- Resource: InstanceOSPoliciesCompliance
- OSPolicyComplianceState
- OSPolicyCompliance
- OSPolicyResourceCompliance
- OSPolicyResourceConfigStep
- Type
- Outcome
- ExecResourceOutput
- Methods
Resource: InstanceOSPoliciesCompliance
This API resource represents the OS policies compliance data for a Compute Engine virtual machine (VM) instance at a given point in time.
A Compute Engine VM can have multiple OS policy assignments, and each assignment can have multiple OS policies. As a result, multiple OS policies could be applied to a single VM.
You can use this API resource to determine both the compliance state of your VM as well as the compliance state of an individual OS policy.
For more information, see View compliance.
JSON representation |
---|
{ "name": string, "instance": string, "state": enum ( |
Fields | |
---|---|
name |
Output only. The Format: |
instance |
Output only. The Compute Engine VM instance name. |
state |
Output only. Compliance state of the VM. |
detailedState |
Output only. Detailed compliance state of the VM. This field is populated only when compliance state is It may contain one of the following values:
|
detailedStateReason |
Output only. The reason for the |
osPolicyCompliances[] |
Output only. Compliance data for each |
lastComplianceCheckTime |
Output only. Timestamp of the last compliance check for the VM. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
lastComplianceRunId |
Output only. Unique identifier for the last compliance run. This id will be logged by the OS config agent during a compliance run and can be used for debugging and tracing purpose. |
OSPolicyComplianceState
Supported OSPolicy compliance states.
Enums | |
---|---|
OS_POLICY_COMPLIANCE_STATE_UNSPECIFIED |
Default value. This value is unused. |
COMPLIANT |
Compliant state. |
NON_COMPLIANT |
Non-compliant state |
UNKNOWN |
Unknown compliance state. |
NO_OS_POLICIES_APPLICABLE |
No applicable OS policies were found for the instance. This state is only applicable to the instance. |
OSPolicyCompliance
Compliance data for an OS policy
JSON representation |
---|
{ "osPolicyId": string, "osPolicyAssignment": string, "state": enum ( |
Fields | |
---|---|
osPolicyId |
The OS policy id |
osPolicyAssignment |
Reference to the Format: |
state |
Compliance state of the OS policy. |
osPolicyResourceCompliances[] |
Compliance data for each |
OSPolicyResourceCompliance
Compliance data for an OS policy resource.
JSON representation |
---|
{ "osPolicyResourceId": string, "configSteps": [ { object ( |
Fields | |
---|---|
osPolicyResourceId |
The id of the OS policy resource. |
configSteps[] |
Ordered list of configuration steps taken by the agent for the OS policy resource. |
state |
Compliance state of the OS policy resource. |
Union field output . Resource specific output. output can be only one of the following: |
|
execResourceOutput |
ExecResource specific output. |
OSPolicyResourceConfigStep
Step performed by the OS Config agent for configuring an OSPolicyResource
to its desired state.
JSON representation |
---|
{ "type": enum ( |
Fields | |
---|---|
type |
Configuration step type. |
outcome |
Outcome of the configuration step. |
errorMessage |
An error message recorded during the execution of this step. Only populated when outcome is FAILED. |
Type
Supported configuration step types
Enums | |
---|---|
TYPE_UNSPECIFIED |
Default value. This value is unused. |
VALIDATION |
Validation to detect resource conflicts, schema errors, etc. |
DESIRED_STATE_CHECK |
Check the current desired state status of the resource. |
DESIRED_STATE_ENFORCEMENT |
Enforce the desired state for a resource that is not in desired state. |
DESIRED_STATE_CHECK_POST_ENFORCEMENT |
Re-check desired state status for a resource after enforcement of all resources in the current configuration run. This step is used to determine the final desired state status for the resource. It accounts for any resources that might have drifted from their desired state due to side effects from configuring other resources during the current configuration run. |
Outcome
Supported outcomes for a configuration step.
Enums | |
---|---|
OUTCOME_UNSPECIFIED |
Default value. This value is unused. |
SUCCEEDED |
The step succeeded. |
FAILED |
The step failed. |
ExecResourceOutput
ExecResource specific output.
JSON representation |
---|
{ "enforcementOutput": string } |
Fields | |
---|---|
enforcementOutput |
Output from Enforcement phase output file (if run). Output size is limited to 100K bytes. A base64-encoded string. |
Methods |
|
---|---|
(deprecated) |
Get OS policies compliance data for the specified Compute Engine VM instance. |
(deprecated) |
List OS policies compliance data for all Compute Engine VM instances in the specified zone. |