in the recipe.
- "args": [ # Arguments to be passed to the provided executable.
- "A String",
- ],
- "localPath": "A String", # The absolute path of the file on the local filesystem.
- },
- },
- ],
- "name": "A String", # Required. Unique identifier for the recipe. Only one recipe with a given name is
- # installed on an instance.
- #
- # Names are also used to identify resources which helps to determine whether
- # guest policies have conflicts. This means that requests to create multiple
- # recipes with the same name and version are rejected since they
- # could potentially have conflicting assignments.
- "updateSteps": [ # Actions to be taken for updating this recipe. On failure it stops
- # executing steps and does not attempt another update for this recipe. Any
- # steps taken (including partially completed steps) are not rolled back.
- { # An action that can be taken as part of installing or updating a recipe.
- "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "destination": "A String", # Directory to extract archive to.
- # Defaults to `/` on Linux or `C:\` on Windows.
- "type": "A String", # Required. The type of the archive to extract.
- },
- "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
- "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
- # successfully. Behaviour defaults to [0]
- 42,
- ],
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "flags": [ # The flags to use when installing the MSI
- # defaults to ["/i"] (i.e. the install flag).
- "A String",
- ],
- },
- "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
- "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
- # successfully. Behaviour defaults to [0]
- 42,
- ],
- "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
- # specified the script is executed directly, which likely
- # only succeed for scripts with
- # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
- "script": "A String", # Required. The shell script to be executed.
- },
- "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- },
- "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- },
- "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
- "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
- "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
- # false and the file already exists the file is not overwritten
- # and the step is considered a success. Defaults to false.
- "destination": "A String", # Required. The absolute path on the instance to put the file.
- "permissions": "A String", # Consists of three octal digits which represent, in
- # order, the permissions of the owner, group, and other users for the
- # file (similarly to the numeric mode used in the linux chmod utility).
- # Each digit represents a three bit number with the 4 bit
- # corresponding to the read permissions, the 2 bit corresponds to the
- # write bit, and the one bit corresponds to the execute permission.
- # Default behavior is 755.
- #
- # Below are some examples of permissions and their associated values:
- # read, write, and execute: 7
- # read and execute: 5
- # read and write: 6
- # read only: 4
- },
- "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
- "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
- # can return to indicate a success.
- 42,
- ],
- "artifactId": "A String", # The id of the relevant artifact in the recipe.
- "args": [ # Arguments to be passed to the provided executable.
- "A String",
- ],
- "localPath": "A String", # The absolute path of the file on the local filesystem.
- },
- },
- ],
- "version": "A String", # The version of this software recipe. Version can be up to 4 period
- # separated numbers (e.g. 12.34.56.78).
"desiredState": "A String", # Default is INSTALLED. The desired state the agent should maintain for this
# recipe.
#
@@ -2469,129 +2102,496 @@
# assigned to this instance.
# REMOVE: Remove is unsupported for software recipes and attempts to
# create or update a recipe to the REMOVE state is rejected.
+ "name": "A String", # Required. Unique identifier for the recipe. Only one recipe with a given name is
+ # installed on an instance.
+ #
+ # Names are also used to identify resources which helps to determine whether
+ # guest policies have conflicts. This means that requests to create multiple
+ # recipes with the same name and version are rejected since they
+ # could potentially have conflicting assignments.
+ "version": "A String", # The version of this software recipe. Version can be up to 4 period
+ # separated numbers (e.g. 12.34.56.78).
+ "installSteps": [ # Actions to be taken for installing this recipe. On failure it stops
+ # executing steps and does not attempt another installation. Any steps taken
+ # (including partially completed steps) are not rolled back.
+ { # An action that can be taken as part of installing or updating a recipe.
+ "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
+ "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
+ # can return to indicate a success.
+ 42,
+ ],
+ "localPath": "A String", # The absolute path of the file on the local filesystem.
+ "args": [ # Arguments to be passed to the provided executable.
+ "A String",
+ ],
+ "artifactId": "A String", # The id of the relevant artifact in the recipe.
+ },
+ "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
+ "type": "A String", # Required. The type of the archive to extract.
+ "destination": "A String", # Directory to extract archive to.
+ # Defaults to `/` on Linux or `C:\` on Windows.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
+ "flags": [ # The flags to use when installing the MSI
+ # defaults to ["/i"] (i.e. the install flag).
+ "A String",
+ ],
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ },
+ "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
+ "permissions": "A String", # Consists of three octal digits which represent, in
+ # order, the permissions of the owner, group, and other users for the
+ # file (similarly to the numeric mode used in the linux chmod utility).
+ # Each digit represents a three bit number with the 4 bit
+ # corresponding to the read permissions, the 2 bit corresponds to the
+ # write bit, and the one bit corresponds to the execute permission.
+ # Default behavior is 755.
+ #
+ # Below are some examples of permissions and their associated values:
+ # read, write, and execute: 7
+ # read and execute: 5
+ # read and write: 6
+ # read only: 4
+ "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
+ # false and the file already exists the file is not overwritten
+ # and the step is considered a success. Defaults to false.
+ "destination": "A String", # Required. The absolute path on the instance to put the file.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
+ "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
+ # specified the script is executed directly, which likely
+ # only succeed for scripts with
+ # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
+ "script": "A String", # Required. The shell script to be executed.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ },
+ "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ },
+ ],
},
],
- "assignment": { # An assignment represents the group or groups of VM instances that the policy # Required. Specifies the VM instances that are assigned to this policy. This allows
- # you to target sets or groups of VM instances by different parameters such
- # as labels, names, OS, or zones.
- #
- # If left empty, all VM instances underneath this policy are targeted.
- #
- # At the same level in the resource hierarchy (that is within a project), the
- # service prevents the creation of multiple policies that conflict with
- # each other. For more information, see how the service [handles assignment
- # conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts).
- # applies to.
- #
- # If an assignment is empty, it applies to all VM instances. Otherwise, the
- # targeted VM instances must meet all the criteria specified. So if both
- # labels and zones are specified, the policy applies to VM instances with those
- # labels and in those zones.
- "instances": [ # Targets any of the instances specified. Instances are specified by their
- # URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`.
- #
- # Instance targeting is uncommon and is supported to facilitate the
- # management of changes by the instance or to target specific VM instances
- # for development and testing.
- #
- # Only supported for project-level policies and must reference instances
- # within this project.
- "A String",
- ],
- "instanceNamePrefixes": [ # Targets VM instances whose name starts with one of these prefixes.
- #
- # Like labels, this is another way to group VM instances when targeting
- # configs, for example prefix="prod-".
- #
- # Only supported for project-level policies.
- "A String",
- ],
- "zones": [ # Targets instances in any of these zones. Leave empty to target instances
- # in any zone.
- #
- # Zonal targeting is uncommon and is supported to facilitate the management
- # of changes by zone.
- "A String",
- ],
- "groupLabels": [ # Targets instances matching at least one of these label sets. This allows
- # an assignment to target disparate groups, for example "env=prod or
- # env=staging".
- { # Represents a group of VM intances that can be identified as having all
- # these labels, for example "env=prod and app=web".
- "labels": { # Google Compute Engine instance labels that must be present for an
- # instance to be included in this assignment group.
- "a_key": "A String",
+ "description": "A String", # Description of the guest policy. Length of the description is limited
+ # to 1024 characters.
+ }
+
+ updateMask: string, Field mask that controls which fields of the guest policy should be
+updated.
+ x__xgafv: string, V1 error format.
+ Allowed values
+ 1 - v1 error format
+ 2 - v2 error format
+
+Returns:
+ An object of the form:
+
+ { # An OS Config resource representing a guest configuration policy. These
+ # policies represent the desired state for VM instance guest environments
+ # including packages to install or remove, package repository configurations,
+ # and software to install.
+ "packageRepositories": [ # A list of package repositories to configure on the VM instance. This is
+ # done before any other configs are applied so they can use these repos.
+ # Package repositories are only configured if the corresponding package
+ # manager(s) are available.
+ { # A package repository.
+ "goo": { # Represents a Goo package repository. These is added to a repo file # A Goo Repository.
+ # that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo.
+ "url": "A String", # Required. The url of the repository.
+ "name": "A String", # Required. The name of the repository.
+ },
+ "apt": { # Represents a single Apt package repository. This repository is added to # An Apt Repository.
+ # a repo file that is stored at
+ # `/etc/apt/sources.list.d/google_osconfig.list`.
+ "archiveType": "A String", # Type of archive files in this repository. The default behavior is DEB.
+ "gpgKey": "A String", # URI of the key file for this repository. The agent maintains
+ # a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing
+ # all the keys in any applied guest policy.
+ "uri": "A String", # Required. URI for this repository.
+ "components": [ # Required. List of components for this repository. Must contain at least one item.
+ "A String",
+ ],
+ "distribution": "A String", # Required. Distribution of this repository.
+ },
+ "zypper": { # Represents a single Zypper package repository. This repository is added to a # A Zypper Repository.
+ # repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`.
+ "gpgKeys": [ # URIs of GPG keys.
+ "A String",
+ ],
+ "id": "A String", # Required. A one word, unique name for this repository. This is
+ # the `repo id` in the zypper config file and also the `display_name` if
+ # `display_name` is omitted. This id is also used as the unique identifier
+ # when checking for guest policy conflicts.
+ "displayName": "A String", # The display name of the repository.
+ "baseUrl": "A String", # Required. The location of the repository directory.
+ },
+ "yum": { # Represents a single Yum package repository. This repository is added to a # A Yum Repository.
+ # repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`.
+ "id": "A String", # Required. A one word, unique name for this repository. This is
+ # the `repo id` in the Yum config file and also the `display_name` if
+ # `display_name` is omitted. This id is also used as the unique identifier
+ # when checking for guest policy conflicts.
+ "displayName": "A String", # The display name of the repository.
+ "baseUrl": "A String", # Required. The location of the repository directory.
+ "gpgKeys": [ # URIs of GPG keys.
+ "A String",
+ ],
},
},
],
- "osTypes": [ # Targets VM instances matching at least one of the following OS types.
- #
- # VM instances must match all supplied criteria for a given OsType to be
- # included.
- { # Defines the criteria for selecting VM Instances by OS type.
- "osShortName": "A String", # Targets VM instances with OS Inventory enabled and having the following
- # OS short name, for example "debian" or "windows".
- "osArchitecture": "A String", # Targets VM instances with OS Inventory enabled and having the following
- # OS architecture.
- "osVersion": "A String", # Targets VM instances with OS Inventory enabled and having the following
- # following OS version.
+ "packages": [ # The software packages to be managed by this policy.
+ { # Package is a reference to the software package to be installed or removed.
+ # The agent on the VM instance uses the system package manager to apply the
+ # config.
+ #
+ #
+ # These are the commands that the agent uses to install or remove
+ # packages.
+ #
+ # Apt
+ # install: `apt-get update && apt-get -y install package1 package2 package3`
+ # remove: `apt-get -y remove package1 package2 package3`
+ #
+ # Yum
+ # install: `yum -y install package1 package2 package3`
+ # remove: `yum -y remove package1 package2 package3`
+ #
+ # Zypper
+ # install: `zypper install package1 package2 package3`
+ # remove: `zypper rm package1 package2`
+ #
+ # Googet
+ # install: `googet -noconfirm install package1 package2 package3`
+ # remove: `googet -noconfirm remove package1 package2 package3`
+ "desiredState": "A String", # The desired_state the agent should maintain for this package. The
+ # default is to ensure the package is installed.
+ "name": "A String", # Required. The name of the package. A package is uniquely identified for conflict
+ # validation by checking the package name and the manager(s) that the
+ # package targets.
+ "manager": "A String", # Type of package manager that can be used to install this package.
+ # If a system does not have the package manager, the package is not
+ # installed or removed no error message is returned. By default,
+ # or if you specify `ANY`,
+ # the agent attempts to install and remove this package using the default
+ # package manager. This is useful when creating a policy that applies to
+ # different types of systems.
+ #
+ # The default behavior is ANY.
},
],
- },
- "description": "A String", # Description of the guest policy. Length of the description is limited
- # to 1024 characters.
- "packageRepositories": [ # A list of package repositories to configure on the VM instance. This is
- # done before any other configs are applied so they can use these repos.
- # Package repositories are only configured if the corresponding package
- # manager(s) are available.
- { # A package repository.
- "zypper": { # Represents a single Zypper package repository. This repository is added to a # A Zypper Repository.
- # repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`.
- "displayName": "A String", # The display name of the repository.
- "id": "A String", # Required. A one word, unique name for this repository. This is
- # the `repo id` in the zypper config file and also the `display_name` if
- # `display_name` is omitted. This id is also used as the unique identifier
- # when checking for guest policy conflicts.
- "baseUrl": "A String", # Required. The location of the repository directory.
- "gpgKeys": [ # URIs of GPG keys.
- "A String",
- ],
- },
- "apt": { # Represents a single Apt package repository. This repository is added to # An Apt Repository.
- # a repo file that is stored at
- # `/etc/apt/sources.list.d/google_osconfig.list`.
- "gpgKey": "A String", # URI of the key file for this repository. The agent maintains
- # a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing
- # all the keys in any applied guest policy.
- "distribution": "A String", # Required. Distribution of this repository.
- "components": [ # Required. List of components for this repository. Must contain at least one item.
- "A String",
- ],
- "archiveType": "A String", # Type of archive files in this repository. The default behavior is DEB.
- "uri": "A String", # Required. URI for this repository.
- },
- "yum": { # Represents a single Yum package repository. This repository is added to a # A Yum Repository.
- # repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`.
- "id": "A String", # Required. A one word, unique name for this repository. This is
- # the `repo id` in the Yum config file and also the `display_name` if
- # `display_name` is omitted. This id is also used as the unique identifier
- # when checking for guest policy conflicts.
- "baseUrl": "A String", # Required. The location of the repository directory.
- "gpgKeys": [ # URIs of GPG keys.
- "A String",
- ],
- "displayName": "A String", # The display name of the repository.
- },
- "goo": { # Represents a Goo package repository. These is added to a repo file # A Goo Repository.
- # that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo.
- "url": "A String", # Required. The url of the repository.
- "name": "A String", # Required. The name of the repository.
- },
+ "assignment": { # An assignment represents the group or groups of VM instances that the policy # Required. Specifies the VM instances that are assigned to this policy. This allows
+ # you to target sets or groups of VM instances by different parameters such
+ # as labels, names, OS, or zones.
+ #
+ # If left empty, all VM instances underneath this policy are targeted.
+ #
+ # At the same level in the resource hierarchy (that is within a project), the
+ # service prevents the creation of multiple policies that conflict with
+ # each other. For more information, see how the service [handles assignment
+ # conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts).
+ # applies to.
+ #
+ # If an assignment is empty, it applies to all VM instances. Otherwise, the
+ # targeted VM instances must meet all the criteria specified. So if both
+ # labels and zones are specified, the policy applies to VM instances with those
+ # labels and in those zones.
+ "instanceNamePrefixes": [ # Targets VM instances whose name starts with one of these prefixes.
+ #
+ # Like labels, this is another way to group VM instances when targeting
+ # configs, for example prefix="prod-".
+ #
+ # Only supported for project-level policies.
+ "A String",
+ ],
+ "groupLabels": [ # Targets instances matching at least one of these label sets. This allows
+ # an assignment to target disparate groups, for example "env=prod or
+ # env=staging".
+ { # Represents a group of VM intances that can be identified as having all
+ # these labels, for example "env=prod and app=web".
+ "labels": { # Google Compute Engine instance labels that must be present for an
+ # instance to be included in this assignment group.
+ "a_key": "A String",
+ },
+ },
+ ],
+ "osTypes": [ # Targets VM instances matching at least one of the following OS types.
+ #
+ # VM instances must match all supplied criteria for a given OsType to be
+ # included.
+ { # Defines the criteria for selecting VM Instances by OS type.
+ "osVersion": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # following OS version.
+ "osShortName": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # OS short name, for example "debian" or "windows".
+ "osArchitecture": "A String", # Targets VM instances with OS Inventory enabled and having the following
+ # OS architecture.
+ },
+ ],
+ "instances": [ # Targets any of the instances specified. Instances are specified by their
+ # URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`.
+ #
+ # Instance targeting is uncommon and is supported to facilitate the
+ # management of changes by the instance or to target specific VM instances
+ # for development and testing.
+ #
+ # Only supported for project-level policies and must reference instances
+ # within this project.
+ "A String",
+ ],
+ "zones": [ # Targets instances in any of these zones. Leave empty to target instances
+ # in any zone.
+ #
+ # Zonal targeting is uncommon and is supported to facilitate the management
+ # of changes by zone.
+ "A String",
+ ],
},
- ],
- "etag": "A String", # The etag for this guest policy.
- # If this is provided on update, it must match the server's etag.
- }</pre>
+ "createTime": "A String", # Output only. Time this guest policy was created.
+ "etag": "A String", # The etag for this guest policy.
+ # If this is provided on update, it must match the server's etag.
+ "updateTime": "A String", # Output only. Last time this guest policy was updated.
+ "name": "A String", # Required. Unique name of the resource in this project using one of the following
+ # forms:
+ # `projects/{project_number}/guestPolicies/{guest_policy_id}`.
+ "recipes": [ # A list of Recipes to install on the VM instance.
+ { # A software recipe is a set of instructions for installing and configuring a
+ # piece of software. It consists of a set of artifacts that are
+ # downloaded, and a set of steps that install, configure, and/or update the
+ # software.
+ #
+ # Recipes support installing and updating software from artifacts in the
+ # following formats:
+ # Zip archive, Tar archive, Windows MSI, Debian package, and RPM package.
+ #
+ # Additionally, recipes support executing a script (either defined in a file or
+ # directly in this api) in bash, sh, cmd, and powershell.
+ #
+ # Updating a software recipe
+ #
+ # If a recipe is assigned to an instance and there is a recipe with the same
+ # name but a lower version already installed and the assigned state
+ # of the recipe is `UPDATED`, then the recipe is updated to
+ # the new version.
+ #
+ # Script Working Directories
+ #
+ # Each script or execution step is run in its own temporary directory which
+ # is deleted after completing the step.
+ "updateSteps": [ # Actions to be taken for updating this recipe. On failure it stops
+ # executing steps and does not attempt another update for this recipe. Any
+ # steps taken (including partially completed steps) are not rolled back.
+ { # An action that can be taken as part of installing or updating a recipe.
+ "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
+ "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
+ # can return to indicate a success.
+ 42,
+ ],
+ "localPath": "A String", # The absolute path of the file on the local filesystem.
+ "args": [ # Arguments to be passed to the provided executable.
+ "A String",
+ ],
+ "artifactId": "A String", # The id of the relevant artifact in the recipe.
+ },
+ "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
+ "type": "A String", # Required. The type of the archive to extract.
+ "destination": "A String", # Directory to extract archive to.
+ # Defaults to `/` on Linux or `C:\` on Windows.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
+ "flags": [ # The flags to use when installing the MSI
+ # defaults to ["/i"] (i.e. the install flag).
+ "A String",
+ ],
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ },
+ "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
+ "permissions": "A String", # Consists of three octal digits which represent, in
+ # order, the permissions of the owner, group, and other users for the
+ # file (similarly to the numeric mode used in the linux chmod utility).
+ # Each digit represents a three bit number with the 4 bit
+ # corresponding to the read permissions, the 2 bit corresponds to the
+ # write bit, and the one bit corresponds to the execute permission.
+ # Default behavior is 755.
+ #
+ # Below are some examples of permissions and their associated values:
+ # read, write, and execute: 7
+ # read and execute: 5
+ # read and write: 6
+ # read only: 4
+ "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
+ # false and the file already exists the file is not overwritten
+ # and the step is considered a success. Defaults to false.
+ "destination": "A String", # Required. The absolute path on the instance to put the file.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
+ "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
+ # specified the script is executed directly, which likely
+ # only succeed for scripts with
+ # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
+ "script": "A String", # Required. The shell script to be executed.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ },
+ "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ },
+ ],
+ "artifacts": [ # Resources available to be used in the steps in the recipe.
+ { # Specifies a resource to be used in the recipe.
+ "id": "A String", # Required. Id of the artifact, which the installation and update steps of this
+ # recipe can reference. Artifacts in a recipe cannot have the same id.
+ "remote": { # Specifies an artifact available via some URI. # A generic remote artifact.
+ "checksum": "A String", # Must be provided if `allow_insecure` is `false`.
+ # SHA256 checksum in hex format, to compare to the checksum of the
+ # artifact. If the checksum is not empty and it doesn't match the
+ # artifact then the recipe installation fails before running any of the
+ # steps.
+ "uri": "A String", # URI from which to fetch the object. It should contain both the protocol
+ # and path following the format {protocol}://{location}.
+ },
+ "allowInsecure": True or False, # Defaults to false. When false, recipes are subject to validations
+ # based on the artifact type:
+ #
+ # Remote: A checksum must be specified, and only protocols with
+ # transport-layer security are permitted.
+ # GCS: An object generation number must be specified.
+ "gcs": { # Specifies an artifact available as a Google Cloud Storage object. # A Google Cloud Storage artifact.
+ "object": "A String", # Name of the Google Cloud Storage object.
+ # As specified [here]
+ # (https://cloud.google.com/storage/docs/naming#objectnames)
+ # Given an example URL:
+ # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
+ # this value would be `foo/bar`.
+ "generation": "A String", # Must be provided if allow_insecure is false.
+ # Generation number of the Google Cloud Storage object.
+ # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
+ # this value would be `1234567`.
+ "bucket": "A String", # Bucket of the Google Cloud Storage object.
+ # Given an example URL:
+ # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
+ # this value would be `my-bucket`.
+ },
+ },
+ ],
+ "desiredState": "A String", # Default is INSTALLED. The desired state the agent should maintain for this
+ # recipe.
+ #
+ # INSTALLED: The software recipe is installed on the instance but
+ # won't be updated to new versions.
+ # UPDATED: The software recipe is installed on the instance. The recipe is
+ # updated to a higher version, if a higher version of the recipe is
+ # assigned to this instance.
+ # REMOVE: Remove is unsupported for software recipes and attempts to
+ # create or update a recipe to the REMOVE state is rejected.
+ "name": "A String", # Required. Unique identifier for the recipe. Only one recipe with a given name is
+ # installed on an instance.
+ #
+ # Names are also used to identify resources which helps to determine whether
+ # guest policies have conflicts. This means that requests to create multiple
+ # recipes with the same name and version are rejected since they
+ # could potentially have conflicting assignments.
+ "version": "A String", # The version of this software recipe. Version can be up to 4 period
+ # separated numbers (e.g. 12.34.56.78).
+ "installSteps": [ # Actions to be taken for installing this recipe. On failure it stops
+ # executing steps and does not attempt another installation. Any steps taken
+ # (including partially completed steps) are not rolled back.
+ { # An action that can be taken as part of installing or updating a recipe.
+ "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
+ "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
+ # can return to indicate a success.
+ 42,
+ ],
+ "localPath": "A String", # The absolute path of the file on the local filesystem.
+ "args": [ # Arguments to be passed to the provided executable.
+ "A String",
+ ],
+ "artifactId": "A String", # The id of the relevant artifact in the recipe.
+ },
+ "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
+ "type": "A String", # Required. The type of the archive to extract.
+ "destination": "A String", # Directory to extract archive to.
+ # Defaults to `/` on Linux or `C:\` on Windows.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
+ "flags": [ # The flags to use when installing the MSI
+ # defaults to ["/i"] (i.e. the install flag).
+ "A String",
+ ],
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ },
+ "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
+ "permissions": "A String", # Consists of three octal digits which represent, in
+ # order, the permissions of the owner, group, and other users for the
+ # file (similarly to the numeric mode used in the linux chmod utility).
+ # Each digit represents a three bit number with the 4 bit
+ # corresponding to the read permissions, the 2 bit corresponds to the
+ # write bit, and the one bit corresponds to the execute permission.
+ # Default behavior is 755.
+ #
+ # Below are some examples of permissions and their associated values:
+ # read, write, and execute: 7
+ # read and execute: 5
+ # read and write: 6
+ # read only: 4
+ "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
+ # false and the file already exists the file is not overwritten
+ # and the step is considered a success. Defaults to false.
+ "destination": "A String", # Required. The absolute path on the instance to put the file.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
+ "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
+ # specified the script is executed directly, which likely
+ # only succeed for scripts with
+ # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
+ "script": "A String", # Required. The shell script to be executed.
+ "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
+ # successfully. Behaviour defaults to [0]
+ 42,
+ ],
+ },
+ "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
+ "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
+ },
+ },
+ ],
+ },
+ ],
+ "description": "A String", # Description of the guest policy. Length of the description is limited
+ # to 1024 characters.
+ }</pre>
</div>
</body></html>
\ No newline at end of file