OSPolicyAssignment

OS policy assignment is an API resource that is used to apply a set of OS policies to a dynamically targeted group of Compute Engine VM instances.

An OS policy is used to define the desired state configuration for a Compute Engine VM instance through a set of configuration resources that provide capabilities such as installing or removing software packages, or executing a script.

For more information about the OS policy resource definitions and examples, see OS policy and OS policy assignment.

JSON representation
{
  "name": string,
  "description": string,
  "osPolicies": [
    {
      object (OSPolicy)
    }
  ],
  "instanceFilter": {
    object (InstanceFilter)
  },
  "rollout": {
    object (Rollout)
  },
  "revisionId": string,
  "revisionCreateTime": string,
  "etag": string,
  "rolloutState": enum (RolloutState),
  "baseline": boolean,
  "deleted": boolean,
  "reconciling": boolean,
  "uid": string
}
Fields
name

string

Resource name.

Format: projects/{project_number}/locations/{location}/osPolicyAssignments/{osPolicyAssignmentId}

This field is ignored when you create an OS policy assignment.

description

string

OS policy assignment description. Length of the description is limited to 1024 characters.

osPolicies[]

object (OSPolicy)

Required. List of OS policies to be applied to the VMs.

instanceFilter

object (InstanceFilter)

Required. Filter to select VMs.

rollout

object (Rollout)

Required. Rollout to deploy the OS policy assignment. A rollout is triggered in the following situations: 1) OSPolicyAssignment is created. 2) OSPolicyAssignment is updated and the update contains changes to one of the following fields: - instanceFilter - osPolicies 3) OSPolicyAssignment is deleted.

revisionId

string

Output only. The assignment revision ID A new revision is committed whenever a rollout is triggered for a OS policy assignment

revisionCreateTime

string (Timestamp format)

Output only. The timestamp that the revision was created.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

etag

string

The etag for this OS policy assignment. If this is provided on update, it must match the server's etag.

rolloutState

enum (RolloutState)

Output only. OS policy assignment rollout state

baseline

boolean

Output only. Indicates that this revision has been successfully rolled out in this zone and new VMs will be assigned OS policies from this revision.

For a given OS policy assignment, there is only one revision with a value of true for this field.

deleted

boolean

Output only. Indicates that this revision deletes the OS policy assignment.

reconciling

boolean

Output only. Indicates that reconciliation is in progress for the revision. This value is true when the rolloutState is one of: * IN_PROGRESS * CANCELLING

uid

string

Output only. Server generated unique id for the OS policy assignment resource.

InstanceFilter

Filters to select target VMs for an assignment.

If more than one filter criteria is specified below, a VM will be selected if and only if it satisfies all of them.

JSON representation
{
  "all": boolean,
  "inclusionLabels": [
    {
      object (LabelSet)
    }
  ],
  "exclusionLabels": [
    {
      object (LabelSet)
    }
  ],
  "inventories": [
    {
      object (Inventory)
    }
  ]
}
Fields
all

boolean

Target all VMs in the project. If true, no other criteria is permitted.

inclusionLabels[]

object (LabelSet)

List of label sets used for VM inclusion.

If the list has more than one LabelSet, the VM is included if any of the label sets are applicable for the VM.

exclusionLabels[]

object (LabelSet)

List of label sets used for VM exclusion.

If the list has more than one label set, the VM is excluded if any of the label sets are applicable for the VM.

inventories[]

object (Inventory)

List of inventories to select VMs.

A VM is selected if its inventory data matches at least one of the following inventories.

LabelSet

Message representing label set. * A label is a key value pair set for a VM. * A LabelSet is a set of labels. * Labels within a LabelSet are ANDed. In other words, a LabelSet is applicable for a VM only if it matches all the labels in the LabelSet. * Example: A LabelSet with 2 labels: env=prod and type=webserver will only be applicable for those VMs with both labels present.

JSON representation
{
  "labels": {
    string: string,
    ...
  }
}
Fields
labels

map (key: string, value: string)

Labels are identified by key/value pairs in this map. A VM should contain all the key/value pairs specified in this map to be selected.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

Inventory

VM inventory details.

JSON representation
{
  "osShortName": string,
  "osVersion": string
}
Fields
osShortName

string

Required. The OS short name

osVersion

string

The OS version

Prefix matches are supported if asterisk(*) is provided as the last character. For example, to match all versions with a major version of 7, specify the following value for this field 7.*

An empty string matches all OS versions.

Rollout

Message to configure the rollout at the zonal level for the OS policy assignment.

JSON representation
{
  "disruptionBudget": {
    object (FixedOrPercent)
  },
  "minWaitDuration": string
}
Fields
disruptionBudget

object (FixedOrPercent)

Required. The maximum number (or percentage) of VMs per zone to disrupt at any given moment.

minWaitDuration

string (Duration format)

Required. This determines the minimum duration of time to wait after the configuration changes are applied through the current rollout. A VM continues to count towards the disruptionBudget at least until this duration of time has passed after configuration changes are applied.

A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".