OSConfigGuestPolicy


Property Value
Google Cloud Service Name OS Config
Google Cloud Service Documentation /compute/docs/osconfig/rest/
Google Cloud REST Resource Name v1beta.projects.guestPolicies
Google Cloud REST Resource Documentation /compute/docs/osconfig/rest/v1beta/projects.guestPolicies
Config Connector Resource Short Names gcposconfigguestpolicy
gcposconfigguestpolicies
osconfigguestpolicy
Config Connector Service Name osconfig.googleapis.com
Config Connector Resource Fully Qualified Name osconfigguestpolicies.osconfig.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No
Config Connector Default Average Reconcile Interval In Seconds 600

Custom Resource Definition Properties

Annotations

Fields
cnrm.cloud.google.com/project-id

Spec

Schema

assignment:
  groupLabels:
  - labels:
      string: string
  instanceNamePrefixes:
  - string
  instances:
  - external: string
    name: string
    namespace: string
  osTypes:
  - osArchitecture: string
    osShortName: string
    osVersion: string
  zones:
  - string
description: string
packageRepositories:
- apt:
    archiveType: string
    components:
    - string
    distribution: string
    gpgKey: string
    uri: string
  goo:
    name: string
    url: string
  yum:
    baseUrl: string
    displayName: string
    gpgKeys:
    - string
    id: string
  zypper:
    baseUrl: string
    displayName: string
    gpgKeys:
    - string
    id: string
packages:
- desiredState: string
  manager: string
  name: string
recipes:
- artifacts:
  - allowInsecure: boolean
    gcs:
      bucketRef:
        external: string
        name: string
        namespace: string
      generation: integer
      object: string
    id: string
    remote:
      checksum: string
      uri: string
  desiredState: string
  installSteps:
  - archiveExtraction:
      artifactId: string
      destination: string
      type: string
    dpkgInstallation:
      artifactId: string
    fileCopy:
      artifactId: string
      destination: string
      overwrite: boolean
      permissions: string
    fileExec:
      allowedExitCodes:
      - integer
      args:
      - string
      artifactId: string
      localPath: string
    msiInstallation:
      allowedExitCodes:
      - integer
      artifactId: string
      flags:
      - string
    rpmInstallation:
      artifactId: string
    scriptRun:
      allowedExitCodes:
      - integer
      interpreter: string
      script: string
  name: string
  updateSteps:
  - archiveExtraction:
      artifactId: string
      destination: string
      type: string
    dpkgInstallation:
      artifactId: string
    fileCopy:
      artifactId: string
      destination: string
      overwrite: boolean
      permissions: string
    fileExec:
      allowedExitCodes:
      - integer
      args:
      - string
      artifactId: string
      localPath: string
    msiInstallation:
      allowedExitCodes:
      - integer
      artifactId: string
      flags:
      - string
    rpmInstallation:
      artifactId: string
    scriptRun:
      allowedExitCodes:
      - integer
      interpreter: string
      script: string
  version: string
resourceID: string
Fields

assignment

Optional

object

Specifies the VMs that are assigned this policy. This allows you to target sets or groups of VMs by different parameters such as labels, names, OS, or zones. Empty assignments will target ALL VMs underneath this policy. Conflict Management Policies that exist higher up in the resource hierarchy (closer to the Org) will override those lower down if there is a conflict. At the same level in the resource hierarchy (ie. within a project), the service will prevent the creation of multiple policies that conflict with each other. If there are multiple policies that specify the same config (eg. package, software recipe, repository, etc.), the service will ensure that no VM could potentially receive instructions from both policies. To create multiple policies that specify different versions of a package or different configs for different Operating Systems, each policy must be mutually exclusive in their targeting according to labels, OS, or other criteria. Different configs are identified for conflicts in different ways. Packages are identified by their name and the package manager(s) they target. Package repositories are identified by their unique id where applicable. Some package managers don't have a unique identifier for repositories and where that's the case, no uniqueness is validated by the service. Note that if OS Inventory is disabled, a VM will not be assigned a policy that targets by OS because the service will see this VM's OS as unknown.

assignment.groupLabels

Optional

list (object)

Targets instances matching at least one of these label sets. This allows an assignment to target disparate groups, for example "env=prod or env=staging".

assignment.groupLabels[]

Optional

object

assignment.groupLabels[].labels

Optional

map (key: string, value: string)

Google Compute Engine instance labels that must be present for an instance to be included in this assignment group.

assignment.instanceNamePrefixes

Optional

list (string)

Targets VM instances whose name starts with one of these prefixes. Like labels, this is another way to group VM instances when targeting configs, for example prefix="prod-". Only supported for project-level policies.

assignment.instanceNamePrefixes[]

Optional

string

assignment.instances

Optional

list (object)

assignment.instances[]

Optional

object

assignment.instances[].external

Optional

string

Allowed value: The `selfLink` field of a `ComputeInstance` resource.

assignment.instances[].name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

assignment.instances[].namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

assignment.osTypes

Optional

list (object)

Targets VM instances matching at least one of the following OS types. VM instances must match all supplied criteria for a given OsType to be included.

assignment.osTypes[]

Optional

object

assignment.osTypes[].osArchitecture

Optional

string

Targets VM instances with OS Inventory enabled and having the following OS architecture.

assignment.osTypes[].osShortName

Optional

string

Targets VM instances with OS Inventory enabled and having the following OS short name, for example "debian" or "windows".

assignment.osTypes[].osVersion

Optional

string

Targets VM instances with OS Inventory enabled and having the following following OS version.

assignment.zones

Optional

list (string)

Targets instances in any of these zones. Leave empty to target instances in any zone. Zonal targeting is uncommon and is supported to facilitate the management of changes by zone.

assignment.zones[]

Optional

string

description

Optional

string

Description of the GuestPolicy. Length of the description is limited to 1024 characters.

packageRepositories

Optional

list (object)

List of package repository configurations assigned to the VM instance.

packageRepositories[]

Optional

object

packageRepositories[].apt

Optional

object

An Apt Repository.

packageRepositories[].apt.archiveType

Optional

string

Type of archive files in this repository. The default behavior is DEB. Possible values: ARCHIVE_TYPE_UNSPECIFIED, DEB, DEB_SRC

packageRepositories[].apt.components

Optional

list (string)

Required. List of components for this repository. Must contain at least one item.

packageRepositories[].apt.components[]

Optional

string

packageRepositories[].apt.distribution

Required*

string

Required. Distribution of this repository.

packageRepositories[].apt.gpgKey

Optional

string

URI of the key file for this repository. The agent maintains a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing all the keys in any applied guest policy.

packageRepositories[].apt.uri

Required*

string

Required. URI for this repository.

packageRepositories[].goo

Optional

object

A Goo Repository.

packageRepositories[].goo.name

Required*

string

Required. The name of the repository.

packageRepositories[].goo.url

Required*

string

Required. The url of the repository.

packageRepositories[].yum

Optional

object

A Yum Repository.

packageRepositories[].yum.baseUrl

Required*

string

Required. The location of the repository directory.

packageRepositories[].yum.displayName

Optional

string

The display name of the repository.

packageRepositories[].yum.gpgKeys

Optional

list (string)

URIs of GPG keys.

packageRepositories[].yum.gpgKeys[]

Optional

string

packageRepositories[].yum.id

Required*

string

Required. A one word, unique name for this repository. This is the `repo id` in the Yum config file and also the `display_name` if `display_name` is omitted. This id is also used as the unique identifier when checking for guest policy conflicts.

packageRepositories[].zypper

Optional

object

A Zypper Repository.

packageRepositories[].zypper.baseUrl

Required*

string

Required. The location of the repository directory.

packageRepositories[].zypper.displayName

Optional

string

The display name of the repository.

packageRepositories[].zypper.gpgKeys

Optional

list (string)

URIs of GPG keys.

packageRepositories[].zypper.gpgKeys[]

Optional

string

packageRepositories[].zypper.id

Required*

string

Required. A one word, unique name for this repository. This is the `repo id` in the zypper config file and also the `display_name` if `display_name` is omitted. This id is also used as the unique identifier when checking for guest policy conflicts.

packages

Optional

list (object)

List of package configurations assigned to the VM instance.

packages[]

Optional

object

packages[].desiredState

Optional

string

The desired_state the agent should maintain for this package. The default is to ensure the package is installed. Possible values: DESIRED_STATE_UNSPECIFIED, INSTALLED, REMOVED

packages[].manager

Optional

string

Type of package manager that can be used to install this package. If a system does not have the package manager, the package is not installed or removed no error message is returned. By default, or if you specify `ANY`, the agent attempts to install and remove this package using the default package manager. This is useful when creating a policy that applies to different types of systems. The default behavior is ANY. Possible values: MANAGER_UNSPECIFIED, ANY, APT, YUM, ZYPPER, GOO

packages[].name

Optional

string

Required. The name of the package. A package is uniquely identified for conflict validation by checking the package name and the manager(s) that the package targets.

recipes

Optional

list (object)

Optional. A list of Recipes to install on the VM.

recipes[]

Optional

object

recipes[].artifacts

Optional

list (object)

Resources available to be used in the steps in the recipe.

recipes[].artifacts[]

Optional

object

recipes[].artifacts[].allowInsecure

Optional

boolean

Defaults to false. When false, recipes are subject to validations based on the artifact type: Remote: A checksum must be specified, and only protocols with transport-layer security are permitted. GCS: An object generation number must be specified.

recipes[].artifacts[].gcs

Optional

object

A Google Cloud Storage artifact.

recipes[].artifacts[].gcs.bucketRef

Optional

object

recipes[].artifacts[].gcs.bucketRef.external

Optional

string

Bucket of the Google Cloud Storage object. Given an example URL: `https://storage.googleapis.com/my-bucket/foo/bar#1234567` this value would be `my-bucket`. Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`).

recipes[].artifacts[].gcs.bucketRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

recipes[].artifacts[].gcs.bucketRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

recipes[].artifacts[].gcs.generation

Optional

integer

Must be provided if allow_insecure is false. Generation number of the Google Cloud Storage object. `https://storage.googleapis.com/my-bucket/foo/bar#1234567` this value would be `1234567`.

recipes[].artifacts[].gcs.object

Optional

string

Name of the Google Cloud Storage object. As specified [here] (https://cloud.google.com/storage/docs/naming#objectnames) Given an example URL: `https://storage.googleapis.com/my-bucket/foo/bar#1234567` this value would be `foo/bar`.

recipes[].artifacts[].id

Optional

string

Required. Id of the artifact, which the installation and update steps of this recipe can reference. Artifacts in a recipe cannot have the same id.

recipes[].artifacts[].remote

Optional

object

A generic remote artifact.

recipes[].artifacts[].remote.checksum

Optional

string

Must be provided if `allow_insecure` is `false`. SHA256 checksum in hex format, to compare to the checksum of the artifact. If the checksum is not empty and it doesn't match the artifact then the recipe installation fails before running any of the steps.

recipes[].artifacts[].remote.uri

Optional

string

URI from which to fetch the object. It should contain both the protocol and path following the format: {protocol}://{location}.

recipes[].desiredState

Optional

string

Default is INSTALLED. The desired state the agent should maintain for this recipe. INSTALLED: The software recipe is installed on the instance but won't be updated to new versions. UPDATED: The software recipe is installed on the instance. The recipe is updated to a higher version, if a higher version of the recipe is assigned to this instance. REMOVE: Remove is unsupported for software recipes and attempts to create or update a recipe to the REMOVE state is rejected. Possible values: DESIRED_STATE_UNSPECIFIED, INSTALLED, REMOVED

recipes[].installSteps

Optional

list (object)

Actions to be taken for installing this recipe. On failure it stops executing steps and does not attempt another installation. Any steps taken (including partially completed steps) are not rolled back.

recipes[].installSteps[]

Optional

object

recipes[].installSteps[].archiveExtraction

Optional

object

Extracts an archive into the specified directory.

recipes[].installSteps[].archiveExtraction.artifactId

Optional

string

Required. The id of the relevant artifact in the recipe.

recipes[].installSteps[].archiveExtraction.destination

Optional

string

Directory to extract archive to. Defaults to `/` on Linux or `C:` on Windows.

recipes[].installSteps[].archiveExtraction.type

Optional

string

Required. The type of the archive to extract. Possible values: TYPE_UNSPECIFIED, VALIDATION, DESIRED_STATE_CHECK, DESIRED_STATE_ENFORCEMENT, DESIRED_STATE_CHECK_POST_ENFORCEMENT

recipes[].installSteps[].dpkgInstallation

Optional

object

Installs a deb file via dpkg.

recipes[].installSteps[].dpkgInstallation.artifactId

Optional

string

Required. The id of the relevant artifact in the recipe.

recipes[].installSteps[].fileCopy

Optional

object

Copies a file onto the instance.

recipes[].installSteps[].fileCopy.artifactId

Optional

string

Required. The id of the relevant artifact in the recipe.

recipes[].installSteps[].fileCopy.destination

Optional

string

Required. The absolute path on the instance to put the file.

recipes[].installSteps[].fileCopy.overwrite

Optional

boolean

Whether to allow this step to overwrite existing files. If this is false and the file already exists the file is not overwritten and the step is considered a success. Defaults to false.

recipes[].installSteps[].fileCopy.permissions

Optional

string

Consists of three octal digits which represent, in order, the permissions of the owner, group, and other users for the file (similarly to the numeric mode used in the linux chmod utility). Each digit represents a three bit number with the 4 bit corresponding to the read permissions, the 2 bit corresponds to the write bit, and the one bit corresponds to the execute permission. Default behavior is 755. Below are some examples of permissions and their associated values: read, write, and execute: 7 read and execute: 5 read and write: 6 read only: 4

recipes[].installSteps[].fileExec

Optional

object

Executes an artifact or local file.

recipes[].installSteps[].fileExec.allowedExitCodes

Optional

list (integer)

Defaults to [0]. A list of possible return values that the program can return to indicate a success.

recipes[].installSteps[].fileExec.allowedExitCodes[]

Optional

integer

recipes[].installSteps[].fileExec.args

Optional

list (string)

Arguments to be passed to the provided executable.

recipes[].installSteps[].fileExec.args[]

Optional

string

recipes[].installSteps[].fileExec.artifactId

Optional

string

The id of the relevant artifact in the recipe.

recipes[].installSteps[].fileExec.localPath

Optional

string

The absolute path of the file on the local filesystem.

recipes[].installSteps[].msiInstallation

Optional

object

Installs an MSI file.

recipes[].installSteps[].msiInstallation.allowedExitCodes

Optional

list (integer)

Return codes that indicate that the software installed or updated successfully. Behaviour defaults to [0]

recipes[].installSteps[].msiInstallation.allowedExitCodes[]

Optional

integer

recipes[].installSteps[].msiInstallation.artifactId

Optional

string

Required. The id of the relevant artifact in the recipe.

recipes[].installSteps[].msiInstallation.flags

Optional

list (string)

The flags to use when installing the MSI defaults to ["/i"] (i.e. the install flag).

recipes[].installSteps[].msiInstallation.flags[]

Optional

string

recipes[].installSteps[].rpmInstallation

Optional

object

Installs an rpm file via the rpm utility.

recipes[].installSteps[].rpmInstallation.artifactId

Optional

string

Required. The id of the relevant artifact in the recipe.

recipes[].installSteps[].scriptRun

Optional

object

Runs commands in a shell.

recipes[].installSteps[].scriptRun.allowedExitCodes

Optional

list (integer)

Return codes that indicate that the software installed or updated successfully. Behaviour defaults to [0]

recipes[].installSteps[].scriptRun.allowedExitCodes[]

Optional

integer

recipes[].installSteps[].scriptRun.interpreter

Optional

string

The script interpreter to use to run the script. If no interpreter is specified the script is executed directly, which likely only succeed for scripts with [shebang lines](https://en.wikipedia.org/wiki/Shebang_(Unix)). Possible values: INTERPRETER_UNSPECIFIED, NONE, SHELL, POWERSHELL

recipes[].installSteps[].scriptRun.script

Optional

string

Required. The shell script to be executed.

recipes[].name

Optional

string

Required. Unique identifier for the recipe. Only one recipe with a given name is installed on an instance. Names are also used to identify resources which helps to determine whether guest policies have conflicts. This means that requests to create multiple recipes with the same name and version are rejected since they could potentially have conflicting assignments.

recipes[].updateSteps

Optional

list (object)

Actions to be taken for updating this recipe. On failure it stops executing steps and does not attempt another update for this recipe. Any steps taken (including partially completed steps) are not rolled back.

recipes[].updateSteps[]

Optional

object

recipes[].updateSteps[].archiveExtraction

Optional

object

Extracts an archive into the specified directory.

recipes[].updateSteps[].archiveExtraction.artifactId

Optional

string

Required. The id of the relevant artifact in the recipe.

recipes[].updateSteps[].archiveExtraction.destination

Optional

string

Directory to extract archive to. Defaults to `/` on Linux or `C:` on Windows.

recipes[].updateSteps[].archiveExtraction.type

Optional

string

Required. The type of the archive to extract. Possible values: TYPE_UNSPECIFIED, VALIDATION, DESIRED_STATE_CHECK, DESIRED_STATE_ENFORCEMENT, DESIRED_STATE_CHECK_POST_ENFORCEMENT

recipes[].updateSteps[].dpkgInstallation

Optional

object

Installs a deb file via dpkg.

recipes[].updateSteps[].dpkgInstallation.artifactId

Optional

string

Required. The id of the relevant artifact in the recipe.

recipes[].updateSteps[].fileCopy

Optional

object

Copies a file onto the instance.

recipes[].updateSteps[].fileCopy.artifactId

Optional

string

Required. The id of the relevant artifact in the recipe.

recipes[].updateSteps[].fileCopy.destination

Optional

string

Required. The absolute path on the instance to put the file.

recipes[].updateSteps[].fileCopy.overwrite

Optional

boolean

Whether to allow this step to overwrite existing files. If this is false and the file already exists the file is not overwritten and the step is considered a success. Defaults to false.

recipes[].updateSteps[].fileCopy.permissions

Optional

string

Consists of three octal digits which represent, in order, the permissions of the owner, group, and other users for the file (similarly to the numeric mode used in the linux chmod utility). Each digit represents a three bit number with the 4 bit corresponding to the read permissions, the 2 bit corresponds to the write bit, and the one bit corresponds to the execute permission. Default behavior is 755. Below are some examples of permissions and their associated values: read, write, and execute: 7 read and execute: 5 read and write: 6 read only: 4

recipes[].updateSteps[].fileExec

Optional

object

Executes an artifact or local file.

recipes[].updateSteps[].fileExec.allowedExitCodes

Optional

list (integer)

Defaults to [0]. A list of possible return values that the program can return to indicate a success.

recipes[].updateSteps[].fileExec.allowedExitCodes[]

Optional

integer

recipes[].updateSteps[].fileExec.args

Optional

list (string)

Arguments to be passed to the provided executable.

recipes[].updateSteps[].fileExec.args[]

Optional

string

recipes[].updateSteps[].fileExec.artifactId

Optional

string

The id of the relevant artifact in the recipe.

recipes[].updateSteps[].fileExec.localPath

Optional

string

The absolute path of the file on the local filesystem.

recipes[].updateSteps[].msiInstallation

Optional

object

Installs an MSI file.

recipes[].updateSteps[].msiInstallation.allowedExitCodes

Optional

list (integer)

Return codes that indicate that the software installed or updated successfully. Behaviour defaults to [0]

recipes[].updateSteps[].msiInstallation.allowedExitCodes[]

Optional

integer

recipes[].updateSteps[].msiInstallation.artifactId

Optional

string

Required. The id of the relevant artifact in the recipe.

recipes[].updateSteps[].msiInstallation.flags

Optional

list (string)

The flags to use when installing the MSI defaults to ["/i"] (i.e. the install flag).

recipes[].updateSteps[].msiInstallation.flags[]

Optional

string

recipes[].updateSteps[].rpmInstallation

Optional

object

Installs an rpm file via the rpm utility.

recipes[].updateSteps[].rpmInstallation.artifactId

Optional

string

Required. The id of the relevant artifact in the recipe.

recipes[].updateSteps[].scriptRun

Optional

object

Runs commands in a shell.

recipes[].updateSteps[].scriptRun.allowedExitCodes

Optional

list (integer)

Return codes that indicate that the software installed or updated successfully. Behaviour defaults to [0]

recipes[].updateSteps[].scriptRun.allowedExitCodes[]

Optional

integer

recipes[].updateSteps[].scriptRun.interpreter

Optional

string

The script interpreter to use to run the script. If no interpreter is specified the script is executed directly, which likely only succeed for scripts with [shebang lines](https://en.wikipedia.org/wiki/Shebang_(Unix)). Possible values: INTERPRETER_UNSPECIFIED, NONE, SHELL, POWERSHELL

recipes[].updateSteps[].scriptRun.script

Optional

string

Required. The shell script to be executed.

recipes[].version

Optional

string

The version of this software recipe. Version can be up to 4 period separated numbers (e.g. 12.34.56.78).

resourceID

Optional

string

Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.

* Field is required when parent field is specified

Status

Schema

conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
createTime: string
etag: string
observedGeneration: integer
updateTime: string
Fields
conditions

list (object)

Conditions represent the latest available observation of the resource's current state.

conditions[]

object

conditions[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions[].message

string

Human-readable message indicating details about last transition.

conditions[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions[].type

string

Type is the type of the condition.

createTime

string

Output only. Time this GuestPolicy was created.

etag

string

The etag for this GuestPolicy. If this is provided on update, it must match the server's etag.

observedGeneration

integer

ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.

updateTime

string

Output only. Last time this GuestPolicy was updated.

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: osconfig.cnrm.cloud.google.com/v1beta1
kind: OSConfigGuestPolicy
metadata:
  name: osconfigguestpolicy-sample
spec:
  description: An example OSConfigGuestPolicy for installing a web application on assigned instances.
  assignment:
    groupLabels:
      - labels:
          env: prod
          app: web
      - labels:
          env: staging
          app: web
    instanceNamePrefixes:
      - webappprod-
      - webappstaging-
    osTypes:
      - osArchitecture: x86_64
        osShortName: debian
        osVersion: "10"
      - osArchitecture: x86_64
        osShortName: windows
        osVersion: 10.0.14393
  packageRepositories:
    - apt:
        archiveType: DEB
        distribution: aiy-debian-buster
        components:
          - main
        uri: https://packages.cloud.google.com/apt
        gpgKey: https://packages.cloud.google.com/apt/dists/aiy-debian-buster/Release.gpg
    - yum:
        id: liamtest
        displayName: Liam Test
        baseUrl: https://packages.cloud.google.com/yum/repos/liamtest
        gpgKeys:
          - https://packages.cloud.google.com/yum/doc/yum-key.gpg
          - https://packages.cloud.google.com/yum/doc/rpm-pkg-key.gpg
  packages:
    - desiredState: INSTALLED
      manager: APT
      name: add-apt-key
    - desiredState: REMOVED
      manager: YUM
      name: ssl
    - desiredState: UPDATED
      manager: ANY
      name: ansible-doc
  recipes:
    - name: latest-ansible
      version: 1.0.0.1
      artifacts:
      - id: ansible
        remote:
          uri: https://releases.ansible.com/ansible-tower/setup/ansible-tower-setup-latest.tar.gz
        allowInsecure: true
      desiredState: INSTALLED
      installSteps:
        - fileCopy:
            artifactId: ansible
            destination: /installbackups/ansible
            overwrite: true
            permissions: "555"
        - archiveExtraction:
            destination: /var/ansible/
            type: TAR_GZIP
            artifactId: ansible
    - name: prod-web-app
      version: 2.5.27
      artifacts:
      - id: web-app
        allowInsecure: false
        gcs:
          generation: 1829485032948520
          object: latest/prod
          bucketRef:
            external: https://storage.googleapis.com/storage/v1/b/webapp
      desiredState: UPDATED
      installSteps:
        - fileCopy:
            overwrite: false
            permissions: "777"
            artifactId: web-app
            destination: /installbackups/prod
        - fileExec:
            localPath: /installbackups/prod
            allowedExitCodes:
              - 0
            args:
              - prodcompile
      updateSteps:
        - fileCopy:
            permissions: "755"
            artifactId: web-app
            destination: /installbackups/prod
        - fileExec:
            localPath: /installbackups/prod
            allowedExitCodes:
              - 0
              - 4
            args:
              - updatecompile