Google Cloud OS Config v1 API - Namespace Google.Cloud.OsConfig.V1 (2.2.0)

Apt patching is completed by executing apt-get update && apt-get upgrade. Additional options can be set to control how this is executed.

Container for nested types declared in the AptSettings message type.

Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document

Container for nested types declared in the CVSSv3 message type.

Message for canceling a patch job.

A request message to create an OS policy assignment

A request message for creating a patch deployment.

A request message for deleting a OS policy assignment.

A request message for deleting a patch deployment.

A step that runs an executable for a PatchJob.

Common configurations for an ExecStep.

Container for nested types declared in the ExecStepConfig message type.

A request message to initiate patching across Compute Engine instances.

Message encapsulating a value that can be either absolute ("fixed") or relative ("percent") to a value.

Cloud Storage object representation.

A request message for getting inventory data for the specified VM.

Get a report of the OS policy assignment for a VM instance.

A request message to get an OS policy assignment

A request message for retrieving a patch deployment.

Request to get an active or completed patch job.

A request message for getting the vulnerability report for the specified VM.

Googet patching is performed by running googet update.

Namespace for instance state enums.

Container for nested types declared in the Instance message type.

Resource name for the Instance resource.

Resource name for the InstanceOSPolicyAssignment resource.

This API resource represents the available inventory data for a Compute Engine virtual machine (VM) instance at a given point in time.

You can use this API resource to determine the inventory data of your VM.

For more information, see Information provided by OS inventory management.

Container for nested types declared in the Inventory message type.

A single piece of inventory on a VM.

Container for nested types declared in the Item message type.

Operating system information for the VM.

Software package information of the operating system.

Information related to the a standard versioned package. This includes package info for APT, Yum, Zypper, and Googet package managers.

Contains information about a Windows application that is retrieved from the Windows Registry. For more information about these fields, see: https://docs.microsoft.com/en-us/windows/win32/msi/uninstall-registry-key

Information related to a Quick Fix Engineering package. Fields are taken from Windows QuickFixEngineering Interface and match the source names: https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-quickfixengineering

Details related to a Windows Update package. Field data and names are taken from Windows Update API IUpdate Interface: https://docs.microsoft.com/en-us/windows/win32/api/_wua/ Descriptive fields like title, and description are localized based on the locale of the VM being updated.

Container for nested types declared in the WindowsUpdatePackage message type.

Categories specified by the Windows Update.

Details related to a Zypper Patch.

Resource name for the Inventory resource.

A request message for listing inventory data for all VMs in the specified location.

A response message for listing inventory data for all VMs in a specified location.

List the OS policy assignment reports for VM instances.

A response message for listing OS Policy assignment reports including the page of results and page token.

A request message to list revisions for a OS policy assignment

A response message for listing all revisions for a OS policy assignment.

A request message to list OS policy assignments for a parent resource

A response message for listing all assignments under given parent.

A request message for listing patch deployments.

A response message for listing patch deployments.

Request to list details for all instances that are part of a patch job.

A response message for listing the instances details for a patch job.

A request message for listing patch jobs.

A response message for listing patch jobs.

A request message for listing vulnerability reports for all VM instances in the specified location.

A response message for listing vulnerability reports for all VM instances in the specified location.

Represents a monthly schedule. An example of a valid monthly schedule is "on the third Tuesday of the month" or "on the 15th of the month".

An OS policy defines the desired state configuration for a VM.

Container for nested types declared in the OSPolicy message type.

Filtering criteria to select VMs based on inventory details.

An OS policy resource is used to define the desired state configuration and provides a specific functionality like installing/removing packages, executing a script etc.

The system ensures that resources are always in their desired state by taking necessary actions if they have drifted from their desired state.

Container for nested types declared in the Resource message type.

A resource that allows executing scripts on the VM.

The ExecResource has 2 stages: validate and enforce and both stages accept a script as an argument to execute.

When the ExecResource is applied by the agent, it first executes the script in the validate stage. The validate stage can signal that the ExecResource is already in the desired state by returning an exit code of 100. If the ExecResource is not in the desired state, it should return an exit code of 101. Any other exit code returned by this stage is considered an error.

If the ExecResource is not in the desired state based on the exit code from the validate stage, the agent proceeds to execute the script from the enforce stage. If the ExecResource is already in the desired state, the enforce stage will not be run. Similar to validate stage, the enforce stage should return an exit code of 100 to indicate that the resource in now in its desired state. Any other exit code is considered an error.

NOTE: An exit code of 100 was chosen over 0 (and 101 vs 1) to have an explicit indicator of in desired state, not in desired state and errors. Because, for example, Powershell will always return an exit code of 0 unless an exit statement is provided in the script. So, for reasons of consistency and being explicit, exit codes 100 and 101 were chosen.

Container for nested types declared in the ExecResource message type.

A file or script to execute.

Container for nested types declared in the Exec message type.

A remote or local file.

Container for nested types declared in the File message type.

Specifies a file available as a Cloud Storage Object.

Specifies a file available via some URI.

A resource that manages the state of a file.

Container for nested types declared in the FileResource message type.

A resource that manages a system package.

Container for nested types declared in the PackageResource message type.

A package managed by APT.

• install: apt-get update && apt-get -y install [name]
• remove: apt-get -y remove [name]

A deb package file. dpkg packages only support INSTALLED state.

A package managed by GooGet.

• install: googet -noconfirm install package
• remove: googet -noconfirm remove package

An MSI package. MSI packages only support INSTALLED state.

An RPM package file. RPM packages only support INSTALLED state.

A package managed by YUM.

• install: yum -y install package
• remove: yum -y remove package

A package managed by Zypper.

• install: zypper -y install package
• remove: zypper -y rm package

A resource that manages a package repository.

Container for nested types declared in the RepositoryResource message type.

Represents a single apt package repository. These will be added to a repo file that will be managed at /etc/apt/sources.list.d/google_osconfig.list.

Container for nested types declared in the AptRepository message type.

Represents a Goo package repository. These are added to a repo file that is managed at C:/ProgramData/GooGet/repos/google_osconfig.repo.

Represents a single yum package repository. These are added to a repo file that is managed at /etc/yum.repos.d/google_osconfig.repo.

Represents a single zypper package repository. These are added to a repo file that is managed at /etc/zypp/repos.d/google_osconfig.repo.

Resource groups provide a mechanism to group OS policy resources.

Resource groups enable OS policy authors to create a single OS policy to be applied to VMs running different operating Systems.

When the OS policy is applied to a target VM, the appropriate resource group within the OS policy is selected based on the OSFilter specified within the resource group.

OS policy assignment is an API resource that is used to apply a set of OS policies to a dynamically targeted group of Compute Engine VM instances.

An OS policy is used to define the desired state configuration for a Compute Engine VM instance through a set of configuration resources that provide capabilities such as installing or removing software packages, or executing a script.

For more information, see OS policy and OS policy assignment.

Container for nested types declared in the OSPolicyAssignment message type.

Filters to select target VMs for an assignment.

If more than one filter criteria is specified below, a VM will be selected if and only if it satisfies all of them.

Container for nested types declared in the InstanceFilter message type.

VM inventory details.

Message representing label set.

• A label is a key value pair set for a VM.
• A LabelSet is a set of labels.
• Labels within a LabelSet are ANDed. In other words, a LabelSet is applicable for a VM only if it matches all the labels in the LabelSet.
• Example: A LabelSet with 2 labels: env=prod and type=webserver will only be applicable for those VMs with both labels present.

Message to configure the rollout at the zonal level for the OS policy assignment.

Resource name for the OSPolicyAssignment resource.

OS policy assignment operation metadata provided by OS policy assignment API methods that return long running operations.

Container for nested types declared in the OSPolicyAssignmentOperationMetadata message type.

A report of the OS policy assignment status for a given instance.

Container for nested types declared in the OSPolicyAssignmentReport message type.

Compliance data for an OS policy

Container for nested types declared in the OSPolicyCompliance message type.

Compliance data for an OS policy resource.

Container for nested types declared in the OSPolicyResourceCompliance message type.

ExecResource specific output.

Step performed by the OS Config agent for configuring an OSPolicy resource to its desired state.

Container for nested types declared in the OSPolicyResourceConfigStep message type.

Resource name for the OSPolicyAssignmentReport resource.

Sets the time for a one time patch deployment. Timestamp is in RFC3339 text format.

OS Config API

The OS Config service is a server-side component that you can use to manage package installations and patch jobs for virtual machine instances.

Base class for server-side implementations of OsConfigService

Client for OsConfigService

OsConfigService client wrapper, for convenient use.

Builder class for OsConfigServiceClient to provide simple configuration of credentials, endpoint etc.

OsConfigService client wrapper implementation, for convenient use.

Settings for OsConfigServiceClient instances.

Zonal OS Config API

The OS Config service is the server-side component that allows users to manage package installations and patch jobs for Compute Engine VM instances.

Base class for server-side implementations of OsConfigZonalService

Client for OsConfigZonalService

OsConfigZonalService client wrapper, for convenient use.

Builder class for OsConfigZonalServiceClient to provide simple configuration of credentials, endpoint etc.

OsConfigZonalService client wrapper implementation, for convenient use.

Settings for OsConfigZonalServiceClient instances.

Patch configuration specifications. Contains details on how to apply the patch(es) to a VM instance.

Container for nested types declared in the PatchConfig message type.

Patch deployments are configurations that individual patch jobs use to complete a patch. These configurations include instance filter, package repository settings, and a schedule. For more information about creating and managing patch deployments, see Scheduling patch jobs.

Container for nested types declared in the PatchDeployment message type.

Resource name for the PatchDeployment resource.

A filter to target VM instances for patching. The targeted VMs must meet all criteria specified. So if both labels and zones are specified, the patch job targets only VMs with those labels and in those zones.

Container for nested types declared in the PatchInstanceFilter message type.

Targets a group of VM instances by using their assigned labels. Labels are key-value pairs. A GroupLabel is a combination of labels that is used to target VMs for a patch job.

For example, a patch job can target VMs that have the following GroupLabel: {"env":"test", "app":"web"}. This means that the patch job is applied to VMs that have both the labels env=test and app=web.

A high level representation of a patch job that is either in progress or has completed.

Instance details are not included in the job. To paginate through instance details, use ListPatchJobInstanceDetails.

For more information about patch jobs, see Creating patch jobs.

Container for nested types declared in the PatchJob message type.

A summary of the current patch state across all instances that this patch job affects. Contains counts of instances in different states. These states map to InstancePatchState. List patch job instance details to see the specific states of each instance.

Patch details for a VM instance. For more information about reviewing VM instance details, see Listing all VM instance details for a specific patch job.

Resource name for the PatchJob resource.

Patch rollout configuration specifications. Contains details on the concurrency control when applying patch(es) to all targeted VMs.

Container for nested types declared in the PatchRollout message type.

A request message for pausing a patch deployment.

Sets the time for recurring patch deployments.

Container for nested types declared in the RecurringSchedule message type.

A request message for resuming a patch deployment.

A request message to update an OS policy assignment

A request message for updating a patch deployment.

This API resource represents the vulnerability report for a specified Compute Engine virtual machine (VM) instance at a given point in time.

For more information, see Vulnerability reports.

Container for nested types declared in the VulnerabilityReport message type.

A vulnerability affecting the VM instance.

Container for nested types declared in the Vulnerability message type.

Contains metadata information for the vulnerability. This information is collected from the upstream feed of the operating system.

Container for nested types declared in the Details message type.

A reference for this vulnerability.

OS inventory item that is affected by a vulnerability or fixed as a result of a vulnerability.

Resource name for the VulnerabilityReport resource.

Represents one week day in a month. An example is "the 4th Sunday".

Represents a weekly schedule.

Windows patching is performed using the Windows Update Agent.

Container for nested types declared in the WindowsUpdateSettings message type.

Yum patching is performed by executing yum update. Additional options can be set to control how this is executed.

Note that not all settings are supported on all platforms.

Zypper patching is performed by running zypper patch. See also https://en.opensuse.org/SDB:Zypper_manual.

Apt patch type.

This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.

This metric reflects the context by which vulnerability exploitation is possible.

The Impact metrics capture the effects of a successfully exploited vulnerability on the component that suffers the worst outcome that is most directly and predictably associated with the attack.

This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.

The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.

This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component.

Enum of possible cases for the "executable" oneof.

The interpreter used to execute the a file.

Enum of possible cases for the "mode" oneof.

Patch state of an instance.

The possible contents of InstanceName.

The possible contents of InstanceOSPolicyAssignmentName.

Enum of possible cases for the "details" oneof.

The origin of a specific inventory item.

The different types of inventory that are tracked on a VM.

Enum of possible cases for the "details" oneof.

The possible contents of InventoryName.

The view for inventory objects.

Enum of possible cases for the "day_of_month" oneof.

Policy mode

Enum of possible cases for the "resource_type" oneof.

Enum of possible cases for the "source" oneof.

The interpreter to use.

Enum of possible cases for the "type" oneof.

Enum of possible cases for the "source" oneof.

Desired state of the file.

Enum of possible cases for the "system_package" oneof.

The desired state that the OS Config agent maintains on the VM.

Enum of possible cases for the "repository" oneof.

Type of archive.

OS policy assignment rollout state

The possible contents of OSPolicyAssignmentName.

The OS policy assignment API method.

State of the rollout

Possible compliance states for an os policy.

Enum of possible cases for the "output" oneof.

Possible compliance states for a resource.

Supported configuration step types

The possible contents of OSPolicyAssignmentReportName.

Post-patch reboot settings.

Enum of possible cases for the "schedule" oneof.

Represents state of patch peployment.

The possible contents of PatchDeploymentName.

Enumeration of the various states a patch job passes through as it executes.

The possible contents of PatchJobName.

Type of the rollout.

Enum of possible cases for the "schedule_config" oneof.

Specifies the frequency of the recurring patch deployments.

The possible contents of VulnerabilityReportName.

Microsoft Windows update classifications as defined in [1] https://support.microsoft.com/en-us/help/824684/description-of-the-standard-terminology-that-is-used-to-describe-micro