REST Resource: projects.locations.instanceOSPoliciesCompliances

Resource: InstanceOSPoliciesCompliance
- JSON representation
OSPolicyComplianceState
OSPolicyCompliance
- JSON representation
OSPolicyResourceCompliance
- JSON representation
OSPolicyResourceConfigStep
- JSON representation
Type
Outcome
ExecResourceOutput
- JSON representation
Methods

Resource: InstanceOSPoliciesCompliance

This API resource represents the OS policies compliance data for a Compute Engine virtual machine (VM) instance at a given point in time.

A Compute Engine VM can have multiple OS policy assignments, and each assignment can have multiple OS policies. As a result, multiple OS policies could be applied to a single VM.

You can use this API resource to determine both the compliance state of your VM as well as the compliance state of an individual OS policy.

For more information, see View compliance.

JSON representation

JSON representation
{ "name": string, "instance": string, "state": enum (`OSPolicyComplianceState`), "detailedState": string, "detailedStateReason": string, "osPolicyCompliances": [ { object (`OSPolicyCompliance`) } ], "lastComplianceCheckTime": string, "lastComplianceRunId": string }

{
  "name": string,
  "instance": string,
  "state": enum (OSPolicyComplianceState),
  "detailedState": string,
  "detailedStateReason": string,
  "osPolicyCompliances": [
    {
      object (OSPolicyCompliance)
    }
  ],
  "lastComplianceCheckTime": string,
  "lastComplianceRunId": string
}

Fields
`name`	`string` Output only. The `InstanceOSPoliciesCompliance` API resource name. Format: `projects/{project_number}/locations/{location}/instanceOSPoliciesCompliances/{instance_id}`
`instance`	`string` Output only. The Compute Engine VM instance name.
`state`	`enum (OSPolicyComplianceState)` Output only. Compliance state of the VM.
`detailedState`	`string` Output only. Detailed compliance state of the VM. This field is populated only when compliance state is `UNKNOWN`. It may contain one of the following values: `no-compliance-data`: Compliance data is not available for this VM. `no-agent-detected`: OS Config agent is not detected for this VM. `config-not-supported-by-agent`: The version of the OS Config agent running on this VM does not support configuration management. `inactive`: VM is not running. `internal-service-errors`: There were internal service errors encountered while enforcing compliance. `agent-errors`: OS config agent encountered errors while enforcing compliance.
`detailedStateReason`	`string` Output only. The reason for the `detailedState` of the VM (if any).
`osPolicyCompliances[]`	`object (OSPolicyCompliance)` Output only. Compliance data for each `OSPolicy` that is applied to the VM.
`lastComplianceCheckTime`	`string (Timestamp format)` Output only. Timestamp of the last compliance check for the VM. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`lastComplianceRunId`	`string` Output only. Unique identifier for the last compliance run. This id will be logged by the OS config agent during a compliance run and can be used for debugging and tracing purpose.

OSPolicyComplianceState

Supported OSPolicy compliance states.

Enums
`OS_POLICY_COMPLIANCE_STATE_UNSPECIFIED`	Default value. This value is unused.
`COMPLIANT`	Compliant state.
`NON_COMPLIANT`	Non-compliant state
`UNKNOWN`	Unknown compliance state.
`NO_OS_POLICIES_APPLICABLE`	No applicable OS policies were found for the instance. This state is only applicable to the instance.

OSPolicyCompliance

Compliance data for an OS policy

JSON representation
{ "osPolicyId": string, "osPolicyAssignment": string, "state": enum (`OSPolicyComplianceState`), "osPolicyResourceCompliances": [ { object (`OSPolicyResourceCompliance`) } ] }

Fields
`osPolicyId`	`string` The OS policy id
`osPolicyAssignment`	`string` Reference to the `OSPolicyAssignment` API resource that the `OSPolicy` belongs to. Format: `projects/{project_number}/locations/{location}/osPolicyAssignments/{osPolicyAssignmentId@revisionId}`
`state`	`enum (OSPolicyComplianceState)` Compliance state of the OS policy.
`osPolicyResourceCompliances[]`	`object (OSPolicyResourceCompliance)` Compliance data for each `OSPolicyResource` that is applied to the VM.

OSPolicyResourceCompliance

Compliance data for an OS policy resource.

JSON representation

JSON representation
{ "osPolicyResourceId": string, "configSteps": [ { object (`OSPolicyResourceConfigStep`) } ], "state": enum (`OSPolicyComplianceState`), // Union field `output` can be only one of the following: "execResourceOutput": { object (`ExecResourceOutput`) } // End of list of possible types for union field `output`. }

{
  "osPolicyResourceId": string,
  "configSteps": [
    {
      object (OSPolicyResourceConfigStep)
    }
  ],
  "state": enum (OSPolicyComplianceState),

  // Union field output can be only one of the following:
  "execResourceOutput": {
    object (ExecResourceOutput)
  }
  // End of list of possible types for union field output.
}

Fields
`osPolicyResourceId`	`string` The id of the OS policy resource.
`configSteps[]`	`object (OSPolicyResourceConfigStep)` Ordered list of configuration steps taken by the agent for the OS policy resource.
`state`	`enum (OSPolicyComplianceState)` Compliance state of the OS policy resource.
Union field `output`. Resource specific output. `output` can be only one of the following:
`execResourceOutput`	`object (ExecResourceOutput)` ExecResource specific output.

OSPolicyResourceConfigStep

Step performed by the OS Config agent for configuring an OSPolicyResource to its desired state.

JSON representation
{ "type": enum (`Type`), "outcome": enum (`Outcome`), "errorMessage": string }

Fields

Fields
`type`	`enum (Type)` Configuration step type.
`outcome`	`enum (Outcome)` Outcome of the configuration step.
`errorMessage`	`string` An error message recorded during the execution of this step. Only populated when outcome is FAILED.

type

enum (Type)

Configuration step type.

outcome

enum (Outcome)

Outcome of the configuration step.

errorMessage

string

An error message recorded during the execution of this step. Only populated when outcome is FAILED.

Type

Supported configuration step types

Enums
`TYPE_UNSPECIFIED`	Default value. This value is unused.
`VALIDATION`	Validation to detect resource conflicts, schema errors, etc.
`DESIRED_STATE_CHECK`	Check the current desired state status of the resource.
`DESIRED_STATE_ENFORCEMENT`	Enforce the desired state for a resource that is not in desired state.
`DESIRED_STATE_CHECK_POST_ENFORCEMENT`	Re-check desired state status for a resource after enforcement of all resources in the current configuration run. This step is used to determine the final desired state status for the resource. It accounts for any resources that might have drifted from their desired state due to side effects from configuring other resources during the current configuration run.

Outcome

Supported outcomes for a configuration step.

Enums
`OUTCOME_UNSPECIFIED`	Default value. This value is unused.
`SUCCEEDED`	The step succeeded.
`FAILED`	The step failed.

ExecResourceOutput

ExecResource specific output.

JSON representation
{ "enforcementOutput": string }

Fields

Fields
`enforcementOutput`	`string (bytes format)` Output from Enforcement phase output file (if run). Output size is limited to 100K bytes. A base64-encoded string.

enforcementOutput

string (bytes format)

Output from Enforcement phase output file (if run). Output size is limited to 100K bytes.

A base64-encoded string.

Methods
`get (deprecated)`	Get OS policies compliance data for the specified Compute Engine VM instance.
`list (deprecated)`	List OS policies compliance data for all Compute Engine VM instances in the specified zone.

REST Resource: projects.locations.instanceOSPoliciesCompliances

Resource: InstanceOSPoliciesCompliance

OSPolicyComplianceState

OSPolicyCompliance

OSPolicyResourceCompliance

OSPolicyResourceConfigStep

Type

Outcome

ExecResourceOutput

Methods

`get (deprecated)`

`list (deprecated)`