guest_policies.proto 28 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773
  1. // Copyright 2020 Google LLC
  2. //
  3. // Licensed under the Apache License, Version 2.0 (the "License");
  4. // you may not use this file except in compliance with the License.
  5. // You may obtain a copy of the License at
  6. //
  7. // http://www.apache.org/licenses/LICENSE-2.0
  8. //
  9. // Unless required by applicable law or agreed to in writing, software
  10. // distributed under the License is distributed on an "AS IS" BASIS,
  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. // See the License for the specific language governing permissions and
  13. // limitations under the License.
  14. syntax = "proto3";
  15. package google.cloud.osconfig.v1beta;
  16. import "google/api/field_behavior.proto";
  17. import "google/api/resource.proto";
  18. import "google/protobuf/field_mask.proto";
  19. import "google/protobuf/timestamp.proto";
  20. option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1beta;osconfig";
  21. option java_outer_classname = "GuestPolicies";
  22. option java_package = "com.google.cloud.osconfig.v1beta";
  23. // An OS Config resource representing a guest configuration policy. These
  24. // policies represent the desired state for VM instance guest environments
  25. // including packages to install or remove, package repository configurations,
  26. // and software to install.
  27. message GuestPolicy {
  28. option (google.api.resource) = {
  29. type: "osconfig.googleapis.com/GuestPolicy"
  30. pattern: "projects/{project}/guestPolicies/{guest_policy}"
  31. };
  32. // Required. Unique name of the resource in this project using one of the following
  33. // forms:
  34. // `projects/{project_number}/guestPolicies/{guest_policy_id}`.
  35. string name = 1 [(google.api.field_behavior) = REQUIRED];
  36. // Description of the guest policy. Length of the description is limited
  37. // to 1024 characters.
  38. string description = 2;
  39. // Output only. Time this guest policy was created.
  40. google.protobuf.Timestamp create_time = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
  41. // Output only. Last time this guest policy was updated.
  42. google.protobuf.Timestamp update_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
  43. // Required. Specifies the VM instances that are assigned to this policy. This allows
  44. // you to target sets or groups of VM instances by different parameters such
  45. // as labels, names, OS, or zones.
  46. //
  47. // If left empty, all VM instances underneath this policy are targeted.
  48. //
  49. // At the same level in the resource hierarchy (that is within a project), the
  50. // service prevents the creation of multiple policies that conflict with
  51. // each other. For more information, see how the service [handles assignment
  52. // conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts).
  53. Assignment assignment = 6 [(google.api.field_behavior) = REQUIRED];
  54. // The software packages to be managed by this policy.
  55. repeated Package packages = 7;
  56. // A list of package repositories to configure on the VM instance. This is
  57. // done before any other configs are applied so they can use these repos.
  58. // Package repositories are only configured if the corresponding package
  59. // manager(s) are available.
  60. repeated PackageRepository package_repositories = 8;
  61. // A list of Recipes to install on the VM instance.
  62. repeated SoftwareRecipe recipes = 9;
  63. // The etag for this guest policy.
  64. // If this is provided on update, it must match the server's etag.
  65. string etag = 10;
  66. }
  67. // An assignment represents the group or groups of VM instances that the policy
  68. // applies to.
  69. //
  70. // If an assignment is empty, it applies to all VM instances. Otherwise, the
  71. // targeted VM instances must meet all the criteria specified. So if both
  72. // labels and zones are specified, the policy applies to VM instances with those
  73. // labels and in those zones.
  74. message Assignment {
  75. // Represents a group of VM intances that can be identified as having all
  76. // these labels, for example "env=prod and app=web".
  77. message GroupLabel {
  78. // Google Compute Engine instance labels that must be present for an
  79. // instance to be included in this assignment group.
  80. map<string, string> labels = 1;
  81. }
  82. // Defines the criteria for selecting VM Instances by OS type.
  83. message OsType {
  84. // Targets VM instances with OS Inventory enabled and having the following
  85. // OS short name, for example "debian" or "windows".
  86. string os_short_name = 1;
  87. // Targets VM instances with OS Inventory enabled and having the following
  88. // following OS version.
  89. string os_version = 2;
  90. // Targets VM instances with OS Inventory enabled and having the following
  91. // OS architecture.
  92. string os_architecture = 3;
  93. }
  94. // Targets instances matching at least one of these label sets. This allows
  95. // an assignment to target disparate groups, for example "env=prod or
  96. // env=staging".
  97. repeated GroupLabel group_labels = 1;
  98. // Targets instances in any of these zones. Leave empty to target instances
  99. // in any zone.
  100. //
  101. // Zonal targeting is uncommon and is supported to facilitate the management
  102. // of changes by zone.
  103. repeated string zones = 2;
  104. // Targets any of the instances specified. Instances are specified by their
  105. // URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`.
  106. //
  107. // Instance targeting is uncommon and is supported to facilitate the
  108. // management of changes by the instance or to target specific VM instances
  109. // for development and testing.
  110. //
  111. // Only supported for project-level policies and must reference instances
  112. // within this project.
  113. repeated string instances = 3;
  114. // Targets VM instances whose name starts with one of these prefixes.
  115. //
  116. // Like labels, this is another way to group VM instances when targeting
  117. // configs, for example prefix="prod-".
  118. //
  119. // Only supported for project-level policies.
  120. repeated string instance_name_prefixes = 4;
  121. // Targets VM instances matching at least one of the following OS types.
  122. //
  123. // VM instances must match all supplied criteria for a given OsType to be
  124. // included.
  125. repeated OsType os_types = 5;
  126. }
  127. // Package is a reference to the software package to be installed or removed.
  128. // The agent on the VM instance uses the system package manager to apply the
  129. // config.
  130. //
  131. //
  132. // These are the commands that the agent uses to install or remove
  133. // packages.
  134. //
  135. // Apt
  136. // install: `apt-get update && apt-get -y install package1 package2 package3`
  137. // remove: `apt-get -y remove package1 package2 package3`
  138. //
  139. // Yum
  140. // install: `yum -y install package1 package2 package3`
  141. // remove: `yum -y remove package1 package2 package3`
  142. //
  143. // Zypper
  144. // install: `zypper install package1 package2 package3`
  145. // remove: `zypper rm package1 package2`
  146. //
  147. // Googet
  148. // install: `googet -noconfirm install package1 package2 package3`
  149. // remove: `googet -noconfirm remove package1 package2 package3`
  150. message Package {
  151. // Types of package managers that may be used to manage this package.
  152. enum Manager {
  153. // The default behavior is ANY.
  154. MANAGER_UNSPECIFIED = 0;
  155. // Apply this package config using the default system package manager.
  156. ANY = 1;
  157. // Apply this package config only if Apt is available on the system.
  158. APT = 2;
  159. // Apply this package config only if Yum is available on the system.
  160. YUM = 3;
  161. // Apply this package config only if Zypper is available on the system.
  162. ZYPPER = 4;
  163. // Apply this package config only if GooGet is available on the system.
  164. GOO = 5;
  165. }
  166. // Required. The name of the package. A package is uniquely identified for conflict
  167. // validation by checking the package name and the manager(s) that the
  168. // package targets.
  169. string name = 1 [(google.api.field_behavior) = REQUIRED];
  170. // The desired_state the agent should maintain for this package. The
  171. // default is to ensure the package is installed.
  172. DesiredState desired_state = 2;
  173. // Type of package manager that can be used to install this package.
  174. // If a system does not have the package manager, the package is not
  175. // installed or removed no error message is returned. By default,
  176. // or if you specify `ANY`,
  177. // the agent attempts to install and remove this package using the default
  178. // package manager. This is useful when creating a policy that applies to
  179. // different types of systems.
  180. //
  181. // The default behavior is ANY.
  182. Manager manager = 3;
  183. }
  184. // Represents a single Apt package repository. This repository is added to
  185. // a repo file that is stored at
  186. // `/etc/apt/sources.list.d/google_osconfig.list`.
  187. message AptRepository {
  188. // Type of archive.
  189. enum ArchiveType {
  190. // Unspecified.
  191. ARCHIVE_TYPE_UNSPECIFIED = 0;
  192. // DEB indicates that the archive contains binary files.
  193. DEB = 1;
  194. // DEB_SRC indicates that the archive contains source files.
  195. DEB_SRC = 2;
  196. }
  197. // Type of archive files in this repository. The default behavior is DEB.
  198. ArchiveType archive_type = 1;
  199. // Required. URI for this repository.
  200. string uri = 2 [(google.api.field_behavior) = REQUIRED];
  201. // Required. Distribution of this repository.
  202. string distribution = 3 [(google.api.field_behavior) = REQUIRED];
  203. // Required. List of components for this repository. Must contain at least one item.
  204. repeated string components = 4 [(google.api.field_behavior) = REQUIRED];
  205. // URI of the key file for this repository. The agent maintains
  206. // a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing
  207. // all the keys in any applied guest policy.
  208. string gpg_key = 5;
  209. }
  210. // Represents a single Yum package repository. This repository is added to a
  211. // repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`.
  212. message YumRepository {
  213. // Required. A one word, unique name for this repository. This is
  214. // the `repo id` in the Yum config file and also the `display_name` if
  215. // `display_name` is omitted. This id is also used as the unique identifier
  216. // when checking for guest policy conflicts.
  217. string id = 1 [(google.api.field_behavior) = REQUIRED];
  218. // The display name of the repository.
  219. string display_name = 2;
  220. // Required. The location of the repository directory.
  221. string base_url = 3 [(google.api.field_behavior) = REQUIRED];
  222. // URIs of GPG keys.
  223. repeated string gpg_keys = 4;
  224. }
  225. // Represents a single Zypper package repository. This repository is added to a
  226. // repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`.
  227. message ZypperRepository {
  228. // Required. A one word, unique name for this repository. This is
  229. // the `repo id` in the zypper config file and also the `display_name` if
  230. // `display_name` is omitted. This id is also used as the unique identifier
  231. // when checking for guest policy conflicts.
  232. string id = 1 [(google.api.field_behavior) = REQUIRED];
  233. // The display name of the repository.
  234. string display_name = 2;
  235. // Required. The location of the repository directory.
  236. string base_url = 3 [(google.api.field_behavior) = REQUIRED];
  237. // URIs of GPG keys.
  238. repeated string gpg_keys = 4;
  239. }
  240. // Represents a Goo package repository. These is added to a repo file
  241. // that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo.
  242. message GooRepository {
  243. // Required. The name of the repository.
  244. string name = 1 [(google.api.field_behavior) = REQUIRED];
  245. // Required. The url of the repository.
  246. string url = 2 [(google.api.field_behavior) = REQUIRED];
  247. }
  248. // The desired state that the OS Config agent maintains on the VM instance.
  249. enum DesiredState {
  250. // The default is to ensure the package is installed.
  251. DESIRED_STATE_UNSPECIFIED = 0;
  252. // The agent ensures that the package is installed.
  253. INSTALLED = 1;
  254. // The agent ensures that the package is installed and
  255. // periodically checks for and install any updates.
  256. UPDATED = 2;
  257. // The agent ensures that the package is not installed and uninstall it
  258. // if detected.
  259. REMOVED = 3;
  260. }
  261. // A package repository.
  262. message PackageRepository {
  263. // A specific type of repository.
  264. oneof repository {
  265. // An Apt Repository.
  266. AptRepository apt = 1;
  267. // A Yum Repository.
  268. YumRepository yum = 2;
  269. // A Zypper Repository.
  270. ZypperRepository zypper = 3;
  271. // A Goo Repository.
  272. GooRepository goo = 4;
  273. }
  274. }
  275. // A software recipe is a set of instructions for installing and configuring a
  276. // piece of software. It consists of a set of artifacts that are
  277. // downloaded, and a set of steps that install, configure, and/or update the
  278. // software.
  279. //
  280. // Recipes support installing and updating software from artifacts in the
  281. // following formats:
  282. // Zip archive, Tar archive, Windows MSI, Debian package, and RPM package.
  283. //
  284. // Additionally, recipes support executing a script (either defined in a file or
  285. // directly in this api) in bash, sh, cmd, and powershell.
  286. //
  287. // Updating a software recipe
  288. //
  289. // If a recipe is assigned to an instance and there is a recipe with the same
  290. // name but a lower version already installed and the assigned state
  291. // of the recipe is `INSTALLED_KEEP_UPDATED`, then the recipe is updated to
  292. // the new version.
  293. //
  294. // Script Working Directories
  295. //
  296. // Each script or execution step is run in its own temporary directory which
  297. // is deleted after completing the step.
  298. message SoftwareRecipe {
  299. // Specifies a resource to be used in the recipe.
  300. message Artifact {
  301. // Specifies an artifact available via some URI.
  302. message Remote {
  303. // URI from which to fetch the object. It should contain both the protocol
  304. // and path following the format {protocol}://{location}.
  305. string uri = 1;
  306. // Must be provided if `allow_insecure` is `false`.
  307. // SHA256 checksum in hex format, to compare to the checksum of the
  308. // artifact. If the checksum is not empty and it doesn't match the
  309. // artifact then the recipe installation fails before running any of the
  310. // steps.
  311. string checksum = 2;
  312. }
  313. // Specifies an artifact available as a Google Cloud Storage object.
  314. message Gcs {
  315. // Bucket of the Google Cloud Storage object.
  316. // Given an example URL:
  317. // `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
  318. // this value would be `my-bucket`.
  319. string bucket = 1;
  320. // Name of the Google Cloud Storage object.
  321. // As specified [here]
  322. // (https://cloud.google.com/storage/docs/naming#objectnames)
  323. // Given an example URL:
  324. // `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
  325. // this value would be `foo/bar`.
  326. string object = 2;
  327. // Must be provided if allow_insecure is false.
  328. // Generation number of the Google Cloud Storage object.
  329. // `https://storage.googleapis.com/my-bucket/foo/bar#1234567`
  330. // this value would be `1234567`.
  331. int64 generation = 3;
  332. }
  333. // Required. Id of the artifact, which the installation and update steps of this
  334. // recipe can reference. Artifacts in a recipe cannot have the same id.
  335. string id = 1 [(google.api.field_behavior) = REQUIRED];
  336. // A specific type of artifact.
  337. oneof artifact {
  338. // A generic remote artifact.
  339. Remote remote = 2;
  340. // A Google Cloud Storage artifact.
  341. Gcs gcs = 3;
  342. }
  343. // Defaults to false. When false, recipes are subject to validations
  344. // based on the artifact type:
  345. //
  346. // Remote: A checksum must be specified, and only protocols with
  347. // transport-layer security are permitted.
  348. // GCS: An object generation number must be specified.
  349. bool allow_insecure = 4;
  350. }
  351. // An action that can be taken as part of installing or updating a recipe.
  352. message Step {
  353. // Copies the artifact to the specified path on the instance.
  354. message CopyFile {
  355. // Required. The id of the relevant artifact in the recipe.
  356. string artifact_id = 1 [(google.api.field_behavior) = REQUIRED];
  357. // Required. The absolute path on the instance to put the file.
  358. string destination = 2 [(google.api.field_behavior) = REQUIRED];
  359. // Whether to allow this step to overwrite existing files. If this is
  360. // false and the file already exists the file is not overwritten
  361. // and the step is considered a success. Defaults to false.
  362. bool overwrite = 3;
  363. // Consists of three octal digits which represent, in
  364. // order, the permissions of the owner, group, and other users for the
  365. // file (similarly to the numeric mode used in the linux chmod utility).
  366. // Each digit represents a three bit number with the 4 bit
  367. // corresponding to the read permissions, the 2 bit corresponds to the
  368. // write bit, and the one bit corresponds to the execute permission.
  369. // Default behavior is 755.
  370. //
  371. // Below are some examples of permissions and their associated values:
  372. // read, write, and execute: 7
  373. // read and execute: 5
  374. // read and write: 6
  375. // read only: 4
  376. string permissions = 4;
  377. }
  378. // Extracts an archive of the type specified in the specified directory.
  379. message ExtractArchive {
  380. // Specifying the type of archive.
  381. enum ArchiveType {
  382. // Indicates that the archive type isn't specified.
  383. ARCHIVE_TYPE_UNSPECIFIED = 0;
  384. // Indicates that the archive is a tar archive with no encryption.
  385. TAR = 1;
  386. // Indicates that the archive is a tar archive with gzip encryption.
  387. TAR_GZIP = 2;
  388. // Indicates that the archive is a tar archive with bzip encryption.
  389. TAR_BZIP = 3;
  390. // Indicates that the archive is a tar archive with lzma encryption.
  391. TAR_LZMA = 4;
  392. // Indicates that the archive is a tar archive with xz encryption.
  393. TAR_XZ = 5;
  394. // Indicates that the archive is a zip archive.
  395. ZIP = 11;
  396. }
  397. // Required. The id of the relevant artifact in the recipe.
  398. string artifact_id = 1 [(google.api.field_behavior) = REQUIRED];
  399. // Directory to extract archive to.
  400. // Defaults to `/` on Linux or `C:\` on Windows.
  401. string destination = 2;
  402. // Required. The type of the archive to extract.
  403. ArchiveType type = 3 [(google.api.field_behavior) = REQUIRED];
  404. }
  405. // Installs an MSI file.
  406. message InstallMsi {
  407. // Required. The id of the relevant artifact in the recipe.
  408. string artifact_id = 1 [(google.api.field_behavior) = REQUIRED];
  409. // The flags to use when installing the MSI
  410. // defaults to ["/i"] (i.e. the install flag).
  411. repeated string flags = 2;
  412. // Return codes that indicate that the software installed or updated
  413. // successfully. Behaviour defaults to [0]
  414. repeated int32 allowed_exit_codes = 3;
  415. }
  416. // Installs a deb via dpkg.
  417. message InstallDpkg {
  418. // Required. The id of the relevant artifact in the recipe.
  419. string artifact_id = 1 [(google.api.field_behavior) = REQUIRED];
  420. }
  421. // Installs an rpm file via the rpm utility.
  422. message InstallRpm {
  423. // Required. The id of the relevant artifact in the recipe.
  424. string artifact_id = 1 [(google.api.field_behavior) = REQUIRED];
  425. }
  426. // Executes an artifact or local file.
  427. message ExecFile {
  428. // Location of the file to execute.
  429. oneof location_type {
  430. // The id of the relevant artifact in the recipe.
  431. string artifact_id = 1;
  432. // The absolute path of the file on the local filesystem.
  433. string local_path = 2;
  434. }
  435. // Arguments to be passed to the provided executable.
  436. repeated string args = 3;
  437. // Defaults to [0]. A list of possible return values that the program
  438. // can return to indicate a success.
  439. repeated int32 allowed_exit_codes = 4;
  440. }
  441. // Runs a script through an interpreter.
  442. message RunScript {
  443. // The interpreter used to execute a script.
  444. enum Interpreter {
  445. // Default value for ScriptType.
  446. INTERPRETER_UNSPECIFIED = 0;
  447. // Indicates that the script is run with `/bin/sh` on Linux and `cmd`
  448. // on windows.
  449. SHELL = 1;
  450. // Indicates that the script is run with powershell.
  451. POWERSHELL = 3;
  452. }
  453. // Required. The shell script to be executed.
  454. string script = 1 [(google.api.field_behavior) = REQUIRED];
  455. // Return codes that indicate that the software installed or updated
  456. // successfully. Behaviour defaults to [0]
  457. repeated int32 allowed_exit_codes = 2;
  458. // The script interpreter to use to run the script. If no interpreter is
  459. // specified the script is executed directly, which likely
  460. // only succeed for scripts with
  461. // [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)).
  462. Interpreter interpreter = 3;
  463. }
  464. // A specific type of step.
  465. oneof step {
  466. // Copies a file onto the instance.
  467. CopyFile file_copy = 1;
  468. // Extracts an archive into the specified directory.
  469. ExtractArchive archive_extraction = 2;
  470. // Installs an MSI file.
  471. InstallMsi msi_installation = 3;
  472. // Installs a deb file via dpkg.
  473. InstallDpkg dpkg_installation = 4;
  474. // Installs an rpm file via the rpm utility.
  475. InstallRpm rpm_installation = 5;
  476. // Executes an artifact or local file.
  477. ExecFile file_exec = 6;
  478. // Runs commands in a shell.
  479. RunScript script_run = 7;
  480. }
  481. }
  482. // Required. Unique identifier for the recipe. Only one recipe with a given name is
  483. // installed on an instance.
  484. //
  485. // Names are also used to identify resources which helps to determine whether
  486. // guest policies have conflicts. This means that requests to create multiple
  487. // recipes with the same name and version are rejected since they
  488. // could potentially have conflicting assignments.
  489. string name = 1 [(google.api.field_behavior) = REQUIRED];
  490. // The version of this software recipe. Version can be up to 4 period
  491. // separated numbers (e.g. 12.34.56.78).
  492. string version = 2;
  493. // Resources available to be used in the steps in the recipe.
  494. repeated Artifact artifacts = 3;
  495. // Actions to be taken for installing this recipe. On failure it stops
  496. // executing steps and does not attempt another installation. Any steps taken
  497. // (including partially completed steps) are not rolled back.
  498. repeated Step install_steps = 4;
  499. // Actions to be taken for updating this recipe. On failure it stops
  500. // executing steps and does not attempt another update for this recipe. Any
  501. // steps taken (including partially completed steps) are not rolled back.
  502. repeated Step update_steps = 5;
  503. // Default is INSTALLED. The desired state the agent should maintain for this
  504. // recipe.
  505. //
  506. // INSTALLED: The software recipe is installed on the instance but
  507. // won't be updated to new versions.
  508. // INSTALLED_KEEP_UPDATED: The software recipe is installed on the
  509. // instance. The recipe is updated to a higher
  510. // version, if a higher version of the recipe is
  511. // assigned to this instance.
  512. // REMOVE: Remove is unsupported for software recipes and attempts to
  513. // create or update a recipe to the REMOVE state is rejected.
  514. DesiredState desired_state = 6;
  515. }
  516. // A request message for creating a guest policy.
  517. message CreateGuestPolicyRequest {
  518. // Required. The resource name of the parent using one of the following forms:
  519. // `projects/{project_number}`.
  520. string parent = 1 [
  521. (google.api.field_behavior) = REQUIRED,
  522. (google.api.resource_reference) = {
  523. child_type: "osconfig.googleapis.com/GuestPolicy"
  524. }
  525. ];
  526. // Required. The logical name of the guest policy in the project
  527. // with the following restrictions:
  528. //
  529. // * Must contain only lowercase letters, numbers, and hyphens.
  530. // * Must start with a letter.
  531. // * Must be between 1-63 characters.
  532. // * Must end with a number or a letter.
  533. // * Must be unique within the project.
  534. string guest_policy_id = 2 [(google.api.field_behavior) = REQUIRED];
  535. // Required. The GuestPolicy to create.
  536. GuestPolicy guest_policy = 3 [(google.api.field_behavior) = REQUIRED];
  537. }
  538. // A request message for retrieving a guest policy.
  539. message GetGuestPolicyRequest {
  540. // Required. The resource name of the guest policy using one of the following forms:
  541. // `projects/{project_number}/guestPolicies/{guest_policy_id}`.
  542. string name = 1 [
  543. (google.api.field_behavior) = REQUIRED,
  544. (google.api.resource_reference) = {
  545. type: "osconfig.googleapis.com/GuestPolicy"
  546. }
  547. ];
  548. }
  549. // A request message for listing guest policies.
  550. message ListGuestPoliciesRequest {
  551. // Required. The resource name of the parent using one of the following forms:
  552. // `projects/{project_number}`.
  553. string parent = 1 [
  554. (google.api.field_behavior) = REQUIRED,
  555. (google.api.resource_reference) = {
  556. child_type: "osconfig.googleapis.com/GuestPolicy"
  557. }
  558. ];
  559. // The maximum number of guest policies to return.
  560. int32 page_size = 2;
  561. // A pagination token returned from a previous call to `ListGuestPolicies`
  562. // that indicates where this listing should continue from.
  563. string page_token = 3;
  564. }
  565. // A response message for listing guest policies.
  566. message ListGuestPoliciesResponse {
  567. // The list of GuestPolicies.
  568. repeated GuestPolicy guest_policies = 1;
  569. // A pagination token that can be used to get the next page
  570. // of guest policies.
  571. string next_page_token = 2;
  572. }
  573. // A request message for updating a guest policy.
  574. message UpdateGuestPolicyRequest {
  575. // Required. The updated GuestPolicy.
  576. GuestPolicy guest_policy = 1 [(google.api.field_behavior) = REQUIRED];
  577. // Field mask that controls which fields of the guest policy should be
  578. // updated.
  579. google.protobuf.FieldMask update_mask = 2;
  580. }
  581. // A request message for deleting a guest policy.
  582. message DeleteGuestPolicyRequest {
  583. // Required. The resource name of the guest policy using one of the following forms:
  584. // `projects/{project_number}/guestPolicies/{guest_policy_id}`.
  585. string name = 1 [
  586. (google.api.field_behavior) = REQUIRED,
  587. (google.api.resource_reference) = {
  588. type: "osconfig.googleapis.com/GuestPolicy"
  589. }
  590. ];
  591. }
  592. // A request message for getting the effective guest policy assigned to the
  593. // instance.
  594. message LookupEffectiveGuestPolicyRequest {
  595. // Required. The VM instance whose policies are being looked up.
  596. string instance = 1 [(google.api.field_behavior) = REQUIRED];
  597. // Short name of the OS running on the instance. The OS Config agent only
  598. // provides this field for targeting if OS Inventory is enabled for that
  599. // instance.
  600. string os_short_name = 2;
  601. // Version of the OS running on the instance. The OS Config agent only
  602. // provides this field for targeting if OS Inventory is enabled for that
  603. // VM instance.
  604. string os_version = 3;
  605. // Architecture of OS running on the instance. The OS Config agent only
  606. // provides this field for targeting if OS Inventory is enabled for that
  607. // instance.
  608. string os_architecture = 4;
  609. }
  610. // The effective guest policy that applies to a VM instance.
  611. message EffectiveGuestPolicy {
  612. // A guest policy package including its source.
  613. message SourcedPackage {
  614. // Name of the guest policy providing this config.
  615. string source = 1;
  616. // A software package to configure on the VM instance.
  617. Package package = 2;
  618. }
  619. // A guest policy package repository including its source.
  620. message SourcedPackageRepository {
  621. // Name of the guest policy providing this config.
  622. string source = 1;
  623. // A software package repository to configure on the VM instance.
  624. PackageRepository package_repository = 2;
  625. }
  626. // A guest policy recipe including its source.
  627. message SourcedSoftwareRecipe {
  628. // Name of the guest policy providing this config.
  629. string source = 1;
  630. // A software recipe to configure on the VM instance.
  631. SoftwareRecipe software_recipe = 2;
  632. }
  633. // List of package configurations assigned to the VM instance.
  634. repeated SourcedPackage packages = 1;
  635. // List of package repository configurations assigned to the VM instance.
  636. repeated SourcedPackageRepository package_repositories = 2;
  637. // List of recipes assigned to the VM instance.
  638. repeated SourcedSoftwareRecipe software_recipes = 3;
  639. }