OSPolicyAssignmentReport

JSON representation
OSPolicyCompliance
- JSON representation
ComplianceState
OSPolicyResourceCompliance
- JSON representation
OSPolicyResourceConfigStep
- JSON representation
Type
ComplianceState
ExecResourceOutput
- JSON representation

A report of the OS policy assignment status for a given instance.

JSON representation
{ "name": string, "instance": string, "osPolicyAssignment": string, "osPolicyCompliances": [ { object (`OSPolicyCompliance`) } ], "updateTime": string, "lastRunId": string }

Fields
`name`	`string` The `OSPolicyAssignmentReport` API resource name. Format: `projects/{project_number}/locations/{location}/instances/{instance_id}/osPolicyAssignments/{osPolicyAssignmentId}/report`
`instance`	`string` The Compute Engine VM instance name.
`osPolicyAssignment`	`string` Reference to the `OSPolicyAssignment` API resource that the `OSPolicy` belongs to. Format: `projects/{project_number}/locations/{location}/osPolicyAssignments/{osPolicyAssignmentId@revisionId}`
`osPolicyCompliances[]`	`object (OSPolicyCompliance)` Compliance data for each `OSPolicy` that is applied to the VM.
`updateTime`	`string (Timestamp format)` Timestamp for when the report was last generated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`lastRunId`	`string` Unique identifier of the last attempted run to apply the OS policies associated with this assignment on the VM. This ID is logged by the OS Config agent while applying the OS policies associated with this assignment on the VM. NOTE: If the service is unable to successfully connect to the agent for this run, then this id will not be available in the agent logs.

OSPolicyCompliance

Compliance data for an OS policy

JSON representation
{ "osPolicyId": string, "complianceState": enum (`ComplianceState`), "complianceStateReason": string, "osPolicyResourceCompliances": [ { object (`OSPolicyResourceCompliance`) } ] }

Fields
`osPolicyId`	`string` The OS policy id
`complianceState`	`enum (ComplianceState)` The compliance state of the OS policy.
`complianceStateReason`	`string` The reason for the OS policy to be in an unknown compliance state. This field is always populated when `complianceState` is `UNKNOWN`. If populated, the field can contain one of the following values: `vm-not-running`: The VM was not running. `os-policies-not-supported-by-agent`: The version of the OS Config agent running on the VM does not support running OS policies. `no-agent-detected`: The OS Config agent is not detected for the VM. `resource-execution-errors`: The OS Config agent encountered errors while executing one or more resources in the policy. See `osPolicyResourceCompliances` for details. `task-timeout`: The task sent to the agent to apply the policy timed out. `unexpected-agent-state`: The OS Config agent did not report the final status of the task that attempted to apply the policy. Instead, the agent unexpectedly started working on a different task. This mostly happens when the agent or VM unexpectedly restarts while applying OS policies. `internal-service-errors`: Internal service errors were encountered while attempting to apply the policy. `os-policy-execution-pending`: OS policy was assigned to the given VM, but was not executed yet. Typically this is a transient condition that will go away after the next policy execution cycle.
`osPolicyResourceCompliances[]`	`object (OSPolicyResourceCompliance)` Compliance data for each resource within the policy that is applied to the VM.

ComplianceState

Possible compliance states for an os policy.

Enums

Enums
`UNKNOWN`	The policy is in an unknown compliance state. Refer to the field `complianceStateReason` to learn the exact reason for the policy to be in this compliance state.
`COMPLIANT`	Policy is compliant. The policy is compliant if all the underlying resources are also compliant.
`NON_COMPLIANT`	Policy is non-compliant. The policy is non-compliant if one or more underlying resources are non-compliant.

UNKNOWN

The policy is in an unknown compliance state.

Refer to the field complianceStateReason to learn the exact reason for the policy to be in this compliance state.

COMPLIANT

Policy is compliant.

The policy is compliant if all the underlying resources are also compliant.

NON_COMPLIANT

Policy is non-compliant.

The policy is non-compliant if one or more underlying resources are non-compliant.

OSPolicyResourceCompliance

Compliance data for an OS policy resource.

JSON representation

JSON representation
{ "osPolicyResourceId": string, "configSteps": [ { object (`OSPolicyResourceConfigStep`) } ], "complianceState": enum (`ComplianceState`), "complianceStateReason": string, // Union field `output` can be only one of the following: "execResourceOutput": { object (`ExecResourceOutput`) } // End of list of possible types for union field `output`. }

{
  "osPolicyResourceId": string,
  "configSteps": [
    {
      object (OSPolicyResourceConfigStep)
    }
  ],
  "complianceState": enum (ComplianceState),
  "complianceStateReason": string,

  // Union field output can be only one of the following:
  "execResourceOutput": {
    object (ExecResourceOutput)
  }
  // End of list of possible types for union field output.
}

Fields
`osPolicyResourceId`	`string` The ID of the OS policy resource.
`configSteps[]`	`object (OSPolicyResourceConfigStep)` Ordered list of configuration completed by the agent for the OS policy resource.
`complianceState`	`enum (ComplianceState)` The compliance state of the resource.
`complianceStateReason`	`string` A reason for the resource to be in the given compliance state. This field is always populated when `complianceState` is `UNKNOWN`. The following values are supported when `complianceState == UNKNOWN` `execution-errors`: Errors were encountered by the agent while executing the resource and the compliance state couldn't be determined. `execution-skipped-by-agent`: Resource execution was skipped by the agent because errors were encountered while executing prior resources in the OS policy. `os-policy-execution-attempt-failed`: The execution of the OS policy containing this resource failed and the compliance state couldn't be determined. `os-policy-execution-pending`: OS policy that owns this resource was assigned to the given VM, but was not executed yet.
Union field `output`. Resource specific output. `output` can be only one of the following:
`execResourceOutput`	`object (ExecResourceOutput)` ExecResource specific output.

OSPolicyResourceConfigStep

Step performed by the OS Config agent for configuring an OSPolicy resource to its desired state.

JSON representation
{ "type": enum (`Type`), "errorMessage": string }

Fields

Fields
`type`	`enum (Type)` Configuration step type.
`errorMessage`	`string` An error message recorded during the execution of this step. Only populated if errors were encountered during this step execution.

type

enum (Type)

Configuration step type.

errorMessage

string

An error message recorded during the execution of this step. Only populated if errors were encountered during this step execution.

Type

Supported configuration step types

Enums
`TYPE_UNSPECIFIED`	Default value. This value is unused.
`VALIDATION`	Checks for resource conflicts such as schema errors.
`DESIRED_STATE_CHECK`	Checks the current status of the desired state for a resource.
`DESIRED_STATE_ENFORCEMENT`	Enforces the desired state for a resource that is not in desired state.
`DESIRED_STATE_CHECK_POST_ENFORCEMENT`	Re-checks the status of the desired state. This check is done for a resource after the enforcement of all OS policies. This step is used to determine the final desired state status for the resource. It accounts for any resources that might have drifted from their desired state due to side effects from executing other resources.

ComplianceState

Possible compliance states for a resource.

Enums

Enums
`UNKNOWN`	The resource is in an unknown compliance state. To get more details about why the policy is in this state, review the output of the `complianceStateReason` field.
`COMPLIANT`	Resource is compliant.
`NON_COMPLIANT`	Resource is non-compliant.

UNKNOWN

The resource is in an unknown compliance state.

To get more details about why the policy is in this state, review the output of the complianceStateReason field.

COMPLIANT Resource is compliant.

NON_COMPLIANT Resource is non-compliant.

ExecResourceOutput

ExecResource specific output.

JSON representation
{ "enforcementOutput": string }

Fields

Fields
`enforcementOutput`	`string (bytes format)` Output from enforcement phase output file (if run). Output size is limited to 100K bytes. A base64-encoded string.

enforcementOutput

string (bytes format)

Output from enforcement phase output file (if run). Output size is limited to 100K bytes.

A base64-encoded string.