1// Copyright 2021 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.osconfig.v1; 18 19import "google/api/field_behavior.proto"; 20import "google/api/resource.proto"; 21import "google/protobuf/timestamp.proto"; 22 23option csharp_namespace = "Google.Cloud.OsConfig.V1"; 24option go_package = "cloud.google.com/go/osconfig/apiv1/osconfigpb;osconfigpb"; 25option java_multiple_files = true; 26option java_outer_classname = "OSPolicyAssignmentReportsProto"; 27option java_package = "com.google.cloud.osconfig.v1"; 28option php_namespace = "Google\\Cloud\\OsConfig\\V1"; 29option ruby_package = "Google::Cloud::OsConfig::V1"; 30option (google.api.resource_definition) = { 31 type: "osconfig.googleapis.com/InstanceOSPolicyAssignment" 32 pattern: "projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/{assignment}" 33}; 34 35// Get a report of the OS policy assignment for a VM instance. 36message GetOSPolicyAssignmentReportRequest { 37 // Required. API resource name for OS policy assignment report. 38 // 39 // Format: 40 // `/projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/{assignment}/report` 41 // 42 // For `{project}`, either `project-number` or `project-id` can be provided. 43 // For `{instance_id}`, either Compute Engine `instance-id` or `instance-name` 44 // can be provided. 45 // For `{assignment_id}`, the OSPolicyAssignment id must be provided. 46 string name = 1 [ 47 (google.api.field_behavior) = REQUIRED, 48 (google.api.resource_reference) = { 49 type: "osconfig.googleapis.com/OSPolicyAssignmentReport" 50 } 51 ]; 52} 53 54// List the OS policy assignment reports for VM instances. 55message ListOSPolicyAssignmentReportsRequest { 56 // Required. The parent resource name. 57 // 58 // Format: 59 // `projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/{assignment}/reports` 60 // 61 // For `{project}`, either `project-number` or `project-id` can be provided. 62 // For `{instance}`, either `instance-name`, `instance-id`, or `-` can be 63 // provided. If '-' is provided, the response will include 64 // OSPolicyAssignmentReports for all instances in the project/location. 65 // For `{assignment}`, either `assignment-id` or `-` can be provided. If '-' 66 // is provided, the response will include OSPolicyAssignmentReports for all 67 // OSPolicyAssignments in the project/location. 68 // Either {instance} or {assignment} must be `-`. 69 // 70 // For example: 71 // `projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/-/reports` 72 // returns all reports for the instance 73 // `projects/{project}/locations/{location}/instances/-/osPolicyAssignments/{assignment-id}/reports` 74 // returns all the reports for the given assignment across all instances. 75 // `projects/{project}/locations/{location}/instances/-/osPolicyAssignments/-/reports` 76 // returns all the reports for all assignments across all instances. 77 string parent = 1 [ 78 (google.api.field_behavior) = REQUIRED, 79 (google.api.resource_reference) = { 80 type: "osconfig.googleapis.com/InstanceOSPolicyAssignment" 81 } 82 ]; 83 84 // The maximum number of results to return. 85 int32 page_size = 2; 86 87 // If provided, this field specifies the criteria that must be met by the 88 // `OSPolicyAssignmentReport` API resource that is included in the response. 89 string filter = 3; 90 91 // A pagination token returned from a previous call to the 92 // `ListOSPolicyAssignmentReports` method that indicates where this listing 93 // should continue from. 94 string page_token = 4; 95} 96 97// A response message for listing OS Policy assignment reports including the 98// page of results and page token. 99message ListOSPolicyAssignmentReportsResponse { 100 // List of OS policy assignment reports. 101 repeated OSPolicyAssignmentReport os_policy_assignment_reports = 1; 102 103 // The pagination token to retrieve the next page of OS policy assignment 104 // report objects. 105 string next_page_token = 2; 106} 107 108// A report of the OS policy assignment status for a given instance. 109message OSPolicyAssignmentReport { 110 option (google.api.resource) = { 111 type: "osconfig.googleapis.com/OSPolicyAssignmentReport" 112 pattern: "projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/{assignment}/report" 113 }; 114 115 // Compliance data for an OS policy 116 message OSPolicyCompliance { 117 // Possible compliance states for an os policy. 118 enum ComplianceState { 119 // The policy is in an unknown compliance state. 120 // 121 // Refer to the field `compliance_state_reason` to learn the exact reason 122 // for the policy to be in this compliance state. 123 UNKNOWN = 0; 124 125 // Policy is compliant. 126 // 127 // The policy is compliant if all the underlying resources are also 128 // compliant. 129 COMPLIANT = 1; 130 131 // Policy is non-compliant. 132 // 133 // The policy is non-compliant if one or more underlying resources are 134 // non-compliant. 135 NON_COMPLIANT = 2; 136 } 137 138 // Compliance data for an OS policy resource. 139 message OSPolicyResourceCompliance { 140 // Step performed by the OS Config agent for configuring an 141 // `OSPolicy` resource to its desired state. 142 message OSPolicyResourceConfigStep { 143 // Supported configuration step types 144 enum Type { 145 // Default value. This value is unused. 146 TYPE_UNSPECIFIED = 0; 147 148 // Checks for resource conflicts such as schema errors. 149 VALIDATION = 1; 150 151 // Checks the current status of the desired state for a resource. 152 DESIRED_STATE_CHECK = 2; 153 154 // Enforces the desired state for a resource that is not in desired 155 // state. 156 DESIRED_STATE_ENFORCEMENT = 3; 157 158 // Re-checks the status of the desired state. This check is done 159 // for a resource after the enforcement of all OS policies. 160 // 161 // This step is used to determine the final desired state status for 162 // the resource. It accounts for any resources that might have drifted 163 // from their desired state due to side effects from executing other 164 // resources. 165 DESIRED_STATE_CHECK_POST_ENFORCEMENT = 4; 166 } 167 168 // Configuration step type. 169 Type type = 1; 170 171 // An error message recorded during the execution of this step. 172 // Only populated if errors were encountered during this step execution. 173 string error_message = 2; 174 } 175 176 // Possible compliance states for a resource. 177 enum ComplianceState { 178 // The resource is in an unknown compliance state. 179 // 180 // To get more details about why the policy is in this state, review 181 // the output of the `compliance_state_reason` field. 182 UNKNOWN = 0; 183 184 // Resource is compliant. 185 COMPLIANT = 1; 186 187 // Resource is non-compliant. 188 NON_COMPLIANT = 2; 189 } 190 191 // ExecResource specific output. 192 message ExecResourceOutput { 193 // Output from enforcement phase output file (if run). 194 // Output size is limited to 100K bytes. 195 bytes enforcement_output = 2; 196 } 197 198 // The ID of the OS policy resource. 199 string os_policy_resource_id = 1; 200 201 // Ordered list of configuration completed by the agent for the OS policy 202 // resource. 203 repeated OSPolicyResourceConfigStep config_steps = 2; 204 205 // The compliance state of the resource. 206 ComplianceState compliance_state = 3; 207 208 // A reason for the resource to be in the given compliance state. 209 // This field is always populated when `compliance_state` is `UNKNOWN`. 210 // 211 // The following values are supported when `compliance_state == UNKNOWN` 212 // 213 // * `execution-errors`: Errors were encountered by the agent while 214 // executing the resource and the compliance state couldn't be 215 // determined. 216 // * `execution-skipped-by-agent`: Resource execution was skipped by the 217 // agent because errors were encountered while executing prior resources 218 // in the OS policy. 219 // * `os-policy-execution-attempt-failed`: The execution of the OS policy 220 // containing this resource failed and the compliance state couldn't be 221 // determined. 222 string compliance_state_reason = 4; 223 224 // Resource specific output. 225 oneof output { 226 // ExecResource specific output. 227 ExecResourceOutput exec_resource_output = 5; 228 } 229 } 230 231 // The OS policy id 232 string os_policy_id = 1; 233 234 // The compliance state of the OS policy. 235 ComplianceState compliance_state = 2; 236 237 // The reason for the OS policy to be in an unknown compliance state. 238 // This field is always populated when `compliance_state` is `UNKNOWN`. 239 // 240 // If populated, the field can contain one of the following values: 241 // 242 // * `vm-not-running`: The VM was not running. 243 // * `os-policies-not-supported-by-agent`: The version of the OS Config 244 // agent running on the VM does not support running OS policies. 245 // * `no-agent-detected`: The OS Config agent is not detected for the VM. 246 // * `resource-execution-errors`: The OS Config agent encountered errors 247 // while executing one or more resources in the policy. See 248 // `os_policy_resource_compliances` for details. 249 // * `task-timeout`: The task sent to the agent to apply the policy timed 250 // out. 251 // * `unexpected-agent-state`: The OS Config agent did not report the final 252 // status of the task that attempted to apply the policy. Instead, the agent 253 // unexpectedly started working on a different task. This mostly happens 254 // when the agent or VM unexpectedly restarts while applying OS policies. 255 // * `internal-service-errors`: Internal service errors were encountered 256 // while attempting to apply the policy. 257 string compliance_state_reason = 3; 258 259 // Compliance data for each resource within the policy that is applied to 260 // the VM. 261 repeated OSPolicyResourceCompliance os_policy_resource_compliances = 4; 262 } 263 264 // The `OSPolicyAssignmentReport` API resource name. 265 // 266 // Format: 267 // `projects/{project_number}/locations/{location}/instances/{instance_id}/osPolicyAssignments/{os_policy_assignment_id}/report` 268 string name = 1; 269 270 // The Compute Engine VM instance name. 271 string instance = 2; 272 273 // Reference to the `OSPolicyAssignment` API resource that the `OSPolicy` 274 // belongs to. 275 // 276 // Format: 277 // `projects/{project_number}/locations/{location}/osPolicyAssignments/{os_policy_assignment_id@revision_id}` 278 string os_policy_assignment = 3 [(google.api.resource_reference) = { 279 type: "osconfig.googleapis.com/OSPolicyAssignment" 280 }]; 281 282 // Compliance data for each `OSPolicy` that is applied to the VM. 283 repeated OSPolicyCompliance os_policy_compliances = 4; 284 285 // Timestamp for when the report was last generated. 286 google.protobuf.Timestamp update_time = 5; 287 288 // Unique identifier of the last attempted run to apply the OS policies 289 // associated with this assignment on the VM. 290 // 291 // This ID is logged by the OS Config agent while applying the OS 292 // policies associated with this assignment on the VM. 293 // NOTE: If the service is unable to successfully connect to the agent for 294 // this run, then this id will not be available in the agent logs. 295 string last_run_id = 6; 296} 297