| <html><body> |
| <style> |
| |
| body, h1, h2, h3, div, span, p, pre, a { |
| margin: 0; |
| padding: 0; |
| border: 0; |
| font-weight: inherit; |
| font-style: inherit; |
| font-size: 100%; |
| font-family: inherit; |
| vertical-align: baseline; |
| } |
| |
| body { |
| font-size: 13px; |
| padding: 1em; |
| } |
| |
| h1 { |
| font-size: 26px; |
| margin-bottom: 1em; |
| } |
| |
| h2 { |
| font-size: 24px; |
| margin-bottom: 1em; |
| } |
| |
| h3 { |
| font-size: 20px; |
| margin-bottom: 1em; |
| margin-top: 1em; |
| } |
| |
| pre, code { |
| line-height: 1.5; |
| font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; |
| } |
| |
| pre { |
| margin-top: 0.5em; |
| } |
| |
| h1, h2, h3, p { |
| font-family: Arial, sans serif; |
| } |
| |
| h1, h2, h3 { |
| border-bottom: solid #CCC 1px; |
| } |
| |
| .toc_element { |
| margin-top: 0.5em; |
| } |
| |
| .firstline { |
| margin-left: 2 em; |
| } |
| |
| .method { |
| margin-top: 1em; |
| border: solid 1px #CCC; |
| padding: 1em; |
| background: #EEE; |
| } |
| |
| .details { |
| font-weight: bold; |
| font-size: 14px; |
| } |
| |
| </style> |
| |
| <h1><a href="osconfig_v1beta.html">Cloud OS Config API</a> . <a href="osconfig_v1beta.projects.html">projects</a> . <a href="osconfig_v1beta.projects.guestPolicies.html">guestPolicies</a></h1> |
| <h2>Instance Methods</h2> |
| <p class="toc_element"> |
| <code><a href="#create">create(parent, body=None, guestPolicyId=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Create an OS Config guest policy.</p> |
| <p class="toc_element"> |
| <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p> |
| <p class="firstline">Delete an OS Config guest policy.</p> |
| <p class="toc_element"> |
| <code><a href="#get">get(name, x__xgafv=None)</a></code></p> |
| <p class="firstline">Get an OS Config guest policy.</p> |
| <p class="toc_element"> |
| <code><a href="#list">list(parent, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Get a page of OS Config guest policies.</p> |
| <p class="toc_element"> |
| <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> |
| <p class="firstline">Retrieves the next page of results.</p> |
| <p class="toc_element"> |
| <code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Update an OS Config guest policy.</p> |
| <h3>Method Details</h3> |
| <div class="method"> |
| <code class="details" id="create">create(parent, body=None, guestPolicyId=None, x__xgafv=None)</code> |
| <pre>Create an OS Config guest policy. |
| |
| Args: |
| parent: string, Required. The resource name of the parent using one of the following forms: |
| `projects/{project_number}`. (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { # An OS Config resource representing a guest configuration policy. These |
| # policies represent the desired state for VM instance guest environments |
| # including packages to install or remove, package repository configurations, |
| # and software to install. |
| "packageRepositories": [ # A list of package repositories to configure on the VM instance. This is |
| # done before any other configs are applied so they can use these repos. |
| # Package repositories are only configured if the corresponding package |
| # manager(s) are available. |
| { # A package repository. |
| "goo": { # Represents a Goo package repository. These is added to a repo file # A Goo Repository. |
| # that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo. |
| "url": "A String", # Required. The url of the repository. |
| "name": "A String", # Required. The name of the repository. |
| }, |
| "apt": { # Represents a single Apt package repository. This repository is added to # An Apt Repository. |
| # a repo file that is stored at |
| # `/etc/apt/sources.list.d/google_osconfig.list`. |
| "archiveType": "A String", # Type of archive files in this repository. The default behavior is DEB. |
| "gpgKey": "A String", # URI of the key file for this repository. The agent maintains |
| # a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing |
| # all the keys in any applied guest policy. |
| "uri": "A String", # Required. URI for this repository. |
| "components": [ # Required. List of components for this repository. Must contain at least one item. |
| "A String", |
| ], |
| "distribution": "A String", # Required. Distribution of this repository. |
| }, |
| "zypper": { # Represents a single Zypper package repository. This repository is added to a # A Zypper Repository. |
| # repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`. |
| "gpgKeys": [ # URIs of GPG keys. |
| "A String", |
| ], |
| "id": "A String", # Required. A one word, unique name for this repository. This is |
| # the `repo id` in the zypper config file and also the `display_name` if |
| # `display_name` is omitted. This id is also used as the unique identifier |
| # when checking for guest policy conflicts. |
| "displayName": "A String", # The display name of the repository. |
| "baseUrl": "A String", # Required. The location of the repository directory. |
| }, |
| "yum": { # Represents a single Yum package repository. This repository is added to a # A Yum Repository. |
| # repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`. |
| "id": "A String", # Required. A one word, unique name for this repository. This is |
| # the `repo id` in the Yum config file and also the `display_name` if |
| # `display_name` is omitted. This id is also used as the unique identifier |
| # when checking for guest policy conflicts. |
| "displayName": "A String", # The display name of the repository. |
| "baseUrl": "A String", # Required. The location of the repository directory. |
| "gpgKeys": [ # URIs of GPG keys. |
| "A String", |
| ], |
| }, |
| }, |
| ], |
| "packages": [ # The software packages to be managed by this policy. |
| { # Package is a reference to the software package to be installed or removed. |
| # The agent on the VM instance uses the system package manager to apply the |
| # config. |
| # |
| # |
| # These are the commands that the agent uses to install or remove |
| # packages. |
| # |
| # Apt |
| # install: `apt-get update && apt-get -y install package1 package2 package3` |
| # remove: `apt-get -y remove package1 package2 package3` |
| # |
| # Yum |
| # install: `yum -y install package1 package2 package3` |
| # remove: `yum -y remove package1 package2 package3` |
| # |
| # Zypper |
| # install: `zypper install package1 package2 package3` |
| # remove: `zypper rm package1 package2` |
| # |
| # Googet |
| # install: `googet -noconfirm install package1 package2 package3` |
| # remove: `googet -noconfirm remove package1 package2 package3` |
| "desiredState": "A String", # The desired_state the agent should maintain for this package. The |
| # default is to ensure the package is installed. |
| "name": "A String", # Required. The name of the package. A package is uniquely identified for conflict |
| # validation by checking the package name and the manager(s) that the |
| # package targets. |
| "manager": "A String", # Type of package manager that can be used to install this package. |
| # If a system does not have the package manager, the package is not |
| # installed or removed no error message is returned. By default, |
| # or if you specify `ANY`, |
| # the agent attempts to install and remove this package using the default |
| # package manager. This is useful when creating a policy that applies to |
| # different types of systems. |
| # |
| # The default behavior is ANY. |
| }, |
| ], |
| "assignment": { # An assignment represents the group or groups of VM instances that the policy # Required. Specifies the VM instances that are assigned to this policy. This allows |
| # you to target sets or groups of VM instances by different parameters such |
| # as labels, names, OS, or zones. |
| # |
| # If left empty, all VM instances underneath this policy are targeted. |
| # |
| # At the same level in the resource hierarchy (that is within a project), the |
| # service prevents the creation of multiple policies that conflict with |
| # each other. For more information, see how the service [handles assignment |
| # conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts). |
| # applies to. |
| # |
| # If an assignment is empty, it applies to all VM instances. Otherwise, the |
| # targeted VM instances must meet all the criteria specified. So if both |
| # labels and zones are specified, the policy applies to VM instances with those |
| # labels and in those zones. |
| "instanceNamePrefixes": [ # Targets VM instances whose name starts with one of these prefixes. |
| # |
| # Like labels, this is another way to group VM instances when targeting |
| # configs, for example prefix="prod-". |
| # |
| # Only supported for project-level policies. |
| "A String", |
| ], |
| "groupLabels": [ # Targets instances matching at least one of these label sets. This allows |
| # an assignment to target disparate groups, for example "env=prod or |
| # env=staging". |
| { # Represents a group of VM intances that can be identified as having all |
| # these labels, for example "env=prod and app=web". |
| "labels": { # Google Compute Engine instance labels that must be present for an |
| # instance to be included in this assignment group. |
| "a_key": "A String", |
| }, |
| }, |
| ], |
| "osTypes": [ # Targets VM instances matching at least one of the following OS types. |
| # |
| # VM instances must match all supplied criteria for a given OsType to be |
| # included. |
| { # Defines the criteria for selecting VM Instances by OS type. |
| "osVersion": "A String", # Targets VM instances with OS Inventory enabled and having the following |
| # following OS version. |
| "osShortName": "A String", # Targets VM instances with OS Inventory enabled and having the following |
| # OS short name, for example "debian" or "windows". |
| "osArchitecture": "A String", # Targets VM instances with OS Inventory enabled and having the following |
| # OS architecture. |
| }, |
| ], |
| "instances": [ # Targets any of the instances specified. Instances are specified by their |
| # URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`. |
| # |
| # Instance targeting is uncommon and is supported to facilitate the |
| # management of changes by the instance or to target specific VM instances |
| # for development and testing. |
| # |
| # Only supported for project-level policies and must reference instances |
| # within this project. |
| "A String", |
| ], |
| "zones": [ # Targets instances in any of these zones. Leave empty to target instances |
| # in any zone. |
| # |
| # Zonal targeting is uncommon and is supported to facilitate the management |
| # of changes by zone. |
| "A String", |
| ], |
| }, |
| "createTime": "A String", # Output only. Time this guest policy was created. |
| "etag": "A String", # The etag for this guest policy. |
| # If this is provided on update, it must match the server's etag. |
| "updateTime": "A String", # Output only. Last time this guest policy was updated. |
| "name": "A String", # Required. Unique name of the resource in this project using one of the following |
| # forms: |
| # `projects/{project_number}/guestPolicies/{guest_policy_id}`. |
| "recipes": [ # A list of Recipes to install on the VM instance. |
| { # A software recipe is a set of instructions for installing and configuring a |
| # piece of software. It consists of a set of artifacts that are |
| # downloaded, and a set of steps that install, configure, and/or update the |
| # software. |
| # |
| # Recipes support installing and updating software from artifacts in the |
| # following formats: |
| # Zip archive, Tar archive, Windows MSI, Debian package, and RPM package. |
| # |
| # Additionally, recipes support executing a script (either defined in a file or |
| # directly in this api) in bash, sh, cmd, and powershell. |
| # |
| # Updating a software recipe |
| # |
| # If a recipe is assigned to an instance and there is a recipe with the same |
| # name but a lower version already installed and the assigned state |
| # of the recipe is `UPDATED`, then the recipe is updated to |
| # the new version. |
| # |
| # Script Working Directories |
| # |
| # Each script or execution step is run in its own temporary directory which |
| # is deleted after completing the step. |
| "updateSteps": [ # Actions to be taken for updating this recipe. On failure it stops |
| # executing steps and does not attempt another update for this recipe. Any |
| # steps taken (including partially completed steps) are not rolled back. |
| { # An action that can be taken as part of installing or updating a recipe. |
| "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file. |
| "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program |
| # can return to indicate a success. |
| 42, |
| ], |
| "localPath": "A String", # The absolute path of the file on the local filesystem. |
| "args": [ # Arguments to be passed to the provided executable. |
| "A String", |
| ], |
| "artifactId": "A String", # The id of the relevant artifact in the recipe. |
| }, |
| "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory. |
| "type": "A String", # Required. The type of the archive to extract. |
| "destination": "A String", # Directory to extract archive to. |
| # Defaults to `/` on Linux or `C:\` on Windows. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "msiInstallation": { # Installs an MSI file. # Installs an MSI file. |
| "flags": [ # The flags to use when installing the MSI |
| # defaults to ["/i"] (i.e. the install flag). |
| "A String", |
| ], |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| "allowedExitCodes": [ # Return codes that indicate that the software installed or updated |
| # successfully. Behaviour defaults to [0] |
| 42, |
| ], |
| }, |
| "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance. |
| "permissions": "A String", # Consists of three octal digits which represent, in |
| # order, the permissions of the owner, group, and other users for the |
| # file (similarly to the numeric mode used in the linux chmod utility). |
| # Each digit represents a three bit number with the 4 bit |
| # corresponding to the read permissions, the 2 bit corresponds to the |
| # write bit, and the one bit corresponds to the execute permission. |
| # Default behavior is 755. |
| # |
| # Below are some examples of permissions and their associated values: |
| # read, write, and execute: 7 |
| # read and execute: 5 |
| # read and write: 6 |
| # read only: 4 |
| "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is |
| # false and the file already exists the file is not overwritten |
| # and the step is considered a success. Defaults to false. |
| "destination": "A String", # Required. The absolute path on the instance to put the file. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell. |
| "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is |
| # specified the script is executed directly, which likely |
| # only succeed for scripts with |
| # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)). |
| "script": "A String", # Required. The shell script to be executed. |
| "allowedExitCodes": [ # Return codes that indicate that the software installed or updated |
| # successfully. Behaviour defaults to [0] |
| 42, |
| ], |
| }, |
| "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| }, |
| ], |
| "artifacts": [ # Resources available to be used in the steps in the recipe. |
| { # Specifies a resource to be used in the recipe. |
| "id": "A String", # Required. Id of the artifact, which the installation and update steps of this |
| # recipe can reference. Artifacts in a recipe cannot have the same id. |
| "remote": { # Specifies an artifact available via some URI. # A generic remote artifact. |
| "checksum": "A String", # Must be provided if `allow_insecure` is `false`. |
| # SHA256 checksum in hex format, to compare to the checksum of the |
| # artifact. If the checksum is not empty and it doesn't match the |
| # artifact then the recipe installation fails before running any of the |
| # steps. |
| "uri": "A String", # URI from which to fetch the object. It should contain both the protocol |
| # and path following the format {protocol}://{location}. |
| }, |
| "allowInsecure": True or False, # Defaults to false. When false, recipes are subject to validations |
| # based on the artifact type: |
| # |
| # Remote: A checksum must be specified, and only protocols with |
| # transport-layer security are permitted. |
| # GCS: An object generation number must be specified. |
| "gcs": { # Specifies an artifact available as a Google Cloud Storage object. # A Google Cloud Storage artifact. |
| "object": "A String", # Name of the Google Cloud Storage object. |
| # As specified [here] |
| # (https://cloud.google.com/storage/docs/naming#objectnames) |
| # Given an example URL: |
| # `https://storage.googleapis.com/my-bucket/foo/bar#1234567` |
| # this value would be `foo/bar`. |
| "generation": "A String", # Must be provided if allow_insecure is false. |
| # Generation number of the Google Cloud Storage object. |
| # `https://storage.googleapis.com/my-bucket/foo/bar#1234567` |
| # this value would be `1234567`. |
| "bucket": "A String", # Bucket of the Google Cloud Storage object. |
| # Given an example URL: |
| # `https://storage.googleapis.com/my-bucket/foo/bar#1234567` |
| # this value would be `my-bucket`. |
| }, |
| }, |
| ], |
| "desiredState": "A String", # Default is INSTALLED. The desired state the agent should maintain for this |
| # recipe. |
| # |
| # INSTALLED: The software recipe is installed on the instance but |
| # won't be updated to new versions. |
| # UPDATED: The software recipe is installed on the instance. The recipe is |
| # updated to a higher version, if a higher version of the recipe is |
| # assigned to this instance. |
| # REMOVE: Remove is unsupported for software recipes and attempts to |
| # create or update a recipe to the REMOVE state is rejected. |
| "name": "A String", # Required. Unique identifier for the recipe. Only one recipe with a given name is |
| # installed on an instance. |
| # |
| # Names are also used to identify resources which helps to determine whether |
| # guest policies have conflicts. This means that requests to create multiple |
| # recipes with the same name and version are rejected since they |
| # could potentially have conflicting assignments. |
| "version": "A String", # The version of this software recipe. Version can be up to 4 period |
| # separated numbers (e.g. 12.34.56.78). |
| "installSteps": [ # Actions to be taken for installing this recipe. On failure it stops |
| # executing steps and does not attempt another installation. Any steps taken |
| # (including partially completed steps) are not rolled back. |
| { # An action that can be taken as part of installing or updating a recipe. |
| "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file. |
| "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program |
| # can return to indicate a success. |
| 42, |
| ], |
| "localPath": "A String", # The absolute path of the file on the local filesystem. |
| "args": [ # Arguments to be passed to the provided executable. |
| "A String", |
| ], |
| "artifactId": "A String", # The id of the relevant artifact in the recipe. |
| }, |
| "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory. |
| "type": "A String", # Required. The type of the archive to extract. |
| "destination": "A String", # Directory to extract archive to. |
| # Defaults to `/` on Linux or `C:\` on Windows. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "msiInstallation": { # Installs an MSI file. # Installs an MSI file. |
| "flags": [ # The flags to use when installing the MSI |
| # defaults to ["/i"] (i.e. the install flag). |
| "A String", |
| ], |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| "allowedExitCodes": [ # Return codes that indicate that the software installed or updated |
| # successfully. Behaviour defaults to [0] |
| 42, |
| ], |
| }, |
| "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance. |
| "permissions": "A String", # Consists of three octal digits which represent, in |
| # order, the permissions of the owner, group, and other users for the |
| # file (similarly to the numeric mode used in the linux chmod utility). |
| # Each digit represents a three bit number with the 4 bit |
| # corresponding to the read permissions, the 2 bit corresponds to the |
| # write bit, and the one bit corresponds to the execute permission. |
| # Default behavior is 755. |
| # |
| # Below are some examples of permissions and their associated values: |
| # read, write, and execute: 7 |
| # read and execute: 5 |
| # read and write: 6 |
| # read only: 4 |
| "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is |
| # false and the file already exists the file is not overwritten |
| # and the step is considered a success. Defaults to false. |
| "destination": "A String", # Required. The absolute path on the instance to put the file. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell. |
| "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is |
| # specified the script is executed directly, which likely |
| # only succeed for scripts with |
| # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)). |
| "script": "A String", # Required. The shell script to be executed. |
| "allowedExitCodes": [ # Return codes that indicate that the software installed or updated |
| # successfully. Behaviour defaults to [0] |
| 42, |
| ], |
| }, |
| "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| }, |
| ], |
| }, |
| ], |
| "description": "A String", # Description of the guest policy. Length of the description is limited |
| # to 1024 characters. |
| } |
| |
| guestPolicyId: string, Required. The logical name of the guest policy in the project |
| with the following restrictions: |
| |
| * Must contain only lowercase letters, numbers, and hyphens. |
| * Must start with a letter. |
| * Must be between 1-63 characters. |
| * Must end with a number or a letter. |
| * Must be unique within the project. |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # An OS Config resource representing a guest configuration policy. These |
| # policies represent the desired state for VM instance guest environments |
| # including packages to install or remove, package repository configurations, |
| # and software to install. |
| "packageRepositories": [ # A list of package repositories to configure on the VM instance. This is |
| # done before any other configs are applied so they can use these repos. |
| # Package repositories are only configured if the corresponding package |
| # manager(s) are available. |
| { # A package repository. |
| "goo": { # Represents a Goo package repository. These is added to a repo file # A Goo Repository. |
| # that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo. |
| "url": "A String", # Required. The url of the repository. |
| "name": "A String", # Required. The name of the repository. |
| }, |
| "apt": { # Represents a single Apt package repository. This repository is added to # An Apt Repository. |
| # a repo file that is stored at |
| # `/etc/apt/sources.list.d/google_osconfig.list`. |
| "archiveType": "A String", # Type of archive files in this repository. The default behavior is DEB. |
| "gpgKey": "A String", # URI of the key file for this repository. The agent maintains |
| # a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing |
| # all the keys in any applied guest policy. |
| "uri": "A String", # Required. URI for this repository. |
| "components": [ # Required. List of components for this repository. Must contain at least one item. |
| "A String", |
| ], |
| "distribution": "A String", # Required. Distribution of this repository. |
| }, |
| "zypper": { # Represents a single Zypper package repository. This repository is added to a # A Zypper Repository. |
| # repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`. |
| "gpgKeys": [ # URIs of GPG keys. |
| "A String", |
| ], |
| "id": "A String", # Required. A one word, unique name for this repository. This is |
| # the `repo id` in the zypper config file and also the `display_name` if |
| # `display_name` is omitted. This id is also used as the unique identifier |
| # when checking for guest policy conflicts. |
| "displayName": "A String", # The display name of the repository. |
| "baseUrl": "A String", # Required. The location of the repository directory. |
| }, |
| "yum": { # Represents a single Yum package repository. This repository is added to a # A Yum Repository. |
| # repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`. |
| "id": "A String", # Required. A one word, unique name for this repository. This is |
| # the `repo id` in the Yum config file and also the `display_name` if |
| # `display_name` is omitted. This id is also used as the unique identifier |
| # when checking for guest policy conflicts. |
| "displayName": "A String", # The display name of the repository. |
| "baseUrl": "A String", # Required. The location of the repository directory. |
| "gpgKeys": [ # URIs of GPG keys. |
| "A String", |
| ], |
| }, |
| }, |
| ], |
| "packages": [ # The software packages to be managed by this policy. |
| { # Package is a reference to the software package to be installed or removed. |
| # The agent on the VM instance uses the system package manager to apply the |
| # config. |
| # |
| # |
| # These are the commands that the agent uses to install or remove |
| # packages. |
| # |
| # Apt |
| # install: `apt-get update && apt-get -y install package1 package2 package3` |
| # remove: `apt-get -y remove package1 package2 package3` |
| # |
| # Yum |
| # install: `yum -y install package1 package2 package3` |
| # remove: `yum -y remove package1 package2 package3` |
| # |
| # Zypper |
| # install: `zypper install package1 package2 package3` |
| # remove: `zypper rm package1 package2` |
| # |
| # Googet |
| # install: `googet -noconfirm install package1 package2 package3` |
| # remove: `googet -noconfirm remove package1 package2 package3` |
| "desiredState": "A String", # The desired_state the agent should maintain for this package. The |
| # default is to ensure the package is installed. |
| "name": "A String", # Required. The name of the package. A package is uniquely identified for conflict |
| # validation by checking the package name and the manager(s) that the |
| # package targets. |
| "manager": "A String", # Type of package manager that can be used to install this package. |
| # If a system does not have the package manager, the package is not |
| # installed or removed no error message is returned. By default, |
| # or if you specify `ANY`, |
| # the agent attempts to install and remove this package using the default |
| # package manager. This is useful when creating a policy that applies to |
| # different types of systems. |
| # |
| # The default behavior is ANY. |
| }, |
| ], |
| "assignment": { # An assignment represents the group or groups of VM instances that the policy # Required. Specifies the VM instances that are assigned to this policy. This allows |
| # you to target sets or groups of VM instances by different parameters such |
| # as labels, names, OS, or zones. |
| # |
| # If left empty, all VM instances underneath this policy are targeted. |
| # |
| # At the same level in the resource hierarchy (that is within a project), the |
| # service prevents the creation of multiple policies that conflict with |
| # each other. For more information, see how the service [handles assignment |
| # conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts). |
| # applies to. |
| # |
| # If an assignment is empty, it applies to all VM instances. Otherwise, the |
| # targeted VM instances must meet all the criteria specified. So if both |
| # labels and zones are specified, the policy applies to VM instances with those |
| # labels and in those zones. |
| "instanceNamePrefixes": [ # Targets VM instances whose name starts with one of these prefixes. |
| # |
| # Like labels, this is another way to group VM instances when targeting |
| # configs, for example prefix="prod-". |
| # |
| # Only supported for project-level policies. |
| "A String", |
| ], |
| "groupLabels": [ # Targets instances matching at least one of these label sets. This allows |
| # an assignment to target disparate groups, for example "env=prod or |
| # env=staging". |
| { # Represents a group of VM intances that can be identified as having all |
| # these labels, for example "env=prod and app=web". |
| "labels": { # Google Compute Engine instance labels that must be present for an |
| # instance to be included in this assignment group. |
| "a_key": "A String", |
| }, |
| }, |
| ], |
| "osTypes": [ # Targets VM instances matching at least one of the following OS types. |
| # |
| # VM instances must match all supplied criteria for a given OsType to be |
| # included. |
| { # Defines the criteria for selecting VM Instances by OS type. |
| "osVersion": "A String", # Targets VM instances with OS Inventory enabled and having the following |
| # following OS version. |
| "osShortName": "A String", # Targets VM instances with OS Inventory enabled and having the following |
| # OS short name, for example "debian" or "windows". |
| "osArchitecture": "A String", # Targets VM instances with OS Inventory enabled and having the following |
| # OS architecture. |
| }, |
| ], |
| "instances": [ # Targets any of the instances specified. Instances are specified by their |
| # URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`. |
| # |
| # Instance targeting is uncommon and is supported to facilitate the |
| # management of changes by the instance or to target specific VM instances |
| # for development and testing. |
| # |
| # Only supported for project-level policies and must reference instances |
| # within this project. |
| "A String", |
| ], |
| "zones": [ # Targets instances in any of these zones. Leave empty to target instances |
| # in any zone. |
| # |
| # Zonal targeting is uncommon and is supported to facilitate the management |
| # of changes by zone. |
| "A String", |
| ], |
| }, |
| "createTime": "A String", # Output only. Time this guest policy was created. |
| "etag": "A String", # The etag for this guest policy. |
| # If this is provided on update, it must match the server's etag. |
| "updateTime": "A String", # Output only. Last time this guest policy was updated. |
| "name": "A String", # Required. Unique name of the resource in this project using one of the following |
| # forms: |
| # `projects/{project_number}/guestPolicies/{guest_policy_id}`. |
| "recipes": [ # A list of Recipes to install on the VM instance. |
| { # A software recipe is a set of instructions for installing and configuring a |
| # piece of software. It consists of a set of artifacts that are |
| # downloaded, and a set of steps that install, configure, and/or update the |
| # software. |
| # |
| # Recipes support installing and updating software from artifacts in the |
| # following formats: |
| # Zip archive, Tar archive, Windows MSI, Debian package, and RPM package. |
| # |
| # Additionally, recipes support executing a script (either defined in a file or |
| # directly in this api) in bash, sh, cmd, and powershell. |
| # |
| # Updating a software recipe |
| # |
| # If a recipe is assigned to an instance and there is a recipe with the same |
| # name but a lower version already installed and the assigned state |
| # of the recipe is `UPDATED`, then the recipe is updated to |
| # the new version. |
| # |
| # Script Working Directories |
| # |
| # Each script or execution step is run in its own temporary directory which |
| # is deleted after completing the step. |
| "updateSteps": [ # Actions to be taken for updating this recipe. On failure it stops |
| # executing steps and does not attempt another update for this recipe. Any |
| # steps taken (including partially completed steps) are not rolled back. |
| { # An action that can be taken as part of installing or updating a recipe. |
| "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file. |
| "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program |
| # can return to indicate a success. |
| 42, |
| ], |
| "localPath": "A String", # The absolute path of the file on the local filesystem. |
| "args": [ # Arguments to be passed to the provided executable. |
| "A String", |
| ], |
| "artifactId": "A String", # The id of the relevant artifact in the recipe. |
| }, |
| "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory. |
| "type": "A String", # Required. The type of the archive to extract. |
| "destination": "A String", # Directory to extract archive to. |
| # Defaults to `/` on Linux or `C:\` on Windows. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "msiInstallation": { # Installs an MSI file. # Installs an MSI file. |
| "flags": [ # The flags to use when installing the MSI |
| # defaults to ["/i"] (i.e. the install flag). |
| "A String", |
| ], |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| "allowedExitCodes": [ # Return codes that indicate that the software installed or updated |
| # successfully. Behaviour defaults to [0] |
| 42, |
| ], |
| }, |
| "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance. |
| "permissions": "A String", # Consists of three octal digits which represent, in |
| # order, the permissions of the owner, group, and other users for the |
| # file (similarly to the numeric mode used in the linux chmod utility). |
| # Each digit represents a three bit number with the 4 bit |
| # corresponding to the read permissions, the 2 bit corresponds to the |
| # write bit, and the one bit corresponds to the execute permission. |
| # Default behavior is 755. |
| # |
| # Below are some examples of permissions and their associated values: |
| # read, write, and execute: 7 |
| # read and execute: 5 |
| # read and write: 6 |
| # read only: 4 |
| "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is |
| # false and the file already exists the file is not overwritten |
| # and the step is considered a success. Defaults to false. |
| "destination": "A String", # Required. The absolute path on the instance to put the file. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell. |
| "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is |
| # specified the script is executed directly, which likely |
| # only succeed for scripts with |
| # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)). |
| "script": "A String", # Required. The shell script to be executed. |
| "allowedExitCodes": [ # Return codes that indicate that the software installed or updated |
| # successfully. Behaviour defaults to [0] |
| 42, |
| ], |
| }, |
| "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| }, |
| ], |
| "artifacts": [ # Resources available to be used in the steps in the recipe. |
| { # Specifies a resource to be used in the recipe. |
| "id": "A String", # Required. Id of the artifact, which the installation and update steps of this |
| # recipe can reference. Artifacts in a recipe cannot have the same id. |
| "remote": { # Specifies an artifact available via some URI. # A generic remote artifact. |
| "checksum": "A String", # Must be provided if `allow_insecure` is `false`. |
| # SHA256 checksum in hex format, to compare to the checksum of the |
| # artifact. If the checksum is not empty and it doesn't match the |
| # artifact then the recipe installation fails before running any of the |
| # steps. |
| "uri": "A String", # URI from which to fetch the object. It should contain both the protocol |
| # and path following the format {protocol}://{location}. |
| }, |
| "allowInsecure": True or False, # Defaults to false. When false, recipes are subject to validations |
| # based on the artifact type: |
| # |
| # Remote: A checksum must be specified, and only protocols with |
| # transport-layer security are permitted. |
| # GCS: An object generation number must be specified. |
| "gcs": { # Specifies an artifact available as a Google Cloud Storage object. # A Google Cloud Storage artifact. |
| "object": "A String", # Name of the Google Cloud Storage object. |
| # As specified [here] |
| # (https://cloud.google.com/storage/docs/naming#objectnames) |
| # Given an example URL: |
| # `https://storage.googleapis.com/my-bucket/foo/bar#1234567` |
| # this value would be `foo/bar`. |
| "generation": "A String", # Must be provided if allow_insecure is false. |
| # Generation number of the Google Cloud Storage object. |
| # `https://storage.googleapis.com/my-bucket/foo/bar#1234567` |
| # this value would be `1234567`. |
| "bucket": "A String", # Bucket of the Google Cloud Storage object. |
| # Given an example URL: |
| # `https://storage.googleapis.com/my-bucket/foo/bar#1234567` |
| # this value would be `my-bucket`. |
| }, |
| }, |
| ], |
| "desiredState": "A String", # Default is INSTALLED. The desired state the agent should maintain for this |
| # recipe. |
| # |
| # INSTALLED: The software recipe is installed on the instance but |
| # won't be updated to new versions. |
| # UPDATED: The software recipe is installed on the instance. The recipe is |
| # updated to a higher version, if a higher version of the recipe is |
| # assigned to this instance. |
| # REMOVE: Remove is unsupported for software recipes and attempts to |
| # create or update a recipe to the REMOVE state is rejected. |
| "name": "A String", # Required. Unique identifier for the recipe. Only one recipe with a given name is |
| # installed on an instance. |
| # |
| # Names are also used to identify resources which helps to determine whether |
| # guest policies have conflicts. This means that requests to create multiple |
| # recipes with the same name and version are rejected since they |
| # could potentially have conflicting assignments. |
| "version": "A String", # The version of this software recipe. Version can be up to 4 period |
| # separated numbers (e.g. 12.34.56.78). |
| "installSteps": [ # Actions to be taken for installing this recipe. On failure it stops |
| # executing steps and does not attempt another installation. Any steps taken |
| # (including partially completed steps) are not rolled back. |
| { # An action that can be taken as part of installing or updating a recipe. |
| "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file. |
| "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program |
| # can return to indicate a success. |
| 42, |
| ], |
| "localPath": "A String", # The absolute path of the file on the local filesystem. |
| "args": [ # Arguments to be passed to the provided executable. |
| "A String", |
| ], |
| "artifactId": "A String", # The id of the relevant artifact in the recipe. |
| }, |
| "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory. |
| "type": "A String", # Required. The type of the archive to extract. |
| "destination": "A String", # Directory to extract archive to. |
| # Defaults to `/` on Linux or `C:\` on Windows. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "msiInstallation": { # Installs an MSI file. # Installs an MSI file. |
| "flags": [ # The flags to use when installing the MSI |
| # defaults to ["/i"] (i.e. the install flag). |
| "A String", |
| ], |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| "allowedExitCodes": [ # Return codes that indicate that the software installed or updated |
| # successfully. Behaviour defaults to [0] |
| 42, |
| ], |
| }, |
| "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance. |
| "permissions": "A String", # Consists of three octal digits which represent, in |
| # order, the permissions of the owner, group, and other users for the |
| # file (similarly to the numeric mode used in the linux chmod utility). |
| # Each digit represents a three bit number with the 4 bit |
| # corresponding to the read permissions, the 2 bit corresponds to the |
| # write bit, and the one bit corresponds to the execute permission. |
| # Default behavior is 755. |
| # |
| # Below are some examples of permissions and their associated values: |
| # read, write, and execute: 7 |
| # read and execute: 5 |
| # read and write: 6 |
| # read only: 4 |
| "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is |
| # false and the file already exists the file is not overwritten |
| # and the step is considered a success. Defaults to false. |
| "destination": "A String", # Required. The absolute path on the instance to put the file. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell. |
| "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is |
| # specified the script is executed directly, which likely |
| # only succeed for scripts with |
| # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)). |
| "script": "A String", # Required. The shell script to be executed. |
| "allowedExitCodes": [ # Return codes that indicate that the software installed or updated |
| # successfully. Behaviour defaults to [0] |
| 42, |
| ], |
| }, |
| "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| }, |
| ], |
| }, |
| ], |
| "description": "A String", # Description of the guest policy. Length of the description is limited |
| # to 1024 characters. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="delete">delete(name, x__xgafv=None)</code> |
| <pre>Delete an OS Config guest policy. |
| |
| Args: |
| name: string, Required. The resource name of the guest policy using one of the following forms: |
| `projects/{project_number}/guestPolicies/{guest_policy_id}`. (required) |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # A generic empty message that you can re-use to avoid defining duplicated |
| # empty messages in your APIs. A typical example is to use it as the request |
| # or the response type of an API method. For instance: |
| # |
| # service Foo { |
| # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); |
| # } |
| # |
| # The JSON representation for `Empty` is empty JSON object `{}`. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="get">get(name, x__xgafv=None)</code> |
| <pre>Get an OS Config guest policy. |
| |
| Args: |
| name: string, Required. The resource name of the guest policy using one of the following forms: |
| `projects/{project_number}/guestPolicies/{guest_policy_id}`. (required) |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # An OS Config resource representing a guest configuration policy. These |
| # policies represent the desired state for VM instance guest environments |
| # including packages to install or remove, package repository configurations, |
| # and software to install. |
| "packageRepositories": [ # A list of package repositories to configure on the VM instance. This is |
| # done before any other configs are applied so they can use these repos. |
| # Package repositories are only configured if the corresponding package |
| # manager(s) are available. |
| { # A package repository. |
| "goo": { # Represents a Goo package repository. These is added to a repo file # A Goo Repository. |
| # that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo. |
| "url": "A String", # Required. The url of the repository. |
| "name": "A String", # Required. The name of the repository. |
| }, |
| "apt": { # Represents a single Apt package repository. This repository is added to # An Apt Repository. |
| # a repo file that is stored at |
| # `/etc/apt/sources.list.d/google_osconfig.list`. |
| "archiveType": "A String", # Type of archive files in this repository. The default behavior is DEB. |
| "gpgKey": "A String", # URI of the key file for this repository. The agent maintains |
| # a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing |
| # all the keys in any applied guest policy. |
| "uri": "A String", # Required. URI for this repository. |
| "components": [ # Required. List of components for this repository. Must contain at least one item. |
| "A String", |
| ], |
| "distribution": "A String", # Required. Distribution of this repository. |
| }, |
| "zypper": { # Represents a single Zypper package repository. This repository is added to a # A Zypper Repository. |
| # repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`. |
| "gpgKeys": [ # URIs of GPG keys. |
| "A String", |
| ], |
| "id": "A String", # Required. A one word, unique name for this repository. This is |
| # the `repo id` in the zypper config file and also the `display_name` if |
| # `display_name` is omitted. This id is also used as the unique identifier |
| # when checking for guest policy conflicts. |
| "displayName": "A String", # The display name of the repository. |
| "baseUrl": "A String", # Required. The location of the repository directory. |
| }, |
| "yum": { # Represents a single Yum package repository. This repository is added to a # A Yum Repository. |
| # repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`. |
| "id": "A String", # Required. A one word, unique name for this repository. This is |
| # the `repo id` in the Yum config file and also the `display_name` if |
| # `display_name` is omitted. This id is also used as the unique identifier |
| # when checking for guest policy conflicts. |
| "displayName": "A String", # The display name of the repository. |
| "baseUrl": "A String", # Required. The location of the repository directory. |
| "gpgKeys": [ # URIs of GPG keys. |
| "A String", |
| ], |
| }, |
| }, |
| ], |
| "packages": [ # The software packages to be managed by this policy. |
| { # Package is a reference to the software package to be installed or removed. |
| # The agent on the VM instance uses the system package manager to apply the |
| # config. |
| # |
| # |
| # These are the commands that the agent uses to install or remove |
| # packages. |
| # |
| # Apt |
| # install: `apt-get update && apt-get -y install package1 package2 package3` |
| # remove: `apt-get -y remove package1 package2 package3` |
| # |
| # Yum |
| # install: `yum -y install package1 package2 package3` |
| # remove: `yum -y remove package1 package2 package3` |
| # |
| # Zypper |
| # install: `zypper install package1 package2 package3` |
| # remove: `zypper rm package1 package2` |
| # |
| # Googet |
| # install: `googet -noconfirm install package1 package2 package3` |
| # remove: `googet -noconfirm remove package1 package2 package3` |
| "desiredState": "A String", # The desired_state the agent should maintain for this package. The |
| # default is to ensure the package is installed. |
| "name": "A String", # Required. The name of the package. A package is uniquely identified for conflict |
| # validation by checking the package name and the manager(s) that the |
| # package targets. |
| "manager": "A String", # Type of package manager that can be used to install this package. |
| # If a system does not have the package manager, the package is not |
| # installed or removed no error message is returned. By default, |
| # or if you specify `ANY`, |
| # the agent attempts to install and remove this package using the default |
| # package manager. This is useful when creating a policy that applies to |
| # different types of systems. |
| # |
| # The default behavior is ANY. |
| }, |
| ], |
| "assignment": { # An assignment represents the group or groups of VM instances that the policy # Required. Specifies the VM instances that are assigned to this policy. This allows |
| # you to target sets or groups of VM instances by different parameters such |
| # as labels, names, OS, or zones. |
| # |
| # If left empty, all VM instances underneath this policy are targeted. |
| # |
| # At the same level in the resource hierarchy (that is within a project), the |
| # service prevents the creation of multiple policies that conflict with |
| # each other. For more information, see how the service [handles assignment |
| # conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts). |
| # applies to. |
| # |
| # If an assignment is empty, it applies to all VM instances. Otherwise, the |
| # targeted VM instances must meet all the criteria specified. So if both |
| # labels and zones are specified, the policy applies to VM instances with those |
| # labels and in those zones. |
| "instanceNamePrefixes": [ # Targets VM instances whose name starts with one of these prefixes. |
| # |
| # Like labels, this is another way to group VM instances when targeting |
| # configs, for example prefix="prod-". |
| # |
| # Only supported for project-level policies. |
| "A String", |
| ], |
| "groupLabels": [ # Targets instances matching at least one of these label sets. This allows |
| # an assignment to target disparate groups, for example "env=prod or |
| # env=staging". |
| { # Represents a group of VM intances that can be identified as having all |
| # these labels, for example "env=prod and app=web". |
| "labels": { # Google Compute Engine instance labels that must be present for an |
| # instance to be included in this assignment group. |
| "a_key": "A String", |
| }, |
| }, |
| ], |
| "osTypes": [ # Targets VM instances matching at least one of the following OS types. |
| # |
| # VM instances must match all supplied criteria for a given OsType to be |
| # included. |
| { # Defines the criteria for selecting VM Instances by OS type. |
| "osVersion": "A String", # Targets VM instances with OS Inventory enabled and having the following |
| # following OS version. |
| "osShortName": "A String", # Targets VM instances with OS Inventory enabled and having the following |
| # OS short name, for example "debian" or "windows". |
| "osArchitecture": "A String", # Targets VM instances with OS Inventory enabled and having the following |
| # OS architecture. |
| }, |
| ], |
| "instances": [ # Targets any of the instances specified. Instances are specified by their |
| # URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`. |
| # |
| # Instance targeting is uncommon and is supported to facilitate the |
| # management of changes by the instance or to target specific VM instances |
| # for development and testing. |
| # |
| # Only supported for project-level policies and must reference instances |
| # within this project. |
| "A String", |
| ], |
| "zones": [ # Targets instances in any of these zones. Leave empty to target instances |
| # in any zone. |
| # |
| # Zonal targeting is uncommon and is supported to facilitate the management |
| # of changes by zone. |
| "A String", |
| ], |
| }, |
| "createTime": "A String", # Output only. Time this guest policy was created. |
| "etag": "A String", # The etag for this guest policy. |
| # If this is provided on update, it must match the server's etag. |
| "updateTime": "A String", # Output only. Last time this guest policy was updated. |
| "name": "A String", # Required. Unique name of the resource in this project using one of the following |
| # forms: |
| # `projects/{project_number}/guestPolicies/{guest_policy_id}`. |
| "recipes": [ # A list of Recipes to install on the VM instance. |
| { # A software recipe is a set of instructions for installing and configuring a |
| # piece of software. It consists of a set of artifacts that are |
| # downloaded, and a set of steps that install, configure, and/or update the |
| # software. |
| # |
| # Recipes support installing and updating software from artifacts in the |
| # following formats: |
| # Zip archive, Tar archive, Windows MSI, Debian package, and RPM package. |
| # |
| # Additionally, recipes support executing a script (either defined in a file or |
| # directly in this api) in bash, sh, cmd, and powershell. |
| # |
| # Updating a software recipe |
| # |
| # If a recipe is assigned to an instance and there is a recipe with the same |
| # name but a lower version already installed and the assigned state |
| # of the recipe is `UPDATED`, then the recipe is updated to |
| # the new version. |
| # |
| # Script Working Directories |
| # |
| # Each script or execution step is run in its own temporary directory which |
| # is deleted after completing the step. |
| "updateSteps": [ # Actions to be taken for updating this recipe. On failure it stops |
| # executing steps and does not attempt another update for this recipe. Any |
| # steps taken (including partially completed steps) are not rolled back. |
| { # An action that can be taken as part of installing or updating a recipe. |
| "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file. |
| "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program |
| # can return to indicate a success. |
| 42, |
| ], |
| "localPath": "A String", # The absolute path of the file on the local filesystem. |
| "args": [ # Arguments to be passed to the provided executable. |
| "A String", |
| ], |
| "artifactId": "A String", # The id of the relevant artifact in the recipe. |
| }, |
| "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory. |
| "type": "A String", # Required. The type of the archive to extract. |
| "destination": "A String", # Directory to extract archive to. |
| # Defaults to `/` on Linux or `C:\` on Windows. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "msiInstallation": { # Installs an MSI file. # Installs an MSI file. |
| "flags": [ # The flags to use when installing the MSI |
| # defaults to ["/i"] (i.e. the install flag). |
| "A String", |
| ], |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| "allowedExitCodes": [ # Return codes that indicate that the software installed or updated |
| # successfully. Behaviour defaults to [0] |
| 42, |
| ], |
| }, |
| "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance. |
| "permissions": "A String", # Consists of three octal digits which represent, in |
| # order, the permissions of the owner, group, and other users for the |
| # file (similarly to the numeric mode used in the linux chmod utility). |
| # Each digit represents a three bit number with the 4 bit |
| # corresponding to the read permissions, the 2 bit corresponds to the |
| # write bit, and the one bit corresponds to the execute permission. |
| # Default behavior is 755. |
| # |
| # Below are some examples of permissions and their associated values: |
| # read, write, and execute: 7 |
| # read and execute: 5 |
| # read and write: 6 |
| # read only: 4 |
| "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is |
| # false and the file already exists the file is not overwritten |
| # and the step is considered a success. Defaults to false. |
| "destination": "A String", # Required. The absolute path on the instance to put the file. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell. |
| "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is |
| # specified the script is executed directly, which likely |
| # only succeed for scripts with |
| # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)). |
| "script": "A String", # Required. The shell script to be executed. |
| "allowedExitCodes": [ # Return codes that indicate that the software installed or updated |
| # successfully. Behaviour defaults to [0] |
| 42, |
| ], |
| }, |
| "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| }, |
| ], |
| "artifacts": [ # Resources available to be used in the steps in the recipe. |
| { # Specifies a resource to be used in the recipe. |
| "id": "A String", # Required. Id of the artifact, which the installation and update steps of this |
| # recipe can reference. Artifacts in a recipe cannot have the same id. |
| "remote": { # Specifies an artifact available via some URI. # A generic remote artifact. |
| "checksum": "A String", # Must be provided if `allow_insecure` is `false`. |
| # SHA256 checksum in hex format, to compare to the checksum of the |
| # artifact. If the checksum is not empty and it doesn't match the |
| # artifact then the recipe installation fails before running any of the |
| # steps. |
| "uri": "A String", # URI from which to fetch the object. It should contain both the protocol |
| # and path following the format {protocol}://{location}. |
| }, |
| "allowInsecure": True or False, # Defaults to false. When false, recipes are subject to validations |
| # based on the artifact type: |
| # |
| # Remote: A checksum must be specified, and only protocols with |
| # transport-layer security are permitted. |
| # GCS: An object generation number must be specified. |
| "gcs": { # Specifies an artifact available as a Google Cloud Storage object. # A Google Cloud Storage artifact. |
| "object": "A String", # Name of the Google Cloud Storage object. |
| # As specified [here] |
| # (https://cloud.google.com/storage/docs/naming#objectnames) |
| # Given an example URL: |
| # `https://storage.googleapis.com/my-bucket/foo/bar#1234567` |
| # this value would be `foo/bar`. |
| "generation": "A String", # Must be provided if allow_insecure is false. |
| # Generation number of the Google Cloud Storage object. |
| # `https://storage.googleapis.com/my-bucket/foo/bar#1234567` |
| # this value would be `1234567`. |
| "bucket": "A String", # Bucket of the Google Cloud Storage object. |
| # Given an example URL: |
| # `https://storage.googleapis.com/my-bucket/foo/bar#1234567` |
| # this value would be `my-bucket`. |
| }, |
| }, |
| ], |
| "desiredState": "A String", # Default is INSTALLED. The desired state the agent should maintain for this |
| # recipe. |
| # |
| # INSTALLED: The software recipe is installed on the instance but |
| # won't be updated to new versions. |
| # UPDATED: The software recipe is installed on the instance. The recipe is |
| # updated to a higher version, if a higher version of the recipe is |
| # assigned to this instance. |
| # REMOVE: Remove is unsupported for software recipes and attempts to |
| # create or update a recipe to the REMOVE state is rejected. |
| "name": "A String", # Required. Unique identifier for the recipe. Only one recipe with a given name is |
| # installed on an instance. |
| # |
| # Names are also used to identify resources which helps to determine whether |
| # guest policies have conflicts. This means that requests to create multiple |
| # recipes with the same name and version are rejected since they |
| # could potentially have conflicting assignments. |
| "version": "A String", # The version of this software recipe. Version can be up to 4 period |
| # separated numbers (e.g. 12.34.56.78). |
| "installSteps": [ # Actions to be taken for installing this recipe. On failure it stops |
| # executing steps and does not attempt another installation. Any steps taken |
| # (including partially completed steps) are not rolled back. |
| { # An action that can be taken as part of installing or updating a recipe. |
| "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file. |
| "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program |
| # can return to indicate a success. |
| 42, |
| ], |
| "localPath": "A String", # The absolute path of the file on the local filesystem. |
| "args": [ # Arguments to be passed to the provided executable. |
| "A String", |
| ], |
| "artifactId": "A String", # The id of the relevant artifact in the recipe. |
| }, |
| "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory. |
| "type": "A String", # Required. The type of the archive to extract. |
| "destination": "A String", # Directory to extract archive to. |
| # Defaults to `/` on Linux or `C:\` on Windows. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "msiInstallation": { # Installs an MSI file. # Installs an MSI file. |
| "flags": [ # The flags to use when installing the MSI |
| # defaults to ["/i"] (i.e. the install flag). |
| "A String", |
| ], |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| "allowedExitCodes": [ # Return codes that indicate that the software installed or updated |
| # successfully. Behaviour defaults to [0] |
| 42, |
| ], |
| }, |
| "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance. |
| "permissions": "A String", # Consists of three octal digits which represent, in |
| # order, the permissions of the owner, group, and other users for the |
| # file (similarly to the numeric mode used in the linux chmod utility). |
| # Each digit represents a three bit number with the 4 bit |
| # corresponding to the read permissions, the 2 bit corresponds to the |
| # write bit, and the one bit corresponds to the execute permission. |
| # Default behavior is 755. |
| # |
| # Below are some examples of permissions and their associated values: |
| # read, write, and execute: 7 |
| # read and execute: 5 |
| # read and write: 6 |
| # read only: 4 |
| "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is |
| # false and the file already exists the file is not overwritten |
| # and the step is considered a success. Defaults to false. |
| "destination": "A String", # Required. The absolute path on the instance to put the file. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell. |
| "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is |
| # specified the script is executed directly, which likely |
| # only succeed for scripts with |
| # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)). |
| "script": "A String", # Required. The shell script to be executed. |
| "allowedExitCodes": [ # Return codes that indicate that the software installed or updated |
| # successfully. Behaviour defaults to [0] |
| 42, |
| ], |
| }, |
| "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| }, |
| ], |
| }, |
| ], |
| "description": "A String", # Description of the guest policy. Length of the description is limited |
| # to 1024 characters. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="list">list(parent, pageSize=None, pageToken=None, x__xgafv=None)</code> |
| <pre>Get a page of OS Config guest policies. |
| |
| Args: |
| parent: string, Required. The resource name of the parent using one of the following forms: |
| `projects/{project_number}`. (required) |
| pageSize: integer, The maximum number of guest policies to return. |
| pageToken: string, A pagination token returned from a previous call to `ListGuestPolicies` |
| that indicates where this listing should continue from. |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # A response message for listing guest policies. |
| "nextPageToken": "A String", # A pagination token that can be used to get the next page |
| # of guest policies. |
| "guestPolicies": [ # The list of GuestPolicies. |
| { # An OS Config resource representing a guest configuration policy. These |
| # policies represent the desired state for VM instance guest environments |
| # including packages to install or remove, package repository configurations, |
| # and software to install. |
| "packageRepositories": [ # A list of package repositories to configure on the VM instance. This is |
| # done before any other configs are applied so they can use these repos. |
| # Package repositories are only configured if the corresponding package |
| # manager(s) are available. |
| { # A package repository. |
| "goo": { # Represents a Goo package repository. These is added to a repo file # A Goo Repository. |
| # that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo. |
| "url": "A String", # Required. The url of the repository. |
| "name": "A String", # Required. The name of the repository. |
| }, |
| "apt": { # Represents a single Apt package repository. This repository is added to # An Apt Repository. |
| # a repo file that is stored at |
| # `/etc/apt/sources.list.d/google_osconfig.list`. |
| "archiveType": "A String", # Type of archive files in this repository. The default behavior is DEB. |
| "gpgKey": "A String", # URI of the key file for this repository. The agent maintains |
| # a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing |
| # all the keys in any applied guest policy. |
| "uri": "A String", # Required. URI for this repository. |
| "components": [ # Required. List of components for this repository. Must contain at least one item. |
| "A String", |
| ], |
| "distribution": "A String", # Required. Distribution of this repository. |
| }, |
| "zypper": { # Represents a single Zypper package repository. This repository is added to a # A Zypper Repository. |
| # repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`. |
| "gpgKeys": [ # URIs of GPG keys. |
| "A String", |
| ], |
| "id": "A String", # Required. A one word, unique name for this repository. This is |
| # the `repo id` in the zypper config file and also the `display_name` if |
| # `display_name` is omitted. This id is also used as the unique identifier |
| # when checking for guest policy conflicts. |
| "displayName": "A String", # The display name of the repository. |
| "baseUrl": "A String", # Required. The location of the repository directory. |
| }, |
| "yum": { # Represents a single Yum package repository. This repository is added to a # A Yum Repository. |
| # repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`. |
| "id": "A String", # Required. A one word, unique name for this repository. This is |
| # the `repo id` in the Yum config file and also the `display_name` if |
| # `display_name` is omitted. This id is also used as the unique identifier |
| # when checking for guest policy conflicts. |
| "displayName": "A String", # The display name of the repository. |
| "baseUrl": "A String", # Required. The location of the repository directory. |
| "gpgKeys": [ # URIs of GPG keys. |
| "A String", |
| ], |
| }, |
| }, |
| ], |
| "packages": [ # The software packages to be managed by this policy. |
| { # Package is a reference to the software package to be installed or removed. |
| # The agent on the VM instance uses the system package manager to apply the |
| # config. |
| # |
| # |
| # These are the commands that the agent uses to install or remove |
| # packages. |
| # |
| # Apt |
| # install: `apt-get update && apt-get -y install package1 package2 package3` |
| # remove: `apt-get -y remove package1 package2 package3` |
| # |
| # Yum |
| # install: `yum -y install package1 package2 package3` |
| # remove: `yum -y remove package1 package2 package3` |
| # |
| # Zypper |
| # install: `zypper install package1 package2 package3` |
| # remove: `zypper rm package1 package2` |
| # |
| # Googet |
| # install: `googet -noconfirm install package1 package2 package3` |
| # remove: `googet -noconfirm remove package1 package2 package3` |
| "desiredState": "A String", # The desired_state the agent should maintain for this package. The |
| # default is to ensure the package is installed. |
| "name": "A String", # Required. The name of the package. A package is uniquely identified for conflict |
| # validation by checking the package name and the manager(s) that the |
| # package targets. |
| "manager": "A String", # Type of package manager that can be used to install this package. |
| # If a system does not have the package manager, the package is not |
| # installed or removed no error message is returned. By default, |
| # or if you specify `ANY`, |
| # the agent attempts to install and remove this package using the default |
| # package manager. This is useful when creating a policy that applies to |
| # different types of systems. |
| # |
| # The default behavior is ANY. |
| }, |
| ], |
| "assignment": { # An assignment represents the group or groups of VM instances that the policy # Required. Specifies the VM instances that are assigned to this policy. This allows |
| # you to target sets or groups of VM instances by different parameters such |
| # as labels, names, OS, or zones. |
| # |
| # If left empty, all VM instances underneath this policy are targeted. |
| # |
| # At the same level in the resource hierarchy (that is within a project), the |
| # service prevents the creation of multiple policies that conflict with |
| # each other. For more information, see how the service [handles assignment |
| # conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts). |
| # applies to. |
| # |
| # If an assignment is empty, it applies to all VM instances. Otherwise, the |
| # targeted VM instances must meet all the criteria specified. So if both |
| # labels and zones are specified, the policy applies to VM instances with those |
| # labels and in those zones. |
| "instanceNamePrefixes": [ # Targets VM instances whose name starts with one of these prefixes. |
| # |
| # Like labels, this is another way to group VM instances when targeting |
| # configs, for example prefix="prod-". |
| # |
| # Only supported for project-level policies. |
| "A String", |
| ], |
| "groupLabels": [ # Targets instances matching at least one of these label sets. This allows |
| # an assignment to target disparate groups, for example "env=prod or |
| # env=staging". |
| { # Represents a group of VM intances that can be identified as having all |
| # these labels, for example "env=prod and app=web". |
| "labels": { # Google Compute Engine instance labels that must be present for an |
| # instance to be included in this assignment group. |
| "a_key": "A String", |
| }, |
| }, |
| ], |
| "osTypes": [ # Targets VM instances matching at least one of the following OS types. |
| # |
| # VM instances must match all supplied criteria for a given OsType to be |
| # included. |
| { # Defines the criteria for selecting VM Instances by OS type. |
| "osVersion": "A String", # Targets VM instances with OS Inventory enabled and having the following |
| # following OS version. |
| "osShortName": "A String", # Targets VM instances with OS Inventory enabled and having the following |
| # OS short name, for example "debian" or "windows". |
| "osArchitecture": "A String", # Targets VM instances with OS Inventory enabled and having the following |
| # OS architecture. |
| }, |
| ], |
| "instances": [ # Targets any of the instances specified. Instances are specified by their |
| # URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`. |
| # |
| # Instance targeting is uncommon and is supported to facilitate the |
| # management of changes by the instance or to target specific VM instances |
| # for development and testing. |
| # |
| # Only supported for project-level policies and must reference instances |
| # within this project. |
| "A String", |
| ], |
| "zones": [ # Targets instances in any of these zones. Leave empty to target instances |
| # in any zone. |
| # |
| # Zonal targeting is uncommon and is supported to facilitate the management |
| # of changes by zone. |
| "A String", |
| ], |
| }, |
| "createTime": "A String", # Output only. Time this guest policy was created. |
| "etag": "A String", # The etag for this guest policy. |
| # If this is provided on update, it must match the server's etag. |
| "updateTime": "A String", # Output only. Last time this guest policy was updated. |
| "name": "A String", # Required. Unique name of the resource in this project using one of the following |
| # forms: |
| # `projects/{project_number}/guestPolicies/{guest_policy_id}`. |
| "recipes": [ # A list of Recipes to install on the VM instance. |
| { # A software recipe is a set of instructions for installing and configuring a |
| # piece of software. It consists of a set of artifacts that are |
| # downloaded, and a set of steps that install, configure, and/or update the |
| # software. |
| # |
| # Recipes support installing and updating software from artifacts in the |
| # following formats: |
| # Zip archive, Tar archive, Windows MSI, Debian package, and RPM package. |
| # |
| # Additionally, recipes support executing a script (either defined in a file or |
| # directly in this api) in bash, sh, cmd, and powershell. |
| # |
| # Updating a software recipe |
| # |
| # If a recipe is assigned to an instance and there is a recipe with the same |
| # name but a lower version already installed and the assigned state |
| # of the recipe is `UPDATED`, then the recipe is updated to |
| # the new version. |
| # |
| # Script Working Directories |
| # |
| # Each script or execution step is run in its own temporary directory which |
| # is deleted after completing the step. |
| "updateSteps": [ # Actions to be taken for updating this recipe. On failure it stops |
| # executing steps and does not attempt another update for this recipe. Any |
| # steps taken (including partially completed steps) are not rolled back. |
| { # An action that can be taken as part of installing or updating a recipe. |
| "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file. |
| "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program |
| # can return to indicate a success. |
| 42, |
| ], |
| "localPath": "A String", # The absolute path of the file on the local filesystem. |
| "args": [ # Arguments to be passed to the provided executable. |
| "A String", |
| ], |
| "artifactId": "A String", # The id of the relevant artifact in the recipe. |
| }, |
| "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory. |
| "type": "A String", # Required. The type of the archive to extract. |
| "destination": "A String", # Directory to extract archive to. |
| # Defaults to `/` on Linux or `C:\` on Windows. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "msiInstallation": { # Installs an MSI file. # Installs an MSI file. |
| "flags": [ # The flags to use when installing the MSI |
| # defaults to ["/i"] (i.e. the install flag). |
| "A String", |
| ], |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| "allowedExitCodes": [ # Return codes that indicate that the software installed or updated |
| # successfully. Behaviour defaults to [0] |
| 42, |
| ], |
| }, |
| "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance. |
| "permissions": "A String", # Consists of three octal digits which represent, in |
| # order, the permissions of the owner, group, and other users for the |
| # file (similarly to the numeric mode used in the linux chmod utility). |
| # Each digit represents a three bit number with the 4 bit |
| # corresponding to the read permissions, the 2 bit corresponds to the |
| # write bit, and the one bit corresponds to the execute permission. |
| # Default behavior is 755. |
| # |
| # Below are some examples of permissions and their associated values: |
| # read, write, and execute: 7 |
| # read and execute: 5 |
| # read and write: 6 |
| # read only: 4 |
| "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is |
| # false and the file already exists the file is not overwritten |
| # and the step is considered a success. Defaults to false. |
| "destination": "A String", # Required. The absolute path on the instance to put the file. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell. |
| "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is |
| # specified the script is executed directly, which likely |
| # only succeed for scripts with |
| # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)). |
| "script": "A String", # Required. The shell script to be executed. |
| "allowedExitCodes": [ # Return codes that indicate that the software installed or updated |
| # successfully. Behaviour defaults to [0] |
| 42, |
| ], |
| }, |
| "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| }, |
| ], |
| "artifacts": [ # Resources available to be used in the steps in the recipe. |
| { # Specifies a resource to be used in the recipe. |
| "id": "A String", # Required. Id of the artifact, which the installation and update steps of this |
| # recipe can reference. Artifacts in a recipe cannot have the same id. |
| "remote": { # Specifies an artifact available via some URI. # A generic remote artifact. |
| "checksum": "A String", # Must be provided if `allow_insecure` is `false`. |
| # SHA256 checksum in hex format, to compare to the checksum of the |
| # artifact. If the checksum is not empty and it doesn't match the |
| # artifact then the recipe installation fails before running any of the |
| # steps. |
| "uri": "A String", # URI from which to fetch the object. It should contain both the protocol |
| # and path following the format {protocol}://{location}. |
| }, |
| "allowInsecure": True or False, # Defaults to false. When false, recipes are subject to validations |
| # based on the artifact type: |
| # |
| # Remote: A checksum must be specified, and only protocols with |
| # transport-layer security are permitted. |
| # GCS: An object generation number must be specified. |
| "gcs": { # Specifies an artifact available as a Google Cloud Storage object. # A Google Cloud Storage artifact. |
| "object": "A String", # Name of the Google Cloud Storage object. |
| # As specified [here] |
| # (https://cloud.google.com/storage/docs/naming#objectnames) |
| # Given an example URL: |
| # `https://storage.googleapis.com/my-bucket/foo/bar#1234567` |
| # this value would be `foo/bar`. |
| "generation": "A String", # Must be provided if allow_insecure is false. |
| # Generation number of the Google Cloud Storage object. |
| # `https://storage.googleapis.com/my-bucket/foo/bar#1234567` |
| # this value would be `1234567`. |
| "bucket": "A String", # Bucket of the Google Cloud Storage object. |
| # Given an example URL: |
| # `https://storage.googleapis.com/my-bucket/foo/bar#1234567` |
| # this value would be `my-bucket`. |
| }, |
| }, |
| ], |
| "desiredState": "A String", # Default is INSTALLED. The desired state the agent should maintain for this |
| # recipe. |
| # |
| # INSTALLED: The software recipe is installed on the instance but |
| # won't be updated to new versions. |
| # UPDATED: The software recipe is installed on the instance. The recipe is |
| # updated to a higher version, if a higher version of the recipe is |
| # assigned to this instance. |
| # REMOVE: Remove is unsupported for software recipes and attempts to |
| # create or update a recipe to the REMOVE state is rejected. |
| "name": "A String", # Required. Unique identifier for the recipe. Only one recipe with a given name is |
| # installed on an instance. |
| # |
| # Names are also used to identify resources which helps to determine whether |
| # guest policies have conflicts. This means that requests to create multiple |
| # recipes with the same name and version are rejected since they |
| # could potentially have conflicting assignments. |
| "version": "A String", # The version of this software recipe. Version can be up to 4 period |
| # separated numbers (e.g. 12.34.56.78). |
| "installSteps": [ # Actions to be taken for installing this recipe. On failure it stops |
| # executing steps and does not attempt another installation. Any steps taken |
| # (including partially completed steps) are not rolled back. |
| { # An action that can be taken as part of installing or updating a recipe. |
| "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file. |
| "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program |
| # can return to indicate a success. |
| 42, |
| ], |
| "localPath": "A String", # The absolute path of the file on the local filesystem. |
| "args": [ # Arguments to be passed to the provided executable. |
| "A String", |
| ], |
| "artifactId": "A String", # The id of the relevant artifact in the recipe. |
| }, |
| "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory. |
| "type": "A String", # Required. The type of the archive to extract. |
| "destination": "A String", # Directory to extract archive to. |
| # Defaults to `/` on Linux or `C:\` on Windows. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "msiInstallation": { # Installs an MSI file. # Installs an MSI file. |
| "flags": [ # The flags to use when installing the MSI |
| # defaults to ["/i"] (i.e. the install flag). |
| "A String", |
| ], |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| "allowedExitCodes": [ # Return codes that indicate that the software installed or updated |
| # successfully. Behaviour defaults to [0] |
| 42, |
| ], |
| }, |
| "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance. |
| "permissions": "A String", # Consists of three octal digits which represent, in |
| # order, the permissions of the owner, group, and other users for the |
| # file (similarly to the numeric mode used in the linux chmod utility). |
| # Each digit represents a three bit number with the 4 bit |
| # corresponding to the read permissions, the 2 bit corresponds to the |
| # write bit, and the one bit corresponds to the execute permission. |
| # Default behavior is 755. |
| # |
| # Below are some examples of permissions and their associated values: |
| # read, write, and execute: 7 |
| # read and execute: 5 |
| # read and write: 6 |
| # read only: 4 |
| "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is |
| # false and the file already exists the file is not overwritten |
| # and the step is considered a success. Defaults to false. |
| "destination": "A String", # Required. The absolute path on the instance to put the file. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell. |
| "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is |
| # specified the script is executed directly, which likely |
| # only succeed for scripts with |
| # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)). |
| "script": "A String", # Required. The shell script to be executed. |
| "allowedExitCodes": [ # Return codes that indicate that the software installed or updated |
| # successfully. Behaviour defaults to [0] |
| 42, |
| ], |
| }, |
| "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| }, |
| ], |
| }, |
| ], |
| "description": "A String", # Description of the guest policy. Length of the description is limited |
| # to 1024 characters. |
| }, |
| ], |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="list_next">list_next(previous_request, previous_response)</code> |
| <pre>Retrieves the next page of results. |
| |
| Args: |
| previous_request: The request for the previous page. (required) |
| previous_response: The response from the request for the previous page. (required) |
| |
| Returns: |
| A request object that you can call 'execute()' on to request the next |
| page. Returns None if there are no more items in the collection. |
| </pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code> |
| <pre>Update an OS Config guest policy. |
| |
| Args: |
| name: string, Required. Unique name of the resource in this project using one of the following |
| forms: |
| `projects/{project_number}/guestPolicies/{guest_policy_id}`. (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { # An OS Config resource representing a guest configuration policy. These |
| # policies represent the desired state for VM instance guest environments |
| # including packages to install or remove, package repository configurations, |
| # and software to install. |
| "packageRepositories": [ # A list of package repositories to configure on the VM instance. This is |
| # done before any other configs are applied so they can use these repos. |
| # Package repositories are only configured if the corresponding package |
| # manager(s) are available. |
| { # A package repository. |
| "goo": { # Represents a Goo package repository. These is added to a repo file # A Goo Repository. |
| # that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo. |
| "url": "A String", # Required. The url of the repository. |
| "name": "A String", # Required. The name of the repository. |
| }, |
| "apt": { # Represents a single Apt package repository. This repository is added to # An Apt Repository. |
| # a repo file that is stored at |
| # `/etc/apt/sources.list.d/google_osconfig.list`. |
| "archiveType": "A String", # Type of archive files in this repository. The default behavior is DEB. |
| "gpgKey": "A String", # URI of the key file for this repository. The agent maintains |
| # a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing |
| # all the keys in any applied guest policy. |
| "uri": "A String", # Required. URI for this repository. |
| "components": [ # Required. List of components for this repository. Must contain at least one item. |
| "A String", |
| ], |
| "distribution": "A String", # Required. Distribution of this repository. |
| }, |
| "zypper": { # Represents a single Zypper package repository. This repository is added to a # A Zypper Repository. |
| # repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`. |
| "gpgKeys": [ # URIs of GPG keys. |
| "A String", |
| ], |
| "id": "A String", # Required. A one word, unique name for this repository. This is |
| # the `repo id` in the zypper config file and also the `display_name` if |
| # `display_name` is omitted. This id is also used as the unique identifier |
| # when checking for guest policy conflicts. |
| "displayName": "A String", # The display name of the repository. |
| "baseUrl": "A String", # Required. The location of the repository directory. |
| }, |
| "yum": { # Represents a single Yum package repository. This repository is added to a # A Yum Repository. |
| # repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`. |
| "id": "A String", # Required. A one word, unique name for this repository. This is |
| # the `repo id` in the Yum config file and also the `display_name` if |
| # `display_name` is omitted. This id is also used as the unique identifier |
| # when checking for guest policy conflicts. |
| "displayName": "A String", # The display name of the repository. |
| "baseUrl": "A String", # Required. The location of the repository directory. |
| "gpgKeys": [ # URIs of GPG keys. |
| "A String", |
| ], |
| }, |
| }, |
| ], |
| "packages": [ # The software packages to be managed by this policy. |
| { # Package is a reference to the software package to be installed or removed. |
| # The agent on the VM instance uses the system package manager to apply the |
| # config. |
| # |
| # |
| # These are the commands that the agent uses to install or remove |
| # packages. |
| # |
| # Apt |
| # install: `apt-get update && apt-get -y install package1 package2 package3` |
| # remove: `apt-get -y remove package1 package2 package3` |
| # |
| # Yum |
| # install: `yum -y install package1 package2 package3` |
| # remove: `yum -y remove package1 package2 package3` |
| # |
| # Zypper |
| # install: `zypper install package1 package2 package3` |
| # remove: `zypper rm package1 package2` |
| # |
| # Googet |
| # install: `googet -noconfirm install package1 package2 package3` |
| # remove: `googet -noconfirm remove package1 package2 package3` |
| "desiredState": "A String", # The desired_state the agent should maintain for this package. The |
| # default is to ensure the package is installed. |
| "name": "A String", # Required. The name of the package. A package is uniquely identified for conflict |
| # validation by checking the package name and the manager(s) that the |
| # package targets. |
| "manager": "A String", # Type of package manager that can be used to install this package. |
| # If a system does not have the package manager, the package is not |
| # installed or removed no error message is returned. By default, |
| # or if you specify `ANY`, |
| # the agent attempts to install and remove this package using the default |
| # package manager. This is useful when creating a policy that applies to |
| # different types of systems. |
| # |
| # The default behavior is ANY. |
| }, |
| ], |
| "assignment": { # An assignment represents the group or groups of VM instances that the policy # Required. Specifies the VM instances that are assigned to this policy. This allows |
| # you to target sets or groups of VM instances by different parameters such |
| # as labels, names, OS, or zones. |
| # |
| # If left empty, all VM instances underneath this policy are targeted. |
| # |
| # At the same level in the resource hierarchy (that is within a project), the |
| # service prevents the creation of multiple policies that conflict with |
| # each other. For more information, see how the service [handles assignment |
| # conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts). |
| # applies to. |
| # |
| # If an assignment is empty, it applies to all VM instances. Otherwise, the |
| # targeted VM instances must meet all the criteria specified. So if both |
| # labels and zones are specified, the policy applies to VM instances with those |
| # labels and in those zones. |
| "instanceNamePrefixes": [ # Targets VM instances whose name starts with one of these prefixes. |
| # |
| # Like labels, this is another way to group VM instances when targeting |
| # configs, for example prefix="prod-". |
| # |
| # Only supported for project-level policies. |
| "A String", |
| ], |
| "groupLabels": [ # Targets instances matching at least one of these label sets. This allows |
| # an assignment to target disparate groups, for example "env=prod or |
| # env=staging". |
| { # Represents a group of VM intances that can be identified as having all |
| # these labels, for example "env=prod and app=web". |
| "labels": { # Google Compute Engine instance labels that must be present for an |
| # instance to be included in this assignment group. |
| "a_key": "A String", |
| }, |
| }, |
| ], |
| "osTypes": [ # Targets VM instances matching at least one of the following OS types. |
| # |
| # VM instances must match all supplied criteria for a given OsType to be |
| # included. |
| { # Defines the criteria for selecting VM Instances by OS type. |
| "osVersion": "A String", # Targets VM instances with OS Inventory enabled and having the following |
| # following OS version. |
| "osShortName": "A String", # Targets VM instances with OS Inventory enabled and having the following |
| # OS short name, for example "debian" or "windows". |
| "osArchitecture": "A String", # Targets VM instances with OS Inventory enabled and having the following |
| # OS architecture. |
| }, |
| ], |
| "instances": [ # Targets any of the instances specified. Instances are specified by their |
| # URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`. |
| # |
| # Instance targeting is uncommon and is supported to facilitate the |
| # management of changes by the instance or to target specific VM instances |
| # for development and testing. |
| # |
| # Only supported for project-level policies and must reference instances |
| # within this project. |
| "A String", |
| ], |
| "zones": [ # Targets instances in any of these zones. Leave empty to target instances |
| # in any zone. |
| # |
| # Zonal targeting is uncommon and is supported to facilitate the management |
| # of changes by zone. |
| "A String", |
| ], |
| }, |
| "createTime": "A String", # Output only. Time this guest policy was created. |
| "etag": "A String", # The etag for this guest policy. |
| # If this is provided on update, it must match the server's etag. |
| "updateTime": "A String", # Output only. Last time this guest policy was updated. |
| "name": "A String", # Required. Unique name of the resource in this project using one of the following |
| # forms: |
| # `projects/{project_number}/guestPolicies/{guest_policy_id}`. |
| "recipes": [ # A list of Recipes to install on the VM instance. |
| { # A software recipe is a set of instructions for installing and configuring a |
| # piece of software. It consists of a set of artifacts that are |
| # downloaded, and a set of steps that install, configure, and/or update the |
| # software. |
| # |
| # Recipes support installing and updating software from artifacts in the |
| # following formats: |
| # Zip archive, Tar archive, Windows MSI, Debian package, and RPM package. |
| # |
| # Additionally, recipes support executing a script (either defined in a file or |
| # directly in this api) in bash, sh, cmd, and powershell. |
| # |
| # Updating a software recipe |
| # |
| # If a recipe is assigned to an instance and there is a recipe with the same |
| # name but a lower version already installed and the assigned state |
| # of the recipe is `UPDATED`, then the recipe is updated to |
| # the new version. |
| # |
| # Script Working Directories |
| # |
| # Each script or execution step is run in its own temporary directory which |
| # is deleted after completing the step. |
| "updateSteps": [ # Actions to be taken for updating this recipe. On failure it stops |
| # executing steps and does not attempt another update for this recipe. Any |
| # steps taken (including partially completed steps) are not rolled back. |
| { # An action that can be taken as part of installing or updating a recipe. |
| "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file. |
| "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program |
| # can return to indicate a success. |
| 42, |
| ], |
| "localPath": "A String", # The absolute path of the file on the local filesystem. |
| "args": [ # Arguments to be passed to the provided executable. |
| "A String", |
| ], |
| "artifactId": "A String", # The id of the relevant artifact in the recipe. |
| }, |
| "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory. |
| "type": "A String", # Required. The type of the archive to extract. |
| "destination": "A String", # Directory to extract archive to. |
| # Defaults to `/` on Linux or `C:\` on Windows. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "msiInstallation": { # Installs an MSI file. # Installs an MSI file. |
| "flags": [ # The flags to use when installing the MSI |
| # defaults to ["/i"] (i.e. the install flag). |
| "A String", |
| ], |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| "allowedExitCodes": [ # Return codes that indicate that the software installed or updated |
| # successfully. Behaviour defaults to [0] |
| 42, |
| ], |
| }, |
| "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance. |
| "permissions": "A String", # Consists of three octal digits which represent, in |
| # order, the permissions of the owner, group, and other users for the |
| # file (similarly to the numeric mode used in the linux chmod utility). |
| # Each digit represents a three bit number with the 4 bit |
| # corresponding to the read permissions, the 2 bit corresponds to the |
| # write bit, and the one bit corresponds to the execute permission. |
| # Default behavior is 755. |
| # |
| # Below are some examples of permissions and their associated values: |
| # read, write, and execute: 7 |
| # read and execute: 5 |
| # read and write: 6 |
| # read only: 4 |
| "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is |
| # false and the file already exists the file is not overwritten |
| # and the step is considered a success. Defaults to false. |
| "destination": "A String", # Required. The absolute path on the instance to put the file. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell. |
| "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is |
| # specified the script is executed directly, which likely |
| # only succeed for scripts with |
| # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)). |
| "script": "A String", # Required. The shell script to be executed. |
| "allowedExitCodes": [ # Return codes that indicate that the software installed or updated |
| # successfully. Behaviour defaults to [0] |
| 42, |
| ], |
| }, |
| "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| }, |
| ], |
| "artifacts": [ # Resources available to be used in the steps in the recipe. |
| { # Specifies a resource to be used in the recipe. |
| "id": "A String", # Required. Id of the artifact, which the installation and update steps of this |
| # recipe can reference. Artifacts in a recipe cannot have the same id. |
| "remote": { # Specifies an artifact available via some URI. # A generic remote artifact. |
| "checksum": "A String", # Must be provided if `allow_insecure` is `false`. |
| # SHA256 checksum in hex format, to compare to the checksum of the |
| # artifact. If the checksum is not empty and it doesn't match the |
| # artifact then the recipe installation fails before running any of the |
| # steps. |
| "uri": "A String", # URI from which to fetch the object. It should contain both the protocol |
| # and path following the format {protocol}://{location}. |
| }, |
| "allowInsecure": True or False, # Defaults to false. When false, recipes are subject to validations |
| # based on the artifact type: |
| # |
| # Remote: A checksum must be specified, and only protocols with |
| # transport-layer security are permitted. |
| # GCS: An object generation number must be specified. |
| "gcs": { # Specifies an artifact available as a Google Cloud Storage object. # A Google Cloud Storage artifact. |
| "object": "A String", # Name of the Google Cloud Storage object. |
| # As specified [here] |
| # (https://cloud.google.com/storage/docs/naming#objectnames) |
| # Given an example URL: |
| # `https://storage.googleapis.com/my-bucket/foo/bar#1234567` |
| # this value would be `foo/bar`. |
| "generation": "A String", # Must be provided if allow_insecure is false. |
| # Generation number of the Google Cloud Storage object. |
| # `https://storage.googleapis.com/my-bucket/foo/bar#1234567` |
| # this value would be `1234567`. |
| "bucket": "A String", # Bucket of the Google Cloud Storage object. |
| # Given an example URL: |
| # `https://storage.googleapis.com/my-bucket/foo/bar#1234567` |
| # this value would be `my-bucket`. |
| }, |
| }, |
| ], |
| "desiredState": "A String", # Default is INSTALLED. The desired state the agent should maintain for this |
| # recipe. |
| # |
| # INSTALLED: The software recipe is installed on the instance but |
| # won't be updated to new versions. |
| # UPDATED: The software recipe is installed on the instance. The recipe is |
| # updated to a higher version, if a higher version of the recipe is |
| # assigned to this instance. |
| # REMOVE: Remove is unsupported for software recipes and attempts to |
| # create or update a recipe to the REMOVE state is rejected. |
| "name": "A String", # Required. Unique identifier for the recipe. Only one recipe with a given name is |
| # installed on an instance. |
| # |
| # Names are also used to identify resources which helps to determine whether |
| # guest policies have conflicts. This means that requests to create multiple |
| # recipes with the same name and version are rejected since they |
| # could potentially have conflicting assignments. |
| "version": "A String", # The version of this software recipe. Version can be up to 4 period |
| # separated numbers (e.g. 12.34.56.78). |
| "installSteps": [ # Actions to be taken for installing this recipe. On failure it stops |
| # executing steps and does not attempt another installation. Any steps taken |
| # (including partially completed steps) are not rolled back. |
| { # An action that can be taken as part of installing or updating a recipe. |
| "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file. |
| "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program |
| # can return to indicate a success. |
| 42, |
| ], |
| "localPath": "A String", # The absolute path of the file on the local filesystem. |
| "args": [ # Arguments to be passed to the provided executable. |
| "A String", |
| ], |
| "artifactId": "A String", # The id of the relevant artifact in the recipe. |
| }, |
| "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory. |
| "type": "A String", # Required. The type of the archive to extract. |
| "destination": "A String", # Directory to extract archive to. |
| # Defaults to `/` on Linux or `C:\` on Windows. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "msiInstallation": { # Installs an MSI file. # Installs an MSI file. |
| "flags": [ # The flags to use when installing the MSI |
| # defaults to ["/i"] (i.e. the install flag). |
| "A String", |
| ], |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| "allowedExitCodes": [ # Return codes that indicate that the software installed or updated |
| # successfully. Behaviour defaults to [0] |
| 42, |
| ], |
| }, |
| "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance. |
| "permissions": "A String", # Consists of three octal digits which represent, in |
| # order, the permissions of the owner, group, and other users for the |
| # file (similarly to the numeric mode used in the linux chmod utility). |
| # Each digit represents a three bit number with the 4 bit |
| # corresponding to the read permissions, the 2 bit corresponds to the |
| # write bit, and the one bit corresponds to the execute permission. |
| # Default behavior is 755. |
| # |
| # Below are some examples of permissions and their associated values: |
| # read, write, and execute: 7 |
| # read and execute: 5 |
| # read and write: 6 |
| # read only: 4 |
| "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is |
| # false and the file already exists the file is not overwritten |
| # and the step is considered a success. Defaults to false. |
| "destination": "A String", # Required. The absolute path on the instance to put the file. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell. |
| "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is |
| # specified the script is executed directly, which likely |
| # only succeed for scripts with |
| # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)). |
| "script": "A String", # Required. The shell script to be executed. |
| "allowedExitCodes": [ # Return codes that indicate that the software installed or updated |
| # successfully. Behaviour defaults to [0] |
| 42, |
| ], |
| }, |
| "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| }, |
| ], |
| }, |
| ], |
| "description": "A String", # Description of the guest policy. Length of the description is limited |
| # to 1024 characters. |
| } |
| |
| updateMask: string, Field mask that controls which fields of the guest policy should be |
| updated. |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # An OS Config resource representing a guest configuration policy. These |
| # policies represent the desired state for VM instance guest environments |
| # including packages to install or remove, package repository configurations, |
| # and software to install. |
| "packageRepositories": [ # A list of package repositories to configure on the VM instance. This is |
| # done before any other configs are applied so they can use these repos. |
| # Package repositories are only configured if the corresponding package |
| # manager(s) are available. |
| { # A package repository. |
| "goo": { # Represents a Goo package repository. These is added to a repo file # A Goo Repository. |
| # that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo. |
| "url": "A String", # Required. The url of the repository. |
| "name": "A String", # Required. The name of the repository. |
| }, |
| "apt": { # Represents a single Apt package repository. This repository is added to # An Apt Repository. |
| # a repo file that is stored at |
| # `/etc/apt/sources.list.d/google_osconfig.list`. |
| "archiveType": "A String", # Type of archive files in this repository. The default behavior is DEB. |
| "gpgKey": "A String", # URI of the key file for this repository. The agent maintains |
| # a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing |
| # all the keys in any applied guest policy. |
| "uri": "A String", # Required. URI for this repository. |
| "components": [ # Required. List of components for this repository. Must contain at least one item. |
| "A String", |
| ], |
| "distribution": "A String", # Required. Distribution of this repository. |
| }, |
| "zypper": { # Represents a single Zypper package repository. This repository is added to a # A Zypper Repository. |
| # repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`. |
| "gpgKeys": [ # URIs of GPG keys. |
| "A String", |
| ], |
| "id": "A String", # Required. A one word, unique name for this repository. This is |
| # the `repo id` in the zypper config file and also the `display_name` if |
| # `display_name` is omitted. This id is also used as the unique identifier |
| # when checking for guest policy conflicts. |
| "displayName": "A String", # The display name of the repository. |
| "baseUrl": "A String", # Required. The location of the repository directory. |
| }, |
| "yum": { # Represents a single Yum package repository. This repository is added to a # A Yum Repository. |
| # repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`. |
| "id": "A String", # Required. A one word, unique name for this repository. This is |
| # the `repo id` in the Yum config file and also the `display_name` if |
| # `display_name` is omitted. This id is also used as the unique identifier |
| # when checking for guest policy conflicts. |
| "displayName": "A String", # The display name of the repository. |
| "baseUrl": "A String", # Required. The location of the repository directory. |
| "gpgKeys": [ # URIs of GPG keys. |
| "A String", |
| ], |
| }, |
| }, |
| ], |
| "packages": [ # The software packages to be managed by this policy. |
| { # Package is a reference to the software package to be installed or removed. |
| # The agent on the VM instance uses the system package manager to apply the |
| # config. |
| # |
| # |
| # These are the commands that the agent uses to install or remove |
| # packages. |
| # |
| # Apt |
| # install: `apt-get update && apt-get -y install package1 package2 package3` |
| # remove: `apt-get -y remove package1 package2 package3` |
| # |
| # Yum |
| # install: `yum -y install package1 package2 package3` |
| # remove: `yum -y remove package1 package2 package3` |
| # |
| # Zypper |
| # install: `zypper install package1 package2 package3` |
| # remove: `zypper rm package1 package2` |
| # |
| # Googet |
| # install: `googet -noconfirm install package1 package2 package3` |
| # remove: `googet -noconfirm remove package1 package2 package3` |
| "desiredState": "A String", # The desired_state the agent should maintain for this package. The |
| # default is to ensure the package is installed. |
| "name": "A String", # Required. The name of the package. A package is uniquely identified for conflict |
| # validation by checking the package name and the manager(s) that the |
| # package targets. |
| "manager": "A String", # Type of package manager that can be used to install this package. |
| # If a system does not have the package manager, the package is not |
| # installed or removed no error message is returned. By default, |
| # or if you specify `ANY`, |
| # the agent attempts to install and remove this package using the default |
| # package manager. This is useful when creating a policy that applies to |
| # different types of systems. |
| # |
| # The default behavior is ANY. |
| }, |
| ], |
| "assignment": { # An assignment represents the group or groups of VM instances that the policy # Required. Specifies the VM instances that are assigned to this policy. This allows |
| # you to target sets or groups of VM instances by different parameters such |
| # as labels, names, OS, or zones. |
| # |
| # If left empty, all VM instances underneath this policy are targeted. |
| # |
| # At the same level in the resource hierarchy (that is within a project), the |
| # service prevents the creation of multiple policies that conflict with |
| # each other. For more information, see how the service [handles assignment |
| # conflicts](/compute/docs/os-config-management/create-guest-policy#handle-conflicts). |
| # applies to. |
| # |
| # If an assignment is empty, it applies to all VM instances. Otherwise, the |
| # targeted VM instances must meet all the criteria specified. So if both |
| # labels and zones are specified, the policy applies to VM instances with those |
| # labels and in those zones. |
| "instanceNamePrefixes": [ # Targets VM instances whose name starts with one of these prefixes. |
| # |
| # Like labels, this is another way to group VM instances when targeting |
| # configs, for example prefix="prod-". |
| # |
| # Only supported for project-level policies. |
| "A String", |
| ], |
| "groupLabels": [ # Targets instances matching at least one of these label sets. This allows |
| # an assignment to target disparate groups, for example "env=prod or |
| # env=staging". |
| { # Represents a group of VM intances that can be identified as having all |
| # these labels, for example "env=prod and app=web". |
| "labels": { # Google Compute Engine instance labels that must be present for an |
| # instance to be included in this assignment group. |
| "a_key": "A String", |
| }, |
| }, |
| ], |
| "osTypes": [ # Targets VM instances matching at least one of the following OS types. |
| # |
| # VM instances must match all supplied criteria for a given OsType to be |
| # included. |
| { # Defines the criteria for selecting VM Instances by OS type. |
| "osVersion": "A String", # Targets VM instances with OS Inventory enabled and having the following |
| # following OS version. |
| "osShortName": "A String", # Targets VM instances with OS Inventory enabled and having the following |
| # OS short name, for example "debian" or "windows". |
| "osArchitecture": "A String", # Targets VM instances with OS Inventory enabled and having the following |
| # OS architecture. |
| }, |
| ], |
| "instances": [ # Targets any of the instances specified. Instances are specified by their |
| # URI in the form `zones/[ZONE]/instances/[INSTANCE_NAME]`. |
| # |
| # Instance targeting is uncommon and is supported to facilitate the |
| # management of changes by the instance or to target specific VM instances |
| # for development and testing. |
| # |
| # Only supported for project-level policies and must reference instances |
| # within this project. |
| "A String", |
| ], |
| "zones": [ # Targets instances in any of these zones. Leave empty to target instances |
| # in any zone. |
| # |
| # Zonal targeting is uncommon and is supported to facilitate the management |
| # of changes by zone. |
| "A String", |
| ], |
| }, |
| "createTime": "A String", # Output only. Time this guest policy was created. |
| "etag": "A String", # The etag for this guest policy. |
| # If this is provided on update, it must match the server's etag. |
| "updateTime": "A String", # Output only. Last time this guest policy was updated. |
| "name": "A String", # Required. Unique name of the resource in this project using one of the following |
| # forms: |
| # `projects/{project_number}/guestPolicies/{guest_policy_id}`. |
| "recipes": [ # A list of Recipes to install on the VM instance. |
| { # A software recipe is a set of instructions for installing and configuring a |
| # piece of software. It consists of a set of artifacts that are |
| # downloaded, and a set of steps that install, configure, and/or update the |
| # software. |
| # |
| # Recipes support installing and updating software from artifacts in the |
| # following formats: |
| # Zip archive, Tar archive, Windows MSI, Debian package, and RPM package. |
| # |
| # Additionally, recipes support executing a script (either defined in a file or |
| # directly in this api) in bash, sh, cmd, and powershell. |
| # |
| # Updating a software recipe |
| # |
| # If a recipe is assigned to an instance and there is a recipe with the same |
| # name but a lower version already installed and the assigned state |
| # of the recipe is `UPDATED`, then the recipe is updated to |
| # the new version. |
| # |
| # Script Working Directories |
| # |
| # Each script or execution step is run in its own temporary directory which |
| # is deleted after completing the step. |
| "updateSteps": [ # Actions to be taken for updating this recipe. On failure it stops |
| # executing steps and does not attempt another update for this recipe. Any |
| # steps taken (including partially completed steps) are not rolled back. |
| { # An action that can be taken as part of installing or updating a recipe. |
| "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file. |
| "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program |
| # can return to indicate a success. |
| 42, |
| ], |
| "localPath": "A String", # The absolute path of the file on the local filesystem. |
| "args": [ # Arguments to be passed to the provided executable. |
| "A String", |
| ], |
| "artifactId": "A String", # The id of the relevant artifact in the recipe. |
| }, |
| "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory. |
| "type": "A String", # Required. The type of the archive to extract. |
| "destination": "A String", # Directory to extract archive to. |
| # Defaults to `/` on Linux or `C:\` on Windows. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "msiInstallation": { # Installs an MSI file. # Installs an MSI file. |
| "flags": [ # The flags to use when installing the MSI |
| # defaults to ["/i"] (i.e. the install flag). |
| "A String", |
| ], |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| "allowedExitCodes": [ # Return codes that indicate that the software installed or updated |
| # successfully. Behaviour defaults to [0] |
| 42, |
| ], |
| }, |
| "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance. |
| "permissions": "A String", # Consists of three octal digits which represent, in |
| # order, the permissions of the owner, group, and other users for the |
| # file (similarly to the numeric mode used in the linux chmod utility). |
| # Each digit represents a three bit number with the 4 bit |
| # corresponding to the read permissions, the 2 bit corresponds to the |
| # write bit, and the one bit corresponds to the execute permission. |
| # Default behavior is 755. |
| # |
| # Below are some examples of permissions and their associated values: |
| # read, write, and execute: 7 |
| # read and execute: 5 |
| # read and write: 6 |
| # read only: 4 |
| "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is |
| # false and the file already exists the file is not overwritten |
| # and the step is considered a success. Defaults to false. |
| "destination": "A String", # Required. The absolute path on the instance to put the file. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell. |
| "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is |
| # specified the script is executed directly, which likely |
| # only succeed for scripts with |
| # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)). |
| "script": "A String", # Required. The shell script to be executed. |
| "allowedExitCodes": [ # Return codes that indicate that the software installed or updated |
| # successfully. Behaviour defaults to [0] |
| 42, |
| ], |
| }, |
| "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| }, |
| ], |
| "artifacts": [ # Resources available to be used in the steps in the recipe. |
| { # Specifies a resource to be used in the recipe. |
| "id": "A String", # Required. Id of the artifact, which the installation and update steps of this |
| # recipe can reference. Artifacts in a recipe cannot have the same id. |
| "remote": { # Specifies an artifact available via some URI. # A generic remote artifact. |
| "checksum": "A String", # Must be provided if `allow_insecure` is `false`. |
| # SHA256 checksum in hex format, to compare to the checksum of the |
| # artifact. If the checksum is not empty and it doesn't match the |
| # artifact then the recipe installation fails before running any of the |
| # steps. |
| "uri": "A String", # URI from which to fetch the object. It should contain both the protocol |
| # and path following the format {protocol}://{location}. |
| }, |
| "allowInsecure": True or False, # Defaults to false. When false, recipes are subject to validations |
| # based on the artifact type: |
| # |
| # Remote: A checksum must be specified, and only protocols with |
| # transport-layer security are permitted. |
| # GCS: An object generation number must be specified. |
| "gcs": { # Specifies an artifact available as a Google Cloud Storage object. # A Google Cloud Storage artifact. |
| "object": "A String", # Name of the Google Cloud Storage object. |
| # As specified [here] |
| # (https://cloud.google.com/storage/docs/naming#objectnames) |
| # Given an example URL: |
| # `https://storage.googleapis.com/my-bucket/foo/bar#1234567` |
| # this value would be `foo/bar`. |
| "generation": "A String", # Must be provided if allow_insecure is false. |
| # Generation number of the Google Cloud Storage object. |
| # `https://storage.googleapis.com/my-bucket/foo/bar#1234567` |
| # this value would be `1234567`. |
| "bucket": "A String", # Bucket of the Google Cloud Storage object. |
| # Given an example URL: |
| # `https://storage.googleapis.com/my-bucket/foo/bar#1234567` |
| # this value would be `my-bucket`. |
| }, |
| }, |
| ], |
| "desiredState": "A String", # Default is INSTALLED. The desired state the agent should maintain for this |
| # recipe. |
| # |
| # INSTALLED: The software recipe is installed on the instance but |
| # won't be updated to new versions. |
| # UPDATED: The software recipe is installed on the instance. The recipe is |
| # updated to a higher version, if a higher version of the recipe is |
| # assigned to this instance. |
| # REMOVE: Remove is unsupported for software recipes and attempts to |
| # create or update a recipe to the REMOVE state is rejected. |
| "name": "A String", # Required. Unique identifier for the recipe. Only one recipe with a given name is |
| # installed on an instance. |
| # |
| # Names are also used to identify resources which helps to determine whether |
| # guest policies have conflicts. This means that requests to create multiple |
| # recipes with the same name and version are rejected since they |
| # could potentially have conflicting assignments. |
| "version": "A String", # The version of this software recipe. Version can be up to 4 period |
| # separated numbers (e.g. 12.34.56.78). |
| "installSteps": [ # Actions to be taken for installing this recipe. On failure it stops |
| # executing steps and does not attempt another installation. Any steps taken |
| # (including partially completed steps) are not rolled back. |
| { # An action that can be taken as part of installing or updating a recipe. |
| "fileExec": { # Executes an artifact or local file. # Executes an artifact or local file. |
| "allowedExitCodes": [ # Defaults to [0]. A list of possible return values that the program |
| # can return to indicate a success. |
| 42, |
| ], |
| "localPath": "A String", # The absolute path of the file on the local filesystem. |
| "args": [ # Arguments to be passed to the provided executable. |
| "A String", |
| ], |
| "artifactId": "A String", # The id of the relevant artifact in the recipe. |
| }, |
| "archiveExtraction": { # Extracts an archive of the type specified in the specified directory. # Extracts an archive into the specified directory. |
| "type": "A String", # Required. The type of the archive to extract. |
| "destination": "A String", # Directory to extract archive to. |
| # Defaults to `/` on Linux or `C:\` on Windows. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "msiInstallation": { # Installs an MSI file. # Installs an MSI file. |
| "flags": [ # The flags to use when installing the MSI |
| # defaults to ["/i"] (i.e. the install flag). |
| "A String", |
| ], |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| "allowedExitCodes": [ # Return codes that indicate that the software installed or updated |
| # successfully. Behaviour defaults to [0] |
| 42, |
| ], |
| }, |
| "fileCopy": { # Copies the artifact to the specified path on the instance. # Copies a file onto the instance. |
| "permissions": "A String", # Consists of three octal digits which represent, in |
| # order, the permissions of the owner, group, and other users for the |
| # file (similarly to the numeric mode used in the linux chmod utility). |
| # Each digit represents a three bit number with the 4 bit |
| # corresponding to the read permissions, the 2 bit corresponds to the |
| # write bit, and the one bit corresponds to the execute permission. |
| # Default behavior is 755. |
| # |
| # Below are some examples of permissions and their associated values: |
| # read, write, and execute: 7 |
| # read and execute: 5 |
| # read and write: 6 |
| # read only: 4 |
| "overwrite": True or False, # Whether to allow this step to overwrite existing files. If this is |
| # false and the file already exists the file is not overwritten |
| # and the step is considered a success. Defaults to false. |
| "destination": "A String", # Required. The absolute path on the instance to put the file. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "scriptRun": { # Runs a script through an interpreter. # Runs commands in a shell. |
| "interpreter": "A String", # The script interpreter to use to run the script. If no interpreter is |
| # specified the script is executed directly, which likely |
| # only succeed for scripts with |
| # [shebang lines](https://en.wikipedia.org/wiki/Shebang_\(Unix\)). |
| "script": "A String", # Required. The shell script to be executed. |
| "allowedExitCodes": [ # Return codes that indicate that the software installed or updated |
| # successfully. Behaviour defaults to [0] |
| 42, |
| ], |
| }, |
| "dpkgInstallation": { # Installs a deb via dpkg. # Installs a deb file via dpkg. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| "rpmInstallation": { # Installs an rpm file via the rpm utility. # Installs an rpm file via the rpm utility. |
| "artifactId": "A String", # Required. The id of the relevant artifact in the recipe. |
| }, |
| }, |
| ], |
| }, |
| ], |
| "description": "A String", # Description of the guest policy. Length of the description is limited |
| # to 1024 characters. |
| }</pre> |
| </div> |
| |
| </body></html> |