Class OSPolicy (1.16.0)

OSPolicy(mapping=None, *, ignore_unknown_fields=False, **kwargs)

An OS policy defines the desired state configuration for a VM.


id str
Required. The id of the OS policy with the following restrictions: - Must contain only lowercase letters, numbers, and hyphens. - Must start with a letter. - Must be between 1-63 characters. - Must end with a number or a letter. - Must be unique within the assignment.
description str
Policy description. Length of the description is limited to 1024 characters.
Required. Policy mode
resource_groups MutableSequence[]
Required. List of resource groups for the policy. For a particular VM, resource groups are evaluated in the order specified and the first resource group that is applicable is selected and the rest are ignored. If none of the resource groups are applicable for a VM, the VM is considered to be non-compliant w.r.t this policy. This behavior can be toggled by the flag allow_no_resource_group_match
allow_no_resource_group_match bool
This flag determines the OS policy compliance status when none of the resource groups within the policy are applicable for a VM. Set this value to true if the policy needs to be reported as compliant even if the policy has nothing to validate or enforce.



InventoryFilter(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Filtering criteria to select VMs based on inventory details.



Policy mode

Values: MODE_UNSPECIFIED (0): Invalid mode VALIDATION (1): This mode checks if the configuration resources in the policy are in their desired state. No actions are performed if they are not in the desired state. This mode is used for reporting purposes. ENFORCEMENT (2): This mode checks if the configuration resources in the policy are in their desired state, and if not, enforces the desired state.


Resource(mapping=None, *, ignore_unknown_fields=False, **kwargs)

An OS policy resource is used to define the desired state configuration and provides a specific functionality like installing/removing packages, executing a script etc.

The system ensures that resources are always in their desired state by taking necessary actions if they have drifted from their desired state.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof:


ResourceGroup(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Resource groups provide a mechanism to group OS policy resources.

Resource groups enable OS policy authors to create a single OS policy to be applied to VMs running different operating Systems.

When the OS policy is applied to a target VM, the appropriate resource group within the OS policy is selected based on the OSFilter specified within the resource group.