// Copyright 2021 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. syntax = "proto3"; package google.cloud.osconfig.v1alpha; import "google/api/field_behavior.proto"; import "google/api/resource.proto"; import "google/cloud/osconfig/v1alpha/config_common.proto"; import "google/protobuf/timestamp.proto"; option csharp_namespace = "Google.Cloud.OsConfig.V1Alpha"; option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1alpha;osconfig"; option java_multiple_files = true; option java_outer_classname = "InstanceOSPoliciesComplianceProto"; option java_package = "com.google.cloud.osconfig.v1alpha"; option php_namespace = "Google\\Cloud\\OsConfig\\V1alpha"; option ruby_package = "Google::Cloud::OsConfig::V1alpha"; // This API resource represents the OS policies compliance data for a Compute // Engine virtual machine (VM) instance at a given point in time. // // A Compute Engine VM can have multiple OS policy assignments, and each // assignment can have multiple OS policies. As a result, multiple OS policies // could be applied to a single VM. // // You can use this API resource to determine both the compliance state of your // VM as well as the compliance state of an individual OS policy. // // For more information, see [View // compliance](https://cloud.google.com/compute/docs/os-configuration-management/view-compliance). message InstanceOSPoliciesCompliance { option (google.api.resource) = { type: "osconfig.googleapis.com/InstanceOSPoliciesCompliance" pattern: "projects/{project}/locations/{location}/instanceOSPoliciesCompliances/{instance}" }; // Compliance data for an OS policy message OSPolicyCompliance { // The OS policy id string os_policy_id = 1; // Reference to the `OSPolicyAssignment` API resource that the `OSPolicy` // belongs to. // // Format: // `projects/{project_number}/locations/{location}/osPolicyAssignments/{os_policy_assignment_id@revision_id}` string os_policy_assignment = 2 [(google.api.resource_reference) = { type: "osconfig.googleapis.com/OSPolicyAssignment" }]; // Compliance state of the OS policy. OSPolicyComplianceState state = 4; // Compliance data for each `OSPolicyResource` that is applied to the // VM. repeated OSPolicyResourceCompliance os_policy_resource_compliances = 5; } // Output only. The `InstanceOSPoliciesCompliance` API resource name. // // Format: // `projects/{project_number}/locations/{location}/instanceOSPoliciesCompliances/{instance_id}` string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; // Output only. The Compute Engine VM instance name. string instance = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; // Output only. Compliance state of the VM. OSPolicyComplianceState state = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; // Output only. Detailed compliance state of the VM. // This field is populated only when compliance state is `UNKNOWN`. // // It may contain one of the following values: // // * `no-compliance-data`: Compliance data is not available for this VM. // * `no-agent-detected`: OS Config agent is not detected for this VM. // * `config-not-supported-by-agent`: The version of the OS Config agent // running on this VM does not support configuration management. // * `inactive`: VM is not running. // * `internal-service-errors`: There were internal service errors encountered // while enforcing compliance. // * `agent-errors`: OS config agent encountered errors while enforcing // compliance. string detailed_state = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; // Output only. The reason for the `detailed_state` of the VM (if any). string detailed_state_reason = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; // Output only. Compliance data for each `OSPolicy` that is applied to the VM. repeated OSPolicyCompliance os_policy_compliances = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; // Output only. Timestamp of the last compliance check for the VM. google.protobuf.Timestamp last_compliance_check_time = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; // Output only. Unique identifier for the last compliance run. // This id will be logged by the OS config agent during a compliance run and // can be used for debugging and tracing purpose. string last_compliance_run_id = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; } // A request message for getting OS policies compliance data for the given // Compute Engine VM instance. message GetInstanceOSPoliciesComplianceRequest { // Required. API resource name for instance OS policies compliance resource. // // Format: // `projects/{project}/locations/{location}/instanceOSPoliciesCompliances/{instance}` // // For `{project}`, either Compute Engine project-number or project-id can be // provided. // For `{instance}`, either Compute Engine VM instance-id or instance-name can // be provided. string name = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { type: "osconfig.googleapis.com/InstanceOSPoliciesCompliance" } ]; } // A request message for listing OS policies compliance data for all Compute // Engine VMs in the given location. message ListInstanceOSPoliciesCompliancesRequest { // Required. The parent resource name. // // Format: `projects/{project}/locations/{location}` // // For `{project}`, either Compute Engine project-number or project-id can be // provided. string parent = 1 [ (google.api.field_behavior) = REQUIRED, (google.api.resource_reference) = { type: "locations.googleapis.com/Location" } ]; // The maximum number of results to return. int32 page_size = 2; // A pagination token returned from a previous call to // `ListInstanceOSPoliciesCompliances` that indicates where this listing // should continue from. string page_token = 3; // If provided, this field specifies the criteria that must be met by a // `InstanceOSPoliciesCompliance` API resource to be included in the response. string filter = 4; } // A response message for listing OS policies compliance data for all Compute // Engine VMs in the given location. message ListInstanceOSPoliciesCompliancesResponse { // List of instance OS policies compliance objects. repeated InstanceOSPoliciesCompliance instance_os_policies_compliances = 1; // The pagination token to retrieve the next page of instance OS policies // compliance objects. string next_page_token = 2; }