googleapis

import { OAuth2Client, JWT, Compute, UserRefreshClient, BaseExternalAccountClient, GaxiosResponseWithHTTP2, GoogleConfigurable, MethodOptions, StreamMethodOptions, GlobalOptions, GoogleAuth, BodyResponseCallback, APIRequestContext } from 'googleapis-common'; import { Readable } from 'stream'; export declare namespace osconfig_v1 { export interface Options extends GlobalOptions { version: 'v1'; } interface StandardParameters { /** * Auth client or API Key for the request */ auth?: string | OAuth2Client | JWT | Compute | UserRefreshClient | BaseExternalAccountClient | GoogleAuth; /** * V1 error format. */ '$.xgafv'?: string; /** * OAuth access token. */ access_token?: string; /** * Data format for response. */ alt?: string; /** * JSONP */ callback?: string; /** * Selector specifying which fields to include in a partial response. */ fields?: string; /** * API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. */ key?: string; /** * OAuth 2.0 token for the current user. */ oauth_token?: string; /** * Returns response with indentations and line breaks. */ prettyPrint?: boolean; /** * Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. */ quotaUser?: string; /** * Legacy upload protocol for media (e.g. "media", "multipart"). */ uploadType?: string; /** * Upload protocol for media (e.g. "raw", "multipart"). */ upload_protocol?: string; } /** * OS Config API * * OS management tools that can be used for patch management, patch compliance, and configuration management on VM instances. * * @example * ```js * const {google} = require('googleapis'); * const osconfig = google.osconfig('v1'); * ``` */ export class Osconfig { context: APIRequestContext; projects: Resource$Projects; constructor(options: GlobalOptions, google?: GoogleConfigurable); } /** * Apt patching is completed by executing `apt-get update && apt-get upgrade`. Additional options can be set to control how this is executed. */ export interface Schema$AptSettings { /** * List of packages to exclude from update. These packages will be excluded */ excludes?: string[] | null; /** * An exclusive list of packages to be updated. These are the only packages that will be updated. If these packages are not installed, they will be ignored. This field cannot be specified with any other patch configuration fields. */ exclusivePackages?: string[] | null; /** * By changing the type to DIST, the patching is performed using `apt-get dist-upgrade` instead. */ type?: string | null; } /** * The request message for Operations.CancelOperation. */ export interface Schema$CancelOperationRequest { } /** * Message for canceling a patch job. */ export interface Schema$CancelPatchJobRequest { } /** * Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document */ export interface Schema$CVSSv3 { /** * This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability. */ attackComplexity?: string | null; /** * This metric reflects the context by which vulnerability exploitation is possible. */ attackVector?: string | null; /** * This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability. */ availabilityImpact?: string | null; /** * The base score is a function of the base metric scores. https://www.first.org/cvss/specification-document#Base-Metrics */ baseScore?: number | null; /** * This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability. */ confidentialityImpact?: string | null; /** * The Exploitability sub-score equation is derived from the Base Exploitability metrics. https://www.first.org/cvss/specification-document#2-1-Exploitability-Metrics */ exploitabilityScore?: number | null; /** * The Impact sub-score equation is derived from the Base Impact metrics. */ impactScore?: number | null; /** * This metric measures the impact to integrity of a successfully exploited vulnerability. */ integrityImpact?: string | null; /** * This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability. */ privilegesRequired?: string | null; /** * The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope. */ scope?: string | null; /** * This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component. */ userInteraction?: string | null; } /** * Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values. * A month and day, with a zero year (for example, an anniversary). * A year on its own, with a zero month and a zero day. * A year and month, with a zero day (for example, a credit card expiration date). Related types: * google.type.TimeOfDay * google.type.DateTime * google.protobuf.Timestamp */ export interface Schema$Date { /** * Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. */ day?: number | null; /** * Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. */ month?: number | null; /** * Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. */ year?: number | null; } /** * A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); \} */ export interface Schema$Empty { } /** * A step that runs an executable for a PatchJob. */ export interface Schema$ExecStep { /** * The ExecStepConfig for all Linux VMs targeted by the PatchJob. */ linuxExecStepConfig?: Schema$ExecStepConfig; /** * The ExecStepConfig for all Windows VMs targeted by the PatchJob. */ windowsExecStepConfig?: Schema$ExecStepConfig; } /** * Common configurations for an ExecStep. */ export interface Schema$ExecStepConfig { /** * Defaults to [0]. A list of possible return values that the execution can return to indicate a success. */ allowedSuccessCodes?: number[] | null; /** * A Cloud Storage object containing the executable. */ gcsObject?: Schema$GcsObject; /** * The script interpreter to use to run the script. If no interpreter is specified the script will be executed directly, which will likely only succeed for scripts with [shebang lines] (https://en.wikipedia.org/wiki/Shebang_$Unix$). */ interpreter?: string | null; /** * An absolute path to the executable on the VM. */ localPath?: string | null; } /** * A request message to initiate patching across Compute Engine instances. */ export interface Schema$ExecutePatchJobRequest { /** * Description of the patch job. Length of the description is limited to 1024 characters. */ description?: string | null; /** * Display name for this patch job. This does not have to be unique. */ displayName?: string | null; /** * If this patch is a dry-run only, instances are contacted but will do nothing. */ dryRun?: boolean | null; /** * Duration of the patch job. After the duration ends, the patch job times out. */ duration?: string | null; /** * Required. Instances to patch, either explicitly or filtered by some criteria such as zone or labels. */ instanceFilter?: Schema$PatchInstanceFilter; /** * Patch configuration being applied. If omitted, instances are patched using the default configurations. */ patchConfig?: Schema$PatchConfig; /** * Rollout strategy of the patch job. */ rollout?: Schema$PatchRollout; } /** * Message encapsulating a value that can be either absolute ("fixed") or relative ("percent") to a value. */ export interface Schema$FixedOrPercent { /** * Specifies a fixed value. */ fixed?: number | null; /** * Specifies the relative value defined as a percentage, which will be multiplied by a reference value. */ percent?: number | null; } /** * Cloud Storage object representation. */ export interface Schema$GcsObject { /** * Required. Bucket of the Cloud Storage object. */ bucket?: string | null; /** * Required. Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change. */ generationNumber?: string | null; /** * Required. Name of the Cloud Storage object. */ object?: string | null; } /** * Represents the metadata of a generic long-running operation. */ export interface Schema$GoogleCloudOsconfigCommonV1alpha__OperationMetadata { /** * Output only. API version used to start the operation. */ apiVersion?: string | null; /** * Output only. The time the operation was created. */ createTime?: string | null; /** * Output only. The time the operation finished running. */ endTime?: string | null; /** * Output only. Identifies whether the user has requested cancellation of the operation. Operations that have successfully been cancelled have Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`. */ requestedCancellation?: boolean | null; /** * Output only. Human-readable status of the operation, if any. */ statusMessage?: string | null; /** * Output only. Server-defined resource path for the target of the operation. */ target?: string | null; /** * Output only. Name of the verb executed by the operation. */ verb?: string | null; } /** * Represents the metadata of a generic long-running operation. */ export interface Schema$GoogleCloudOsconfigCommonV1main__OperationMetadata { /** * Output only. API version used to start the operation. */ apiVersion?: string | null; /** * Output only. The time the operation was created. */ createTime?: string | null; /** * Output only. The time the operation finished running. */ endTime?: string | null; /** * Output only. Identifies whether the user has requested cancellation of the operation. Operations that have successfully been cancelled have Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`. */ requestedCancellation?: boolean | null; /** * Output only. Human-readable status of the operation, if any. */ statusMessage?: string | null; /** * Output only. Server-defined resource path for the target of the operation. */ target?: string | null; /** * Output only. Name of the verb executed by the operation. */ verb?: string | null; } /** * Represents the metadata of a generic long-running operation. */ export interface Schema$GoogleCloudOsconfigCommonV1__OperationMetadata { /** * Output only. API version used to start the operation. */ apiVersion?: string | null; /** * Output only. The time the operation was created. */ createTime?: string | null; /** * Output only. The time the operation finished running. */ endTime?: string | null; /** * Output only. Identifies whether the user has requested cancellation of the operation. Operations that have successfully been cancelled have Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`. */ requestedCancellation?: boolean | null; /** * Output only. Human-readable status of the operation, if any. */ statusMessage?: string | null; /** * Output only. Server-defined resource path for the target of the operation. */ target?: string | null; /** * Output only. Name of the verb executed by the operation. */ verb?: string | null; } /** * OS policy assignment operation metadata provided by OS policy assignment API methods that return long running operations. */ export interface Schema$GoogleCloudOsconfigV1__OSPolicyAssignmentOperationMetadata { /** * The OS policy assignment API method. */ apiMethod?: string | null; /** * Reference to the `OSPolicyAssignment` API resource. Format: `projects/{project_number\}/locations/{location\}/osPolicyAssignments/{os_policy_assignment_id@revision_id\}` */ osPolicyAssignment?: string | null; /** * Rollout start time */ rolloutStartTime?: string | null; /** * State of the rollout */ rolloutState?: string | null; /** * Rollout update time */ rolloutUpdateTime?: string | null; } /** * Represents the metadata of the long-running operation. */ export interface Schema$GoogleCloudOsconfigV2beta__OperationMetadata { /** * Output only. API version used to start the operation. */ apiVersion?: string | null; /** * Output only. The time the operation was created. */ createTime?: string | null; /** * Output only. The time the operation finished running. */ endTime?: string | null; /** * Output only. Identifies whether the user has requested cancellation of the operation. Operations that have been cancelled successfully have Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`. */ requestedCancellation?: boolean | null; /** * Output only. Human-readable status of the operation, if any. */ statusMessage?: string | null; /** * Output only. Server-defined resource path for the target of the operation. */ target?: string | null; /** * Output only. Name of the verb executed by the operation. */ verb?: string | null; } /** * Represents the metadata of the long-running operation. */ export interface Schema$GoogleCloudOsconfigV2__OperationMetadata { /** * Output only. API version used to start the operation. */ apiVersion?: string | null; /** * Output only. The time the operation was created. */ createTime?: string | null; /** * Output only. The time the operation finished running. */ endTime?: string | null; /** * Output only. Identifies whether the user has requested cancellation of the operation. Operations that have been cancelled successfully have Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`. */ requestedCancellation?: boolean | null; /** * Output only. Human-readable status of the operation, if any. */ statusMessage?: string | null; /** * Output only. Server-defined resource path for the target of the operation. */ target?: string | null; /** * Output only. Name of the verb executed by the operation. */ verb?: string | null; } /** * Googet patching is performed by running `googet update`. */ export interface Schema$GooSettings { } /** * This API resource represents the available inventory data for a Compute Engine virtual machine (VM) instance at a given point in time. You can use this API resource to determine the inventory data of your VM. For more information, see [Information provided by OS inventory management](https://cloud.google.com/compute/docs/instances/os-inventory-management#data-collected). */ export interface Schema$Inventory { /** * Inventory items related to the VM keyed by an opaque unique identifier for each inventory item. The identifier is unique to each distinct and addressable inventory item and will change, when there is a new package version. */ items?: { [key: string]: Schema$InventoryItem; } | null; /** * Output only. The `Inventory` API resource name. Format: `projects/{project_number\}/locations/{location\}/instances/{instance_id\}/inventory` */ name?: string | null; /** * Base level operating system information for the VM. */ osInfo?: Schema$InventoryOsInfo; /** * Output only. Timestamp of the last reported inventory for the VM. */ updateTime?: string | null; } /** * A single piece of inventory on a VM. */ export interface Schema$InventoryItem { /** * Software package available to be installed on the VM instance. */ availablePackage?: Schema$InventorySoftwarePackage; /** * When this inventory item was first detected. */ createTime?: string | null; /** * Identifier for this item, unique across items for this VM. */ id?: string | null; /** * Software package present on the VM instance. */ installedPackage?: Schema$InventorySoftwarePackage; /** * The origin of this inventory item. */ originType?: string | null; /** * The specific type of inventory, correlating to its specific details. */ type?: string | null; /** * When this inventory item was last modified. */ updateTime?: string | null; } /** * Operating system information for the VM. */ export interface Schema$InventoryOsInfo { /** * The system architecture of the operating system. */ architecture?: string | null; /** * The VM hostname. */ hostname?: string | null; /** * The kernel release of the operating system. */ kernelRelease?: string | null; /** * The kernel version of the operating system. */ kernelVersion?: string | null; /** * The operating system long name. For example 'Debian GNU/Linux 9' or 'Microsoft Window Server 2019 Datacenter'. */ longName?: string | null; /** * The current version of the OS Config agent running on the VM. */ osconfigAgentVersion?: string | null; /** * The operating system short name. For example, 'windows' or 'debian'. */ shortName?: string | null; /** * The version of the operating system. */ version?: string | null; } /** * Software package information of the operating system. */ export interface Schema$InventorySoftwarePackage { /** * Details of an APT package. For details about the apt package manager, see https://wiki.debian.org/Apt. */ aptPackage?: Schema$InventoryVersionedPackage; /** * Details of a COS package. */ cosPackage?: Schema$InventoryVersionedPackage; /** * Details of a Googet package. For details about the googet package manager, see https://github.com/google/googet. */ googetPackage?: Schema$InventoryVersionedPackage; /** * Details of a Windows Quick Fix engineering package. See https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-quickfixengineering for info in Windows Quick Fix Engineering. */ qfePackage?: Schema$InventoryWindowsQuickFixEngineeringPackage; /** * Details of Windows Application. */ windowsApplication?: Schema$InventoryWindowsApplication; /** * Details of a Windows Update package. See https://docs.microsoft.com/en-us/windows/win32/api/_wua/ for information about Windows Update. */ wuaPackage?: Schema$InventoryWindowsUpdatePackage; /** * Yum package info. For details about the yum package manager, see https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/ch-yum. */ yumPackage?: Schema$InventoryVersionedPackage; /** * Details of a Zypper package. For details about the Zypper package manager, see https://en.opensuse.org/SDB:Zypper_manual. */ zypperPackage?: Schema$InventoryVersionedPackage; /** * Details of a Zypper patch. For details about the Zypper package manager, see https://en.opensuse.org/SDB:Zypper_manual. */ zypperPatch?: Schema$InventoryZypperPatch; } /** * Information related to the a standard versioned package. This includes package info for APT, Yum, Zypper, and Googet package managers. */ export interface Schema$InventoryVersionedPackage { /** * The system architecture this package is intended for. */ architecture?: string | null; /** * The name of the package. */ packageName?: string | null; /** * The version of the package. */ version?: string | null; } /** * Contains information about a Windows application that is retrieved from the Windows Registry. For more information about these fields, see: https://docs.microsoft.com/en-us/windows/win32/msi/uninstall-registry-key */ export interface Schema$InventoryWindowsApplication { /** * The name of the application or product. */ displayName?: string | null; /** * The version of the product or application in string format. */ displayVersion?: string | null; /** * The internet address for technical support. */ helpLink?: string | null; /** * The last time this product received service. The value of this property is replaced each time a patch is applied or removed from the product or the command-line option is used to repair the product. */ installDate?: Schema$Date; /** * The name of the manufacturer for the product or application. */ publisher?: string | null; } /** * Information related to a Quick Fix Engineering package. Fields are taken from Windows QuickFixEngineering Interface and match the source names: https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-quickfixengineering */ export interface Schema$InventoryWindowsQuickFixEngineeringPackage { /** * A short textual description of the QFE update. */ caption?: string | null; /** * A textual description of the QFE update. */ description?: string | null; /** * Unique identifier associated with a particular QFE update. */ hotFixId?: string | null; /** * Date that the QFE update was installed. Mapped from installed_on field. */ installTime?: string | null; } /** * Details related to a Windows Update package. Field data and names are taken from Windows Update API IUpdate Interface: https://docs.microsoft.com/en-us/windows/win32/api/_wua/ Descriptive fields like title, and description are localized based on the locale of the VM being updated. */ export interface Schema$InventoryWindowsUpdatePackage { /** * The categories that are associated with this update package. */ categories?: Schema$InventoryWindowsUpdatePackageWindowsUpdateCategory[]; /** * The localized description of the update package. */ description?: string | null; /** * A collection of Microsoft Knowledge Base article IDs that are associated with the update package. */ kbArticleIds?: string[] | null; /** * The last published date of the update, in (UTC) date and time. */ lastDeploymentChangeTime?: string | null; /** * A collection of URLs that provide more information about the update package. */ moreInfoUrls?: string[] | null; /** * The revision number of this update package. */ revisionNumber?: number | null; /** * A hyperlink to the language-specific support information for the update. */ supportUrl?: string | null; /** * The localized title of the update package. */ title?: string | null; /** * Gets the identifier of an update package. Stays the same across revisions. */ updateId?: string | null; } /** * Categories specified by the Windows Update. */ export interface Schema$InventoryWindowsUpdatePackageWindowsUpdateCategory { /** * The identifier of the windows update category. */ id?: string | null; /** * The name of the windows update category. */ name?: string | null; } /** * Details related to a Zypper Patch. */ export interface Schema$InventoryZypperPatch { /** * The category of the patch. */ category?: string | null; /** * The name of the patch. */ patchName?: string | null; /** * The severity specified for this patch */ severity?: string | null; /** * Any summary information provided about this patch. */ summary?: string | null; } /** * A response message for listing inventory data for all VMs in a specified location. */ export interface Schema$ListInventoriesResponse { /** * List of inventory objects. */ inventories?: Schema$Inventory[]; /** * The pagination token to retrieve the next page of inventory objects. */ nextPageToken?: string | null; } /** * The response message for Operations.ListOperations. */ export interface Schema$ListOperationsResponse { /** * The standard List next-page token. */ nextPageToken?: string | null; /** * A list of operations that matches the specified filter in the request. */ operations?: Schema$Operation[]; /** * Unordered list. Unreachable resources. Populated when the request sets `ListOperationsRequest.return_partial_success` and reads across collections. For example, when attempting to list all resources across all supported locations. */ unreachable?: string[] | null; } /** * A response message for listing OS Policy assignment reports including the page of results and page token. */ export interface Schema$ListOSPolicyAssignmentReportsResponse { /** * The pagination token to retrieve the next page of OS policy assignment report objects. */ nextPageToken?: string | null; /** * List of OS policy assignment reports. */ osPolicyAssignmentReports?: Schema$OSPolicyAssignmentReport[]; } /** * A response message for listing all revisions for a OS policy assignment. */ export interface Schema$ListOSPolicyAssignmentRevisionsResponse { /** * The pagination token to retrieve the next page of OS policy assignment revisions. */ nextPageToken?: string | null; /** * The OS policy assignment revisions */ osPolicyAssignments?: Schema$OSPolicyAssignment[]; } /** * A response message for listing all assignments under given parent. */ export interface Schema$ListOSPolicyAssignmentsResponse { /** * The pagination token to retrieve the next page of OS policy assignments. */ nextPageToken?: string | null; /** * The list of assignments */ osPolicyAssignments?: Schema$OSPolicyAssignment[]; } /** * A response message for listing patch deployments. */ export interface Schema$ListPatchDeploymentsResponse { /** * A pagination token that can be used to get the next page of patch deployments. */ nextPageToken?: string | null; /** * The list of patch deployments. */ patchDeployments?: Schema$PatchDeployment[]; } /** * A response message for listing the instances details for a patch job. */ export interface Schema$ListPatchJobInstanceDetailsResponse { /** * A pagination token that can be used to get the next page of results. */ nextPageToken?: string | null; /** * A list of instance status. */ patchJobInstanceDetails?: Schema$PatchJobInstanceDetails[]; } /** * A response message for listing patch jobs. */ export interface Schema$ListPatchJobsResponse { /** * A pagination token that can be used to get the next page of results. */ nextPageToken?: string | null; /** * The list of patch jobs. */ patchJobs?: Schema$PatchJob[]; } /** * A response message for listing vulnerability reports for all VM instances in the specified location. */ export interface Schema$ListVulnerabilityReportsResponse { /** * The pagination token to retrieve the next page of vulnerabilityReports object. */ nextPageToken?: string | null; /** * List of vulnerabilityReport objects. */ vulnerabilityReports?: Schema$VulnerabilityReport[]; } /** * This is proto2's version of MessageSet. DEPRECATED: DO NOT USE FOR NEW FIELDS. If you are using editions or proto2, please make your own extendable messages for your use case. If you are using proto3, please use `Any` instead. MessageSet was the implementation of extensions for proto1. When proto2 was introduced, extensions were implemented as a first-class feature. This schema for MessageSet was meant to be a "bridge" solution to migrate MessageSet-bearing messages from proto1 to proto2. This schema has been open-sourced only to facilitate the migration of Google products with MessageSet-bearing messages to open-source environments. */ export interface Schema$MessageSet { } /** * Represents a monthly schedule. An example of a valid monthly schedule is "on the third Tuesday of the month" or "on the 15th of the month". */ export interface Schema$MonthlySchedule { /** * Required. One day of the month. 1-31 indicates the 1st to the 31st day. -1 indicates the last day of the month. Months without the target day will be skipped. For example, a schedule to run "every month on the 31st" will not run in February, April, June, etc. */ monthDay?: number | null; /** * Required. Week day in a month. */ weekDayOfMonth?: Schema$WeekDayOfMonth; } /** * Sets the time for a one time patch deployment. Timestamp is in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) text format. */ export interface Schema$OneTimeSchedule { /** * Required. The desired patch job execution time. */ executeTime?: string | null; } /** * This resource represents a long-running operation that is the result of a network API call. */ export interface Schema$Operation { /** * If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available. */ done?: boolean | null; /** * The error result of the operation in case of failure or cancellation. */ error?: Schema$Status; /** * Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any. */ metadata?: { [key: string]: any; } | null; /** * The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id\}`. */ name?: string | null; /** * The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. */ response?: { [key: string]: any; } | null; } /** * An OS policy defines the desired state configuration for a VM. */ export interface Schema$OSPolicy { /** * This flag determines the OS policy compliance status when none of the resource groups within the policy are applicable for a VM. Set this value to `true` if the policy needs to be reported as compliant even if the policy has nothing to validate or enforce. */ allowNoResourceGroupMatch?: boolean | null; /** * Policy description. Length of the description is limited to 1024 characters. */ description?: string | null; /** * Required. The id of the OS policy with the following restrictions: * Must contain only lowercase letters, numbers, and hyphens. * Must start with a letter. * Must be between 1-63 characters. * Must end with a number or a letter. * Must be unique within the assignment. */ id?: string | null; /** * Required. Policy mode */ mode?: string | null; /** * Required. List of resource groups for the policy. For a particular VM, resource groups are evaluated in the order specified and the first resource group that is applicable is selected and the rest are ignored. If none of the resource groups are applicable for a VM, the VM is considered to be non-compliant w.r.t this policy. This behavior can be toggled by the flag `allow_no_resource_group_match` */ resourceGroups?: Schema$OSPolicyResourceGroup[]; } /** * OS policy assignment is an API resource that is used to apply a set of OS policies to a dynamically targeted group of Compute Engine VM instances. An OS policy is used to define the desired state configuration for a Compute Engine VM instance through a set of configuration resources that provide capabilities such as installing or removing software packages, or executing a script. For more information about the OS policy resource definitions and examples, see [OS policy and OS policy assignment](https://cloud.google.com/compute/docs/os-configuration-management/working-with-os-policies). */ export interface Schema$OSPolicyAssignment { /** * Output only. Indicates that this revision has been successfully rolled out in this zone and new VMs will be assigned OS policies from this revision. For a given OS policy assignment, there is only one revision with a value of `true` for this field. */ baseline?: boolean | null; /** * Output only. Indicates that this revision deletes the OS policy assignment. */ deleted?: boolean | null; /** * OS policy assignment description. Length of the description is limited to 1024 characters. */ description?: string | null; /** * The etag for this OS policy assignment. If this is provided on update, it must match the server's etag. */ etag?: string | null; /** * Required. Filter to select VMs. */ instanceFilter?: Schema$OSPolicyAssignmentInstanceFilter; /** * Resource name. Format: `projects/{project_number\}/locations/{location\}/osPolicyAssignments/{os_policy_assignment_id\}` This field is ignored when you create an OS policy assignment. */ name?: string | null; /** * Required. List of OS policies to be applied to the VMs. */ osPolicies?: Schema$OSPolicy[]; /** * Output only. Indicates that reconciliation is in progress for the revision. This value is `true` when the `rollout_state` is one of: * IN_PROGRESS * CANCELLING */ reconciling?: boolean | null; /** * Output only. The timestamp that the revision was created. */ revisionCreateTime?: string | null; /** * Output only. The assignment revision ID A new revision is committed whenever a rollout is triggered for a OS policy assignment */ revisionId?: string | null; /** * Required. Rollout to deploy the OS policy assignment. A rollout is triggered in the following situations: 1) OSPolicyAssignment is created. 2) OSPolicyAssignment is updated and the update contains changes to one of the following fields: - instance_filter - os_policies 3) OSPolicyAssignment is deleted. */ rollout?: Schema$OSPolicyAssignmentRollout; /** * Output only. OS policy assignment rollout state */ rolloutState?: string | null; /** * Output only. Server generated unique id for the OS policy assignment resource. */ uid?: string | null; } /** * Filters to select target VMs for an assignment. If more than one filter criteria is specified below, a VM will be selected if and only if it satisfies all of them. */ export interface Schema$OSPolicyAssignmentInstanceFilter { /** * Target all VMs in the project. If true, no other criteria is permitted. */ all?: boolean | null; /** * List of label sets used for VM exclusion. If the list has more than one label set, the VM is excluded if any of the label sets are applicable for the VM. */ exclusionLabels?: Schema$OSPolicyAssignmentLabelSet[]; /** * List of label sets used for VM inclusion. If the list has more than one `LabelSet`, the VM is included if any of the label sets are applicable for the VM. */ inclusionLabels?: Schema$OSPolicyAssignmentLabelSet[]; /** * List of inventories to select VMs. A VM is selected if its inventory data matches at least one of the following inventories. */ inventories?: Schema$OSPolicyAssignmentInstanceFilterInventory[]; } /** * VM inventory details. */ export interface Schema$OSPolicyAssignmentInstanceFilterInventory { /** * Required. The OS short name */ osShortName?: string | null; /** * The OS version Prefix matches are supported if asterisk(*) is provided as the last character. For example, to match all versions with a major version of `7`, specify the following value for this field `7.*` An empty string matches all OS versions. */ osVersion?: string | null; } /** * Message representing label set. * A label is a key value pair set for a VM. * A LabelSet is a set of labels. * Labels within a LabelSet are ANDed. In other words, a LabelSet is applicable for a VM only if it matches all the labels in the LabelSet. * Example: A LabelSet with 2 labels: `env=prod` and `type=webserver` will only be applicable for those VMs with both labels present. */ export interface Schema$OSPolicyAssignmentLabelSet { /** * Labels are identified by key/value pairs in this map. A VM should contain all the key/value pairs specified in this map to be selected. */ labels?: { [key: string]: string; } | null; } /** * OS policy assignment operation metadata provided by OS policy assignment API methods that return long running operations. */ export interface Schema$OSPolicyAssignmentOperationMetadata { /** * The OS policy assignment API method. */ apiMethod?: string | null; /** * Reference to the `OSPolicyAssignment` API resource. Format: `projects/{project_number\}/locations/{location\}/osPolicyAssignments/{os_policy_assignment_id@revision_id\}` */ osPolicyAssignment?: string | null; /** * Rollout start time */ rolloutStartTime?: string | null; /** * State of the rollout */ rolloutState?: string | null; /** * Rollout update time */ rolloutUpdateTime?: string | null; } /** * A report of the OS policy assignment status for a given instance. */ export interface Schema$OSPolicyAssignmentReport { /** * The Compute Engine VM instance name. */ instance?: string | null; /** * Unique identifier of the last attempted run to apply the OS policies associated with this assignment on the VM. This ID is logged by the OS Config agent while applying the OS policies associated with this assignment on the VM. NOTE: If the service is unable to successfully connect to the agent for this run, then this id will not be available in the agent logs. */ lastRunId?: string | null; /** * The `OSPolicyAssignmentReport` API resource name. Format: `projects/{project_number\}/locations/{location\}/instances/{instance_id\}/osPolicyAssignments/{os_policy_assignment_id\}/report` */ name?: string | null; /** * Reference to the `OSPolicyAssignment` API resource that the `OSPolicy` belongs to. Format: `projects/{project_number\}/locations/{location\}/osPolicyAssignments/{os_policy_assignment_id@revision_id\}` */ osPolicyAssignment?: string | null; /** * Compliance data for each `OSPolicy` that is applied to the VM. */ osPolicyCompliances?: Schema$OSPolicyAssignmentReportOSPolicyCompliance[]; /** * Timestamp for when the report was last generated. */ updateTime?: string | null; } /** * Compliance data for an OS policy */ export interface Schema$OSPolicyAssignmentReportOSPolicyCompliance { /** * The compliance state of the OS policy. */ complianceState?: string | null; /** * The reason for the OS policy to be in an unknown compliance state. This field is always populated when `compliance_state` is `UNKNOWN`. If populated, the field can contain one of the following values: * `vm-not-running`: The VM was not running. * `os-policies-not-supported-by-agent`: The version of the OS Config agent running on the VM does not support running OS policies. * `no-agent-detected`: The OS Config agent is not detected for the VM. * `resource-execution-errors`: The OS Config agent encountered errors while executing one or more resources in the policy. See `os_policy_resource_compliances` for details. * `task-timeout`: The task sent to the agent to apply the policy timed out. * `unexpected-agent-state`: The OS Config agent did not report the final status of the task that attempted to apply the policy. Instead, the agent unexpectedly started working on a different task. This mostly happens when the agent or VM unexpectedly restarts while applying OS policies. * `internal-service-errors`: Internal service errors were encountered while attempting to apply the policy. * `os-policy-execution-pending`: OS policy was assigned to the given VM, but was not executed yet. Typically this is a transient condition that will go away after the next policy execution cycle. */ complianceStateReason?: string | null; /** * The OS policy id */ osPolicyId?: string | null; /** * Compliance data for each resource within the policy that is applied to the VM. */ osPolicyResourceCompliances?: Schema$OSPolicyAssignmentReportOSPolicyComplianceOSPolicyResourceCompliance[]; } /** * Compliance data for an OS policy resource. */ export interface Schema$OSPolicyAssignmentReportOSPolicyComplianceOSPolicyResourceCompliance { /** * The compliance state of the resource. */ complianceState?: string | null; /** * A reason for the resource to be in the given compliance state. This field is always populated when `compliance_state` is `UNKNOWN`. The following values are supported when `compliance_state == UNKNOWN` * `execution-errors`: Errors were encountered by the agent while executing the resource and the compliance state couldn't be determined. * `execution-skipped-by-agent`: Resource execution was skipped by the agent because errors were encountered while executing prior resources in the OS policy. * `os-policy-execution-attempt-failed`: The execution of the OS policy containing this resource failed and the compliance state couldn't be determined. * `os-policy-execution-pending`: OS policy that owns this resource was assigned to the given VM, but was not executed yet. */ complianceStateReason?: string | null; /** * Ordered list of configuration completed by the agent for the OS policy resource. */ configSteps?: Schema$OSPolicyAssignmentReportOSPolicyComplianceOSPolicyResourceComplianceOSPolicyResourceConfigStep[]; /** * ExecResource specific output. */ execResourceOutput?: Schema$OSPolicyAssignmentReportOSPolicyComplianceOSPolicyResourceComplianceExecResourceOutput; /** * The ID of the OS policy resource. */ osPolicyResourceId?: string | null; } /** * ExecResource specific output. */ export interface Schema$OSPolicyAssignmentReportOSPolicyComplianceOSPolicyResourceComplianceExecResourceOutput { /** * Output from enforcement phase output file (if run). Output size is limited to 100K bytes. */ enforcementOutput?: string | null; } /** * Step performed by the OS Config agent for configuring an `OSPolicy` resource to its desired state. */ export interface Schema$OSPolicyAssignmentReportOSPolicyComplianceOSPolicyResourceComplianceOSPolicyResourceConfigStep { /** * An error message recorded during the execution of this step. Only populated if errors were encountered du