Console
    Contact Us Start free

    OSPolicyAssignmentReport

    A report of the OS policy assignment status for a given instance.

    JSON representation 
     { 
 "name" 
 : 
 string 
 , 
 "instance" 
 : 
 string 
 , 
 "osPolicyAssignment" 
 : 
 string 
 , 
 "osPolicyCompliances" 
 : 
 [ 
 { 
 object (  OSPolicyCompliance 
 
) 
 } 
 ] 
 , 
 "updateTime" 
 : 
 string 
 , 
 "lastRunId" 
 : 
 string 
 }
    Fields
    name

    string

    The OSPolicyAssignmentReport API resource name.

    Format: projects/{project_number}/locations/{location}/instances/{instance_id}/osPolicyAssignments/{osPolicyAssignmentId}/report

    instance

    string

    The Compute Engine VM instance name.
    osPolicyAssignment

    string

    Reference to the OSPolicyAssignment API resource that the OSPolicy belongs to.

    Format: projects/{project_number}/locations/{location}/osPolicyAssignments/{osPolicyAssignmentId@revisionId}

    osPolicyCompliances[]

    object ( OSPolicyCompliance )

    Compliance data for each OSPolicy that is applied to the VM.
    updateTime

    string ( Timestamp format)

    Timestamp for when the report was last generated.

    Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z" , "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30" .
    lastRunId

    string

    Unique identifier of the last attempted run to apply the OS policies associated with this assignment on the VM.

    This ID is logged by the OS Config agent while applying the OS policies associated with this assignment on the VM. NOTE: If the service is unable to successfully connect to the agent for this run, then this id will not be available in the agent logs.

    OSPolicyCompliance

    Compliance data for an OS policy

    JSON representation 
     { 
 "osPolicyId" 
 : 
 string 
 , 
 "complianceState" 
 : 
 enum (  ComplianceState 
 
) 
 , 
 "complianceStateReason" 
 : 
 string 
 , 
 "osPolicyResourceCompliances" 
 : 
 [ 
 { 
 object (  OSPolicyResourceCompliance 
 
) 
 } 
 ] 
 }
    Fields
    osPolicyId

    string

    The OS policy id

    complianceState

    enum ( ComplianceState )

    The compliance state of the OS policy.

    complianceStateReason

    string

    The reason for the OS policy to be in an unknown compliance state. This field is always populated when complianceState is UNKNOWN .

    If populated, the field can contain one of the following values:

    • vm-not-running : The VM was not running.
    • os-policies-not-supported-by-agent : The version of the OS Config agent running on the VM does not support running OS policies.
    • no-agent-detected : The OS Config agent is not detected for the VM.
    • resource-execution-errors : The OS Config agent encountered errors while executing one or more resources in the policy. See osPolicyResourceCompliances for details.
    • task-timeout : The task sent to the agent to apply the policy timed out.
    • unexpected-agent-state : The OS Config agent did not report the final status of the task that attempted to apply the policy. Instead, the agent unexpectedly started working on a different task. This mostly happens when the agent or VM unexpectedly restarts while applying OS policies.
    • internal-service-errors : Internal service errors were encountered while attempting to apply the policy.
    • os-policy-execution-pending : OS policy was assigned to the given VM, but was not executed yet. Typically this is a transient condition that will go away after the next policy execution cycle.
    osPolicyResourceCompliances[]

    object ( OSPolicyResourceCompliance )

    Compliance data for each resource within the policy that is applied to the VM.

    ComplianceState

    Possible compliance states for an os policy.

    Enums
    UNKNOWN

    The policy is in an unknown compliance state.

    Refer to the field complianceStateReason to learn the exact reason for the policy to be in this compliance state.
    COMPLIANT

    Policy is compliant.

    The policy is compliant if all the underlying resources are also compliant.
    NON_COMPLIANT

    Policy is non-compliant.

    The policy is non-compliant if one or more underlying resources are non-compliant.

    OSPolicyResourceCompliance

    Compliance data for an OS policy resource.

    JSON representation 
     { 
 "osPolicyResourceId" 
 : 
 string 
 , 
 "configSteps" 
 : 
 [ 
 { 
 object (  OSPolicyResourceConfigStep 
 
) 
 } 
 ] 
 , 
 "complianceState" 
 : 
 enum (  ComplianceState 
 
) 
 , 
 "complianceStateReason" 
 : 
 string 
 , 
 // Union field output 
can be only one of the following: 
 "execResourceOutput" 
 : 
 { 
 object (  ExecResourceOutput 
 
) 
 } 
 // End of list of possible types for union field output 
. 
 }
    Fields
    osPolicyResourceId

    string

    The ID of the OS policy resource.

    configSteps[]

    object ( OSPolicyResourceConfigStep )

    Ordered list of configuration completed by the agent for the OS policy resource.

    complianceState

    enum ( ComplianceState )

    The compliance state of the resource.

    complianceStateReason

    string

    A reason for the resource to be in the given compliance state. This field is always populated when complianceState is UNKNOWN .

    The following values are supported when complianceState == UNKNOWN

    • execution-errors : Errors were encountered by the agent while executing the resource and the compliance state couldn't be determined.
    • execution-skipped-by-agent : Resource execution was skipped by the agent because errors were encountered while executing prior resources in the OS policy.
    • os-policy-execution-attempt-failed : The execution of the OS policy containing this resource failed and the compliance state couldn't be determined.
    • os-policy-execution-pending : OS policy that owns this resource was assigned to the given VM, but was not executed yet.
    Union field output . Resource specific output. output can be only one of the following:
    execResourceOutput

    object ( ExecResourceOutput )

    ExecResource specific output.

    OSPolicyResourceConfigStep

    Step performed by the OS Config agent for configuring an OSPolicy resource to its desired state.

    JSON representation 
     { 
 "type" 
 : 
 enum (  Type 
 
) 
 , 
 "errorMessage" 
 : 
 string 
 }
    Fields
    type

    enum ( Type )

    Configuration step type.
    errorMessage

    string

    An error message recorded during the execution of this step. Only populated if errors were encountered during this step execution.

    Type

    Supported configuration step types

    Enums
    TYPE_UNSPECIFIED Default value. This value is unused.
    VALIDATION Checks for resource conflicts such as schema errors.
    DESIRED_STATE_CHECK Checks the current status of the desired state for a resource.
    DESIRED_STATE_ENFORCEMENT Enforces the desired state for a resource that is not in desired state.
    DESIRED_STATE_CHECK_POST_ENFORCEMENT

    Re-checks the status of the desired state. This check is done for a resource after the enforcement of all OS policies.

    This step is used to determine the final desired state status for the resource. It accounts for any resources that might have drifted from their desired state due to side effects from executing other resources.

    ComplianceState

    Possible compliance states for a resource.

    Enums
    UNKNOWN

    The resource is in an unknown compliance state.

    To get more details about why the policy is in this state, review the output of the complianceStateReason field.
    COMPLIANT Resource is compliant.
    NON_COMPLIANT Resource is non-compliant.

    ExecResourceOutput

    ExecResource specific output.

    JSON representation 
     { 
 "enforcementOutput" 
 : 
 string 
 }
    Fields
    enforcementOutput

    string ( bytes format)

    Output from enforcement phase output file (if run). Output size is limited to 100K bytes.

    A base64-encoded string.
    Create a Mobile Website
    View Site in Mobile | Classic
    Share by: