diff --git a/protos/google/cloud/osconfig/v1/os_policy.proto b/protos/google/cloud/osconfig/v1/os_policy.proto
new file mode 100644
index 00000000..a07e251f
--- /dev/null
+++ b/protos/google/cloud/osconfig/v1/os_policy.proto
@@ -0,0 +1,548 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.osconfig.v1;
+
+import "google/api/field_behavior.proto";
+
+option csharp_namespace = "Google.Cloud.OsConfig.V1";
+option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1;osconfig";
+option java_multiple_files = true;
+option java_outer_classname = "OsPolicyProto";
+option java_package = "com.google.cloud.osconfig.v1";
+option php_namespace = "Google\\Cloud\\OsConfig\\V1";
+option ruby_package = "Google::Cloud::OsConfig::V1";
+
+// An OS policy defines the desired state configuration for a VM.
+message OSPolicy {
+ // Filtering criteria to select VMs based on inventory details.
+ message InventoryFilter {
+ // Required. The OS short name
+ string os_short_name = 1 [(google.api.field_behavior) = REQUIRED];
+
+ // The OS version
+ //
+ // Prefix matches are supported if asterisk(*) is provided as the
+ // last character. For example, to match all versions with a major
+ // version of `7`, specify the following value for this field `7.*`
+ //
+ // An empty string matches all OS versions.
+ string os_version = 2;
+ }
+
+ // An OS policy resource is used to define the desired state configuration
+ // and provides a specific functionality like installing/removing packages,
+ // executing a script etc.
+ //
+ // The system ensures that resources are always in their desired state by
+ // taking necessary actions if they have drifted from their desired state.
+ message Resource {
+ // A remote or local file.
+ message File {
+ // Specifies a file available via some URI.
+ message Remote {
+ // Required. URI from which to fetch the object. It should contain both
+ // the protocol and path following the format `{protocol}://{location}`.
+ string uri = 1 [(google.api.field_behavior) = REQUIRED];
+
+ // SHA256 checksum of the remote file.
+ string sha256_checksum = 2;
+ }
+
+ // Specifies a file available as a Cloud Storage Object.
+ message Gcs {
+ // Required. Bucket of the Cloud Storage object.
+ string bucket = 1 [(google.api.field_behavior) = REQUIRED];
+
+ // Required. Name of the Cloud Storage object.
+ string object = 2 [(google.api.field_behavior) = REQUIRED];
+
+ // Generation number of the Cloud Storage object.
+ int64 generation = 3;
+ }
+
+ // A specific type of file.
+ oneof type {
+ // A generic remote file.
+ Remote remote = 1;
+
+ // A Cloud Storage object.
+ Gcs gcs = 2;
+
+ // A local path within the VM to use.
+ string local_path = 3;
+ }
+
+ // Defaults to false. When false, files are subject to validations
+ // based on the file type:
+ //
+ // Remote: A checksum must be specified.
+ // Cloud Storage: An object generation number must be specified.
+ bool allow_insecure = 4;
+ }
+
+ // A resource that manages a system package.
+ message PackageResource {
+ // A deb package file. dpkg packages only support INSTALLED state.
+ message Deb {
+ // Required. A deb package.
+ File source = 1 [(google.api.field_behavior) = REQUIRED];
+
+ // Whether dependencies should also be installed.
+ // - install when false: `dpkg -i package`
+ // - install when true: `apt-get update && apt-get -y install
+ // package.deb`
+ bool pull_deps = 2;
+ }
+
+ // A package managed by APT.
+ // - install: `apt-get update && apt-get -y install [name]`
+ // - remove: `apt-get -y remove [name]`
+ message APT {
+ // Required. Package name.
+ string name = 1 [(google.api.field_behavior) = REQUIRED];
+ }
+
+ // An RPM package file. RPM packages only support INSTALLED state.
+ message RPM {
+ // Required. An rpm package.
+ File source = 1 [(google.api.field_behavior) = REQUIRED];
+
+ // Whether dependencies should also be installed.
+ // - install when false: `rpm --upgrade --replacepkgs package.rpm`
+ // - install when true: `yum -y install package.rpm` or
+ // `zypper -y install package.rpm`
+ bool pull_deps = 2;
+ }
+
+ // A package managed by YUM.
+ // - install: `yum -y install package`
+ // - remove: `yum -y remove package`
+ message YUM {
+ // Required. Package name.
+ string name = 1 [(google.api.field_behavior) = REQUIRED];
+ }
+
+ // A package managed by Zypper.
+ // - install: `zypper -y install package`
+ // - remove: `zypper -y rm package`
+ message Zypper {
+ // Required. Package name.
+ string name = 1 [(google.api.field_behavior) = REQUIRED];
+ }
+
+ // A package managed by GooGet.
+ // - install: `googet -noconfirm install package`
+ // - remove: `googet -noconfirm remove package`
+ message GooGet {
+ // Required. Package name.
+ string name = 1 [(google.api.field_behavior) = REQUIRED];
+ }
+
+ // An MSI package. MSI packages only support INSTALLED state.
+ message MSI {
+ // Required. The MSI package.
+ File source = 1 [(google.api.field_behavior) = REQUIRED];
+
+ // Additional properties to use during installation.
+ // This should be in the format of Property=Setting.
+ // Appended to the defaults of `ACTION=INSTALL
+ // REBOOT=ReallySuppress`.
+ repeated string properties = 2;
+ }
+
+ // The desired state that the OS Config agent maintains on the VM.
+ enum DesiredState {
+ // Unspecified is invalid.
+ DESIRED_STATE_UNSPECIFIED = 0;
+
+ // Ensure that the package is installed.
+ INSTALLED = 1;
+
+ // The agent ensures that the package is not installed and
+ // uninstalls it if detected.
+ REMOVED = 2;
+ }
+
+ // Required. The desired state the agent should maintain for this package.
+ DesiredState desired_state = 1 [(google.api.field_behavior) = REQUIRED];
+
+ // A system package.
+ oneof system_package {
+ // A package managed by Apt.
+ APT apt = 2;
+
+ // A deb package file.
+ Deb deb = 3;
+
+ // A package managed by YUM.
+ YUM yum = 4;
+
+ // A package managed by Zypper.
+ Zypper zypper = 5;
+
+ // An rpm package file.
+ RPM rpm = 6;
+
+ // A package managed by GooGet.
+ GooGet googet = 7;
+
+ // An MSI package.
+ MSI msi = 8;
+ }
+ }
+
+ // A resource that manages a package repository.
+ message RepositoryResource {
+ // Represents a single apt package repository. These will be added to
+ // a repo file that will be managed at
+ // `/etc/apt/sources.list.d/google_osconfig.list`.
+ message AptRepository {
+ // Type of archive.
+ enum ArchiveType {
+ // Unspecified is invalid.
+ ARCHIVE_TYPE_UNSPECIFIED = 0;
+
+ // Deb indicates that the archive contains binary files.
+ DEB = 1;
+
+ // Deb-src indicates that the archive contains source files.
+ DEB_SRC = 2;
+ }
+
+ // Required. Type of archive files in this repository.
+ ArchiveType archive_type = 1 [(google.api.field_behavior) = REQUIRED];
+
+ // Required. URI for this repository.
+ string uri = 2 [(google.api.field_behavior) = REQUIRED];
+
+ // Required. Distribution of this repository.
+ string distribution = 3 [(google.api.field_behavior) = REQUIRED];
+
+ // Required. List of components for this repository. Must contain at
+ // least one item.
+ repeated string components = 4 [(google.api.field_behavior) = REQUIRED];
+
+ // URI of the key file for this repository. The agent maintains a
+ // keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg`.
+ string gpg_key = 5;
+ }
+
+ // Represents a single yum package repository. These are added to a
+ // repo file that is managed at
+ // `/etc/yum.repos.d/google_osconfig.repo`.
+ message YumRepository {
+ // Required. A one word, unique name for this repository. This is the
+ // `repo id` in the yum config file and also the `display_name` if
+ // `display_name` is omitted. This id is also used as the unique
+ // identifier when checking for resource conflicts.
+ string id = 1 [(google.api.field_behavior) = REQUIRED];
+
+ // The display name of the repository.
+ string display_name = 2;
+
+ // Required. The location of the repository directory.
+ string base_url = 3 [(google.api.field_behavior) = REQUIRED];
+
+ // URIs of GPG keys.
+ repeated string gpg_keys = 4;
+ }
+
+ // Represents a single zypper package repository. These are added to a
+ // repo file that is managed at
+ // `/etc/zypp/repos.d/google_osconfig.repo`.
+ message ZypperRepository {
+ // Required. A one word, unique name for this repository. This is the
+ // `repo id` in the zypper config file and also the `display_name` if
+ // `display_name` is omitted. This id is also used as the unique
+ // identifier when checking for GuestPolicy conflicts.
+ string id = 1 [(google.api.field_behavior) = REQUIRED];
+
+ // The display name of the repository.
+ string display_name = 2;
+
+ // Required. The location of the repository directory.
+ string base_url = 3 [(google.api.field_behavior) = REQUIRED];
+
+ // URIs of GPG keys.
+ repeated string gpg_keys = 4;
+ }
+
+ // Represents a Goo package repository. These are added to a repo file
+ // that is managed at
+ // `C:/ProgramData/GooGet/repos/google_osconfig.repo`.
+ message GooRepository {
+ // Required. The name of the repository.
+ string name = 1 [(google.api.field_behavior) = REQUIRED];
+
+ // Required. The url of the repository.
+ string url = 2 [(google.api.field_behavior) = REQUIRED];
+ }
+
+ // A specific type of repository.
+ oneof repository {
+ // An Apt Repository.
+ AptRepository apt = 1;
+
+ // A Yum Repository.
+ YumRepository yum = 2;
+
+ // A Zypper Repository.
+ ZypperRepository zypper = 3;
+
+ // A Goo Repository.
+ GooRepository goo = 4;
+ }
+ }
+
+ // A resource that allows executing scripts on the VM.
+ //
+ // The `ExecResource` has 2 stages: `validate` and `enforce` and both stages
+ // accept a script as an argument to execute.
+ //
+ // When the `ExecResource` is applied by the agent, it first executes the
+ // script in the `validate` stage. The `validate` stage can signal that the
+ // `ExecResource` is already in the desired state by returning an exit code
+ // of `100`. If the `ExecResource` is not in the desired state, it should
+ // return an exit code of `101`. Any other exit code returned by this stage
+ // is considered an error.
+ //
+ // If the `ExecResource` is not in the desired state based on the exit code
+ // from the `validate` stage, the agent proceeds to execute the script from
+ // the `enforce` stage. If the `ExecResource` is already in the desired
+ // state, the `enforce` stage will not be run.
+ // Similar to `validate` stage, the `enforce` stage should return an exit
+ // code of `100` to indicate that the resource in now in its desired state.
+ // Any other exit code is considered an error.
+ //
+ // NOTE: An exit code of `100` was chosen over `0` (and `101` vs `1`) to
+ // have an explicit indicator of `in desired state`, `not in desired state`
+ // and errors. Because, for example, Powershell will always return an exit
+ // code of `0` unless an `exit` statement is provided in the script. So, for
+ // reasons of consistency and being explicit, exit codes `100` and `101`
+ // were chosen.
+ message ExecResource {
+ // A file or script to execute.
+ message Exec {
+ // The interpreter to use.
+ enum Interpreter {
+ // Defaults to NONE.
+ INTERPRETER_UNSPECIFIED = 0;
+
+ // If an interpreter is not specified, the
+ // source is executed directly. This execution, without an
+ // interpreter, only succeeds for executables and scripts that have shebang lines.
+ NONE = 1;
+
+ // Indicates that the script runs with `/bin/sh` on Linux and
+ // `cmd.exe` on Windows.
+ SHELL = 2;
+
+ // Indicates that the script runs with PowerShell.
+ POWERSHELL = 3;
+ }
+
+ // What to execute.
+ oneof source {
+ // A remote or local file.
+ File file = 1;
+
+ // An inline script.
+ // The size of the script is limited to 1024 characters.
+ string script = 2;
+ }
+
+ // Optional arguments to pass to the source during execution.
+ repeated string args = 3;
+
+ // Required. The script interpreter to use.
+ Interpreter interpreter = 4 [(google.api.field_behavior) = REQUIRED];
+
+ // Only recorded for enforce Exec.
+ // Path to an output file (that is created by this Exec) whose
+ // content will be recorded in OSPolicyResourceCompliance after a
+ // successful run. Absence or failure to read this file will result in
+ // this ExecResource being non-compliant. Output file size is limited to
+ // 100K bytes.
+ string output_file_path = 5;
+ }
+
+ // Required. What to run to validate this resource is in the desired
+ // state. An exit code of 100 indicates "in desired state", and exit code
+ // of 101 indicates "not in desired state". Any other exit code indicates
+ // a failure running validate.
+ Exec validate = 1 [(google.api.field_behavior) = REQUIRED];
+
+ // What to run to bring this resource into the desired state.
+ // An exit code of 100 indicates "success", any other exit code indicates
+ // a failure running enforce.
+ Exec enforce = 2;
+ }
+
+ // A resource that manages the state of a file.
+ message FileResource {
+ // Desired state of the file.
+ enum DesiredState {
+ // Unspecified is invalid.
+ DESIRED_STATE_UNSPECIFIED = 0;
+
+ // Ensure file at path is present.
+ PRESENT = 1;
+
+ // Ensure file at path is absent.
+ ABSENT = 2;
+
+ // Ensure the contents of the file at path matches. If the file does
+ // not exist it will be created.
+ CONTENTS_MATCH = 3;
+ }
+
+ // The source for the contents of the file.
+ oneof source {
+ // A remote or local source.
+ File file = 1;
+
+ // A a file with this content.
+ // The size of the content is limited to 1024 characters.
+ string content = 2;
+ }
+
+ // Required. The absolute path of the file within the VM.
+ string path = 3 [(google.api.field_behavior) = REQUIRED];
+
+ // Required. Desired state of the file.
+ DesiredState state = 4 [(google.api.field_behavior) = REQUIRED];
+
+ // Consists of three octal digits which represent, in
+ // order, the permissions of the owner, group, and other users for the
+ // file (similarly to the numeric mode used in the linux chmod
+ // utility). Each digit represents a three bit number with the 4 bit
+ // corresponding to the read permissions, the 2 bit corresponds to the
+ // write bit, and the one bit corresponds to the execute permission.
+ // Default behavior is 755.
+ //
+ // Below are some examples of permissions and their associated values:
+ // read, write, and execute: 7
+ // read and execute: 5
+ // read and write: 6
+ // read only: 4
+ string permissions = 5;
+ }
+
+ // Required. The id of the resource with the following restrictions:
+ //
+ // * Must contain only lowercase letters, numbers, and hyphens.
+ // * Must start with a letter.
+ // * Must be between 1-63 characters.
+ // * Must end with a number or a letter.
+ // * Must be unique within the OS policy.
+ string id = 1 [(google.api.field_behavior) = REQUIRED];
+
+ // Resource type.
+ oneof resource_type {
+ // Package resource
+ PackageResource pkg = 2;
+
+ // Package repository resource
+ RepositoryResource repository = 3;
+
+ // Exec resource
+ ExecResource exec = 4;
+
+ // File resource
+ FileResource file = 5;
+ }
+ }
+
+ // Resource groups provide a mechanism to group OS policy resources.
+ //
+ // Resource groups enable OS policy authors to create a single OS policy
+ // to be applied to VMs running different operating Systems.
+ //
+ // When the OS policy is applied to a target VM, the appropriate resource
+ // group within the OS policy is selected based on the `OSFilter` specified
+ // within the resource group.
+ message ResourceGroup {
+ // List of inventory filters for the resource group.
+ //
+ // The resources in this resource group are applied to the target VM if it
+ // satisfies at least one of the following inventory filters.
+ //
+ // For example, to apply this resource group to VMs running either `RHEL` or
+ // `CentOS` operating systems, specify 2 items for the list with following
+ // values:
+ // inventory_filters[0].os_short_name='rhel' and
+ // inventory_filters[1].os_short_name='centos'
+ //
+ // If the list is empty, this resource group will be applied to the target
+ // VM unconditionally.
+ repeated InventoryFilter inventory_filters = 1;
+
+ // Required. List of resources configured for this resource group.
+ // The resources are executed in the exact order specified here.
+ repeated Resource resources = 2 [(google.api.field_behavior) = REQUIRED];
+ }
+
+ // Policy mode
+ enum Mode {
+ // Invalid mode
+ MODE_UNSPECIFIED = 0;
+
+ // This mode checks if the configuration resources in the policy are in
+ // their desired state. No actions are performed if they are not in the
+ // desired state. This mode is used for reporting purposes.
+ VALIDATION = 1;
+
+ // This mode checks if the configuration resources in the policy are in
+ // their desired state, and if not, enforces the desired state.
+ ENFORCEMENT = 2;
+ }
+
+ // Required. The id of the OS policy with the following restrictions:
+ //
+ // * Must contain only lowercase letters, numbers, and hyphens.
+ // * Must start with a letter.
+ // * Must be between 1-63 characters.
+ // * Must end with a number or a letter.
+ // * Must be unique within the assignment.
+ string id = 1 [(google.api.field_behavior) = REQUIRED];
+
+ // Policy description.
+ // Length of the description is limited to 1024 characters.
+ string description = 2;
+
+ // Required. Policy mode
+ Mode mode = 3 [(google.api.field_behavior) = REQUIRED];
+
+ // Required. List of resource groups for the policy.
+ // For a particular VM, resource groups are evaluated in the order specified
+ // and the first resource group that is applicable is selected and the rest
+ // are ignored.
+ //
+ // If none of the resource groups are applicable for a VM, the VM is
+ // considered to be non-compliant w.r.t this policy. This behavior can be
+ // toggled by the flag `allow_no_resource_group_match`
+ repeated ResourceGroup resource_groups = 4
+ [(google.api.field_behavior) = REQUIRED];
+
+ // This flag determines the OS policy compliance status when none of the
+ // resource groups within the policy are applicable for a VM. Set this value
+ // to `true` if the policy needs to be reported as compliant even if the
+ // policy has nothing to validate or enforce.
+ bool allow_no_resource_group_match = 5;
+}
diff --git a/protos/google/cloud/osconfig/v1/os_policy_assignment_reports.proto b/protos/google/cloud/osconfig/v1/os_policy_assignment_reports.proto
new file mode 100644
index 00000000..f610fc5a
--- /dev/null
+++ b/protos/google/cloud/osconfig/v1/os_policy_assignment_reports.proto
@@ -0,0 +1,296 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.osconfig.v1;
+
+import "google/api/field_behavior.proto";
+import "google/api/resource.proto";
+import "google/protobuf/timestamp.proto";
+
+option csharp_namespace = "Google.Cloud.OsConfig.V1";
+option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1;osconfig";
+option java_multiple_files = true;
+option java_outer_classname = "OSPolicyAssignmentReportsProto";
+option java_package = "com.google.cloud.osconfig.v1";
+option php_namespace = "Google\\Cloud\\OsConfig\\V1";
+option ruby_package = "Google::Cloud::OsConfig::V1";
+option (google.api.resource_definition) = {
+ type: "osconfig.googleapis.com/InstanceOSPolicyAssignment"
+ pattern: "projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/{assignment}"
+};
+
+// Get a report of the OS policy assignment for a VM instance.
+message GetOSPolicyAssignmentReportRequest {
+ // Required. API resource name for OS policy assignment report.
+ //
+ // Format:
+ // `/projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/{assignment}/report`
+ //
+ // For `{project}`, either `project-number` or `project-id` can be provided.
+ // For `{instance_id}`, either Compute Engine `instance-id` or `instance-name`
+ // can be provided.
+ // For `{assignment_id}`, the OSPolicyAssignment id must be provided.
+ string name = 1 [
+ (google.api.field_behavior) = REQUIRED,
+ (google.api.resource_reference) = {
+ type: "osconfig.googleapis.com/OSPolicyAssignmentReport"
+ }
+ ];
+}
+
+// List the OS policy assignment reports for VM instances.
+message ListOSPolicyAssignmentReportsRequest {
+ // Required. The parent resource name.
+ //
+ // Format:
+ // `projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/{assignment}/reports`
+ //
+ // For `{project}`, either `project-number` or `project-id` can be provided.
+ // For `{instance}`, either `instance-name`, `instance-id`, or `-` can be
+ // provided. If '-' is provided, the response will include
+ // OSPolicyAssignmentReports for all instances in the project/location.
+ // For `{assignment}`, either `assignment-id` or `-` can be provided. If '-'
+ // is provided, the response will include OSPolicyAssignmentReports for all
+ // OSPolicyAssignments in the project/location.
+ // Either {instance} or {assignment} must be `-`.
+ //
+ // For example:
+ // `projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/-/reports`
+ // returns all reports for the instance
+ // `projects/{project}/locations/{location}/instances/-/osPolicyAssignments/{assignment-id}/reports`
+ // returns all the reports for the given assignment across all instances.
+ // `projects/{project}/locations/{location}/instances/-/osPolicyAssignments/-/reports`
+ // returns all the reports for all assignments across all instances.
+ string parent = 1 [
+ (google.api.field_behavior) = REQUIRED,
+ (google.api.resource_reference) = {
+ type: "osconfig.googleapis.com/InstanceOSPolicyAssignment"
+ }
+ ];
+
+ // The maximum number of results to return.
+ int32 page_size = 2;
+
+ // If provided, this field specifies the criteria that must be met by the
+ // `OSPolicyAssignmentReport` API resource that is included in the response.
+ string filter = 3;
+
+ // A pagination token returned from a previous call to the
+ // `ListOSPolicyAssignmentReports` method that indicates where this listing
+ // should continue from.
+ string page_token = 4;
+}
+
+// A response message for listing OS Policy assignment reports including the
+// page of results and page token.
+message ListOSPolicyAssignmentReportsResponse {
+ // List of OS policy assignment reports.
+ repeated OSPolicyAssignmentReport os_policy_assignment_reports = 1;
+
+ // The pagination token to retrieve the next page of OS policy assignment
+ // report objects.
+ string next_page_token = 2;
+}
+
+// A report of the OS policy assignment status for a given instance.
+message OSPolicyAssignmentReport {
+ option (google.api.resource) = {
+ type: "osconfig.googleapis.com/OSPolicyAssignmentReport"
+ pattern: "projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/{assignment}/report"
+ };
+
+ // Compliance data for an OS policy
+ message OSPolicyCompliance {
+ // Compliance data for an OS policy resource.
+ message OSPolicyResourceCompliance {
+ // Step performed by the OS Config agent for configuring an
+ // `OSPolicy` resource to its desired state.
+ message OSPolicyResourceConfigStep {
+ // Supported configuration step types
+ enum Type {
+ // Default value. This value is unused.
+ TYPE_UNSPECIFIED = 0;
+
+ // Checks for resource conflicts such as schema errors.
+ VALIDATION = 1;
+
+ // Checks the current status of the desired state for a resource.
+ DESIRED_STATE_CHECK = 2;
+
+ // Enforces the desired state for a resource that is not in desired
+ // state.
+ DESIRED_STATE_ENFORCEMENT = 3;
+
+ // Re-checks the status of the desired state. This check is done
+ // for a resource after the enforcement of all OS policies.
+ //
+ // This step is used to determine the final desired state status for
+ // the resource. It accounts for any resources that might have drifted
+ // from their desired state due to side effects from executing other
+ // resources.
+ DESIRED_STATE_CHECK_POST_ENFORCEMENT = 4;
+ }
+
+ // Configuration step type.
+ Type type = 1;
+
+ // An error message recorded during the execution of this step.
+ // Only populated if errors were encountered during this step execution.
+ string error_message = 2;
+ }
+
+ // ExecResource specific output.
+ message ExecResourceOutput {
+ // Output from enforcement phase output file (if run).
+ // Output size is limited to 100K bytes.
+ bytes enforcement_output = 2;
+ }
+
+ // Possible compliance states for a resource.
+ enum ComplianceState {
+ // The resource is in an unknown compliance state.
+ //
+ // To get more details about why the policy is in this state, review
+ // the output of the `compliance_state_reason` field.
+ UNKNOWN = 0;
+
+ // Resource is compliant.
+ COMPLIANT = 1;
+
+ // Resource is non-compliant.
+ NON_COMPLIANT = 2;
+ }
+
+ // The ID of the OS policy resource.
+ string os_policy_resource_id = 1;
+
+ // Ordered list of configuration completed by the agent for the OS policy
+ // resource.
+ repeated OSPolicyResourceConfigStep config_steps = 2;
+
+ // The compliance state of the resource.
+ ComplianceState compliance_state = 3;
+
+ // A reason for the resource to be in the given compliance state.
+ // This field is always populated when `compliance_state` is `UNKNOWN`.
+ //
+ // The following values are supported when `compliance_state == UNKNOWN`
+ //
+ // * `execution-errors`: Errors were encountered by the agent while
+ // executing the resource and the compliance state couldn't be
+ // determined.
+ // * `execution-skipped-by-agent`: Resource execution was skipped by the
+ // agent because errors were encountered while executing prior resources
+ // in the OS policy.
+ // * `os-policy-execution-attempt-failed`: The execution of the OS policy
+ // containing this resource failed and the compliance state couldn't be
+ // determined.
+ string compliance_state_reason = 4;
+
+ // Resource specific output.
+ oneof output {
+ // ExecResource specific output.
+ ExecResourceOutput exec_resource_output = 5;
+ }
+ }
+
+ // Possible compliance states for an os policy.
+ enum ComplianceState {
+ // The policy is in an unknown compliance state.
+ //
+ // Refer to the field `compliance_state_reason` to learn the exact reason
+ // for the policy to be in this compliance state.
+ UNKNOWN = 0;
+
+ // Policy is compliant.
+ //
+ // The policy is compliant if all the underlying resources are also
+ // compliant.
+ COMPLIANT = 1;
+
+ // Policy is non-compliant.
+ //
+ // The policy is non-compliant if one or more underlying resources are
+ // non-compliant.
+ NON_COMPLIANT = 2;
+ }
+
+ // The OS policy id
+ string os_policy_id = 1;
+
+ // The compliance state of the OS policy.
+ ComplianceState compliance_state = 2;
+
+ // The reason for the OS policy to be in an unknown compliance state.
+ // This field is always populated when `compliance_state` is `UNKNOWN`.
+ //
+ // If populated, the field can contain one of the following values:
+ //
+ // * `vm-not-running`: The VM was not running.
+ // * `os-policies-not-supported-by-agent`: The version of the OS Config
+ // agent running on the VM does not support running OS policies.
+ // * `no-agent-detected`: The OS Config agent is not detected for the VM.
+ // * `resource-execution-errors`: The OS Config agent encountered errors
+ // while executing one or more resources in the policy. See
+ // `os_policy_resource_compliances` for details.
+ // * `task-timeout`: The task sent to the agent to apply the policy timed
+ // out.
+ // * `unexpected-agent-state`: The OS Config agent did not report the final
+ // status of the task that attempted to apply the policy. Instead, the agent
+ // unexpectedly started working on a different task. This mostly happens
+ // when the agent or VM unexpectedly restarts while applying OS policies.
+ // * `internal-service-errors`: Internal service errors were encountered
+ // while attempting to apply the policy.
+ string compliance_state_reason = 3;
+
+ // Compliance data for each resource within the policy that is applied to
+ // the VM.
+ repeated OSPolicyResourceCompliance os_policy_resource_compliances = 4;
+ }
+
+ // The `OSPolicyAssignmentReport` API resource name.
+ //
+ // Format:
+ // `projects/{project_number}/locations/{location}/instances/{instance_id}/osPolicyAssignments/{os_policy_assignment_id}/report`
+ string name = 1;
+
+ // The Compute Engine VM instance name.
+ string instance = 2;
+
+ // Reference to the `OSPolicyAssignment` API resource that the `OSPolicy`
+ // belongs to.
+ //
+ // Format:
+ // `projects/{project_number}/locations/{location}/osPolicyAssignments/{os_policy_assignment_id@revision_id}`
+ string os_policy_assignment = 3 [(google.api.resource_reference) = {
+ type: "osconfig.googleapis.com/OSPolicyAssignment"
+ }];
+
+ // Compliance data for each `OSPolicy` that is applied to the VM.
+ repeated OSPolicyCompliance os_policy_compliances = 4;
+
+ // Timestamp for when the report was last generated.
+ google.protobuf.Timestamp update_time = 5;
+
+ // Unique identifier of the last attempted run to apply the OS policies
+ // associated with this assignment on the VM.
+ //
+ // This ID is logged by the OS Config agent while applying the OS
+ // policies associated with this assignment on the VM.
+ // NOTE: If the service is unable to successfully connect to the agent for
+ // this run, then this id will not be available in the agent logs.
+ string last_run_id = 6;
+}
diff --git a/protos/google/cloud/osconfig/v1/os_policy_assignments.proto b/protos/google/cloud/osconfig/v1/os_policy_assignments.proto
new file mode 100644
index 00000000..157b8fd3
--- /dev/null
+++ b/protos/google/cloud/osconfig/v1/os_policy_assignments.proto
@@ -0,0 +1,386 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.osconfig.v1;
+
+import "google/api/field_behavior.proto";
+import "google/api/resource.proto";
+import "google/cloud/osconfig/v1/os_policy.proto";
+import "google/cloud/osconfig/v1/osconfig_common.proto";
+import "google/protobuf/duration.proto";
+import "google/protobuf/field_mask.proto";
+import "google/protobuf/timestamp.proto";
+
+option csharp_namespace = "Google.Cloud.OsConfig.V1";
+option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1;osconfig";
+option java_multiple_files = true;
+option java_outer_classname = "OsPolicyAssignmentsProto";
+option java_package = "com.google.cloud.osconfig.v1";
+option php_namespace = "Google\\Cloud\\OsConfig\\V1";
+option ruby_package = "Google::Cloud::OsConfig::V1";
+
+// OS policy assignment is an API resource that is used to
+// apply a set of OS policies to a dynamically targeted group of Compute Engine
+// VM instances.
+//
+// An OS policy is used to define the desired state configuration for a
+// Compute Engine VM instance through a set of configuration resources that
+// provide capabilities such as installing or removing software packages, or
+// executing a script.
+//
+// For more information, see [OS policy and OS policy
+// assignment](https://cloud.google.com/compute/docs/os-configuration-management/working-with-os-policies).
+message OSPolicyAssignment {
+ option (google.api.resource) = {
+ type: "osconfig.googleapis.com/OSPolicyAssignment"
+ pattern: "projects/{project}/locations/{location}/osPolicyAssignments/{os_policy_assignment}"
+ };
+
+ // Message representing label set.
+ // * A label is a key value pair set for a VM.
+ // * A LabelSet is a set of labels.
+ // * Labels within a LabelSet are ANDed. In other words, a LabelSet is
+ // applicable for a VM only if it matches all the labels in the
+ // LabelSet.
+ // * Example: A LabelSet with 2 labels: `env=prod` and `type=webserver` will
+ // only be applicable for those VMs with both labels
+ // present.
+ message LabelSet {
+ // Labels are identified by key/value pairs in this map.
+ // A VM should contain all the key/value pairs specified in this
+ // map to be selected.
+ map labels = 1;
+ }
+
+ // Filters to select target VMs for an assignment.
+ //
+ // If more than one filter criteria is specified below, a VM will be selected
+ // if and only if it satisfies all of them.
+ message InstanceFilter {
+ // VM inventory details.
+ message Inventory {
+ // Required. The OS short name
+ string os_short_name = 1 [(google.api.field_behavior) = REQUIRED];
+
+ // The OS version
+ //
+ // Prefix matches are supported if asterisk(*) is provided as the
+ // last character. For example, to match all versions with a major
+ // version of `7`, specify the following value for this field `7.*`
+ //
+ // An empty string matches all OS versions.
+ string os_version = 2;
+ }
+
+ // Target all VMs in the project. If true, no other criteria is
+ // permitted.
+ bool all = 1;
+
+ // List of label sets used for VM inclusion.
+ //
+ // If the list has more than one `LabelSet`, the VM is included if any
+ // of the label sets are applicable for the VM.
+ repeated LabelSet inclusion_labels = 2;
+
+ // List of label sets used for VM exclusion.
+ //
+ // If the list has more than one label set, the VM is excluded if any
+ // of the label sets are applicable for the VM.
+ repeated LabelSet exclusion_labels = 3;
+
+ // List of inventories to select VMs.
+ //
+ // A VM is selected if its inventory data matches at least one of the
+ // following inventories.
+ repeated Inventory inventories = 4;
+ }
+
+ // Message to configure the rollout at the zonal level for the OS policy
+ // assignment.
+ message Rollout {
+ // Required. The maximum number (or percentage) of VMs per zone to disrupt
+ // at any given moment.
+ FixedOrPercent disruption_budget = 1
+ [(google.api.field_behavior) = REQUIRED];
+
+ // Required. This determines the minimum duration of time to wait after the
+ // configuration changes are applied through the current rollout. A
+ // VM continues to count towards the `disruption_budget` at least
+ // until this duration of time has passed after configuration changes are
+ // applied.
+ google.protobuf.Duration min_wait_duration = 2
+ [(google.api.field_behavior) = REQUIRED];
+ }
+
+ // OS policy assignment rollout state
+ enum RolloutState {
+ // Invalid value
+ ROLLOUT_STATE_UNSPECIFIED = 0;
+
+ // The rollout is in progress.
+ IN_PROGRESS = 1;
+
+ // The rollout is being cancelled.
+ CANCELLING = 2;
+
+ // The rollout is cancelled.
+ CANCELLED = 3;
+
+ // The rollout has completed successfully.
+ SUCCEEDED = 4;
+ }
+
+ // Resource name.
+ //
+ // Format:
+ // `projects/{project_number}/locations/{location}/osPolicyAssignments/{os_policy_assignment_id}`
+ //
+ // This field is ignored when you create an OS policy assignment.
+ string name = 1;
+
+ // OS policy assignment description.
+ // Length of the description is limited to 1024 characters.
+ string description = 2;
+
+ // Required. List of OS policies to be applied to the VMs.
+ repeated OSPolicy os_policies = 3 [(google.api.field_behavior) = REQUIRED];
+
+ // Required. Filter to select VMs.
+ InstanceFilter instance_filter = 4 [(google.api.field_behavior) = REQUIRED];
+
+ // Required. Rollout to deploy the OS policy assignment.
+ // A rollout is triggered in the following situations:
+ // 1) OSPolicyAssignment is created.
+ // 2) OSPolicyAssignment is updated and the update contains changes to one of
+ // the following fields:
+ // - instance_filter
+ // - os_policies
+ // 3) OSPolicyAssignment is deleted.
+ Rollout rollout = 5 [(google.api.field_behavior) = REQUIRED];
+
+ // Output only. The assignment revision ID
+ // A new revision is committed whenever a rollout is triggered for a OS policy
+ // assignment
+ string revision_id = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+ // Output only. The timestamp that the revision was created.
+ google.protobuf.Timestamp revision_create_time = 7
+ [(google.api.field_behavior) = OUTPUT_ONLY];
+
+ // The etag for this OS policy assignment.
+ // If this is provided on update, it must match the server's etag.
+ string etag = 8;
+
+ // Output only. OS policy assignment rollout state
+ RolloutState rollout_state = 9 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+ // Output only. Indicates that this revision has been successfully rolled out
+ // in this zone and new VMs will be assigned OS policies from this revision.
+ //
+ // For a given OS policy assignment, there is only one revision with a value
+ // of `true` for this field.
+ bool baseline = 10 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+ // Output only. Indicates that this revision deletes the OS policy assignment.
+ bool deleted = 11 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+ // Output only. Indicates that reconciliation is in progress for the revision.
+ // This value is `true` when the `rollout_state` is one of:
+ // * IN_PROGRESS
+ // * CANCELLING
+ bool reconciling = 12 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+ // Output only. Server generated unique id for the OS policy assignment
+ // resource.
+ string uid = 13 [(google.api.field_behavior) = OUTPUT_ONLY];
+}
+
+// OS policy assignment operation metadata provided by OS policy assignment API
+// methods that return long running operations.
+message OSPolicyAssignmentOperationMetadata {
+ // The OS policy assignment API method.
+ enum APIMethod {
+ // Invalid value
+ API_METHOD_UNSPECIFIED = 0;
+
+ // Create OS policy assignment API method
+ CREATE = 1;
+
+ // Update OS policy assignment API method
+ UPDATE = 2;
+
+ // Delete OS policy assignment API method
+ DELETE = 3;
+ }
+
+ // State of the rollout
+ enum RolloutState {
+ // Invalid value
+ ROLLOUT_STATE_UNSPECIFIED = 0;
+
+ // The rollout is in progress.
+ IN_PROGRESS = 1;
+
+ // The rollout is being cancelled.
+ CANCELLING = 2;
+
+ // The rollout is cancelled.
+ CANCELLED = 3;
+
+ // The rollout has completed successfully.
+ SUCCEEDED = 4;
+ }
+
+ // Reference to the `OSPolicyAssignment` API resource.
+ //
+ // Format:
+ // `projects/{project_number}/locations/{location}/osPolicyAssignments/{os_policy_assignment_id@revision_id}`
+ string os_policy_assignment = 1 [(google.api.resource_reference) = {
+ type: "osconfig.googleapis.com/OSPolicyAssignment"
+ }];
+
+ // The OS policy assignment API method.
+ APIMethod api_method = 2;
+
+ // State of the rollout
+ RolloutState rollout_state = 3;
+
+ // Rollout start time
+ google.protobuf.Timestamp rollout_start_time = 4;
+
+ // Rollout update time
+ google.protobuf.Timestamp rollout_update_time = 5;
+}
+
+// A request message to create an OS policy assignment
+message CreateOSPolicyAssignmentRequest {
+ // Required. The parent resource name in the form:
+ // projects/{project}/locations/{location}
+ string parent = 1 [
+ (google.api.field_behavior) = REQUIRED,
+ (google.api.resource_reference) = {
+ type: "locations.googleapis.com/Location"
+ }
+ ];
+
+ // Required. The OS policy assignment to be created.
+ OSPolicyAssignment os_policy_assignment = 2
+ [(google.api.field_behavior) = REQUIRED];
+
+ // Required. The logical name of the OS policy assignment in the project
+ // with the following restrictions:
+ //
+ // * Must contain only lowercase letters, numbers, and hyphens.
+ // * Must start with a letter.
+ // * Must be between 1-63 characters.
+ // * Must end with a number or a letter.
+ // * Must be unique within the project.
+ string os_policy_assignment_id = 3 [(google.api.field_behavior) = REQUIRED];
+}
+
+// A request message to update an OS policy assignment
+message UpdateOSPolicyAssignmentRequest {
+ // Required. The updated OS policy assignment.
+ OSPolicyAssignment os_policy_assignment = 1
+ [(google.api.field_behavior) = REQUIRED];
+
+ // Optional. Field mask that controls which fields of the assignment should be
+ // updated.
+ google.protobuf.FieldMask update_mask = 2
+ [(google.api.field_behavior) = OPTIONAL];
+}
+
+// A request message to get an OS policy assignment
+message GetOSPolicyAssignmentRequest {
+ // Required. The resource name of OS policy assignment.
+ //
+ // Format:
+ // `projects/{project}/locations/{location}/osPolicyAssignments/{os_policy_assignment}@{revisionId}`
+ string name = 1 [
+ (google.api.field_behavior) = REQUIRED,
+ (google.api.resource_reference) = {
+ type: "osconfig.googleapis.com/OSPolicyAssignment"
+ }
+ ];
+}
+
+// A request message to list OS policy assignments for a parent resource
+message ListOSPolicyAssignmentsRequest {
+ // Required. The parent resource name.
+ string parent = 1 [
+ (google.api.field_behavior) = REQUIRED,
+ (google.api.resource_reference) = {
+ type: "locations.googleapis.com/Location"
+ }
+ ];
+
+ // The maximum number of assignments to return.
+ int32 page_size = 2;
+
+ // A pagination token returned from a previous call to
+ // `ListOSPolicyAssignments` that indicates where this listing should continue
+ // from.
+ string page_token = 3;
+}
+
+// A response message for listing all assignments under given parent.
+message ListOSPolicyAssignmentsResponse {
+ // The list of assignments
+ repeated OSPolicyAssignment os_policy_assignments = 1;
+
+ // The pagination token to retrieve the next page of OS policy assignments.
+ string next_page_token = 2;
+}
+
+// A request message to list revisions for a OS policy assignment
+message ListOSPolicyAssignmentRevisionsRequest {
+ // Required. The name of the OS policy assignment to list revisions for.
+ string name = 1 [
+ (google.api.field_behavior) = REQUIRED,
+ (google.api.resource_reference) = {
+ type: "osconfig.googleapis.com/OSPolicyAssignment"
+ }
+ ];
+
+ // The maximum number of revisions to return.
+ int32 page_size = 2;
+
+ // A pagination token returned from a previous call to
+ // `ListOSPolicyAssignmentRevisions` that indicates where this listing should
+ // continue from.
+ string page_token = 3;
+}
+
+// A response message for listing all revisions for a OS policy assignment.
+message ListOSPolicyAssignmentRevisionsResponse {
+ // The OS policy assignment revisions
+ repeated OSPolicyAssignment os_policy_assignments = 1;
+
+ // The pagination token to retrieve the next page of OS policy assignment
+ // revisions.
+ string next_page_token = 2;
+}
+
+// A request message for deleting a OS policy assignment.
+message DeleteOSPolicyAssignmentRequest {
+ // Required. The name of the OS policy assignment to be deleted
+ string name = 1 [
+ (google.api.field_behavior) = REQUIRED,
+ (google.api.resource_reference) = {
+ type: "osconfig.googleapis.com/OSPolicyAssignment"
+ }
+ ];
+}
diff --git a/protos/google/cloud/osconfig/v1/osconfig_service.proto b/protos/google/cloud/osconfig/v1/osconfig_service.proto
index 88857b26..ae256fe6 100644
--- a/protos/google/cloud/osconfig/v1/osconfig_service.proto
+++ b/protos/google/cloud/osconfig/v1/osconfig_service.proto
@@ -41,7 +41,8 @@ option (google.api.resource_definition) = {
// manage package installations and patch jobs for virtual machine instances.
service OsConfigService {
option (google.api.default_host) = "osconfig.googleapis.com";
- option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
+ option (google.api.oauth_scopes) =
+ "https://www.googleapis.com/auth/cloud-platform";
// Patch VM instances by creating and running a patch job.
rpc ExecutePatchJob(ExecutePatchJobRequest) returns (PatchJob) {
@@ -78,7 +79,8 @@ service OsConfigService {
}
// Get a list of instance details for a given patch job.
- rpc ListPatchJobInstanceDetails(ListPatchJobInstanceDetailsRequest) returns (ListPatchJobInstanceDetailsResponse) {
+ rpc ListPatchJobInstanceDetails(ListPatchJobInstanceDetailsRequest)
+ returns (ListPatchJobInstanceDetailsResponse) {
option (google.api.http) = {
get: "/v1/{parent=projects/*/patchJobs/*}/instanceDetails"
};
@@ -86,12 +88,14 @@ service OsConfigService {
}
// Create an OS Config patch deployment.
- rpc CreatePatchDeployment(CreatePatchDeploymentRequest) returns (PatchDeployment) {
+ rpc CreatePatchDeployment(CreatePatchDeploymentRequest)
+ returns (PatchDeployment) {
option (google.api.http) = {
post: "/v1/{parent=projects/*}/patchDeployments"
body: "patch_deployment"
};
- option (google.api.method_signature) = "parent,patch_deployment,patch_deployment_id";
+ option (google.api.method_signature) =
+ "parent,patch_deployment,patch_deployment_id";
}
// Get an OS Config patch deployment.
@@ -103,7 +107,8 @@ service OsConfigService {
}
// Get a page of OS Config patch deployments.
- rpc ListPatchDeployments(ListPatchDeploymentsRequest) returns (ListPatchDeploymentsResponse) {
+ rpc ListPatchDeployments(ListPatchDeploymentsRequest)
+ returns (ListPatchDeploymentsResponse) {
option (google.api.http) = {
get: "/v1/{parent=projects/*}/patchDeployments"
};
@@ -111,7 +116,8 @@ service OsConfigService {
}
// Delete an OS Config patch deployment.
- rpc DeletePatchDeployment(DeletePatchDeploymentRequest) returns (google.protobuf.Empty) {
+ rpc DeletePatchDeployment(DeletePatchDeploymentRequest)
+ returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/v1/{name=projects/*/patchDeployments/*}"
};
diff --git a/protos/google/cloud/osconfig/v1/osconfig_zonal_service.proto b/protos/google/cloud/osconfig/v1/osconfig_zonal_service.proto
index 22219f53..196737c1 100644
--- a/protos/google/cloud/osconfig/v1/osconfig_zonal_service.proto
+++ b/protos/google/cloud/osconfig/v1/osconfig_zonal_service.proto
@@ -18,9 +18,11 @@ package google.cloud.osconfig.v1;
import "google/api/annotations.proto";
import "google/api/client.proto";
-import "google/api/resource.proto";
import "google/cloud/osconfig/v1/inventory.proto";
+import "google/cloud/osconfig/v1/os_policy_assignment_reports.proto";
+import "google/cloud/osconfig/v1/os_policy_assignments.proto";
import "google/cloud/osconfig/v1/vulnerability.proto";
+import "google/longrunning/operations.proto";
option csharp_namespace = "Google.Cloud.OsConfig.V1";
option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1;osconfig";
@@ -36,7 +38,130 @@ option ruby_package = "Google::Cloud::OsConfig::V1";
// manage package installations and patch jobs for Compute Engine VM instances.
service OsConfigZonalService {
option (google.api.default_host) = "osconfig.googleapis.com";
- option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
+ option (google.api.oauth_scopes) =
+ "https://www.googleapis.com/auth/cloud-platform";
+
+ // Create an OS policy assignment.
+ //
+ // This method also creates the first revision of the OS policy assignment.
+ //
+ // This method returns a long running operation (LRO) that contains the
+ // rollout details. The rollout can be cancelled by cancelling the LRO.
+ //
+ // For more information, see [Method:
+ // projects.locations.osPolicyAssignments.operations.cancel](https://cloud.google.com/compute/docs/osconfig/rest/v1/projects.locations.osPolicyAssignments.operations/cancel).
+ rpc CreateOSPolicyAssignment(CreateOSPolicyAssignmentRequest)
+ returns (google.longrunning.Operation) {
+ option (google.api.http) = {
+ post: "/v1/{parent=projects/*/locations/*}/osPolicyAssignments"
+ body: "os_policy_assignment"
+ };
+ option (google.api.method_signature) =
+ "parent,os_policy_assignment,os_policy_assignment_id";
+ option (google.longrunning.operation_info) = {
+ response_type: "OSPolicyAssignment"
+ metadata_type: "OSPolicyAssignmentOperationMetadata"
+ };
+ }
+
+ // Update an existing OS policy assignment.
+ //
+ // This method creates a new revision of the OS policy assignment.
+ //
+ // This method returns a long running operation (LRO) that contains the
+ // rollout details. The rollout can be cancelled by cancelling the LRO.
+ //
+ // For more information, see [Method:
+ // projects.locations.osPolicyAssignments.operations.cancel](https://cloud.google.com/compute/docs/osconfig/rest/v1/projects.locations.osPolicyAssignments.operations/cancel).
+ rpc UpdateOSPolicyAssignment(UpdateOSPolicyAssignmentRequest)
+ returns (google.longrunning.Operation) {
+ option (google.api.http) = {
+ patch: "/v1/{os_policy_assignment.name=projects/*/locations/*/osPolicyAssignments/*}"
+ body: "os_policy_assignment"
+ };
+ option (google.api.method_signature) = "os_policy_assignment,update_mask";
+ option (google.longrunning.operation_info) = {
+ response_type: "OSPolicyAssignment"
+ metadata_type: "OSPolicyAssignmentOperationMetadata"
+ };
+ }
+
+ // Retrieve an existing OS policy assignment.
+ //
+ // This method always returns the latest revision. In order to retrieve a
+ // previous revision of the assignment, also provide the revision ID in the
+ // `name` parameter.
+ rpc GetOSPolicyAssignment(GetOSPolicyAssignmentRequest)
+ returns (OSPolicyAssignment) {
+ option (google.api.http) = {
+ get: "/v1/{name=projects/*/locations/*/osPolicyAssignments/*}"
+ };
+ option (google.api.method_signature) = "name";
+ }
+
+ // List the OS policy assignments under the parent resource.
+ //
+ // For each OS policy assignment, the latest revision is returned.
+ rpc ListOSPolicyAssignments(ListOSPolicyAssignmentsRequest)
+ returns (ListOSPolicyAssignmentsResponse) {
+ option (google.api.http) = {
+ get: "/v1/{parent=projects/*/locations/*}/osPolicyAssignments"
+ };
+ option (google.api.method_signature) = "parent";
+ }
+
+ // List the OS policy assignment revisions for a given OS policy assignment.
+ rpc ListOSPolicyAssignmentRevisions(ListOSPolicyAssignmentRevisionsRequest)
+ returns (ListOSPolicyAssignmentRevisionsResponse) {
+ option (google.api.http) = {
+ get: "/v1/{name=projects/*/locations/*/osPolicyAssignments/*}:listRevisions"
+ };
+ option (google.api.method_signature) = "name";
+ }
+
+ // Delete the OS policy assignment.
+ //
+ // This method creates a new revision of the OS policy assignment.
+ //
+ // This method returns a long running operation (LRO) that contains the
+ // rollout details. The rollout can be cancelled by cancelling the LRO.
+ //
+ // If the LRO completes and is not cancelled, all revisions associated with
+ // the OS policy assignment are deleted.
+ //
+ // For more information, see [Method:
+ // projects.locations.osPolicyAssignments.operations.cancel](https://cloud.google.com/compute/docs/osconfig/rest/v1/projects.locations.osPolicyAssignments.operations/cancel).
+ rpc DeleteOSPolicyAssignment(DeleteOSPolicyAssignmentRequest)
+ returns (google.longrunning.Operation) {
+ option (google.api.http) = {
+ delete: "/v1/{name=projects/*/locations/*/osPolicyAssignments/*}"
+ };
+ option (google.api.method_signature) = "name";
+ option (google.longrunning.operation_info) = {
+ response_type: "google.protobuf.Empty"
+ metadata_type: "OSPolicyAssignmentOperationMetadata"
+ };
+ }
+
+ // Get the OS policy asssignment report for the specified Compute Engine VM
+ // instance.
+ rpc GetOSPolicyAssignmentReport(GetOSPolicyAssignmentReportRequest)
+ returns (OSPolicyAssignmentReport) {
+ option (google.api.http) = {
+ get: "/v1/{name=projects/*/locations/*/instances/*/osPolicyAssignments/*/report}"
+ };
+ option (google.api.method_signature) = "name";
+ }
+
+ // List OS policy asssignment reports for all Compute Engine VM instances in
+ // the specified zone.
+ rpc ListOSPolicyAssignmentReports(ListOSPolicyAssignmentReportsRequest)
+ returns (ListOSPolicyAssignmentReportsResponse) {
+ option (google.api.http) = {
+ get: "/v1/{parent=projects/*/locations/*/instances/*/osPolicyAssignments/*}/reports"
+ };
+ option (google.api.method_signature) = "parent";
+ }
// Get inventory data for the specified VM instance. If the VM has no
// associated inventory, the message `NOT_FOUND` is returned.
@@ -48,7 +173,8 @@ service OsConfigZonalService {
}
// List inventory data for all VM instances in the specified zone.
- rpc ListInventories(ListInventoriesRequest) returns (ListInventoriesResponse) {
+ rpc ListInventories(ListInventoriesRequest)
+ returns (ListInventoriesResponse) {
option (google.api.http) = {
get: "/v1/{parent=projects/*/locations/*/instances/*}/inventories"
};
@@ -57,7 +183,8 @@ service OsConfigZonalService {
// Gets the vulnerability report for the specified VM instance. Only VMs with
// inventory data have vulnerability reports associated with them.
- rpc GetVulnerabilityReport(GetVulnerabilityReportRequest) returns (VulnerabilityReport) {
+ rpc GetVulnerabilityReport(GetVulnerabilityReportRequest)
+ returns (VulnerabilityReport) {
option (google.api.http) = {
get: "/v1/{name=projects/*/locations/*/instances/*/vulnerabilityReport}"
};
@@ -65,7 +192,8 @@ service OsConfigZonalService {
}
// List vulnerability reports for all VM instances in the specified zone.
- rpc ListVulnerabilityReports(ListVulnerabilityReportsRequest) returns (ListVulnerabilityReportsResponse) {
+ rpc ListVulnerabilityReports(ListVulnerabilityReportsRequest)
+ returns (ListVulnerabilityReportsResponse) {
option (google.api.http) = {
get: "/v1/{parent=projects/*/locations/*/instances/*}/vulnerabilityReports"
};