package google.cloud.osconfig.agentendpoint.v1beta

Get desktop application:
View/edit binary Protocol Buffers messages

OS Config agent endpoint API.

• rpc ReceiveTaskNotification (ReceiveTaskNotificationRequest, stream ReceiveTaskNotificationResponse)

  agentendpoint.proto:35

  Stream established by client to receive Task notifications.

  message ReceiveTaskNotificationRequest

  agentendpoint.proto:68

  A request message to receive task notifications.

  • string instance_id_token = 1

    Required. This is the Compute Engine instance identity token described in https://cloud.google.com/compute/docs/instances/verifying-instance-identity where the audience is 'osconfig.googleapis.com' and the format is 'full'.

  • string agent_version = 2

    Required. The version of the agent making the request.

  message ReceiveTaskNotificationResponse

  agentendpoint.proto:80

  The streaming rpc message that notifies the agent when it has a task that it needs to perform on the VM instance.

  (message has no fields)

• rpc StartNextTask (StartNextTaskRequest, StartNextTaskResponse)

  agentendpoint.proto:40

  Signals the start of a task execution and returns the task info.

  message StartNextTaskRequest

  agentendpoint.proto:85

  A request message for signaling the start of a task execution.

  • string instance_id_token = 1

    Required. This is the Compute Engine instance identity token described in https://cloud.google.com/compute/docs/instances/verifying-instance-identity where the audience is 'osconfig.googleapis.com' and the format is 'full'.

  message StartNextTaskResponse

  agentendpoint.proto:93

  A response message that contains the details of the task to work on.

  • optional Task task = 1

    The details of the task that should be worked on. Can be empty if there is no new task to work on.

• rpc ReportTaskProgress (ReportTaskProgressRequest, ReportTaskProgressResponse)

  agentendpoint.proto:45

  Signals an intermediary progress checkpoint in task execution.

  message ReportTaskProgressRequest

  agentendpoint.proto:100

  A request message for reporting the progress of current task.

  • string instance_id_token = 1

    Required. This is the Compute Engine instance identity token described in https://cloud.google.com/compute/docs/instances/verifying-instance-identity where the audience is 'osconfig.googleapis.com' and the format is 'full'.

  • string task_id = 2

    Required. Unique identifier of the task this applies to.

  • TaskType task_type = 3

    Required. The type of task to report progress on. Progress must include the appropriate message based on this enum as specified below: APPLY_PATCHES = ApplyPatchesTaskProgress EXEC_STEP = Progress not supported for this type. APPLY_CONFIG_TASK = ApplyConfigTaskProgress

  • oneof progress

    Intermediate progress of the current task.

    • ApplyPatchesTaskProgress apply_patches_task_progress = 4

      Details about the progress of the apply patches task.

    • ExecStepTaskProgress exec_step_task_progress = 5

      Details about the progress of the exec step task.

  message ReportTaskProgressResponse

  agentendpoint.proto:129

  The response message after the agent reported the current task progress.

  • TaskDirective task_directive = 1

    Instructs agent to continue or not.

• rpc ReportTaskComplete (ReportTaskCompleteRequest, ReportTaskCompleteResponse)

  agentendpoint.proto:51

  Signals that the task execution is complete and optionally returns the next task.

  message ReportTaskCompleteRequest

  agentendpoint.proto:135

  A request message for signaling the completion of a task execution.

  • string instance_id_token = 1

    Required. This is the Compute Engine instance identity token described in https://cloud.google.com/compute/docs/instances/verifying-instance-identity where the audience is 'osconfig.googleapis.com' and the format is 'full'.

  • string task_id = 2

    Required. Unique identifier of the task this applies to.

  • TaskType task_type = 3

    Required. The type of task to report completed. The output must include the appropriate message based on the following enum values: APPLY_PATCHES = ApplyPatchesTaskOutput EXEC_STEP = ExecStepTaskOutput APPLY_CONFIG_TASK = ApplyConfigTaskOutput

  • string error_message = 4

    Descriptive error message if the task execution ended in error.

  • oneof output

    Final output details of the current task.

    • ApplyPatchesTaskOutput apply_patches_task_output = 5

      Final output details of the apply patches task;

    • ExecStepTaskOutput exec_step_task_output = 6

      Final output details of the exec step task;

  message ReportTaskCompleteResponse

  agentendpoint.proto:167

  The response message after the agent signaled the current task complete.

  (message has no fields)

• rpc LookupEffectiveGuestPolicy (LookupEffectiveGuestPolicyRequest, EffectiveGuestPolicy)

  agentendpoint.proto:57

  Lookup the effective guest policy that applies to a VM instance. This lookup merges all policies that are assigned to the instance ancestry.

  message LookupEffectiveGuestPolicyRequest

  guest_policies.proto:503

  A request message for getting effective policy assigned to the instance.

  • string instance_id_token = 1

    Required. This is the GCE instance identity token described in https://cloud.google.com/compute/docs/instances/verifying-instance-identity where the audience is 'osconfig.googleapis.com' and the format is 'full'.

  • string os_short_name = 2

    Short name of the OS running on the instance. The OS Config agent only provideS this field for targeting if OS Inventory is enabled for that instance.

  • string os_version = 3

    Version of the OS running on the instance. The OS Config agent only provide this field for targeting if OS Inventory is enabled for that VM instance.

  • string os_architecture = 4

    Architecture of OS running on the instance. The OS Config agent only provide this field for targeting if OS Inventory is enabled for that instance.

  message EffectiveGuestPolicy

  guest_policies.proto:526

  The effective guest policy assigned to the instance.

  • repeated EffectiveGuestPolicy.SourcedPackage packages = 1

    List of package configurations assigned to the VM instance.

  • repeated EffectiveGuestPolicy.SourcedPackageRepository package_repositories = 2

    List of package repository configurations assigned to the VM instance.

  • repeated EffectiveGuestPolicy.SourcedSoftwareRecipe software_recipes = 3

    List of recipes assigned to the VM instance.

• rpc RegisterAgent (RegisterAgentRequest, RegisterAgentResponse)

  agentendpoint.proto:62

  Registers the agent running on the VM.

  message RegisterAgentRequest

  agentendpoint.proto:172

  The request message for registering the agent.

  • string instance_id_token = 1

    Required. This is the Compute Engine instance identity token described in https://cloud.google.com/compute/docs/instances/verifying-instance-identity where the audience is 'osconfig.googleapis.com' and the format is 'full'.

  • string agent_version = 2

    Required. The version of the agent.

  • repeated string supported_capabilities = 3

    Required. The capabilities supported by the agent. Supported values are: PATCH_GA GUEST_POLICY_BETA CONFIG_V1

  • string os_long_name = 4

    The operating system long name. For example 'Debian GNU/Linux 9' or 'Microsoft Window Server 2019 Datacenter'.

  • string os_short_name = 5

    The operating system short name. For example, 'windows' or 'debian'.

  • string os_version = 6

    The version of the operating system.

  • string os_architecture = 7

    The system architecture of the operating system.

  message RegisterAgentResponse

  agentendpoint.proto:204

  The response message after the agent registered.

  (message has no fields)

Message which instructs agent to apply patches.

Used in: Task

• optional PatchConfig patch_config = 1

  Specific information about how patches should be applied.

• bool dry_run = 3

  If true, the agent will report its status as it goes through the motions but won't actually run any updates or perform any reboots.

Information reported from the agent about applying patches execution.

Used in: ReportTaskCompleteRequest

• ApplyPatchesTaskOutput.State state = 1

  Required. The final state of this task.

The final states of applying patches.

Used in: ApplyPatchesTaskOutput

• STATE_UNSPECIFIED = 0

  Unspecified is invalid.

• SUCCEEDED = 1

  Applying patches completed successfully.

• SUCCEEDED_REBOOT_REQUIRED = 2

  Applying patches completed successfully, but a reboot is required.

• FAILED = 3

  Applying patches failed.

Information reported from the agent about applying patches execution.

Used in: ReportTaskProgressRequest

• ApplyPatchesTaskProgress.State state = 1

  Required. The current state of this patch execution.

The intermediate states of applying patches.

Used in: ApplyPatchesTaskProgress

• STATE_UNSPECIFIED = 0

  Unspecified is invalid.

• STARTED = 4

  The agent has started the patch task.

• DOWNLOADING_PATCHES = 1

  The agent is currently downloading patches.

• APPLYING_PATCHES = 2

  The agent is currently applying patches.

• REBOOTING = 3

  The agent is currently rebooting the VM instance.

Represents a single Apt package repository. This repository is added to a repo file that is stored at `/etc/apt/sources.list.d/google_osconfig.list`.

Used in: PackageRepository

• AptRepository.ArchiveType archive_type = 1

  Type of archive files in this repository. The default behavior is DEB.

• string uri = 2

  URI for this repository.

• string distribution = 3

  Distribution of this repository.

• repeated string components = 4

  List of components for this repository. Must contain at least one item.

• string gpg_key = 5

  URI of the key file for this repository. The agent maintains a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing all the keys in any applied guest policy.

Type of archive.

Used in: AptRepository

• ARCHIVE_TYPE_UNSPECIFIED = 0

  Unspecified.

• DEB = 1

  DEB indicates that the archive contains binary files.

• DEB_SRC = 2

  DEB_SRC indicates that the archive contains source files.

Apt patching will be performed by executing `apt-get update && apt-get upgrade`. Additional options can be set to control how this is executed.

Used in: PatchConfig

• AptSettings.Type type = 1

  By changing the type to DIST, the patching will be performed using `apt-get dist-upgrade` instead.

• repeated string excludes = 2

  List of packages to exclude from update.

• repeated string exclusive_packages = 3

  An exclusive list of packages to be updated. These are the only packages that will be updated. If these packages are not installed, they will be ignored. This field cannot be specified with any other patch configuration fields.

Apt patch type.

Used in: AptSettings

• TYPE_UNSPECIFIED = 0

  By default, upgrade will be performed.

• DIST = 1

  Runs `apt-get dist-upgrade`.

• UPGRADE = 2

  Runs `apt-get upgrade`.

The desired state that the OS Config agent will maintain on the VM.

Used in: Package, SoftwareRecipe

• DESIRED_STATE_UNSPECIFIED = 0

  The default is to ensure the package is installed.

• INSTALLED = 1

  The agent ensures that the package is installed.

• UPDATED = 2

  The agent ensures that the package is installed and periodically checks for and install any updates.

• REMOVED = 3

  The agent ensures that the package is not installed and uninstall it if detected.

A guest policy package including its source.

Used in: EffectiveGuestPolicy

• string source = 1

  Name of the guest policy providing this config.

• optional Package package = 2

  A software package to configure on the VM instance.

A guest policy package repository including its source.

Used in: EffectiveGuestPolicy

• string source = 1

  Name of the guest policy providing this config.

• optional PackageRepository package_repository = 2

  A software package repository to configure on the VM instance.

A guest policy recipe including its source.

Used in: EffectiveGuestPolicy

• string source = 1

  Name of the guest policy providing this config.

• optional SoftwareRecipe software_recipe = 2

  A software recipe to configure on the VM instance.

A step that runs an executable for a PatchJob.

Used in: ExecStepTask, PatchConfig

• optional ExecStepConfig linux_exec_step_config = 1

  The ExecStepConfig for all Linux VMs targeted by the PatchJob.

• optional ExecStepConfig windows_exec_step_config = 2

  The ExecStepConfig for all Windows VMs targeted by the PatchJob.

Common configurations for an ExecStep.

Used in: ExecStep

• oneof executable

  Location of the executable.

  • string local_path = 1

    An absolute path to the executable on the VM.

  • GcsObject gcs_object = 2

    A GCS object containing the executable.

• repeated int32 allowed_success_codes = 3

  Defaults to [0]. A list of possible return values that the execution can return to indicate a success.

• ExecStepConfig.Interpreter interpreter = 4

  The script interpreter to use to run the script. If no interpreter is specified the script will be executed directly, which will likely only succeed for scripts with shebang lines. [Wikipedia shebang](https://en.wikipedia.org/wiki/Shebang_(Unix)).

The interpreter used to execute the a file.

Used in: ExecStepConfig

• INTERPRETER_UNSPECIFIED = 0

  Deprecated, defaults to NONE for compatibility reasons.

• NONE = 3

  Invalid for a Windows ExecStepConfig. For a Linux ExecStepConfig, the interpreter will be parsed from the shebang line of the script if unspecified.

• SHELL = 1

  Indicates that the script will be run with /bin/sh on Linux and cmd on windows.

• POWERSHELL = 2

  Indicates that the file will be run with PowerShell.

Message which instructs agent to execute the following command.

Used in: Task

• optional ExecStep exec_step = 1

  Details of the exec step to run.

Information reported from the agent about the exec step execution.

Used in: ReportTaskCompleteRequest

• ExecStepTaskOutput.State state = 1

  Required. The final state of the exec step.

• int32 exit_code = 2

  Required. The exit code received from the script which ran as part of the exec step.

The final states of exec steps.

Used in: ExecStepTaskOutput

• STATE_UNSPECIFIED = 0

  Unspecified is invalid.

• COMPLETED = 1

  The exec step completed normally.

• TIMED_OUT = 2

  The exec step was terminated because it took too long.

• CANCELLED = 3

  The exec step task was cancelled before it started.

Information reported from the agent about the exec step execution.

Used in: ReportTaskProgressRequest

• ExecStepTaskProgress.State state = 1

  Required. The current state of this exec step.

The intermediate states of exec steps.

Used in: ExecStepTaskProgress

• STATE_UNSPECIFIED = 0

  Unspecified is invalid.

• STARTED = 1

  The agent has started the exec step task.

GCS object representation.

Used in: ExecStepConfig

• string bucket = 1

  Bucket of the GCS object.

• string object = 2

  Name of the GCS object.

• int64 generation_number = 3

  Generation number of the GCS object. This is used to ensure that the ExecStep specified by this PatchJob does not change.

Represents a Goo package repository. These is added to a repo file that is stored at C:/ProgramData/GooGet/repos/google_osconfig.repo.

Used in: PackageRepository

• string name = 1

  The name of the repository.

• string url = 2

  The url of the repository.

Googet patching is performed by running `googet update`.

Used in: PatchConfig

(message has no fields)

Package is a reference to the software package to be installed or removed. The agent on the VM instance uses the system package manager to apply the config. These are the commands that the agent uses to install or remove packages. Apt install: `apt-get update && apt-get -y install package1 package2 package3` remove: `apt-get -y remove package1 package2 package3` Yum install: `yum -y install package1 package2 package3` remove: `yum -y remove package1 package2 package3` Zypper install: `zypper install package1 package2 package3` remove: `zypper rm package1 package2` Googet install: `googet -noconfirm install package1 package2 package3` remove: `googet -noconfirm remove package1 package2 package3`

Used in: EffectiveGuestPolicy.SourcedPackage

• string name = 1

  The name of the package. A package is uniquely identified for conflict validation by checking the package name and the manager(s) that the package targets.

• DesiredState desired_state = 2

  The desired_state the agent should maintain for this package. The default is to ensure the package is installed.

• Package.Manager manager = 3

  Type of package manager that can be used to install this package. If a system does not have the package manager, the package is not installed or removed no error message is returned. By default, or if you specify `ANY`, the agent attempts to install and remove this package using the default package manager. This is useful when creating a policy that applies to different types of systems. The default behavior is ANY.

Types of package managers that may be used to manage this package.

Used in: Package

• MANAGER_UNSPECIFIED = 0

  The default behavior is ANY.

• ANY = 1

  Apply this package config using the default system package manager.

• APT = 2

  Apply this package config only if Apt is available on the system.

• YUM = 3

  Apply this package config only if Yum is available on the system.

• ZYPPER = 4

  Apply this package config only if Zypper is available on the system.

• GOO = 5

  Apply this package config only if GooGet is available on the system.

A package repository.

Used in: EffectiveGuestPolicy.SourcedPackageRepository

• oneof repository

  A specific type of repository.

  • AptRepository apt = 1

    An Apt Repository.

  • YumRepository yum = 2

    A Yum Repository.

  • ZypperRepository zypper = 3

    A Zypper Repository.

  • GooRepository goo = 4

    A Goo Repository.

Patch configuration specifications. Contains details on how to apply patches to a VM instance.

Used in: ApplyPatchesTask

• PatchConfig.RebootConfig reboot_config = 1

  Post-patch reboot settings.

• optional RetryStrategy retry_strategy = 2

  Retry strategy can be defined to have the agent retry patching during the window if patching fails. If omitted, the agent will use its default retry strategy.

• optional AptSettings apt = 3

  Apt update settings. Use this override the default apt patch rules.

• optional YumSettings yum = 4

  Yum update settings. Use this override the default yum patch rules.

• optional GooSettings goo = 5

  Goo update settings. Use this override the default goo patch rules.

• optional ZypperSettings zypper = 6

  Zypper update settings. Use this override the default zypper patch rules.

• optional WindowsUpdateSettings windows_update = 7

  Windows update settings. Use this override the default windows patch rules.

• optional ExecStep pre_step = 8

  The ExecStep to run before the patch update.

• optional ExecStep post_step = 9

  The ExecStep to run after the patch update.

• bool mig_instances_allowed = 10

  Allows the patch job to run on Managed instance groups (MIGs).

Post-patch reboot settings.

Used in: PatchConfig

• REBOOT_CONFIG_UNSPECIFIED = 0

  The default behavior is DEFAULT.

• DEFAULT = 1

  The agent decides if a reboot is necessary by checking signals such as registry keys on Windows or `/var/run/reboot-required` on APT based systems. On RPM based systems, a set of core system package install times are compared with system boot time.

• ALWAYS = 2

  Always reboot the machine after the update completes.

• NEVER = 3

  Never reboot the machine after the update completes.

The strategy for retrying failed patches during the patch window.

Used in: PatchConfig

• bool enabled = 1

  If true, the agent will continue to try and patch until the window has ended.

A software recipe is a set of instructions for installing and configuring a piece of software. It consists of a set of artifacts that are downloaded, and a set of steps that install, configure, and/or update the software. Recipes support installing and updating software from artifacts in the following formats: Zip archive, Tar archive, Windows MSI, Debian package, and RPM package. Additionally, recipes support executing a script (either defined in a file or directly in this api) in bash, sh, cmd, and powershell. Updating a software recipe If a recipe is assigned to an instance and there is a recipe with the same name but a lower version already installed and the assigned state of the recipe is `INSTALLED_KEEP_UPDATED`, then the recipe is updated to the new version. Script Working Directories Each script or execution step is run in its own temporary directory which is deleted after completing the step.

Used in: EffectiveGuestPolicy.SourcedSoftwareRecipe

• string name = 1

  Unique identifier for the recipe. Only one recipe with a given name is installed on an instance. Names are also used to identify resources which helps to determine whether guest policies have conflicts. This means that requests to create multiple recipes with the same name and version are rejected since they could potentially have conflicting assignments.

• string version = 2

  The version of this software recipe. Version can be up to 4 period separated numbers (e.g. 12.34.56.78).

• repeated SoftwareRecipe.Artifact artifacts = 3

  Resources available to be used in the steps in the recipe.

• repeated SoftwareRecipe.Step install_steps = 4

  Actions to be taken for installing this recipe. On failure it stops executing steps and does not attempt another installation. Any steps taken (including partially completed steps) are not rolled back. Install steps must be specified and are used on first installation.

• repeated SoftwareRecipe.Step update_steps = 5

  Actions to be taken for updating this recipe. On failure it stops executing steps and does not attempt another update for this recipe. Any steps taken (including partially completed steps) are not rolled back. Upgrade steps are not mandatory and are only used when upgrading.

• DesiredState desired_state = 6

  Default is INSTALLED. The desired state the agent should maintain for this recipe. INSTALLED: The software recipe is installed on the instance but won't be updated to new versions. UPDATED: The software recipe is installed on the instance. The recipe is updated to a higher version, if a higher version of the recipe is assigned to this instance. REMOVE: Remove is unsupported for software recipes and attempts to create or update a recipe to the REMOVE state is rejected.

Specifies a resource to be used in the recipe.

Used in: SoftwareRecipe

• string id = 1

  Id of the artifact, which the installation and update steps of this recipe can reference. Artifacts in a recipe cannot have the same id.

• oneof artifact

  A specific type of artifact.

  • Artifact.Remote remote = 2

    A generic remote artifact.

  • Artifact.Gcs gcs = 3

    A Cloud Storage artifact.

• bool allow_insecure = 4

  Defaults to false. When false, recipes are subject to validations based on the artifact type: Remote: A checksum must be specified, and only protocols with transport-layer security are permitted. GCS: An object generation number must be specified.

Specifies an artifact available as a Cloud Storage object.

Used in: Artifact

• string bucket = 1

  Bucket of the Cloud Storage object. Given an example URL: `https://storage.googleapis.com/my-bucket/foo/bar#1234567` this value would be `my-bucket`.

• string object = 2

  Name of the Cloud Storage object. As specified [here] (https://cloud.google.com/storage/docs/naming#objectnames) Given an example URL: `https://storage.googleapis.com/my-bucket/foo/bar#1234567` this value would be `foo/bar`.

• int64 generation = 3

  Must be provided if allow_insecure is false. Generation number of the Cloud Storage object. `https://storage.googleapis.com/my-bucket/foo/bar#1234567` this value would be `1234567`.

Specifies an artifact available via some URI.

Used in: Artifact

• string uri = 1

  URI from which to fetch the object. It should contain both the protocol and path following the format {protocol}://{location}.

• string checksum = 2

  Must be provided if `allow_insecure` is `false`. SHA256 checksum in hex format, to compare to the checksum of the artifact. If the checksum is not empty and it doesn't match the artifact then the recipe installation fails before running any of the steps.

An action that can be taken as part of installing or updating a recipe.

Used in: SoftwareRecipe

• oneof step

  A specific type of step.

  • Step.CopyFile file_copy = 1

    Copies a file onto the instance.

  • Step.ExtractArchive archive_extraction = 2

    Extracts an archive into the specified directory.

  • Step.InstallMsi msi_installation = 3

    Installs an MSI file.

  • Step.InstallDpkg dpkg_installation = 4

    Installs a deb file via dpkg.

  • Step.InstallRpm rpm_installation = 5

    Installs an rpm file via the rpm utility.

  • Step.ExecFile file_exec = 6

    Executes an artifact or local file.

  • Step.RunScript script_run = 7

    Runs commands in a shell.

Copies the artifact to the specified path on the instance.

Used in: Step

• string artifact_id = 1

  The id of the relevant artifact in the recipe.

• string destination = 2

  The absolute path on the instance to put the file.

• bool overwrite = 3

  Whether to allow this step to overwrite existing files. If this is false and the file already exists the file is not overwritten and the step is considered a success. Defaults to false.

• string permissions = 4

  Consists of three octal digits which represent, in order, the permissions of the owner, group, and other users for the file (similarly to the numeric mode used in the linux chmod utility). Each digit represents a three bit number with the 4 bit corresponding to the read permissions, the 2 bit corresponds to the write bit, and the one bit corresponds to the execute permission. Default behavior is 755. Below are some examples of permissions and their associated values: read, write, and execute: 7 read and execute: 5 read and write: 6 read only: 4

Executes an artifact or local file.

Used in: Step

• oneof location_type

  Location of the file to execute.

  • string artifact_id = 1

    The id of the relevant artifact in the recipe.

  • string local_path = 2

    The absolute path of the file on the local filesystem.

• repeated string args = 3

  Arguments to be passed to the provided executable.

• repeated int32 allowed_exit_codes = 4

  Defaults to [0]. A list of possible return values that the program can return to indicate a success.

Extracts an archive of the type specified in the specified directory.

Used in: Step

• string artifact_id = 1

  The id of the relevant artifact in the recipe.

• string destination = 2

  Directory to extract archive to. Defaults to `/` on Linux or `C:\` on Windows.

• ExtractArchive.ArchiveType type = 3

  The type of the archive to extract.

Specifying the type of archive.

Used in: ExtractArchive

• ARCHIVE_TYPE_UNSPECIFIED = 0

  Indicates that the archive type isn't specified.

• TAR = 1

  Indicates that the archive is a tar archive with no encryption.

• TAR_GZIP = 2

  Indicates that the archive is a tar archive with gzip encryption.

• TAR_BZIP = 3

  Indicates that the archive is a tar archive with bzip encryption.

• TAR_LZMA = 4

  Indicates that the archive is a tar archive with lzma encryption.

• TAR_XZ = 5

  Indicates that the archive is a tar archive with xz encryption.

• ZIP = 11

  Indicates that the archive is a zip archive.

Installs a deb via dpkg.

Used in: Step

• string artifact_id = 1

  The id of the relevant artifact in the recipe.

Installs an MSI file.

Used in: Step

• string artifact_id = 1

  The id of the relevant artifact in the recipe.

• repeated string flags = 2

  The flags to use when installing the MSI defaults to ["/i"] (i.e. the install flag).

• repeated int32 allowed_exit_codes = 3

  Return codes that indicate that the software installed or updated successfully. Behaviour defaults to [0]

Installs an rpm file via the rpm utility.

Used in: Step

• string artifact_id = 1

  The id of the relevant artifact in the recipe.

Runs a script through an interpreter.

Used in: Step

• string script = 1

  The shell script to be executed.

• repeated int32 allowed_exit_codes = 2

  Return codes that indicate that the software installed or updated successfully. Behaviour defaults to [0]

• RunScript.Interpreter interpreter = 3

  The script interpreter to use to run the script. If no interpreter is specified the script is executed directly, which likely only succeed for scripts with [shebang lines](https://en.wikipedia.org/wiki/Shebang_(Unix)).

The interpreter used to execute a script.

Used in: RunScript

• INTERPRETER_UNSPECIFIED = 0

  Default value for ScriptType.

• SHELL = 1

  Indicates that the script is run with `/bin/sh` on Linux and `cmd` on windows.

• POWERSHELL = 3

  Indicates that the script is run with powershell.

A unit of work to be performed by the agent.

Used in: StartNextTaskResponse

• string task_id = 1

  Unique task id.

• TaskType task_type = 2

  The type of task to perform. Task details must include the appropriate message based on this enum as specified below: APPLY_PATCHES = ApplyPatchesTask EXEC_STEP = ExecStepTask;

• TaskDirective task_directive = 3

  Current directive to the agent.

• oneof task_details

  Specific details about the current task to perform.

  • ApplyPatchesTask apply_patches_task = 4

    Details about the apply patches task to perform.

  • ExecStepTask exec_step_task = 5

    Details about the exec step task to perform.

• map<string, string> service_labels = 6

  Labels describing the task. Used for logging by the agent.

Specifies the current agent behavior.

Used in: ReportTaskProgressResponse, Task

• TASK_DIRECTIVE_UNSPECIFIED = 0

  Unspecified is invalid.

• CONTINUE = 1

  The task should continue to progress.

• STOP = 2

  Task should not be started, or if already in progress, should stop at first safe stopping point. Task should be considered done and will never repeat.

Specifies the type of task to perform.

Used in: ReportTaskCompleteRequest, ReportTaskProgressRequest, Task

• TASK_TYPE_UNSPECIFIED = 0

  Unspecified is invalid.

• APPLY_PATCHES = 1

  The apply patches task.

• EXEC_STEP_TASK = 2

  The exec step task.

Windows patching is performed using the Windows Update Agent.

Used in: PatchConfig

• repeated WindowsUpdateSettings.Classification classifications = 1

  Only apply updates of these windows update classifications. If empty, all updates will be applied.

• repeated string excludes = 2

  List of KBs to exclude from update.

• repeated string exclusive_patches = 3

  An exclusive list of kbs to be updated. These are the only patches that will be updated. This field must not be used with other patch configurations.

Microsoft Windows update classifications as defined in [1] https://support.microsoft.com/en-us/help/824684/description-of-the-standard-terminology-that-is-used-to-describe-micro

Used in: WindowsUpdateSettings

• CLASSIFICATION_UNSPECIFIED = 0

  Invalid. If classifications are included, they must be specified.

• CRITICAL = 1

  "A widely released fix for a specific problem that addresses a critical, non-security-related bug." [1]

• SECURITY = 2

  "A widely released fix for a product-specific, security-related vulnerability. Security vulnerabilities are rated by their severity. The severity rating is indicated in the Microsoft security bulletin as critical, important, moderate, or low." [1]

• DEFINITION = 3

  "A widely released and frequent software update that contains additions to a product’s definition database. Definition databases are often used to detect objects that have specific attributes, such as malicious code, phishing websites, or junk mail." [1]

• DRIVER = 4

  "Software that controls the input and output of a device." [1]

• FEATURE_PACK = 5

  "New product functionality that is first distributed outside the context of a product release and that is typically included in the next full product release." [1]

• SERVICE_PACK = 6

  "A tested, cumulative set of all hotfixes, security updates, critical updates, and updates. Additionally, service packs may contain additional fixes for problems that are found internally since the release of the product. Service packs my also contain a limited number of customer-requested design changes or features." [1]

• TOOL = 7

  "A utility or feature that helps complete a task or set of tasks." [1]

• UPDATE_ROLLUP = 8

  "A tested, cumulative set of hotfixes, security updates, critical updates, and updates that are packaged together for easy deployment. A rollup generally targets a specific area, such as security, or a component of a product, such as Internet Information Services (IIS)." [1]

• UPDATE = 9

  "A widely released fix for a specific problem. An update addresses a noncritical, non-security-related bug." [1]

Represents a single Yum package repository. This repository is added to a repo file that is stored at `/etc/yum.repos.d/google_osconfig.repo`.

Used in: PackageRepository

• string id = 1

  A one word, unique name for this repository. This is the `repo id` in the Yum config file and also the `display_name` if `display_name` is omitted. This id is also used as the unique identifier when checking for guest policy conflicts.

• string display_name = 2

  The display name of the repository.

• string base_url = 3

  The location of the repository directory.

• repeated string gpg_keys = 4

  URIs of GPG keys.

Yum patching will be performed by executing `yum update`. Additional options can be set to control how this is executed. Note that not all settings are supported on all platforms.

Used in: PatchConfig

• bool security = 1

  Adds the `--security` flag to `yum update`. Not supported on all platforms.

• bool minimal = 2

  Will cause patch to run `yum update-minimal` instead.

• repeated string excludes = 3

  List of packages to exclude from update. These packages will be excluded by using the yum `--exclude` flag.

• repeated string exclusive_packages = 4

  An exclusive list of packages to be updated. These are the only packages that will be updated. If these packages are not installed, they will be ignored. This field must not be specified with any other patch configuration fields.

Represents a single Zypper package repository. This repository is added to a repo file that is stored at `/etc/zypp/repos.d/google_osconfig.repo`.

Used in: PackageRepository

• string id = 1

  A one word, unique name for this repository. This is the `repo id` in the zypper config file and also the `display_name` if `display_name` is omitted. This id is also used as the unique identifier when checking for guest policy conflicts.

• string display_name = 2

  The display name of the repository.

• string base_url = 3

  The location of the repository directory.

• repeated string gpg_keys = 4

  URIs of GPG keys.

Zypper patching is performed by running `zypper patch`. See also https://en.opensuse.org/SDB:Zypper_manual.

Used in: PatchConfig

• bool with_optional = 1

  Adds the `--with-optional` flag to `zypper patch`.

• bool with_update = 2

  Adds the `--with-update` flag, to `zypper patch`.

• repeated string categories = 3

  Install only patches with these categories. Common categories include security, recommended, and feature.

• repeated string severities = 4

  Install only patches with these severities. Common severities include critical, important, moderate, and low.

• repeated string excludes = 5

  List of patches to exclude from update.

• repeated string exclusive_patches = 6

  An exclusive list of patches to be updated. These are the only patches that will be installed using 'zypper patch patch:<patch_name>' command. This field must not be used with any other patch configuration fields.