- JSON representation
- RebootConfig
- AptSettings
- Type
- YumSettings
- GooSettings
- ZypperSettings
- WindowsUpdateSettings
- Classification
- ExecStep
- ExecStepConfig
- GcsObject
- Interpreter
Patch configuration specifications. Contains details on how to apply the patch(es) to a VM instance.
JSON representation |
---|
{ "rebootConfig": enum ( |
Fields | |
---|---|
rebootConfig |
Post-patch reboot settings. |
apt |
Apt update settings. Use this setting to override the default |
yum |
Yum update settings. Use this setting to override the default |
goo |
Goo update settings. Use this setting to override the default |
zypper |
Zypper update settings. Use this setting to override the default |
windowsUpdate |
Windows update settings. Use this override the default windows patch rules. |
preStep |
The |
postStep |
The |
migInstancesAllowed |
Allows the patch job to run on Managed instance groups (MIGs). |
RebootConfig
Post-patch reboot settings.
Enums | |
---|---|
REBOOT_CONFIG_UNSPECIFIED |
The default behavior is DEFAULT. |
DEFAULT |
The agent decides if a reboot is necessary by checking signals such as registry keys on Windows or /var/run/reboot-required on APT based systems. On RPM based systems, a set of core system package install times are compared with system boot time. |
ALWAYS |
Always reboot the machine after the update completes. |
NEVER |
Never reboot the machine after the update completes. |
AptSettings
Apt patching is completed by executing apt-get update && apt-get
upgrade
. Additional options can be set to control how this is executed.
JSON representation |
---|
{
"type": enum ( |
Fields | |
---|---|
type |
By changing the type to DIST, the patching is performed using |
excludes[] |
List of packages to exclude from update. These packages will be excluded |
exclusivePackages[] |
An exclusive list of packages to be updated. These are the only packages that will be updated. If these packages are not installed, they will be ignored. This field cannot be specified with any other patch configuration fields. |
Type
Apt patch type.
Enums | |
---|---|
TYPE_UNSPECIFIED |
By default, upgrade will be performed. |
DIST |
Runs apt-get dist-upgrade . |
UPGRADE |
Runs apt-get upgrade . |
YumSettings
Yum patching is performed by executing yum update
. Additional options can be set to control how this is executed.
Note that not all settings are supported on all platforms.
JSON representation |
---|
{ "security": boolean, "minimal": boolean, "excludes": [ string ], "exclusivePackages": [ string ] } |
Fields | |
---|---|
security |
Adds the |
minimal |
Will cause patch to run |
excludes[] |
List of packages to exclude from update. These packages are excluded by using the yum |
exclusivePackages[] |
An exclusive list of packages to be updated. These are the only packages that will be updated. If these packages are not installed, they will be ignored. This field must not be specified with any other patch configuration fields. |
GooSettings
This type has no fields.
Googet patching is performed by running googet update
.
ZypperSettings
Zypper patching is performed by running zypper patch
. See also https://en.opensuse.org/SDB:Zypper_manual.
JSON representation |
---|
{ "withOptional": boolean, "withUpdate": boolean, "categories": [ string ], "severities": [ string ], "excludes": [ string ], "exclusivePatches": [ string ] } |
Fields | |
---|---|
withOptional |
Adds the |
withUpdate |
Adds the |
categories[] |
Install only patches with these categories. Common categories include security, recommended, and feature. |
severities[] |
Install only patches with these severities. Common severities include critical, important, moderate, and low. |
excludes[] |
List of patches to exclude from update. |
exclusivePatches[] |
An exclusive list of patches to be updated. These are the only patches that will be installed using 'zypper patch patch: |
WindowsUpdateSettings
Windows patching is performed using the Windows Update Agent.
JSON representation |
---|
{
"classifications": [
enum ( |
Fields | |
---|---|
classifications[] |
Only apply updates of these windows update classifications. If empty, all updates are applied. |
excludes[] |
List of KBs to exclude from update. |
exclusivePatches[] |
An exclusive list of kbs to be updated. These are the only patches that will be updated. This field must not be used with other patch configurations. |
Classification
Microsoft Windows update classifications as defined in [1] https://support.microsoft.com/en-us/help/824684/description-of-the-standard-terminology-that-is-used-to-describe-micro
Enums | |
---|---|
CLASSIFICATION_UNSPECIFIED |
Invalid. If classifications are included, they must be specified. |
CRITICAL |
"A widely released fix for a specific problem that addresses a critical, non-security-related bug." [1] |
SECURITY |
"A widely released fix for a product-specific, security-related vulnerability. Security vulnerabilities are rated by their severity. The severity rating is indicated in the Microsoft security bulletin as critical, important, moderate, or low." [1] |
DEFINITION |
"A widely released and frequent software update that contains additions to a product's definition database. Definition databases are often used to detect objects that have specific attributes, such as malicious code, phishing websites, or junk mail." [1] |
DRIVER |
"Software that controls the input and output of a device." [1] |
FEATURE_PACK |
"New product functionality that is first distributed outside the context of a product release and that is typically included in the next full product release." [1] |
SERVICE_PACK |
"A tested, cumulative set of all hotfixes, security updates, critical updates, and updates. Additionally, service packs may contain additional fixes for problems that are found internally since the release of the product. Service packs my also contain a limited number of customer-requested design changes or features." [1] |
TOOL |
"A utility or feature that helps complete a task or set of tasks." [1] |
UPDATE_ROLLUP |
"A tested, cumulative set of hotfixes, security updates, critical updates, and updates that are packaged together for easy deployment. A rollup generally targets a specific area, such as security, or a component of a product, such as Internet Information Services (IIS)." [1] |
UPDATE |
"A widely released fix for a specific problem. An update addresses a noncritical, non-security-related bug." [1] |
ExecStep
A step that runs an executable for a PatchJob.
JSON representation |
---|
{ "linuxExecStepConfig": { object ( |
Fields | |
---|---|
linuxExecStepConfig |
The ExecStepConfig for all Linux VMs targeted by the PatchJob. |
windowsExecStepConfig |
The ExecStepConfig for all Windows VMs targeted by the PatchJob. |
ExecStepConfig
Common configurations for an ExecStep.
JSON representation |
---|
{ "allowedSuccessCodes": [ integer ], "interpreter": enum ( |
Fields | |
---|---|
allowedSuccessCodes[] |
Defaults to [0]. A list of possible return values that the execution can return to indicate a success. |
interpreter |
The script interpreter to use to run the script. If no interpreter is specified the script will be executed directly, which will likely only succeed for scripts with shebang lines. |
Union field executable . Location of the executable. executable can be only one of the following: |
|
localPath |
An absolute path to the executable on the VM. |
gcsObject |
A Cloud Storage object containing the executable. |
GcsObject
Cloud Storage object representation.
JSON representation |
---|
{ "bucket": string, "object": string, "generationNumber": string } |
Fields | |
---|---|
bucket |
Required. Bucket of the Cloud Storage object. |
object |
Required. Name of the Cloud Storage object. |
generationNumber |
Required. Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change. |
Interpreter
The interpreter used to run the file.
Enums | |
---|---|
INTERPRETER_UNSPECIFIED |
If the interpreter is not specified, the value defaults to NONE . |
NONE |
Indicates that the file is run as follows on each operating system: + For Linux VMs, the file is ran as an executable and the interpreter might be parsed from the [shebang line](https://wikipedia.org/wiki/Shebang_(Unix)) of the file. + For Windows VM, this value is not supported. |
SHELL |
Indicates that the file is run with /bin/sh on Linux and cmd on Windows. |
POWERSHELL |
Indicates that the file is run with PowerShell. |