• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1// Copyright 2021 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17package google.cloud.osconfig.v1alpha;
18
19import "google/api/field_behavior.proto";
20import "google/api/resource.proto";
21import "google/cloud/osconfig/v1alpha/config_common.proto";
22import "google/protobuf/timestamp.proto";
23
24option csharp_namespace = "Google.Cloud.OsConfig.V1Alpha";
25option go_package = "cloud.google.com/go/osconfig/apiv1alpha/osconfigpb;osconfigpb";
26option java_multiple_files = true;
27option java_outer_classname = "InstanceOSPoliciesComplianceProto";
28option java_package = "com.google.cloud.osconfig.v1alpha";
29option php_namespace = "Google\\Cloud\\OsConfig\\V1alpha";
30option ruby_package = "Google::Cloud::OsConfig::V1alpha";
31
32// This API resource represents the OS policies compliance data for a Compute
33// Engine virtual machine (VM) instance at a given point in time.
34//
35// A Compute Engine VM can have multiple OS policy assignments, and each
36// assignment can have multiple OS policies. As a result, multiple OS policies
37// could be applied to a single VM.
38//
39// You can use this API resource to determine both the compliance state of your
40// VM as well as the compliance state of an individual OS policy.
41//
42// For more information, see [View
43// compliance](https://cloud.google.com/compute/docs/os-configuration-management/view-compliance).
44message InstanceOSPoliciesCompliance {
45  option deprecated = true;
46  option (google.api.resource) = {
47    type: "osconfig.googleapis.com/InstanceOSPoliciesCompliance"
48    pattern: "projects/{project}/locations/{location}/instanceOSPoliciesCompliances/{instance}"
49  };
50
51  // Compliance data for an OS policy
52  message OSPolicyCompliance {
53    option deprecated = true;
54
55    // The OS policy id
56    string os_policy_id = 1;
57
58    // Reference to the `OSPolicyAssignment` API resource that the `OSPolicy`
59    // belongs to.
60    //
61    // Format:
62    // `projects/{project_number}/locations/{location}/osPolicyAssignments/{os_policy_assignment_id@revision_id}`
63    string os_policy_assignment = 2 [(google.api.resource_reference) = {
64                                       type: "osconfig.googleapis.com/OSPolicyAssignment"
65                                     }];
66
67    // Compliance state of the OS policy.
68    OSPolicyComplianceState state = 4;
69
70    // Compliance data for each `OSPolicyResource` that is applied to the
71    // VM.
72    repeated OSPolicyResourceCompliance os_policy_resource_compliances = 5;
73  }
74
75  // Output only. The `InstanceOSPoliciesCompliance` API resource name.
76  //
77  // Format:
78  // `projects/{project_number}/locations/{location}/instanceOSPoliciesCompliances/{instance_id}`
79  string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
80
81  // Output only. The Compute Engine VM instance name.
82  string instance = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
83
84  // Output only. Compliance state of the VM.
85  OSPolicyComplianceState state = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
86
87  // Output only. Detailed compliance state of the VM.
88  // This field is populated only when compliance state is `UNKNOWN`.
89  //
90  // It may contain one of the following values:
91  //
92  // * `no-compliance-data`: Compliance data is not available for this VM.
93  // * `no-agent-detected`: OS Config agent is not detected for this VM.
94  // * `config-not-supported-by-agent`: The version of the OS Config agent
95  // running on this VM does not support configuration management.
96  // * `inactive`: VM is not running.
97  // * `internal-service-errors`: There were internal service errors encountered
98  // while enforcing compliance.
99  // * `agent-errors`: OS config agent encountered errors while enforcing
100  // compliance.
101  string detailed_state = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
102
103  // Output only. The reason for the `detailed_state` of the VM (if any).
104  string detailed_state_reason = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
105
106  // Output only. Compliance data for each `OSPolicy` that is applied to the VM.
107  repeated OSPolicyCompliance os_policy_compliances = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
108
109  // Output only. Timestamp of the last compliance check for the VM.
110  google.protobuf.Timestamp last_compliance_check_time = 7 [(google.api.field_behavior) = OUTPUT_ONLY];
111
112  // Output only. Unique identifier for the last compliance run.
113  // This id will be logged by the OS config agent during a compliance run and
114  // can be used for debugging and tracing purpose.
115  string last_compliance_run_id = 8 [(google.api.field_behavior) = OUTPUT_ONLY];
116}
117
118// A request message for getting OS policies compliance data for the given
119// Compute Engine VM instance.
120message GetInstanceOSPoliciesComplianceRequest {
121  option deprecated = true;
122
123  // Required. API resource name for instance OS policies compliance resource.
124  //
125  // Format:
126  // `projects/{project}/locations/{location}/instanceOSPoliciesCompliances/{instance}`
127  //
128  // For `{project}`, either Compute Engine project-number or project-id can be
129  // provided.
130  // For `{instance}`, either Compute Engine VM instance-id or instance-name can
131  // be provided.
132  string name = 1 [
133    (google.api.field_behavior) = REQUIRED,
134    (google.api.resource_reference) = {
135      type: "osconfig.googleapis.com/InstanceOSPoliciesCompliance"
136    }
137  ];
138}
139
140// A request message for listing OS policies compliance data for all Compute
141// Engine VMs in the given location.
142message ListInstanceOSPoliciesCompliancesRequest {
143  option deprecated = true;
144
145  // Required. The parent resource name.
146  //
147  // Format: `projects/{project}/locations/{location}`
148  //
149  // For `{project}`, either Compute Engine project-number or project-id can be
150  // provided.
151  string parent = 1 [
152    (google.api.field_behavior) = REQUIRED,
153    (google.api.resource_reference) = {
154      type: "locations.googleapis.com/Location"
155    }
156  ];
157
158  // The maximum number of results to return.
159  int32 page_size = 2;
160
161  // A pagination token returned from a previous call to
162  // `ListInstanceOSPoliciesCompliances` that indicates where this listing
163  // should continue from.
164  string page_token = 3;
165
166  // If provided, this field specifies the criteria that must be met by a
167  // `InstanceOSPoliciesCompliance` API resource to be included in the response.
168  string filter = 4;
169}
170
171// A response message for listing OS policies compliance data for all Compute
172// Engine VMs in the given location.
173message ListInstanceOSPoliciesCompliancesResponse {
174  option deprecated = true;
175
176  // List of instance OS policies compliance objects.
177  repeated InstanceOSPoliciesCompliance instance_os_policies_compliances = 1;
178
179  // The pagination token to retrieve the next page of instance OS policies
180  // compliance objects.
181  string next_page_token = 2;
182}
183