Cloud OS Config API . projects . guestPolicies

Instance Methods

create(parent, body=None, guestPolicyId=None, x__xgafv=None)

Create an OS Config guest policy.

delete(name, x__xgafv=None)

Delete an OS Config guest policy.

get(name, x__xgafv=None)

Get an OS Config guest policy.

list(parent, pageToken=None, pageSize=None, x__xgafv=None)

Get a page of OS Config guest policies.

list_next(previous_request, previous_response)

Retrieves the next page of results.

patch(name, body=None, updateMask=None, x__xgafv=None)

Update an OS Config guest policy.

Method Details

create(parent, body=None, guestPolicyId=None, x__xgafv=None)
Create an OS Config guest policy.

Args:
  parent: string, Required. The resource name of the parent using one of the following forms:
`projects/{project_number}`. (required)
  body: object, The request body.
    The object takes the form of:

{ # An OS Config resource representing a guest configuration policy. These
    # policies represent the desired state for VM instance guest environments
    # including packages to install or remove, package repository configurations,
    # and software to install.
  "createTime": "A String", # Output only. Time this guest policy was created.
  "packages": [ # The software packages to be managed by this policy.
    { # Package is a reference to the software package to be installed or removed.
        # The agent on the VM instance uses the system package manager to apply the
        # config.
        #
        #
        # These are the commands that the agent uses to install or remove
        # packages.
        #
        # Apt
        # install: `apt-get update && apt-get -y install package1 package2 package3`
        # remove: `apt-get -y remove package1 package2 package3`
        #
        # Yum
        # install: `yum -y install package1 package2 package3`
        # remove: `yum -y remove package1 package2 package3`
        #
        # Zypper
        # install: `zypper install package1 package2 package3`
        # remove: `zypper rm package1 package2`
        #
        # Googet
        # install: `googet -noconfirm install package1 package2 package3`
        # remove: `googet -noconfirm remove package1 package2 package3`
      "desiredState": "A String", # The desired_state the agent should maintain for this package. The
          # default is to ensure the package is installed.
      "name": "A String", # Required. The name of the package. A package is uniquely identified for conflict
          # validation by checking the package name and the manager(s) that the
          # package targets.
      "manager": "A String", # Type of package manager that can be used to install this package.
          # If a system does not have the package manager, the package is not
          # installed or removed no error message is returned. By default,
          # or if you specify `ANY`,
          # the agent attempts to install and remove this package using the default
          # package manager. This is useful when creating a policy that applies to
          # different types of systems.
          #
          # The default behavior is ANY.
    },
  ],
  "updateTime": "A String", # Output only. Last time this guest policy was updated.
  "name": "A String", # Required. Unique name of the resource in this project using one of the following
      # forms:
      # `projects/{project_number}/guestPolicies/{guest_policy_id}`.
  "recipes": [ # A list of Recipes to install on the VM instance.
    { # A software recipe is a set of instructions for installing and configuring a
        # piece of software. It consists of a set of artifacts that are
        # downloaded, and a set of steps that install, configure, and/or update the
        # software.
        #
        # Recipes support installing and updating software from artifacts in the
        # following formats:
        # Zip archive, Tar archive, Windows MSI, Debian package, and RPM package.
        #
        # Additionally, recipes support executing a script (either defined in a file or
        # directly in this api) in bash, sh, cmd, and powershell.
        #
        # Updating a software recipe
        #
        # If a recipe is assigned to an instance and there is a recipe with the same
        # name but a lower version already installed and the assigned state
        # of the recipe is `UPDATED`, then the recipe is updated to
        # the new version.
        #
        # Script Working Directories
        #
        # Each script or execution step is run in its own temporary directory which
        # is deleted after completing the step.
      "artifacts": [ # Resources available to be used in the steps in the recipe.
        { # Specifies a resource to be used in the recipe.
          "remote": { # Specifies an artifact available via some URI. # A generic remote artifact.
            "checksum": "A String", # Must be provided if `allow_insecure` is `false`.
                # SHA256 checksum in hex format, to compare to the checksum of the
                # artifact. If the checksum is not empty and it doesn't match the
                # artifact then the recipe installation fails before running any of the
                # steps.
            "uri": "A String", # URI from which to fetch the object. It should contain both the protocol
                # and path following the format {protocol}://{location}.
          },
          "gcs": { # Specifies an artifact available as a Google Cloud Storage object. # A Google Cloud Storage artifact.
            "object": "A String", # Name of the Google Cloud Storage object.
                # As specified [here]
                # (https://cloud.google.com/storage/docs/naming#objectnames)
                # Given an example URL:
                # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
                # this value would be `foo/bar`.
            "generation": "A String", # Must be provided if allow_insecure is false.
                # Generation number of the Google Cloud Storage object.
                # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
                # this value would be `1234567`.
            "bucket": "A String", # Bucket of the Google Cloud Storage object.
                # Given an example URL:
                # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
                # this value would be `my-bucket`.
          },
          "id": "A String", # Required. Id of the artifact, which the installation and update steps of this
              # recipe can reference. Artifacts in a recipe cannot have the same id.
          "allowInsecure": True or False, # Defaults to false. When false, recipes are subject to validations
              # based on the artifact type:
              #
              # Remote: A checksum must be specified, and only protocols with
              # transport-layer security are permitted.
              # GCS:    An object generation number must be specified.
        },
      ],
      "installSteps": [ # Actions to be taken for installing this recipe. On failure it stops
          # executing steps and does not attempt another installation. Any steps taken
          # (including partially completed steps) are not rolled back.
        { # An action that can be taken as part of installing or updating a recipe.
          "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
            "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
            "destination": "A String", # Directory to extract archive to.
                # Defaults to `/` on Linux or `C:\` on Windows.
            "type": "A String", # Required. The type of the archive to extract.
          },
          "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
            "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
                # successfully. Behaviour defaults to [0]
              42,
            ],
            "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
            "flags": [ # The flags to use when installing the MSI
                # defaults to ["/i"] (i.e. the install flag).
              "A String",
            ],
          },
          "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
            "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
                # successfully. Behaviour defaults to [0]
              42,
            ],
            "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
                # specified the script is executed directly, which likely
                # only succeed for scripts with
                # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
            "script": "A String", # Required. The shell script to be executed.
          },
          "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
            "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
          },
          "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
            "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
          },
          "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
            "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
            "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
                # false and the file already exists the file is not overwritten
                # and the step is considered a success. Defaults to false.
            "destination": "A String", # Required. The absolute path on the instance to put the file.
            "permissions": "A String", # Consists of three octal digits which represent, in
                # order, the permissions of the owner, group, and other users for the
                # file (similarly to the numeric mode used in the linux chmod utility).
                # Each digit represents a three bit number with the 4 bit
                # corresponding to the read permissions, the 2 bit corresponds to the
                # write bit, and the one bit corresponds to the execute permission.
                # Default behavior is 755.
                #
                # Below are some examples of permissions and their associated values:
                # read, write, and execute: 7
                # read and execute: 5
                # read and write: 6
                # read only: 4
          },
          "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
            "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
                # can return to indicate a success.
              42,
            ],
            "artifactId": "A String", # The id of the relevant artifact in the recipe.
            "args": [ # Arguments to be passed to the provided executable.
              "A String",
            ],
            "localPath": "A String", # The absolute path of the file on the local filesystem.
          },
        },
      ],
      "name": "A String", # Required. Unique identifier for the recipe. Only one recipe with a given name is
          # installed on an instance.
          #
          # Names are also used to identify resources which helps to determine whether
          # guest policies have conflicts. This means that requests to create multiple
          # recipes with the same name and version are rejected since they
          # could potentially have conflicting assignments.
      "updateSteps": [ # Actions to be taken for updating this recipe. On failure it stops
          # executing steps and  does not attempt another update for this recipe. Any
          # steps taken (including partially completed steps) are not rolled back.
        { # An action that can be taken as part of installing or updating a recipe.
          "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
            "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
            "destination": "A String", # Directory to extract archive to.
                # Defaults to `/` on Linux or `C:\` on Windows.
            "type": "A String", # Required. The type of the archive to extract.
          },
          "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
            "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
                # successfully. Behaviour defaults to [0]
              42,
            ],
            "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
            "flags": [ # The flags to use when installing the MSI
                # defaults to ["/i"] (i.e. the install flag).
              "A String",
            ],
          },
          "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
            "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
                # successfully. Behaviour defaults to [0]
              42,
            ],
            "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
                # specified the script is executed directly, which likely
                # only succeed for scripts with
                # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
            "script": "A String", # Required. The shell script to be executed.
          },
          "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
            "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
          },
          "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
            "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
          },
          "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
            "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
            "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
                # false and the file already exists the file is not overwritten
                # and the step is considered a success. Defaults to false.
            "destination": "A String", # Required. The absolute path on the instance to put the file.
            "permissions": "A String", # Consists of three octal digits which represent, in
                # order, the permissions of the owner, group, and other users for the
                # file (similarly to the numeric mode used in the linux chmod utility).
                # Each digit represents a three bit number with the 4 bit
                # corresponding to the read permissions, the 2 bit corresponds to the
                # write bit, and the one bit corresponds to the execute permission.
                # Default behavior is 755.
                #
                # Below are some examples of permissions and their associated values:
                # read, write, and execute: 7
                # read and execute: 5
                # read and write: 6
                # read only: 4
          },
          "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
            "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
                # can return to indicate a success.
              42,
            ],
            "artifactId": "A String", # The id of the relevant artifact in the recipe.
            "args": [ # Arguments to be passed to the provided executable.
              "A String",
            ],
            "localPath": "A String", # The absolute path of the file on the local filesystem.
          },
        },
      ],
      "version": "A String", # The version of this software recipe. Version can be up to 4 period
          # separated numbers (e.g. 12.34.56.78).
      "desiredState": "A String", # Default is INSTALLED. The desired state the agent should maintain for this
          # recipe.
          #
          # INSTALLED: The software recipe is installed on the instance but
          #            won't be updated to new versions.
          # UPDATED: The software recipe is installed on the instance. The recipe is
          #          updated to a higher version, if a higher version of the recipe is
          #          assigned to this instance.
          # REMOVE: Remove is unsupported for software recipes and attempts to
          #         create or update a recipe to the REMOVE state is rejected.
    },
  ],
  "assignment": { # An assignment represents the group or groups of VM instances that the policy # Required. Specifies the VM instances that are assigned to this policy. This allows
      # you to target sets or groups of VM instances by different parameters such
      # as labels, names, OS, or zones.
      # 
      # If left empty, all VM instances underneath this policy are targeted.
      # 
      # At the same level in the resource hierarchy (that is within a project), the
      # service prevents the creation of multiple policies that conflict with
      # each other. For more information, see how the service [handles assignment
      # conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts).
      # applies to.
      #
      # If an assignment is empty, it applies to all VM instances. Otherwise, the
      # targeted VM instances must meet all the criteria specified. So if both
      # labels and zones are specified, the policy applies to VM instances with those
      # labels and in those zones.
    "instances": [ # Targets any of the instances specified. Instances are specified by their
        # URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`.
        #
        # Instance targeting is uncommon and is supported to facilitate the
        # management of changes by the instance or to target specific VM instances
        # for development and testing.
        #
        # Only supported for project-level policies and must reference instances
        # within this project.
      "A String",
    ],
    "instanceNamePrefixes": [ # Targets VM instances whose name starts with one of these prefixes.
        #
        # Like labels, this is another way to group VM instances when targeting
        # configs, for example prefix="prod-".
        #
        # Only supported for project-level policies.
      "A String",
    ],
    "zones": [ # Targets instances in any of these zones. Leave empty to target instances
        # in any zone.
        #
        # Zonal targeting is uncommon and is supported to facilitate the management
        # of changes by zone.
      "A String",
    ],
    "groupLabels": [ # Targets instances matching at least one of these label sets. This allows
        # an assignment to target disparate groups, for example "env=prod or
        # env=staging".
      { # Represents a group of VM intances that can be identified as having all
          # these labels, for example "env=prod and app=web".
        "labels": { # Google Compute Engine instance labels that must be present for an
            # instance to be included in this assignment group.
          "a_key": "A String",
        },
      },
    ],
    "osTypes": [ # Targets VM instances matching at least one of the following OS types.
        #
        # VM instances must match all supplied criteria for a given OsType to be
        # included.
      { # Defines the criteria for selecting VM Instances by OS type.
        "osShortName": "A String", # Targets VM instances with OS Inventory enabled and having the following
            # OS short name, for example "debian" or "windows".
        "osArchitecture": "A String", # Targets VM instances with OS Inventory enabled and having the following
            # OS architecture.
        "osVersion": "A String", # Targets VM instances with OS Inventory enabled and having the following
            # following OS version.
      },
    ],
  },
  "description": "A String", # Description of the guest policy. Length of the description is limited
      # to 1024 characters.
  "packageRepositories": [ # A list of package repositories to configure on the VM instance. This is
      # done before any other configs are applied so they can use these repos.
      # Package repositories are only configured if the corresponding package
      # manager(s) are available.
    { # A package repository.
      "zypper": { # Represents a single Zypper package repository. This repository is added to a # A Zypper Repository.
          # repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`.
        "displayName": "A String", # The display name of the repository.
        "id": "A String", # Required. A one word, unique name for this repository. This is
            # the `repo id` in the zypper config file and also the `display_name` if
            # `display_name` is omitted. This id is also used as the unique identifier
            # when checking for guest policy conflicts.
        "baseUrl": "A String", # Required. The location of the repository directory.
        "gpgKeys": [ # URIs of GPG keys.
          "A String",
        ],
      },
      "apt": { # Represents a single Apt package repository. This repository is added to # An Apt Repository.
          # a repo file that is stored at
          # `/etc/apt/sources.list.d/google_osconfig.list`.
        "gpgKey": "A String", # URI of the key file for this repository. The agent maintains
            # a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing
            # all the keys in any applied guest policy.
        "distribution": "A String", # Required. Distribution of this repository.
        "components": [ # Required. List of components for this repository. Must contain at least one item.
          "A String",
        ],
        "archiveType": "A String", # Type of archive files in this repository. The default behavior is DEB.
        "uri": "A String", # Required. URI for this repository.
      },
      "yum": { # Represents a single Yum package repository. This repository is added to a # A Yum Repository.
          # repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`.
        "id": "A String", # Required. A one word, unique name for this repository. This is
            # the `repo id` in the Yum config file and also the `display_name` if
            # `display_name` is omitted. This id is also used as the unique identifier
            # when checking for guest policy conflicts.
        "baseUrl": "A String", # Required. The location of the repository directory.
        "gpgKeys": [ # URIs of GPG keys.
          "A String",
        ],
        "displayName": "A String", # The display name of the repository.
      },
      "goo": { # Represents a Goo package repository. These is added to a repo file # A Goo Repository.
          # that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo.
        "url": "A String", # Required. The url of the repository.
        "name": "A String", # Required. The name of the repository.
      },
    },
  ],
  "etag": "A String", # The etag for this guest policy.
      # If this is provided on update, it must match the server's etag.
}

  guestPolicyId: string, Required. The logical name of the guest policy in the project
with the following restrictions:

* Must contain only lowercase letters, numbers, and hyphens.
* Must start with a letter.
* Must be between 1-63 characters.
* Must end with a number or a letter.
* Must be unique within the project.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # An OS Config resource representing a guest configuration policy. These
      # policies represent the desired state for VM instance guest environments
      # including packages to install or remove, package repository configurations,
      # and software to install.
    "createTime": "A String", # Output only. Time this guest policy was created.
    "packages": [ # The software packages to be managed by this policy.
      { # Package is a reference to the software package to be installed or removed.
          # The agent on the VM instance uses the system package manager to apply the
          # config.
          #
          #
          # These are the commands that the agent uses to install or remove
          # packages.
          #
          # Apt
          # install: `apt-get update && apt-get -y install package1 package2 package3`
          # remove: `apt-get -y remove package1 package2 package3`
          #
          # Yum
          # install: `yum -y install package1 package2 package3`
          # remove: `yum -y remove package1 package2 package3`
          #
          # Zypper
          # install: `zypper install package1 package2 package3`
          # remove: `zypper rm package1 package2`
          #
          # Googet
          # install: `googet -noconfirm install package1 package2 package3`
          # remove: `googet -noconfirm remove package1 package2 package3`
        "desiredState": "A String", # The desired_state the agent should maintain for this package. The
            # default is to ensure the package is installed.
        "name": "A String", # Required. The name of the package. A package is uniquely identified for conflict
            # validation by checking the package name and the manager(s) that the
            # package targets.
        "manager": "A String", # Type of package manager that can be used to install this package.
            # If a system does not have the package manager, the package is not
            # installed or removed no error message is returned. By default,
            # or if you specify `ANY`,
            # the agent attempts to install and remove this package using the default
            # package manager. This is useful when creating a policy that applies to
            # different types of systems.
            #
            # The default behavior is ANY.
      },
    ],
    "updateTime": "A String", # Output only. Last time this guest policy was updated.
    "name": "A String", # Required. Unique name of the resource in this project using one of the following
        # forms:
        # `projects/{project_number}/guestPolicies/{guest_policy_id}`.
    "recipes": [ # A list of Recipes to install on the VM instance.
      { # A software recipe is a set of instructions for installing and configuring a
          # piece of software. It consists of a set of artifacts that are
          # downloaded, and a set of steps that install, configure, and/or update the
          # software.
          #
          # Recipes support installing and updating software from artifacts in the
          # following formats:
          # Zip archive, Tar archive, Windows MSI, Debian package, and RPM package.
          #
          # Additionally, recipes support executing a script (either defined in a file or
          # directly in this api) in bash, sh, cmd, and powershell.
          #
          # Updating a software recipe
          #
          # If a recipe is assigned to an instance and there is a recipe with the same
          # name but a lower version already installed and the assigned state
          # of the recipe is `UPDATED`, then the recipe is updated to
          # the new version.
          #
          # Script Working Directories
          #
          # Each script or execution step is run in its own temporary directory which
          # is deleted after completing the step.
        "artifacts": [ # Resources available to be used in the steps in the recipe.
          { # Specifies a resource to be used in the recipe.
            "remote": { # Specifies an artifact available via some URI. # A generic remote artifact.
              "checksum": "A String", # Must be provided if `allow_insecure` is `false`.
                  # SHA256 checksum in hex format, to compare to the checksum of the
                  # artifact. If the checksum is not empty and it doesn't match the
                  # artifact then the recipe installation fails before running any of the
                  # steps.
              "uri": "A String", # URI from which to fetch the object. It should contain both the protocol
                  # and path following the format {protocol}://{location}.
            },
            "gcs": { # Specifies an artifact available as a Google Cloud Storage object. # A Google Cloud Storage artifact.
              "object": "A String", # Name of the Google Cloud Storage object.
                  # As specified [here]
                  # (https://cloud.google.com/storage/docs/naming#objectnames)
                  # Given an example URL:
                  # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
                  # this value would be `foo/bar`.
              "generation": "A String", # Must be provided if allow_insecure is false.
                  # Generation number of the Google Cloud Storage object.
                  # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
                  # this value would be `1234567`.
              "bucket": "A String", # Bucket of the Google Cloud Storage object.
                  # Given an example URL:
                  # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
                  # this value would be `my-bucket`.
            },
            "id": "A String", # Required. Id of the artifact, which the installation and update steps of this
                # recipe can reference. Artifacts in a recipe cannot have the same id.
            "allowInsecure": True or False, # Defaults to false. When false, recipes are subject to validations
                # based on the artifact type:
                #
                # Remote: A checksum must be specified, and only protocols with
                # transport-layer security are permitted.
                # GCS:    An object generation number must be specified.
          },
        ],
        "installSteps": [ # Actions to be taken for installing this recipe. On failure it stops
            # executing steps and does not attempt another installation. Any steps taken
            # (including partially completed steps) are not rolled back.
          { # An action that can be taken as part of installing or updating a recipe.
            "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
              "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
              "destination": "A String", # Directory to extract archive to.
                  # Defaults to `/` on Linux or `C:\` on Windows.
              "type": "A String", # Required. The type of the archive to extract.
            },
            "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
              "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
                  # successfully. Behaviour defaults to [0]
                42,
              ],
              "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
              "flags": [ # The flags to use when installing the MSI
                  # defaults to ["/i"] (i.e. the install flag).
                "A String",
              ],
            },
            "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
              "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
                  # successfully. Behaviour defaults to [0]
                42,
              ],
              "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
                  # specified the script is executed directly, which likely
                  # only succeed for scripts with
                  # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
              "script": "A String", # Required. The shell script to be executed.
            },
            "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
              "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
            },
            "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
              "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
            },
            "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
              "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
              "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
                  # false and the file already exists the file is not overwritten
                  # and the step is considered a success. Defaults to false.
              "destination": "A String", # Required. The absolute path on the instance to put the file.
              "permissions": "A String", # Consists of three octal digits which represent, in
                  # order, the permissions of the owner, group, and other users for the
                  # file (similarly to the numeric mode used in the linux chmod utility).
                  # Each digit represents a three bit number with the 4 bit
                  # corresponding to the read permissions, the 2 bit corresponds to the
                  # write bit, and the one bit corresponds to the execute permission.
                  # Default behavior is 755.
                  #
                  # Below are some examples of permissions and their associated values:
                  # read, write, and execute: 7
                  # read and execute: 5
                  # read and write: 6
                  # read only: 4
            },
            "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
              "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
                  # can return to indicate a success.
                42,
              ],
              "artifactId": "A String", # The id of the relevant artifact in the recipe.
              "args": [ # Arguments to be passed to the provided executable.
                "A String",
              ],
              "localPath": "A String", # The absolute path of the file on the local filesystem.
            },
          },
        ],
        "name": "A String", # Required. Unique identifier for the recipe. Only one recipe with a given name is
            # installed on an instance.
            #
            # Names are also used to identify resources which helps to determine whether
            # guest policies have conflicts. This means that requests to create multiple
            # recipes with the same name and version are rejected since they
            # could potentially have conflicting assignments.
        "updateSteps": [ # Actions to be taken for updating this recipe. On failure it stops
            # executing steps and  does not attempt another update for this recipe. Any
            # steps taken (including partially completed steps) are not rolled back.
          { # An action that can be taken as part of installing or updating a recipe.
            "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
              "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
              "destination": "A String", # Directory to extract archive to.
                  # Defaults to `/` on Linux or `C:\` on Windows.
              "type": "A String", # Required. The type of the archive to extract.
            },
            "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
              "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
                  # successfully. Behaviour defaults to [0]
                42,
              ],
              "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
              "flags": [ # The flags to use when installing the MSI
                  # defaults to ["/i"] (i.e. the install flag).
                "A String",
              ],
            },
            "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
              "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
                  # successfully. Behaviour defaults to [0]
                42,
              ],
              "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
                  # specified the script is executed directly, which likely
                  # only succeed for scripts with
                  # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
              "script": "A String", # Required. The shell script to be executed.
            },
            "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
              "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
            },
            "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
              "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
            },
            "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
              "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
              "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
                  # false and the file already exists the file is not overwritten
                  # and the step is considered a success. Defaults to false.
              "destination": "A String", # Required. The absolute path on the instance to put the file.
              "permissions": "A String", # Consists of three octal digits which represent, in
                  # order, the permissions of the owner, group, and other users for the
                  # file (similarly to the numeric mode used in the linux chmod utility).
                  # Each digit represents a three bit number with the 4 bit
                  # corresponding to the read permissions, the 2 bit corresponds to the
                  # write bit, and the one bit corresponds to the execute permission.
                  # Default behavior is 755.
                  #
                  # Below are some examples of permissions and their associated values:
                  # read, write, and execute: 7
                  # read and execute: 5
                  # read and write: 6
                  # read only: 4
            },
            "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
              "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
                  # can return to indicate a success.
                42,
              ],
              "artifactId": "A String", # The id of the relevant artifact in the recipe.
              "args": [ # Arguments to be passed to the provided executable.
                "A String",
              ],
              "localPath": "A String", # The absolute path of the file on the local filesystem.
            },
          },
        ],
        "version": "A String", # The version of this software recipe. Version can be up to 4 period
            # separated numbers (e.g. 12.34.56.78).
        "desiredState": "A String", # Default is INSTALLED. The desired state the agent should maintain for this
            # recipe.
            #
            # INSTALLED: The software recipe is installed on the instance but
            #            won't be updated to new versions.
            # UPDATED: The software recipe is installed on the instance. The recipe is
            #          updated to a higher version, if a higher version of the recipe is
            #          assigned to this instance.
            # REMOVE: Remove is unsupported for software recipes and attempts to
            #         create or update a recipe to the REMOVE state is rejected.
      },
    ],
    "assignment": { # An assignment represents the group or groups of VM instances that the policy # Required. Specifies the VM instances that are assigned to this policy. This allows
        # you to target sets or groups of VM instances by different parameters such
        # as labels, names, OS, or zones.
        #
        # If left empty, all VM instances underneath this policy are targeted.
        #
        # At the same level in the resource hierarchy (that is within a project), the
        # service prevents the creation of multiple policies that conflict with
        # each other. For more information, see how the service [handles assignment
        # conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts).
        # applies to.
        #
        # If an assignment is empty, it applies to all VM instances. Otherwise, the
        # targeted VM instances must meet all the criteria specified. So if both
        # labels and zones are specified, the policy applies to VM instances with those
        # labels and in those zones.
      "instances": [ # Targets any of the instances specified. Instances are specified by their
          # URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`.
          #
          # Instance targeting is uncommon and is supported to facilitate the
          # management of changes by the instance or to target specific VM instances
          # for development and testing.
          #
          # Only supported for project-level policies and must reference instances
          # within this project.
        "A String",
      ],
      "instanceNamePrefixes": [ # Targets VM instances whose name starts with one of these prefixes.
          #
          # Like labels, this is another way to group VM instances when targeting
          # configs, for example prefix="prod-".
          #
          # Only supported for project-level policies.
        "A String",
      ],
      "zones": [ # Targets instances in any of these zones. Leave empty to target instances
          # in any zone.
          #
          # Zonal targeting is uncommon and is supported to facilitate the management
          # of changes by zone.
        "A String",
      ],
      "groupLabels": [ # Targets instances matching at least one of these label sets. This allows
          # an assignment to target disparate groups, for example "env=prod or
          # env=staging".
        { # Represents a group of VM intances that can be identified as having all
            # these labels, for example "env=prod and app=web".
          "labels": { # Google Compute Engine instance labels that must be present for an
              # instance to be included in this assignment group.
            "a_key": "A String",
          },
        },
      ],
      "osTypes": [ # Targets VM instances matching at least one of the following OS types.
          #
          # VM instances must match all supplied criteria for a given OsType to be
          # included.
        { # Defines the criteria for selecting VM Instances by OS type.
          "osShortName": "A String", # Targets VM instances with OS Inventory enabled and having the following
              # OS short name, for example "debian" or "windows".
          "osArchitecture": "A String", # Targets VM instances with OS Inventory enabled and having the following
              # OS architecture.
          "osVersion": "A String", # Targets VM instances with OS Inventory enabled and having the following
              # following OS version.
        },
      ],
    },
    "description": "A String", # Description of the guest policy. Length of the description is limited
        # to 1024 characters.
    "packageRepositories": [ # A list of package repositories to configure on the VM instance. This is
        # done before any other configs are applied so they can use these repos.
        # Package repositories are only configured if the corresponding package
        # manager(s) are available.
      { # A package repository.
        "zypper": { # Represents a single Zypper package repository. This repository is added to a # A Zypper Repository.
            # repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`.
          "displayName": "A String", # The display name of the repository.
          "id": "A String", # Required. A one word, unique name for this repository. This is
              # the `repo id` in the zypper config file and also the `display_name` if
              # `display_name` is omitted. This id is also used as the unique identifier
              # when checking for guest policy conflicts.
          "baseUrl": "A String", # Required. The location of the repository directory.
          "gpgKeys": [ # URIs of GPG keys.
            "A String",
          ],
        },
        "apt": { # Represents a single Apt package repository. This repository is added to # An Apt Repository.
            # a repo file that is stored at
            # `/etc/apt/sources.list.d/google_osconfig.list`.
          "gpgKey": "A String", # URI of the key file for this repository. The agent maintains
              # a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing
              # all the keys in any applied guest policy.
          "distribution": "A String", # Required. Distribution of this repository.
          "components": [ # Required. List of components for this repository. Must contain at least one item.
            "A String",
          ],
          "archiveType": "A String", # Type of archive files in this repository. The default behavior is DEB.
          "uri": "A String", # Required. URI for this repository.
        },
        "yum": { # Represents a single Yum package repository. This repository is added to a # A Yum Repository.
            # repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`.
          "id": "A String", # Required. A one word, unique name for this repository. This is
              # the `repo id` in the Yum config file and also the `display_name` if
              # `display_name` is omitted. This id is also used as the unique identifier
              # when checking for guest policy conflicts.
          "baseUrl": "A String", # Required. The location of the repository directory.
          "gpgKeys": [ # URIs of GPG keys.
            "A String",
          ],
          "displayName": "A String", # The display name of the repository.
        },
        "goo": { # Represents a Goo package repository. These is added to a repo file # A Goo Repository.
            # that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo.
          "url": "A String", # Required. The url of the repository.
          "name": "A String", # Required. The name of the repository.
        },
      },
    ],
    "etag": "A String", # The etag for this guest policy.
        # If this is provided on update, it must match the server's etag.
  }
delete(name, x__xgafv=None)
Delete an OS Config guest policy.

Args:
  name: string, Required. The resource name of the guest policy  using one of the following forms:
`projects/{project_number}/guestPolicies/{guest_policy_id}`. (required)
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # A generic empty message that you can re-use to avoid defining duplicated
      # empty messages in your APIs. A typical example is to use it as the request
      # or the response type of an API method. For instance:
      #
      #     service Foo {
      #       rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
      #     }
      #
      # The JSON representation for `Empty` is empty JSON object `{}`.
  }
get(name, x__xgafv=None)
Get an OS Config guest policy.

Args:
  name: string, Required. The resource name of the guest policy using one of the following forms:
`projects/{project_number}/guestPolicies/{guest_policy_id}`. (required)
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # An OS Config resource representing a guest configuration policy. These
      # policies represent the desired state for VM instance guest environments
      # including packages to install or remove, package repository configurations,
      # and software to install.
    "createTime": "A String", # Output only. Time this guest policy was created.
    "packages": [ # The software packages to be managed by this policy.
      { # Package is a reference to the software package to be installed or removed.
          # The agent on the VM instance uses the system package manager to apply the
          # config.
          #
          #
          # These are the commands that the agent uses to install or remove
          # packages.
          #
          # Apt
          # install: `apt-get update && apt-get -y install package1 package2 package3`
          # remove: `apt-get -y remove package1 package2 package3`
          #
          # Yum
          # install: `yum -y install package1 package2 package3`
          # remove: `yum -y remove package1 package2 package3`
          #
          # Zypper
          # install: `zypper install package1 package2 package3`
          # remove: `zypper rm package1 package2`
          #
          # Googet
          # install: `googet -noconfirm install package1 package2 package3`
          # remove: `googet -noconfirm remove package1 package2 package3`
        "desiredState": "A String", # The desired_state the agent should maintain for this package. The
            # default is to ensure the package is installed.
        "name": "A String", # Required. The name of the package. A package is uniquely identified for conflict
            # validation by checking the package name and the manager(s) that the
            # package targets.
        "manager": "A String", # Type of package manager that can be used to install this package.
            # If a system does not have the package manager, the package is not
            # installed or removed no error message is returned. By default,
            # or if you specify `ANY`,
            # the agent attempts to install and remove this package using the default
            # package manager. This is useful when creating a policy that applies to
            # different types of systems.
            #
            # The default behavior is ANY.
      },
    ],
    "updateTime": "A String", # Output only. Last time this guest policy was updated.
    "name": "A String", # Required. Unique name of the resource in this project using one of the following
        # forms:
        # `projects/{project_number}/guestPolicies/{guest_policy_id}`.
    "recipes": [ # A list of Recipes to install on the VM instance.
      { # A software recipe is a set of instructions for installing and configuring a
          # piece of software. It consists of a set of artifacts that are
          # downloaded, and a set of steps that install, configure, and/or update the
          # software.
          #
          # Recipes support installing and updating software from artifacts in the
          # following formats:
          # Zip archive, Tar archive, Windows MSI, Debian package, and RPM package.
          #
          # Additionally, recipes support executing a script (either defined in a file or
          # directly in this api) in bash, sh, cmd, and powershell.
          #
          # Updating a software recipe
          #
          # If a recipe is assigned to an instance and there is a recipe with the same
          # name but a lower version already installed and the assigned state
          # of the recipe is `UPDATED`, then the recipe is updated to
          # the new version.
          #
          # Script Working Directories
          #
          # Each script or execution step is run in its own temporary directory which
          # is deleted after completing the step.
        "artifacts": [ # Resources available to be used in the steps in the recipe.
          { # Specifies a resource to be used in the recipe.
            "remote": { # Specifies an artifact available via some URI. # A generic remote artifact.
              "checksum": "A String", # Must be provided if `allow_insecure` is `false`.
                  # SHA256 checksum in hex format, to compare to the checksum of the
                  # artifact. If the checksum is not empty and it doesn't match the
                  # artifact then the recipe installation fails before running any of the
                  # steps.
              "uri": "A String", # URI from which to fetch the object. It should contain both the protocol
                  # and path following the format {protocol}://{location}.
            },
            "gcs": { # Specifies an artifact available as a Google Cloud Storage object. # A Google Cloud Storage artifact.
              "object": "A String", # Name of the Google Cloud Storage object.
                  # As specified [here]
                  # (https://cloud.google.com/storage/docs/naming#objectnames)
                  # Given an example URL:
                  # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
                  # this value would be `foo/bar`.
              "generation": "A String", # Must be provided if allow_insecure is false.
                  # Generation number of the Google Cloud Storage object.
                  # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
                  # this value would be `1234567`.
              "bucket": "A String", # Bucket of the Google Cloud Storage object.
                  # Given an example URL:
                  # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
                  # this value would be `my-bucket`.
            },
            "id": "A String", # Required. Id of the artifact, which the installation and update steps of this
                # recipe can reference. Artifacts in a recipe cannot have the same id.
            "allowInsecure": True or False, # Defaults to false. When false, recipes are subject to validations
                # based on the artifact type:
                #
                # Remote: A checksum must be specified, and only protocols with
                # transport-layer security are permitted.
                # GCS:    An object generation number must be specified.
          },
        ],
        "installSteps": [ # Actions to be taken for installing this recipe. On failure it stops
            # executing steps and does not attempt another installation. Any steps taken
            # (including partially completed steps) are not rolled back.
          { # An action that can be taken as part of installing or updating a recipe.
            "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
              "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
              "destination": "A String", # Directory to extract archive to.
                  # Defaults to `/` on Linux or `C:\` on Windows.
              "type": "A String", # Required. The type of the archive to extract.
            },
            "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
              "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
                  # successfully. Behaviour defaults to [0]
                42,
              ],
              "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
              "flags": [ # The flags to use when installing the MSI
                  # defaults to ["/i"] (i.e. the install flag).
                "A String",
              ],
            },
            "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
              "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
                  # successfully. Behaviour defaults to [0]
                42,
              ],
              "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
                  # specified the script is executed directly, which likely
                  # only succeed for scripts with
                  # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
              "script": "A String", # Required. The shell script to be executed.
            },
            "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
              "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
            },
            "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
              "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
            },
            "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
              "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
              "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
                  # false and the file already exists the file is not overwritten
                  # and the step is considered a success. Defaults to false.
              "destination": "A String", # Required. The absolute path on the instance to put the file.
              "permissions": "A String", # Consists of three octal digits which represent, in
                  # order, the permissions of the owner, group, and other users for the
                  # file (similarly to the numeric mode used in the linux chmod utility).
                  # Each digit represents a three bit number with the 4 bit
                  # corresponding to the read permissions, the 2 bit corresponds to the
                  # write bit, and the one bit corresponds to the execute permission.
                  # Default behavior is 755.
                  #
                  # Below are some examples of permissions and their associated values:
                  # read, write, and execute: 7
                  # read and execute: 5
                  # read and write: 6
                  # read only: 4
            },
            "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
              "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
                  # can return to indicate a success.
                42,
              ],
              "artifactId": "A String", # The id of the relevant artifact in the recipe.
              "args": [ # Arguments to be passed to the provided executable.
                "A String",
              ],
              "localPath": "A String", # The absolute path of the file on the local filesystem.
            },
          },
        ],
        "name": "A String", # Required. Unique identifier for the recipe. Only one recipe with a given name is
            # installed on an instance.
            #
            # Names are also used to identify resources which helps to determine whether
            # guest policies have conflicts. This means that requests to create multiple
            # recipes with the same name and version are rejected since they
            # could potentially have conflicting assignments.
        "updateSteps": [ # Actions to be taken for updating this recipe. On failure it stops
            # executing steps and  does not attempt another update for this recipe. Any
            # steps taken (including partially completed steps) are not rolled back.
          { # An action that can be taken as part of installing or updating a recipe.
            "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
              "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
              "destination": "A String", # Directory to extract archive to.
                  # Defaults to `/` on Linux or `C:\` on Windows.
              "type": "A String", # Required. The type of the archive to extract.
            },
            "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
              "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
                  # successfully. Behaviour defaults to [0]
                42,
              ],
              "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
              "flags": [ # The flags to use when installing the MSI
                  # defaults to ["/i"] (i.e. the install flag).
                "A String",
              ],
            },
            "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
              "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
                  # successfully. Behaviour defaults to [0]
                42,
              ],
              "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
                  # specified the script is executed directly, which likely
                  # only succeed for scripts with
                  # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
              "script": "A String", # Required. The shell script to be executed.
            },
            "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
              "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
            },
            "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
              "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
            },
            "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
              "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
              "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
                  # false and the file already exists the file is not overwritten
                  # and the step is considered a success. Defaults to false.
              "destination": "A String", # Required. The absolute path on the instance to put the file.
              "permissions": "A String", # Consists of three octal digits which represent, in
                  # order, the permissions of the owner, group, and other users for the
                  # file (similarly to the numeric mode used in the linux chmod utility).
                  # Each digit represents a three bit number with the 4 bit
                  # corresponding to the read permissions, the 2 bit corresponds to the
                  # write bit, and the one bit corresponds to the execute permission.
                  # Default behavior is 755.
                  #
                  # Below are some examples of permissions and their associated values:
                  # read, write, and execute: 7
                  # read and execute: 5
                  # read and write: 6
                  # read only: 4
            },
            "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
              "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
                  # can return to indicate a success.
                42,
              ],
              "artifactId": "A String", # The id of the relevant artifact in the recipe.
              "args": [ # Arguments to be passed to the provided executable.
                "A String",
              ],
              "localPath": "A String", # The absolute path of the file on the local filesystem.
            },
          },
        ],
        "version": "A String", # The version of this software recipe. Version can be up to 4 period
            # separated numbers (e.g. 12.34.56.78).
        "desiredState": "A String", # Default is INSTALLED. The desired state the agent should maintain for this
            # recipe.
            #
            # INSTALLED: The software recipe is installed on the instance but
            #            won't be updated to new versions.
            # UPDATED: The software recipe is installed on the instance. The recipe is
            #          updated to a higher version, if a higher version of the recipe is
            #          assigned to this instance.
            # REMOVE: Remove is unsupported for software recipes and attempts to
            #         create or update a recipe to the REMOVE state is rejected.
      },
    ],
    "assignment": { # An assignment represents the group or groups of VM instances that the policy # Required. Specifies the VM instances that are assigned to this policy. This allows
        # you to target sets or groups of VM instances by different parameters such
        # as labels, names, OS, or zones.
        #
        # If left empty, all VM instances underneath this policy are targeted.
        #
        # At the same level in the resource hierarchy (that is within a project), the
        # service prevents the creation of multiple policies that conflict with
        # each other. For more information, see how the service [handles assignment
        # conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts).
        # applies to.
        #
        # If an assignment is empty, it applies to all VM instances. Otherwise, the
        # targeted VM instances must meet all the criteria specified. So if both
        # labels and zones are specified, the policy applies to VM instances with those
        # labels and in those zones.
      "instances": [ # Targets any of the instances specified. Instances are specified by their
          # URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`.
          #
          # Instance targeting is uncommon and is supported to facilitate the
          # management of changes by the instance or to target specific VM instances
          # for development and testing.
          #
          # Only supported for project-level policies and must reference instances
          # within this project.
        "A String",
      ],
      "instanceNamePrefixes": [ # Targets VM instances whose name starts with one of these prefixes.
          #
          # Like labels, this is another way to group VM instances when targeting
          # configs, for example prefix="prod-".
          #
          # Only supported for project-level policies.
        "A String",
      ],
      "zones": [ # Targets instances in any of these zones. Leave empty to target instances
          # in any zone.
          #
          # Zonal targeting is uncommon and is supported to facilitate the management
          # of changes by zone.
        "A String",
      ],
      "groupLabels": [ # Targets instances matching at least one of these label sets. This allows
          # an assignment to target disparate groups, for example "env=prod or
          # env=staging".
        { # Represents a group of VM intances that can be identified as having all
            # these labels, for example "env=prod and app=web".
          "labels": { # Google Compute Engine instance labels that must be present for an
              # instance to be included in this assignment group.
            "a_key": "A String",
          },
        },
      ],
      "osTypes": [ # Targets VM instances matching at least one of the following OS types.
          #
          # VM instances must match all supplied criteria for a given OsType to be
          # included.
        { # Defines the criteria for selecting VM Instances by OS type.
          "osShortName": "A String", # Targets VM instances with OS Inventory enabled and having the following
              # OS short name, for example "debian" or "windows".
          "osArchitecture": "A String", # Targets VM instances with OS Inventory enabled and having the following
              # OS architecture.
          "osVersion": "A String", # Targets VM instances with OS Inventory enabled and having the following
              # following OS version.
        },
      ],
    },
    "description": "A String", # Description of the guest policy. Length of the description is limited
        # to 1024 characters.
    "packageRepositories": [ # A list of package repositories to configure on the VM instance. This is
        # done before any other configs are applied so they can use these repos.
        # Package repositories are only configured if the corresponding package
        # manager(s) are available.
      { # A package repository.
        "zypper": { # Represents a single Zypper package repository. This repository is added to a # A Zypper Repository.
            # repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`.
          "displayName": "A String", # The display name of the repository.
          "id": "A String", # Required. A one word, unique name for this repository. This is
              # the `repo id` in the zypper config file and also the `display_name` if
              # `display_name` is omitted. This id is also used as the unique identifier
              # when checking for guest policy conflicts.
          "baseUrl": "A String", # Required. The location of the repository directory.
          "gpgKeys": [ # URIs of GPG keys.
            "A String",
          ],
        },
        "apt": { # Represents a single Apt package repository. This repository is added to # An Apt Repository.
            # a repo file that is stored at
            # `/etc/apt/sources.list.d/google_osconfig.list`.
          "gpgKey": "A String", # URI of the key file for this repository. The agent maintains
              # a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing
              # all the keys in any applied guest policy.
          "distribution": "A String", # Required. Distribution of this repository.
          "components": [ # Required. List of components for this repository. Must contain at least one item.
            "A String",
          ],
          "archiveType": "A String", # Type of archive files in this repository. The default behavior is DEB.
          "uri": "A String", # Required. URI for this repository.
        },
        "yum": { # Represents a single Yum package repository. This repository is added to a # A Yum Repository.
            # repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`.
          "id": "A String", # Required. A one word, unique name for this repository. This is
              # the `repo id` in the Yum config file and also the `display_name` if
              # `display_name` is omitted. This id is also used as the unique identifier
              # when checking for guest policy conflicts.
          "baseUrl": "A String", # Required. The location of the repository directory.
          "gpgKeys": [ # URIs of GPG keys.
            "A String",
          ],
          "displayName": "A String", # The display name of the repository.
        },
        "goo": { # Represents a Goo package repository. These is added to a repo file # A Goo Repository.
            # that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo.
          "url": "A String", # Required. The url of the repository.
          "name": "A String", # Required. The name of the repository.
        },
      },
    ],
    "etag": "A String", # The etag for this guest policy.
        # If this is provided on update, it must match the server's etag.
  }
list(parent, pageToken=None, pageSize=None, x__xgafv=None)
Get a page of OS Config guest policies.

Args:
  parent: string, Required. The resource name of the parent using one of the following forms:
`projects/{project_number}`. (required)
  pageToken: string, A pagination token returned from a previous call to `ListGuestPolicies`
that indicates where this listing should continue from.
  pageSize: integer, The maximum number of guest policies to return.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # A response message for listing guest policies.
    "nextPageToken": "A String", # A pagination token that can be used to get the next page
        # of guest policies.
    "guestPolicies": [ # The list of GuestPolicies.
      { # An OS Config resource representing a guest configuration policy. These
          # policies represent the desired state for VM instance guest environments
          # including packages to install or remove, package repository configurations,
          # and software to install.
        "createTime": "A String", # Output only. Time this guest policy was created.
        "packages": [ # The software packages to be managed by this policy.
          { # Package is a reference to the software package to be installed or removed.
              # The agent on the VM instance uses the system package manager to apply the
              # config.
              #
              #
              # These are the commands that the agent uses to install or remove
              # packages.
              #
              # Apt
              # install: `apt-get update && apt-get -y install package1 package2 package3`
              # remove: `apt-get -y remove package1 package2 package3`
              #
              # Yum
              # install: `yum -y install package1 package2 package3`
              # remove: `yum -y remove package1 package2 package3`
              #
              # Zypper
              # install: `zypper install package1 package2 package3`
              # remove: `zypper rm package1 package2`
              #
              # Googet
              # install: `googet -noconfirm install package1 package2 package3`
              # remove: `googet -noconfirm remove package1 package2 package3`
            "desiredState": "A String", # The desired_state the agent should maintain for this package. The
                # default is to ensure the package is installed.
            "name": "A String", # Required. The name of the package. A package is uniquely identified for conflict
                # validation by checking the package name and the manager(s) that the
                # package targets.
            "manager": "A String", # Type of package manager that can be used to install this package.
                # If a system does not have the package manager, the package is not
                # installed or removed no error message is returned. By default,
                # or if you specify `ANY`,
                # the agent attempts to install and remove this package using the default
                # package manager. This is useful when creating a policy that applies to
                # different types of systems.
                #
                # The default behavior is ANY.
          },
        ],
        "updateTime": "A String", # Output only. Last time this guest policy was updated.
        "name": "A String", # Required. Unique name of the resource in this project using one of the following
            # forms:
            # `projects/{project_number}/guestPolicies/{guest_policy_id}`.
        "recipes": [ # A list of Recipes to install on the VM instance.
          { # A software recipe is a set of instructions for installing and configuring a
              # piece of software. It consists of a set of artifacts that are
              # downloaded, and a set of steps that install, configure, and/or update the
              # software.
              #
              # Recipes support installing and updating software from artifacts in the
              # following formats:
              # Zip archive, Tar archive, Windows MSI, Debian package, and RPM package.
              #
              # Additionally, recipes support executing a script (either defined in a file or
              # directly in this api) in bash, sh, cmd, and powershell.
              #
              # Updating a software recipe
              #
              # If a recipe is assigned to an instance and there is a recipe with the same
              # name but a lower version already installed and the assigned state
              # of the recipe is `UPDATED`, then the recipe is updated to
              # the new version.
              #
              # Script Working Directories
              #
              # Each script or execution step is run in its own temporary directory which
              # is deleted after completing the step.
            "artifacts": [ # Resources available to be used in the steps in the recipe.
              { # Specifies a resource to be used in the recipe.
                "remote": { # Specifies an artifact available via some URI. # A generic remote artifact.
                  "checksum": "A String", # Must be provided if `allow_insecure` is `false`.
                      # SHA256 checksum in hex format, to compare to the checksum of the
                      # artifact. If the checksum is not empty and it doesn't match the
                      # artifact then the recipe installation fails before running any of the
                      # steps.
                  "uri": "A String", # URI from which to fetch the object. It should contain both the protocol
                      # and path following the format {protocol}://{location}.
                },
                "gcs": { # Specifies an artifact available as a Google Cloud Storage object. # A Google Cloud Storage artifact.
                  "object": "A String", # Name of the Google Cloud Storage object.
                      # As specified [here]
                      # (https://cloud.google.com/storage/docs/naming#objectnames)
                      # Given an example URL:
                      # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
                      # this value would be `foo/bar`.
                  "generation": "A String", # Must be provided if allow_insecure is false.
                      # Generation number of the Google Cloud Storage object.
                      # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
                      # this value would be `1234567`.
                  "bucket": "A String", # Bucket of the Google Cloud Storage object.
                      # Given an example URL:
                      # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
                      # this value would be `my-bucket`.
                },
                "id": "A String", # Required. Id of the artifact, which the installation and update steps of this
                    # recipe can reference. Artifacts in a recipe cannot have the same id.
                "allowInsecure": True or False, # Defaults to false. When false, recipes are subject to validations
                    # based on the artifact type:
                    #
                    # Remote: A checksum must be specified, and only protocols with
                    # transport-layer security are permitted.
                    # GCS:    An object generation number must be specified.
              },
            ],
            "installSteps": [ # Actions to be taken for installing this recipe. On failure it stops
                # executing steps and does not attempt another installation. Any steps taken
                # (including partially completed steps) are not rolled back.
              { # An action that can be taken as part of installing or updating a recipe.
                "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
                  "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
                  "destination": "A String", # Directory to extract archive to.
                      # Defaults to `/` on Linux or `C:\` on Windows.
                  "type": "A String", # Required. The type of the archive to extract.
                },
                "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
                  "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
                      # successfully. Behaviour defaults to [0]
                    42,
                  ],
                  "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
                  "flags": [ # The flags to use when installing the MSI
                      # defaults to ["/i"] (i.e. the install flag).
                    "A String",
                  ],
                },
                "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
                  "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
                      # successfully. Behaviour defaults to [0]
                    42,
                  ],
                  "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
                      # specified the script is executed directly, which likely
                      # only succeed for scripts with
                      # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
                  "script": "A String", # Required. The shell script to be executed.
                },
                "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
                  "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
                },
                "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
                  "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
                },
                "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
                  "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
                  "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
                      # false and the file already exists the file is not overwritten
                      # and the step is considered a success. Defaults to false.
                  "destination": "A String", # Required. The absolute path on the instance to put the file.
                  "permissions": "A String", # Consists of three octal digits which represent, in
                      # order, the permissions of the owner, group, and other users for the
                      # file (similarly to the numeric mode used in the linux chmod utility).
                      # Each digit represents a three bit number with the 4 bit
                      # corresponding to the read permissions, the 2 bit corresponds to the
                      # write bit, and the one bit corresponds to the execute permission.
                      # Default behavior is 755.
                      #
                      # Below are some examples of permissions and their associated values:
                      # read, write, and execute: 7
                      # read and execute: 5
                      # read and write: 6
                      # read only: 4
                },
                "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
                  "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
                      # can return to indicate a success.
                    42,
                  ],
                  "artifactId": "A String", # The id of the relevant artifact in the recipe.
                  "args": [ # Arguments to be passed to the provided executable.
                    "A String",
                  ],
                  "localPath": "A String", # The absolute path of the file on the local filesystem.
                },
              },
            ],
            "name": "A String", # Required. Unique identifier for the recipe. Only one recipe with a given name is
                # installed on an instance.
                #
                # Names are also used to identify resources which helps to determine whether
                # guest policies have conflicts. This means that requests to create multiple
                # recipes with the same name and version are rejected since they
                # could potentially have conflicting assignments.
            "updateSteps": [ # Actions to be taken for updating this recipe. On failure it stops
                # executing steps and  does not attempt another update for this recipe. Any
                # steps taken (including partially completed steps) are not rolled back.
              { # An action that can be taken as part of installing or updating a recipe.
                "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
                  "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
                  "destination": "A String", # Directory to extract archive to.
                      # Defaults to `/` on Linux or `C:\` on Windows.
                  "type": "A String", # Required. The type of the archive to extract.
                },
                "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
                  "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
                      # successfully. Behaviour defaults to [0]
                    42,
                  ],
                  "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
                  "flags": [ # The flags to use when installing the MSI
                      # defaults to ["/i"] (i.e. the install flag).
                    "A String",
                  ],
                },
                "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
                  "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
                      # successfully. Behaviour defaults to [0]
                    42,
                  ],
                  "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
                      # specified the script is executed directly, which likely
                      # only succeed for scripts with
                      # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
                  "script": "A String", # Required. The shell script to be executed.
                },
                "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
                  "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
                },
                "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
                  "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
                },
                "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
                  "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
                  "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
                      # false and the file already exists the file is not overwritten
                      # and the step is considered a success. Defaults to false.
                  "destination": "A String", # Required. The absolute path on the instance to put the file.
                  "permissions": "A String", # Consists of three octal digits which represent, in
                      # order, the permissions of the owner, group, and other users for the
                      # file (similarly to the numeric mode used in the linux chmod utility).
                      # Each digit represents a three bit number with the 4 bit
                      # corresponding to the read permissions, the 2 bit corresponds to the
                      # write bit, and the one bit corresponds to the execute permission.
                      # Default behavior is 755.
                      #
                      # Below are some examples of permissions and their associated values:
                      # read, write, and execute: 7
                      # read and execute: 5
                      # read and write: 6
                      # read only: 4
                },
                "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
                  "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
                      # can return to indicate a success.
                    42,
                  ],
                  "artifactId": "A String", # The id of the relevant artifact in the recipe.
                  "args": [ # Arguments to be passed to the provided executable.
                    "A String",
                  ],
                  "localPath": "A String", # The absolute path of the file on the local filesystem.
                },
              },
            ],
            "version": "A String", # The version of this software recipe. Version can be up to 4 period
                # separated numbers (e.g. 12.34.56.78).
            "desiredState": "A String", # Default is INSTALLED. The desired state the agent should maintain for this
                # recipe.
                #
                # INSTALLED: The software recipe is installed on the instance but
                #            won't be updated to new versions.
                # UPDATED: The software recipe is installed on the instance. The recipe is
                #          updated to a higher version, if a higher version of the recipe is
                #          assigned to this instance.
                # REMOVE: Remove is unsupported for software recipes and attempts to
                #         create or update a recipe to the REMOVE state is rejected.
          },
        ],
        "assignment": { # An assignment represents the group or groups of VM instances that the policy # Required. Specifies the VM instances that are assigned to this policy. This allows
            # you to target sets or groups of VM instances by different parameters such
            # as labels, names, OS, or zones.
            #
            # If left empty, all VM instances underneath this policy are targeted.
            #
            # At the same level in the resource hierarchy (that is within a project), the
            # service prevents the creation of multiple policies that conflict with
            # each other. For more information, see how the service [handles assignment
            # conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts).
            # applies to.
            #
            # If an assignment is empty, it applies to all VM instances. Otherwise, the
            # targeted VM instances must meet all the criteria specified. So if both
            # labels and zones are specified, the policy applies to VM instances with those
            # labels and in those zones.
          "instances": [ # Targets any of the instances specified. Instances are specified by their
              # URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`.
              #
              # Instance targeting is uncommon and is supported to facilitate the
              # management of changes by the instance or to target specific VM instances
              # for development and testing.
              #
              # Only supported for project-level policies and must reference instances
              # within this project.
            "A String",
          ],
          "instanceNamePrefixes": [ # Targets VM instances whose name starts with one of these prefixes.
              #
              # Like labels, this is another way to group VM instances when targeting
              # configs, for example prefix="prod-".
              #
              # Only supported for project-level policies.
            "A String",
          ],
          "zones": [ # Targets instances in any of these zones. Leave empty to target instances
              # in any zone.
              #
              # Zonal targeting is uncommon and is supported to facilitate the management
              # of changes by zone.
            "A String",
          ],
          "groupLabels": [ # Targets instances matching at least one of these label sets. This allows
              # an assignment to target disparate groups, for example "env=prod or
              # env=staging".
            { # Represents a group of VM intances that can be identified as having all
                # these labels, for example "env=prod and app=web".
              "labels": { # Google Compute Engine instance labels that must be present for an
                  # instance to be included in this assignment group.
                "a_key": "A String",
              },
            },
          ],
          "osTypes": [ # Targets VM instances matching at least one of the following OS types.
              #
              # VM instances must match all supplied criteria for a given OsType to be
              # included.
            { # Defines the criteria for selecting VM Instances by OS type.
              "osShortName": "A String", # Targets VM instances with OS Inventory enabled and having the following
                  # OS short name, for example "debian" or "windows".
              "osArchitecture": "A String", # Targets VM instances with OS Inventory enabled and having the following
                  # OS architecture.
              "osVersion": "A String", # Targets VM instances with OS Inventory enabled and having the following
                  # following OS version.
            },
          ],
        },
        "description": "A String", # Description of the guest policy. Length of the description is limited
            # to 1024 characters.
        "packageRepositories": [ # A list of package repositories to configure on the VM instance. This is
            # done before any other configs are applied so they can use these repos.
            # Package repositories are only configured if the corresponding package
            # manager(s) are available.
          { # A package repository.
            "zypper": { # Represents a single Zypper package repository. This repository is added to a # A Zypper Repository.
                # repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`.
              "displayName": "A String", # The display name of the repository.
              "id": "A String", # Required. A one word, unique name for this repository. This is
                  # the `repo id` in the zypper config file and also the `display_name` if
                  # `display_name` is omitted. This id is also used as the unique identifier
                  # when checking for guest policy conflicts.
              "baseUrl": "A String", # Required. The location of the repository directory.
              "gpgKeys": [ # URIs of GPG keys.
                "A String",
              ],
            },
            "apt": { # Represents a single Apt package repository. This repository is added to # An Apt Repository.
                # a repo file that is stored at
                # `/etc/apt/sources.list.d/google_osconfig.list`.
              "gpgKey": "A String", # URI of the key file for this repository. The agent maintains
                  # a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing
                  # all the keys in any applied guest policy.
              "distribution": "A String", # Required. Distribution of this repository.
              "components": [ # Required. List of components for this repository. Must contain at least one item.
                "A String",
              ],
              "archiveType": "A String", # Type of archive files in this repository. The default behavior is DEB.
              "uri": "A String", # Required. URI for this repository.
            },
            "yum": { # Represents a single Yum package repository. This repository is added to a # A Yum Repository.
                # repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`.
              "id": "A String", # Required. A one word, unique name for this repository. This is
                  # the `repo id` in the Yum config file and also the `display_name` if
                  # `display_name` is omitted. This id is also used as the unique identifier
                  # when checking for guest policy conflicts.
              "baseUrl": "A String", # Required. The location of the repository directory.
              "gpgKeys": [ # URIs of GPG keys.
                "A String",
              ],
              "displayName": "A String", # The display name of the repository.
            },
            "goo": { # Represents a Goo package repository. These is added to a repo file # A Goo Repository.
                # that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo.
              "url": "A String", # Required. The url of the repository.
              "name": "A String", # Required. The name of the repository.
            },
          },
        ],
        "etag": "A String", # The etag for this guest policy.
            # If this is provided on update, it must match the server's etag.
      },
    ],
  }
list_next(previous_request, previous_response)
Retrieves the next page of results.

Args:
  previous_request: The request for the previous page. (required)
  previous_response: The response from the request for the previous page. (required)

Returns:
  A request object that you can call 'execute()' on to request the next
  page. Returns None if there are no more items in the collection.
    
patch(name, body=None, updateMask=None, x__xgafv=None)
Update an OS Config guest policy.

Args:
  name: string, Required. Unique name of the resource in this project using one of the following
forms:
`projects/{project_number}/guestPolicies/{guest_policy_id}`. (required)
  body: object, The request body.
    The object takes the form of:

{ # An OS Config resource representing a guest configuration policy. These
    # policies represent the desired state for VM instance guest environments
    # including packages to install or remove, package repository configurations,
    # and software to install.
  "createTime": "A String", # Output only. Time this guest policy was created.
  "packages": [ # The software packages to be managed by this policy.
    { # Package is a reference to the software package to be installed or removed.
        # The agent on the VM instance uses the system package manager to apply the
        # config.
        #
        #
        # These are the commands that the agent uses to install or remove
        # packages.
        #
        # Apt
        # install: `apt-get update && apt-get -y install package1 package2 package3`
        # remove: `apt-get -y remove package1 package2 package3`
        #
        # Yum
        # install: `yum -y install package1 package2 package3`
        # remove: `yum -y remove package1 package2 package3`
        #
        # Zypper
        # install: `zypper install package1 package2 package3`
        # remove: `zypper rm package1 package2`
        #
        # Googet
        # install: `googet -noconfirm install package1 package2 package3`
        # remove: `googet -noconfirm remove package1 package2 package3`
      "desiredState": "A String", # The desired_state the agent should maintain for this package. The
          # default is to ensure the package is installed.
      "name": "A String", # Required. The name of the package. A package is uniquely identified for conflict
          # validation by checking the package name and the manager(s) that the
          # package targets.
      "manager": "A String", # Type of package manager that can be used to install this package.
          # If a system does not have the package manager, the package is not
          # installed or removed no error message is returned. By default,
          # or if you specify `ANY`,
          # the agent attempts to install and remove this package using the default
          # package manager. This is useful when creating a policy that applies to
          # different types of systems.
          #
          # The default behavior is ANY.
    },
  ],
  "updateTime": "A String", # Output only. Last time this guest policy was updated.
  "name": "A String", # Required. Unique name of the resource in this project using one of the following
      # forms:
      # `projects/{project_number}/guestPolicies/{guest_policy_id}`.
  "recipes": [ # A list of Recipes to install on the VM instance.
    { # A software recipe is a set of instructions for installing and configuring a
        # piece of software. It consists of a set of artifacts that are
        # downloaded, and a set of steps that install, configure, and/or update the
        # software.
        #
        # Recipes support installing and updating software from artifacts in the
        # following formats:
        # Zip archive, Tar archive, Windows MSI, Debian package, and RPM package.
        #
        # Additionally, recipes support executing a script (either defined in a file or
        # directly in this api) in bash, sh, cmd, and powershell.
        #
        # Updating a software recipe
        #
        # If a recipe is assigned to an instance and there is a recipe with the same
        # name but a lower version already installed and the assigned state
        # of the recipe is `UPDATED`, then the recipe is updated to
        # the new version.
        #
        # Script Working Directories
        #
        # Each script or execution step is run in its own temporary directory which
        # is deleted after completing the step.
      "artifacts": [ # Resources available to be used in the steps in the recipe.
        { # Specifies a resource to be used in the recipe.
          "remote": { # Specifies an artifact available via some URI. # A generic remote artifact.
            "checksum": "A String", # Must be provided if `allow_insecure` is `false`.
                # SHA256 checksum in hex format, to compare to the checksum of the
                # artifact. If the checksum is not empty and it doesn't match the
                # artifact then the recipe installation fails before running any of the
                # steps.
            "uri": "A String", # URI from which to fetch the object. It should contain both the protocol
                # and path following the format {protocol}://{location}.
          },
          "gcs": { # Specifies an artifact available as a Google Cloud Storage object. # A Google Cloud Storage artifact.
            "object": "A String", # Name of the Google Cloud Storage object.
                # As specified [here]
                # (https://cloud.google.com/storage/docs/naming#objectnames)
                # Given an example URL:
                # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
                # this value would be `foo/bar`.
            "generation": "A String", # Must be provided if allow_insecure is false.
                # Generation number of the Google Cloud Storage object.
                # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
                # this value would be `1234567`.
            "bucket": "A String", # Bucket of the Google Cloud Storage object.
                # Given an example URL:
                # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
                # this value would be `my-bucket`.
          },
          "id": "A String", # Required. Id of the artifact, which the installation and update steps of this
              # recipe can reference. Artifacts in a recipe cannot have the same id.
          "allowInsecure": True or False, # Defaults to false. When false, recipes are subject to validations
              # based on the artifact type:
              #
              # Remote: A checksum must be specified, and only protocols with
              # transport-layer security are permitted.
              # GCS:    An object generation number must be specified.
        },
      ],
      "installSteps": [ # Actions to be taken for installing this recipe. On failure it stops
          # executing steps and does not attempt another installation. Any steps taken
          # (including partially completed steps) are not rolled back.
        { # An action that can be taken as part of installing or updating a recipe.
          "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
            "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
            "destination": "A String", # Directory to extract archive to.
                # Defaults to `/` on Linux or `C:\` on Windows.
            "type": "A String", # Required. The type of the archive to extract.
          },
          "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
            "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
                # successfully. Behaviour defaults to [0]
              42,
            ],
            "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
            "flags": [ # The flags to use when installing the MSI
                # defaults to ["/i"] (i.e. the install flag).
              "A String",
            ],
          },
          "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
            "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
                # successfully. Behaviour defaults to [0]
              42,
            ],
            "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
                # specified the script is executed directly, which likely
                # only succeed for scripts with
                # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
            "script": "A String", # Required. The shell script to be executed.
          },
          "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
            "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
          },
          "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
            "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
          },
          "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
            "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
            "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
                # false and the file already exists the file is not overwritten
                # and the step is considered a success. Defaults to false.
            "destination": "A String", # Required. The absolute path on the instance to put the file.
            "permissions": "A String", # Consists of three octal digits which represent, in
                # order, the permissions of the owner, group, and other users for the
                # file (similarly to the numeric mode used in the linux chmod utility).
                # Each digit represents a three bit number with the 4 bit
                # corresponding to the read permissions, the 2 bit corresponds to the
                # write bit, and the one bit corresponds to the execute permission.
                # Default behavior is 755.
                #
                # Below are some examples of permissions and their associated values:
                # read, write, and execute: 7
                # read and execute: 5
                # read and write: 6
                # read only: 4
          },
          "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
            "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
                # can return to indicate a success.
              42,
            ],
            "artifactId": "A String", # The id of the relevant artifact in the recipe.
            "args": [ # Arguments to be passed to the provided executable.
              "A String",
            ],
            "localPath": "A String", # The absolute path of the file on the local filesystem.
          },
        },
      ],
      "name": "A String", # Required. Unique identifier for the recipe. Only one recipe with a given name is
          # installed on an instance.
          #
          # Names are also used to identify resources which helps to determine whether
          # guest policies have conflicts. This means that requests to create multiple
          # recipes with the same name and version are rejected since they
          # could potentially have conflicting assignments.
      "updateSteps": [ # Actions to be taken for updating this recipe. On failure it stops
          # executing steps and  does not attempt another update for this recipe. Any
          # steps taken (including partially completed steps) are not rolled back.
        { # An action that can be taken as part of installing or updating a recipe.
          "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
            "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
            "destination": "A String", # Directory to extract archive to.
                # Defaults to `/` on Linux or `C:\` on Windows.
            "type": "A String", # Required. The type of the archive to extract.
          },
          "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
            "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
                # successfully. Behaviour defaults to [0]
              42,
            ],
            "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
            "flags": [ # The flags to use when installing the MSI
                # defaults to ["/i"] (i.e. the install flag).
              "A String",
            ],
          },
          "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
            "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
                # successfully. Behaviour defaults to [0]
              42,
            ],
            "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
                # specified the script is executed directly, which likely
                # only succeed for scripts with
                # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
            "script": "A String", # Required. The shell script to be executed.
          },
          "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
            "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
          },
          "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
            "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
          },
          "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
            "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
            "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
                # false and the file already exists the file is not overwritten
                # and the step is considered a success. Defaults to false.
            "destination": "A String", # Required. The absolute path on the instance to put the file.
            "permissions": "A String", # Consists of three octal digits which represent, in
                # order, the permissions of the owner, group, and other users for the
                # file (similarly to the numeric mode used in the linux chmod utility).
                # Each digit represents a three bit number with the 4 bit
                # corresponding to the read permissions, the 2 bit corresponds to the
                # write bit, and the one bit corresponds to the execute permission.
                # Default behavior is 755.
                #
                # Below are some examples of permissions and their associated values:
                # read, write, and execute: 7
                # read and execute: 5
                # read and write: 6
                # read only: 4
          },
          "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
            "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
                # can return to indicate a success.
              42,
            ],
            "artifactId": "A String", # The id of the relevant artifact in the recipe.
            "args": [ # Arguments to be passed to the provided executable.
              "A String",
            ],
            "localPath": "A String", # The absolute path of the file on the local filesystem.
          },
        },
      ],
      "version": "A String", # The version of this software recipe. Version can be up to 4 period
          # separated numbers (e.g. 12.34.56.78).
      "desiredState": "A String", # Default is INSTALLED. The desired state the agent should maintain for this
          # recipe.
          #
          # INSTALLED: The software recipe is installed on the instance but
          #            won't be updated to new versions.
          # UPDATED: The software recipe is installed on the instance. The recipe is
          #          updated to a higher version, if a higher version of the recipe is
          #          assigned to this instance.
          # REMOVE: Remove is unsupported for software recipes and attempts to
          #         create or update a recipe to the REMOVE state is rejected.
    },
  ],
  "assignment": { # An assignment represents the group or groups of VM instances that the policy # Required. Specifies the VM instances that are assigned to this policy. This allows
      # you to target sets or groups of VM instances by different parameters such
      # as labels, names, OS, or zones.
      # 
      # If left empty, all VM instances underneath this policy are targeted.
      # 
      # At the same level in the resource hierarchy (that is within a project), the
      # service prevents the creation of multiple policies that conflict with
      # each other. For more information, see how the service [handles assignment
      # conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts).
      # applies to.
      #
      # If an assignment is empty, it applies to all VM instances. Otherwise, the
      # targeted VM instances must meet all the criteria specified. So if both
      # labels and zones are specified, the policy applies to VM instances with those
      # labels and in those zones.
    "instances": [ # Targets any of the instances specified. Instances are specified by their
        # URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`.
        #
        # Instance targeting is uncommon and is supported to facilitate the
        # management of changes by the instance or to target specific VM instances
        # for development and testing.
        #
        # Only supported for project-level policies and must reference instances
        # within this project.
      "A String",
    ],
    "instanceNamePrefixes": [ # Targets VM instances whose name starts with one of these prefixes.
        #
        # Like labels, this is another way to group VM instances when targeting
        # configs, for example prefix="prod-".
        #
        # Only supported for project-level policies.
      "A String",
    ],
    "zones": [ # Targets instances in any of these zones. Leave empty to target instances
        # in any zone.
        #
        # Zonal targeting is uncommon and is supported to facilitate the management
        # of changes by zone.
      "A String",
    ],
    "groupLabels": [ # Targets instances matching at least one of these label sets. This allows
        # an assignment to target disparate groups, for example "env=prod or
        # env=staging".
      { # Represents a group of VM intances that can be identified as having all
          # these labels, for example "env=prod and app=web".
        "labels": { # Google Compute Engine instance labels that must be present for an
            # instance to be included in this assignment group.
          "a_key": "A String",
        },
      },
    ],
    "osTypes": [ # Targets VM instances matching at least one of the following OS types.
        #
        # VM instances must match all supplied criteria for a given OsType to be
        # included.
      { # Defines the criteria for selecting VM Instances by OS type.
        "osShortName": "A String", # Targets VM instances with OS Inventory enabled and having the following
            # OS short name, for example "debian" or "windows".
        "osArchitecture": "A String", # Targets VM instances with OS Inventory enabled and having the following
            # OS architecture.
        "osVersion": "A String", # Targets VM instances with OS Inventory enabled and having the following
            # following OS version.
      },
    ],
  },
  "description": "A String", # Description of the guest policy. Length of the description is limited
      # to 1024 characters.
  "packageRepositories": [ # A list of package repositories to configure on the VM instance. This is
      # done before any other configs are applied so they can use these repos.
      # Package repositories are only configured if the corresponding package
      # manager(s) are available.
    { # A package repository.
      "zypper": { # Represents a single Zypper package repository. This repository is added to a # A Zypper Repository.
          # repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`.
        "displayName": "A String", # The display name of the repository.
        "id": "A String", # Required. A one word, unique name for this repository. This is
            # the `repo id` in the zypper config file and also the `display_name` if
            # `display_name` is omitted. This id is also used as the unique identifier
            # when checking for guest policy conflicts.
        "baseUrl": "A String", # Required. The location of the repository directory.
        "gpgKeys": [ # URIs of GPG keys.
          "A String",
        ],
      },
      "apt": { # Represents a single Apt package repository. This repository is added to # An Apt Repository.
          # a repo file that is stored at
          # `/etc/apt/sources.list.d/google_osconfig.list`.
        "gpgKey": "A String", # URI of the key file for this repository. The agent maintains
            # a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing
            # all the keys in any applied guest policy.
        "distribution": "A String", # Required. Distribution of this repository.
        "components": [ # Required. List of components for this repository. Must contain at least one item.
          "A String",
        ],
        "archiveType": "A String", # Type of archive files in this repository. The default behavior is DEB.
        "uri": "A String", # Required. URI for this repository.
      },
      "yum": { # Represents a single Yum package repository. This repository is added to a # A Yum Repository.
          # repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`.
        "id": "A String", # Required. A one word, unique name for this repository. This is
            # the `repo id` in the Yum config file and also the `display_name` if
            # `display_name` is omitted. This id is also used as the unique identifier
            # when checking for guest policy conflicts.
        "baseUrl": "A String", # Required. The location of the repository directory.
        "gpgKeys": [ # URIs of GPG keys.
          "A String",
        ],
        "displayName": "A String", # The display name of the repository.
      },
      "goo": { # Represents a Goo package repository. These is added to a repo file # A Goo Repository.
          # that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo.
        "url": "A String", # Required. The url of the repository.
        "name": "A String", # Required. The name of the repository.
      },
    },
  ],
  "etag": "A String", # The etag for this guest policy.
      # If this is provided on update, it must match the server's etag.
}

  updateMask: string, Field mask that controls which fields of the guest policy should be
updated.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # An OS Config resource representing a guest configuration policy. These
      # policies represent the desired state for VM instance guest environments
      # including packages to install or remove, package repository configurations,
      # and software to install.
    "createTime": "A String", # Output only. Time this guest policy was created.
    "packages": [ # The software packages to be managed by this policy.
      { # Package is a reference to the software package to be installed or removed.
          # The agent on the VM instance uses the system package manager to apply the
          # config.
          #
          #
          # These are the commands that the agent uses to install or remove
          # packages.
          #
          # Apt
          # install: `apt-get update && apt-get -y install package1 package2 package3`
          # remove: `apt-get -y remove package1 package2 package3`
          #
          # Yum
          # install: `yum -y install package1 package2 package3`
          # remove: `yum -y remove package1 package2 package3`
          #
          # Zypper
          # install: `zypper install package1 package2 package3`
          # remove: `zypper rm package1 package2`
          #
          # Googet
          # install: `googet -noconfirm install package1 package2 package3`
          # remove: `googet -noconfirm remove package1 package2 package3`
        "desiredState": "A String", # The desired_state the agent should maintain for this package. The
            # default is to ensure the package is installed.
        "name": "A String", # Required. The name of the package. A package is uniquely identified for conflict
            # validation by checking the package name and the manager(s) that the
            # package targets.
        "manager": "A String", # Type of package manager that can be used to install this package.
            # If a system does not have the package manager, the package is not
            # installed or removed no error message is returned. By default,
            # or if you specify `ANY`,
            # the agent attempts to install and remove this package using the default
            # package manager. This is useful when creating a policy that applies to
            # different types of systems.
            #
            # The default behavior is ANY.
      },
    ],
    "updateTime": "A String", # Output only. Last time this guest policy was updated.
    "name": "A String", # Required. Unique name of the resource in this project using one of the following
        # forms:
        # `projects/{project_number}/guestPolicies/{guest_policy_id}`.
    "recipes": [ # A list of Recipes to install on the VM instance.
      { # A software recipe is a set of instructions for installing and configuring a
          # piece of software. It consists of a set of artifacts that are
          # downloaded, and a set of steps that install, configure, and/or update the
          # software.
          #
          # Recipes support installing and updating software from artifacts in the
          # following formats:
          # Zip archive, Tar archive, Windows MSI, Debian package, and RPM package.
          #
          # Additionally, recipes support executing a script (either defined in a file or
          # directly in this api) in bash, sh, cmd, and powershell.
          #
          # Updating a software recipe
          #
          # If a recipe is assigned to an instance and there is a recipe with the same
          # name but a lower version already installed and the assigned state
          # of the recipe is `UPDATED`, then the recipe is updated to
          # the new version.
          #
          # Script Working Directories
          #
          # Each script or execution step is run in its own temporary directory which
          # is deleted after completing the step.
        "artifacts": [ # Resources available to be used in the steps in the recipe.
          { # Specifies a resource to be used in the recipe.
            "remote": { # Specifies an artifact available via some URI. # A generic remote artifact.
              "checksum": "A String", # Must be provided if `allow_insecure` is `false`.
                  # SHA256 checksum in hex format, to compare to the checksum of the
                  # artifact. If the checksum is not empty and it doesn't match the
                  # artifact then the recipe installation fails before running any of the
                  # steps.
              "uri": "A String", # URI from which to fetch the object. It should contain both the protocol
                  # and path following the format {protocol}://{location}.
            },
            "gcs": { # Specifies an artifact available as a Google Cloud Storage object. # A Google Cloud Storage artifact.
              "object": "A String", # Name of the Google Cloud Storage object.
                  # As specified [here]
                  # (https://cloud.google.com/storage/docs/naming#objectnames)
                  # Given an example URL:
                  # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
                  # this value would be `foo/bar`.
              "generation": "A String", # Must be provided if allow_insecure is false.
                  # Generation number of the Google Cloud Storage object.
                  # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
                  # this value would be `1234567`.
              "bucket": "A String", # Bucket of the Google Cloud Storage object.
                  # Given an example URL:
                  # `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
                  # this value would be `my-bucket`.
            },
            "id": "A String", # Required. Id of the artifact, which the installation and update steps of this
                # recipe can reference. Artifacts in a recipe cannot have the same id.
            "allowInsecure": True or False, # Defaults to false. When false, recipes are subject to validations
                # based on the artifact type:
                #
                # Remote: A checksum must be specified, and only protocols with
                # transport-layer security are permitted.
                # GCS:    An object generation number must be specified.
          },
        ],
        "installSteps": [ # Actions to be taken for installing this recipe. On failure it stops
            # executing steps and does not attempt another installation. Any steps taken
            # (including partially completed steps) are not rolled back.
          { # An action that can be taken as part of installing or updating a recipe.
            "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
              "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
              "destination": "A String", # Directory to extract archive to.
                  # Defaults to `/` on Linux or `C:\` on Windows.
              "type": "A String", # Required. The type of the archive to extract.
            },
            "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
              "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
                  # successfully. Behaviour defaults to [0]
                42,
              ],
              "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
              "flags": [ # The flags to use when installing the MSI
                  # defaults to ["/i"] (i.e. the install flag).
                "A String",
              ],
            },
            "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
              "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
                  # successfully. Behaviour defaults to [0]
                42,
              ],
              "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
                  # specified the script is executed directly, which likely
                  # only succeed for scripts with
                  # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
              "script": "A String", # Required. The shell script to be executed.
            },
            "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
              "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
            },
            "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
              "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
            },
            "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
              "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
              "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
                  # false and the file already exists the file is not overwritten
                  # and the step is considered a success. Defaults to false.
              "destination": "A String", # Required. The absolute path on the instance to put the file.
              "permissions": "A String", # Consists of three octal digits which represent, in
                  # order, the permissions of the owner, group, and other users for the
                  # file (similarly to the numeric mode used in the linux chmod utility).
                  # Each digit represents a three bit number with the 4 bit
                  # corresponding to the read permissions, the 2 bit corresponds to the
                  # write bit, and the one bit corresponds to the execute permission.
                  # Default behavior is 755.
                  #
                  # Below are some examples of permissions and their associated values:
                  # read, write, and execute: 7
                  # read and execute: 5
                  # read and write: 6
                  # read only: 4
            },
            "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
              "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
                  # can return to indicate a success.
                42,
              ],
              "artifactId": "A String", # The id of the relevant artifact in the recipe.
              "args": [ # Arguments to be passed to the provided executable.
                "A String",
              ],
              "localPath": "A String", # The absolute path of the file on the local filesystem.
            },
          },
        ],
        "name": "A String", # Required. Unique identifier for the recipe. Only one recipe with a given name is
            # installed on an instance.
            #
            # Names are also used to identify resources which helps to determine whether
            # guest policies have conflicts. This means that requests to create multiple
            # recipes with the same name and version are rejected since they
            # could potentially have conflicting assignments.
        "updateSteps": [ # Actions to be taken for updating this recipe. On failure it stops
            # executing steps and  does not attempt another update for this recipe. Any
            # steps taken (including partially completed steps) are not rolled back.
          { # An action that can be taken as part of installing or updating a recipe.
            "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory.
              "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
              "destination": "A String", # Directory to extract archive to.
                  # Defaults to `/` on Linux or `C:\` on Windows.
              "type": "A String", # Required. The type of the archive to extract.
            },
            "msiInstallation": { # Installs an MSI file. # Installs an MSI file.
              "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
                  # successfully. Behaviour defaults to [0]
                42,
              ],
              "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
              "flags": [ # The flags to use when installing the MSI
                  # defaults to ["/i"] (i.e. the install flag).
                "A String",
              ],
            },
            "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell.
              "allowedExitCodes": [ # Return codes that indicate that the software installed or updated
                  # successfully. Behaviour defaults to [0]
                42,
              ],
              "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is
                  # specified the script is executed directly, which likely
                  # only succeed for scripts with
                  # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
              "script": "A String", # Required. The shell script to be executed.
            },
            "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility.
              "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
            },
            "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg.
              "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
            },
            "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance.
              "artifactId": "A String", # Required. The id of the relevant artifact in the recipe.
              "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is
                  # false and the file already exists the file is not overwritten
                  # and the step is considered a success. Defaults to false.
              "destination": "A String", # Required. The absolute path on the instance to put the file.
              "permissions": "A String", # Consists of three octal digits which represent, in
                  # order, the permissions of the owner, group, and other users for the
                  # file (similarly to the numeric mode used in the linux chmod utility).
                  # Each digit represents a three bit number with the 4 bit
                  # corresponding to the read permissions, the 2 bit corresponds to the
                  # write bit, and the one bit corresponds to the execute permission.
                  # Default behavior is 755.
                  #
                  # Below are some examples of permissions and their associated values:
                  # read, write, and execute: 7
                  # read and execute: 5
                  # read and write: 6
                  # read only: 4
            },
            "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file.
              "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program
                  # can return to indicate a success.
                42,
              ],
              "artifactId": "A String", # The id of the relevant artifact in the recipe.
              "args": [ # Arguments to be passed to the provided executable.
                "A String",
              ],
              "localPath": "A String", # The absolute path of the file on the local filesystem.
            },
          },
        ],
        "version": "A String", # The version of this software recipe. Version can be up to 4 period
            # separated numbers (e.g. 12.34.56.78).
        "desiredState": "A String", # Default is INSTALLED. The desired state the agent should maintain for this
            # recipe.
            #
            # INSTALLED: The software recipe is installed on the instance but
            #            won't be updated to new versions.
            # UPDATED: The software recipe is installed on the instance. The recipe is
            #          updated to a higher version, if a higher version of the recipe is
            #          assigned to this instance.
            # REMOVE: Remove is unsupported for software recipes and attempts to
            #         create or update a recipe to the REMOVE state is rejected.
      },
    ],
    "assignment": { # An assignment represents the group or groups of VM instances that the policy # Required. Specifies the VM instances that are assigned to this policy. This allows
        # you to target sets or groups of VM instances by different parameters such
        # as labels, names, OS, or zones.
        #
        # If left empty, all VM instances underneath this policy are targeted.
        #
        # At the same level in the resource hierarchy (that is within a project), the
        # service prevents the creation of multiple policies that conflict with
        # each other. For more information, see how the service [handles assignment
        # conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts).
        # applies to.
        #
        # If an assignment is empty, it applies to all VM instances. Otherwise, the
        # targeted VM instances must meet all the criteria specified. So if both
        # labels and zones are specified, the policy applies to VM instances with those
        # labels and in those zones.
      "instances": [ # Targets any of the instances specified. Instances are specified by their
          # URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`.
          #
          # Instance targeting is uncommon and is supported to facilitate the
          # management of changes by the instance or to target specific VM instances
          # for development and testing.
          #
          # Only supported for project-level policies and must reference instances
          # within this project.
        "A String",
      ],
      "instanceNamePrefixes": [ # Targets VM instances whose name starts with one of these prefixes.
          #
          # Like labels, this is another way to group VM instances when targeting
          # configs, for example prefix="prod-".
          #
          # Only supported for project-level policies.
        "A String",
      ],
      "zones": [ # Targets instances in any of these zones. Leave empty to target instances
          # in any zone.
          #
          # Zonal targeting is uncommon and is supported to facilitate the management
          # of changes by zone.
        "A String",
      ],
      "groupLabels": [ # Targets instances matching at least one of these label sets. This allows
          # an assignment to target disparate groups, for example "env=prod or
          # env=staging".
        { # Represents a group of VM intances that can be identified as having all
            # these labels, for example "env=prod and app=web".
          "labels": { # Google Compute Engine instance labels that must be present for an
              # instance to be included in this assignment group.
            "a_key": "A String",
          },
        },
      ],
      "osTypes": [ # Targets VM instances matching at least one of the following OS types.
          #
          # VM instances must match all supplied criteria for a given OsType to be
          # included.
        { # Defines the criteria for selecting VM Instances by OS type.
          "osShortName": "A String", # Targets VM instances with OS Inventory enabled and having the following
              # OS short name, for example "debian" or "windows".
          "osArchitecture": "A String", # Targets VM instances with OS Inventory enabled and having the following
              # OS architecture.
          "osVersion": "A String", # Targets VM instances with OS Inventory enabled and having the following
              # following OS version.
        },
      ],
    },
    "description": "A String", # Description of the guest policy. Length of the description is limited
        # to 1024 characters.
    "packageRepositories": [ # A list of package repositories to configure on the VM instance. This is
        # done before any other configs are applied so they can use these repos.
        # Package repositories are only configured if the corresponding package
        # manager(s) are available.
      { # A package repository.
        "zypper": { # Represents a single Zypper package repository. This repository is added to a # A Zypper Repository.
            # repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`.
          "displayName": "A String", # The display name of the repository.
          "id": "A String", # Required. A one word, unique name for this repository. This is
              # the `repo id` in the zypper config file and also the `display_name` if
              # `display_name` is omitted. This id is also used as the unique identifier
              # when checking for guest policy conflicts.
          "baseUrl": "A String", # Required. The location of the repository directory.
          "gpgKeys": [ # URIs of GPG keys.
            "A String",
          ],
        },
        "apt": { # Represents a single Apt package repository. This repository is added to # An Apt Repository.
            # a repo file that is stored at
            # `/etc/apt/sources.list.d/google_osconfig.list`.
          "gpgKey": "A String", # URI of the key file for this repository. The agent maintains
              # a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing
              # all the keys in any applied guest policy.
          "distribution": "A String", # Required. Distribution of this repository.
          "components": [ # Required. List of components for this repository. Must contain at least one item.
            "A String",
          ],
          "archiveType": "A String", # Type of archive files in this repository. The default behavior is DEB.
          "uri": "A String", # Required. URI for this repository.
        },
        "yum": { # Represents a single Yum package repository. This repository is added to a # A Yum Repository.
            # repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`.
          "id": "A String", # Required. A one word, unique name for this repository. This is
              # the `repo id` in the Yum config file and also the `display_name` if
              # `display_name` is omitted. This id is also used as the unique identifier
              # when checking for guest policy conflicts.
          "baseUrl": "A String", # Required. The location of the repository directory.
          "gpgKeys": [ # URIs of GPG keys.
            "A String",
          ],
          "displayName": "A String", # The display name of the repository.
        },
        "goo": { # Represents a Goo package repository. These is added to a repo file # A Goo Repository.
            # that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo.
          "url": "A String", # Required. The url of the repository.
          "name": "A String", # Required. The name of the repository.
        },
      },
    ],
    "etag": "A String", # The etag for this guest policy.
        # If this is provided on update, it must match the server's etag.
  }