- JSON representation
- OSPolicyCompliance
- ComplianceState
- OSPolicyResourceCompliance
- OSPolicyResourceConfigStep
- Type
- ComplianceState
- ExecResourceOutput
A report of the OS policy assignment status for a given instance.
JSON representation |
---|
{
"name": string,
"instance": string,
"osPolicyAssignment": string,
"osPolicyCompliances": [
{
object ( |
Fields | |
---|---|
name |
The Format: |
instance |
The Compute Engine VM instance name. |
osPolicyAssignment |
Reference to the Format: |
osPolicyCompliances[] |
Compliance data for each |
updateTime |
Timestamp for when the report was last generated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
lastRunId |
Unique identifier of the last attempted run to apply the OS policies associated with this assignment on the VM. This ID is logged by the OS Config agent while applying the OS policies associated with this assignment on the VM. NOTE: If the service is unable to successfully connect to the agent for this run, then this id will not be available in the agent logs. |
OSPolicyCompliance
Compliance data for an OS policy
JSON representation |
---|
{ "osPolicyId": string, "complianceState": enum ( |
Fields | |
---|---|
osPolicyId |
The OS policy id |
complianceState |
The compliance state of the OS policy. |
complianceStateReason |
The reason for the OS policy to be in an unknown compliance state. This field is always populated when If populated, the field can contain one of the following values:
|
osPolicyResourceCompliances[] |
Compliance data for each resource within the policy that is applied to the VM. |
ComplianceState
Possible compliance states for an os policy.
Enums | |
---|---|
UNKNOWN |
The policy is in an unknown compliance state. Refer to the field |
COMPLIANT |
Policy is compliant. The policy is compliant if all the underlying resources are also compliant. |
NON_COMPLIANT |
Policy is non-compliant. The policy is non-compliant if one or more underlying resources are non-compliant. |
OSPolicyResourceCompliance
Compliance data for an OS policy resource.
JSON representation |
---|
{ "osPolicyResourceId": string, "configSteps": [ { object ( |
Fields | |
---|---|
osPolicyResourceId |
The ID of the OS policy resource. |
configSteps[] |
Ordered list of configuration completed by the agent for the OS policy resource. |
complianceState |
The compliance state of the resource. |
complianceStateReason |
A reason for the resource to be in the given compliance state. This field is always populated when The following values are supported when
|
Union field output . Resource specific output. output can be only one of the following: |
|
execResourceOutput |
ExecResource specific output. |
OSPolicyResourceConfigStep
Step performed by the OS Config agent for configuring an OSPolicy
resource to its desired state.
JSON representation |
---|
{
"type": enum ( |
Fields | |
---|---|
type |
Configuration step type. |
errorMessage |
An error message recorded during the execution of this step. Only populated if errors were encountered during this step execution. |
Type
Supported configuration step types
Enums | |
---|---|
TYPE_UNSPECIFIED |
Default value. This value is unused. |
VALIDATION |
Checks for resource conflicts such as schema errors. |
DESIRED_STATE_CHECK |
Checks the current status of the desired state for a resource. |
DESIRED_STATE_ENFORCEMENT |
Enforces the desired state for a resource that is not in desired state. |
DESIRED_STATE_CHECK_POST_ENFORCEMENT |
Re-checks the status of the desired state. This check is done for a resource after the enforcement of all OS policies. This step is used to determine the final desired state status for the resource. It accounts for any resources that might have drifted from their desired state due to side effects from executing other resources. |
ComplianceState
Possible compliance states for a resource.
Enums | |
---|---|
UNKNOWN |
The resource is in an unknown compliance state. To get more details about why the policy is in this state, review the output of the |
COMPLIANT |
Resource is compliant. |
NON_COMPLIANT |
Resource is non-compliant. |
ExecResourceOutput
ExecResource specific output.
JSON representation |
---|
{ "enforcementOutput": string } |
Fields | |
---|---|
enforcementOutput |
Output from enforcement phase output file (if run). Output size is limited to 100K bytes. A base64-encoded string. |