diff options
Diffstat (limited to 'third_party/googleapis/google/cloud/osconfig/v1alpha')
12 files changed, 3013 insertions, 0 deletions
diff --git a/third_party/googleapis/google/cloud/osconfig/v1alpha/BUILD.bazel b/third_party/googleapis/google/cloud/osconfig/v1alpha/BUILD.bazel new file mode 100644 index 0000000..0a74ba0 --- /dev/null +++ b/third_party/googleapis/google/cloud/osconfig/v1alpha/BUILD.bazel @@ -0,0 +1,395 @@ +# This file was automatically generated by BuildFileGenerator +# https://github.com/googleapis/rules_gapic/tree/master/bazel + +# Most of the manual changes to this file will be overwritten. +# It's **only** allowed to change the following rule attribute values: +# - names of *_gapic_assembly_* rules +# - certain parameters of *_gapic_library rules, including but not limited to: +# * extra_protoc_parameters +# * extra_protoc_file_parameters +# The complete list of preserved parameters can be found in the source code. + +# This is an API workspace, having public visibility by default makes perfect sense. +package(default_visibility = ["//visibility:public"]) + +############################################################################## +# Common +############################################################################## +load("@rules_proto//proto:defs.bzl", "proto_library") +load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") + +proto_library( + name = "osconfig_proto", + srcs = [ + "config_common.proto", + "instance_os_policies_compliance.proto", + "inventory.proto", + "os_policy.proto", + "os_policy_assignment_reports.proto", + "os_policy_assignments.proto", + "osconfig_common.proto", + "osconfig_zonal_service.proto", + "vulnerability.proto", + ], + deps = [ + "//google/api:annotations_proto", + "//google/api:client_proto", + "//google/api:field_behavior_proto", + "//google/api:resource_proto", + "//google/longrunning:operations_proto", + "//google/type:date_proto", + "@com_google_protobuf//:duration_proto", + "@com_google_protobuf//:field_mask_proto", + "@com_google_protobuf//:timestamp_proto", + ], +) + +proto_library_with_info( + name = "osconfig_proto_with_info", + deps = [ + ":osconfig_proto", + "//google/cloud:common_resources_proto", + ], +) + +############################################################################## +# Java +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "java_gapic_assembly_gradle_pkg", + "java_gapic_library", + "java_gapic_test", + "java_grpc_library", + "java_proto_library", +) + +java_proto_library( + name = "osconfig_java_proto", + deps = [":osconfig_proto"], +) + +java_grpc_library( + name = "osconfig_java_grpc", + srcs = [":osconfig_proto"], + deps = [":osconfig_java_proto"], +) + +java_gapic_library( + name = "osconfig_java_gapic", + srcs = [":osconfig_proto_with_info"], + gapic_yaml = None, + grpc_service_config = "osconfig_grpc_service_config.json", + service_yaml = "osconfig_v1alpha.yaml", + test_deps = [ + ":osconfig_java_grpc", + ], + transport = "grpc+rest", + deps = [ + ":osconfig_java_proto", + "//google/api:api_java_proto", + ], +) + +java_gapic_test( + name = "osconfig_java_gapic_test_suite", + test_classes = [ + "com.google.cloud.osconfig.v1alpha.OsConfigZonalServiceClientHttpJsonTest", + "com.google.cloud.osconfig.v1alpha.OsConfigZonalServiceClientTest", + ], + runtime_deps = [":osconfig_java_gapic_test"], +) + +# Open Source Packages +java_gapic_assembly_gradle_pkg( + name = "google-cloud-osconfig-v1alpha-java", + include_samples = True, + transport = "grpc+rest", + deps = [ + ":osconfig_java_gapic", + ":osconfig_java_grpc", + ":osconfig_java_proto", + ":osconfig_proto", + ], +) + +############################################################################## +# Go +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "go_gapic_assembly_pkg", + "go_gapic_library", + "go_proto_library", + "go_test", +) + +go_proto_library( + name = "osconfig_go_proto", + compilers = ["@io_bazel_rules_go//proto:go_grpc"], + importpath = "google.golang.org/genproto/googleapis/cloud/osconfig/v1alpha", + protos = [":osconfig_proto"], + deps = [ + "//google/api:annotations_go_proto", + "//google/longrunning:longrunning_go_proto", + "//google/type:date_go_proto", + ], +) + +go_gapic_library( + name = "osconfig_go_gapic", + srcs = [":osconfig_proto_with_info"], + grpc_service_config = "osconfig_grpc_service_config.json", + importpath = "cloud.google.com/go/osconfig/apiv1alpha;osconfig", + metadata = True, + service_yaml = "osconfig_v1alpha.yaml", + transport = "grpc+rest", + deps = [ + ":osconfig_go_proto", + "//google/longrunning:longrunning_go_proto", + "@com_google_cloud_go//longrunning:go_default_library", + "@com_google_cloud_go//longrunning/autogen:go_default_library", + "@io_bazel_rules_go//proto/wkt:duration_go_proto", + ], +) + +go_test( + name = "osconfig_go_gapic_test", + srcs = [":osconfig_go_gapic_srcjar_test"], + embed = [":osconfig_go_gapic"], + importpath = "cloud.google.com/go/osconfig/apiv1alpha", +) + +# Open Source Packages +go_gapic_assembly_pkg( + name = "gapi-cloud-osconfig-v1alpha-go", + deps = [ + ":osconfig_go_gapic", + ":osconfig_go_gapic_srcjar-metadata.srcjar", + ":osconfig_go_gapic_srcjar-test.srcjar", + ":osconfig_go_proto", + ], +) + +############################################################################## +# Python +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "py_gapic_assembly_pkg", + "py_gapic_library", + "py_test", +) + +py_gapic_library( + name = "osconfig_py_gapic", + srcs = [":osconfig_proto"], + grpc_service_config = "osconfig_grpc_service_config.json", + opt_args = ["warehouse-package-name=google-cloud-os-config"], + transport = "grpc", +) + +py_test( + name = "osconfig_py_gapic_test", + srcs = [ + "osconfig_py_gapic_pytest.py", + "osconfig_py_gapic_test.py", + ], + legacy_create_init = False, + deps = [":osconfig_py_gapic"], +) + +# Open Source Packages +py_gapic_assembly_pkg( + name = "osconfig-v1alpha-py", + deps = [ + ":osconfig_py_gapic", + ], +) + +############################################################################## +# PHP +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "php_gapic_assembly_pkg", + "php_gapic_library", + "php_grpc_library", + "php_proto_library", +) + +php_proto_library( + name = "osconfig_php_proto", + deps = [":osconfig_proto"], +) + +php_grpc_library( + name = "osconfig_php_grpc", + srcs = [":osconfig_proto"], + deps = [":osconfig_php_proto"], +) + +php_gapic_library( + name = "osconfig_php_gapic", + srcs = [":osconfig_proto_with_info"], + grpc_service_config = "osconfig_grpc_service_config.json", + service_yaml = "osconfig_v1alpha.yaml", + deps = [ + ":osconfig_php_grpc", + ":osconfig_php_proto", + ], +) + +# Open Source Packages +php_gapic_assembly_pkg( + name = "google-cloud-osconfig-v1alpha-php", + deps = [ + ":osconfig_php_gapic", + ":osconfig_php_grpc", + ":osconfig_php_proto", + ], +) + +############################################################################## +# Node.js +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "nodejs_gapic_assembly_pkg", + "nodejs_gapic_library", +) + +nodejs_gapic_library( + name = "osconfig_nodejs_gapic", + package_name = "@google-cloud/os-config", + src = ":osconfig_proto_with_info", + extra_protoc_parameters = ["metadata"], + grpc_service_config = "osconfig_grpc_service_config.json", + package = "google.cloud.osconfig.v1alpha", + service_yaml = "osconfig_v1alpha.yaml", + deps = [], +) + +nodejs_gapic_assembly_pkg( + name = "osconfig-v1alpha-nodejs", + deps = [ + ":osconfig_nodejs_gapic", + ":osconfig_proto", + ], +) + +############################################################################## +# Ruby +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "ruby_cloud_gapic_library", + "ruby_gapic_assembly_pkg", + "ruby_grpc_library", + "ruby_proto_library", +) + +ruby_proto_library( + name = "osconfig_ruby_proto", + deps = [":osconfig_proto"], +) + +ruby_grpc_library( + name = "osconfig_ruby_grpc", + srcs = [":osconfig_proto"], + deps = [":osconfig_ruby_proto"], +) + +ruby_cloud_gapic_library( + name = "osconfig_ruby_gapic", + srcs = [":osconfig_proto_with_info"], + extra_protoc_parameters = [ + "ruby-cloud-api-id=osconfig.googleapis.com", + "ruby-cloud-api-shortname=osconfig", + "ruby-cloud-env-prefix=OS_CONFIG", + "ruby-cloud-gem-name=google-cloud-os_config-v1alpha", + "ruby-cloud-product-url=https://cloud.google.com/compute/docs/manage-os", + ], + grpc_service_config = "osconfig_grpc_service_config.json", + ruby_cloud_description = "Cloud OS Config provides OS management tools that can be used for patch management, patch compliance, and configuration management on VM instances.", + ruby_cloud_title = "Cloud OS Config V1alpha", + deps = [ + ":osconfig_ruby_grpc", + ":osconfig_ruby_proto", + ], +) + +# Open Source Packages +ruby_gapic_assembly_pkg( + name = "google-cloud-osconfig-v1alpha-ruby", + deps = [ + ":osconfig_ruby_gapic", + ":osconfig_ruby_grpc", + ":osconfig_ruby_proto", + ], +) + +############################################################################## +# C# +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "csharp_gapic_assembly_pkg", + "csharp_gapic_library", + "csharp_grpc_library", + "csharp_proto_library", +) + +csharp_proto_library( + name = "osconfig_csharp_proto", + deps = [":osconfig_proto"], +) + +csharp_grpc_library( + name = "osconfig_csharp_grpc", + srcs = [":osconfig_proto"], + deps = [":osconfig_csharp_proto"], +) + +csharp_gapic_library( + name = "osconfig_csharp_gapic", + srcs = [":osconfig_proto_with_info"], + common_resources_config = "@gax_dotnet//:Google.Api.Gax/ResourceNames/CommonResourcesConfig.json", + grpc_service_config = "osconfig_grpc_service_config.json", + service_yaml = "osconfig_v1alpha.yaml", + deps = [ + ":osconfig_csharp_grpc", + ":osconfig_csharp_proto", + ], +) + +# Open Source Packages +csharp_gapic_assembly_pkg( + name = "google-cloud-osconfig-v1alpha-csharp", + deps = [ + ":osconfig_csharp_gapic", + ":osconfig_csharp_grpc", + ":osconfig_csharp_proto", + ], +) + +############################################################################## +# C++ +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "cc_grpc_library", + "cc_proto_library", +) + +cc_proto_library( + name = "osconfig_cc_proto", + deps = [":osconfig_proto"], +) + +cc_grpc_library( + name = "osconfig_cc_grpc", + srcs = [":osconfig_proto"], + grpc_only = True, + deps = [":osconfig_cc_proto"], +) diff --git a/third_party/googleapis/google/cloud/osconfig/v1alpha/config_common.proto b/third_party/googleapis/google/cloud/osconfig/v1alpha/config_common.proto new file mode 100644 index 0000000..a7a50c7 --- /dev/null +++ b/third_party/googleapis/google/cloud/osconfig/v1alpha/config_common.proto @@ -0,0 +1,133 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.osconfig.v1alpha; + + +option csharp_namespace = "Google.Cloud.OsConfig.V1Alpha"; +option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1alpha;osconfig"; +option java_multiple_files = true; +option java_outer_classname = "ConfigCommonProto"; +option java_package = "com.google.cloud.osconfig.v1alpha"; +option php_namespace = "Google\\Cloud\\OsConfig\\V1alpha"; +option ruby_package = "Google::Cloud::OsConfig::V1alpha"; + +// Step performed by the OS Config agent for configuring an `OSPolicyResource` +// to its desired state. +message OSPolicyResourceConfigStep { + option deprecated = true; + + // Supported configuration step types + enum Type { + option deprecated = true; + + // Default value. This value is unused. + TYPE_UNSPECIFIED = 0; + + // Validation to detect resource conflicts, schema errors, etc. + VALIDATION = 1; + + // Check the current desired state status of the resource. + DESIRED_STATE_CHECK = 2; + + // Enforce the desired state for a resource that is not in desired state. + DESIRED_STATE_ENFORCEMENT = 3; + + // Re-check desired state status for a resource after enforcement of all + // resources in the current configuration run. + // + // This step is used to determine the final desired state status for the + // resource. It accounts for any resources that might have drifted from + // their desired state due to side effects from configuring other resources + // during the current configuration run. + DESIRED_STATE_CHECK_POST_ENFORCEMENT = 4; + } + + // Supported outcomes for a configuration step. + enum Outcome { + option deprecated = true; + + // Default value. This value is unused. + OUTCOME_UNSPECIFIED = 0; + + // The step succeeded. + SUCCEEDED = 1; + + // The step failed. + FAILED = 2; + } + + // Configuration step type. + Type type = 1; + + // Outcome of the configuration step. + Outcome outcome = 2; + + // An error message recorded during the execution of this step. + // Only populated when outcome is FAILED. + string error_message = 3; +} + +// Compliance data for an OS policy resource. +message OSPolicyResourceCompliance { + option deprecated = true; + + // ExecResource specific output. + message ExecResourceOutput { + option deprecated = true; + + // Output from Enforcement phase output file (if run). + // Output size is limited to 100K bytes. + bytes enforcement_output = 2; + } + + // The id of the OS policy resource. + string os_policy_resource_id = 1; + + // Ordered list of configuration steps taken by the agent for the OS policy + // resource. + repeated OSPolicyResourceConfigStep config_steps = 2; + + // Compliance state of the OS policy resource. + OSPolicyComplianceState state = 3; + + // Resource specific output. + oneof output { + // ExecResource specific output. + ExecResourceOutput exec_resource_output = 4; + } +} + +// Supported OSPolicy compliance states. +enum OSPolicyComplianceState { + option deprecated = true; + + // Default value. This value is unused. + OS_POLICY_COMPLIANCE_STATE_UNSPECIFIED = 0; + + // Compliant state. + COMPLIANT = 1; + + // Non-compliant state + NON_COMPLIANT = 2; + + // Unknown compliance state. + UNKNOWN = 3; + + // No applicable OS policies were found for the instance. + // This state is only applicable to the instance. + NO_OS_POLICIES_APPLICABLE = 4; +} diff --git a/third_party/googleapis/google/cloud/osconfig/v1alpha/instance_os_policies_compliance.proto b/third_party/googleapis/google/cloud/osconfig/v1alpha/instance_os_policies_compliance.proto new file mode 100644 index 0000000..501ac3a --- /dev/null +++ b/third_party/googleapis/google/cloud/osconfig/v1alpha/instance_os_policies_compliance.proto @@ -0,0 +1,182 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.osconfig.v1alpha; + +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; +import "google/cloud/osconfig/v1alpha/config_common.proto"; +import "google/protobuf/timestamp.proto"; + +option csharp_namespace = "Google.Cloud.OsConfig.V1Alpha"; +option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1alpha;osconfig"; +option java_multiple_files = true; +option java_outer_classname = "InstanceOSPoliciesComplianceProto"; +option java_package = "com.google.cloud.osconfig.v1alpha"; +option php_namespace = "Google\\Cloud\\OsConfig\\V1alpha"; +option ruby_package = "Google::Cloud::OsConfig::V1alpha"; + +// This API resource represents the OS policies compliance data for a Compute +// Engine virtual machine (VM) instance at a given point in time. +// +// A Compute Engine VM can have multiple OS policy assignments, and each +// assignment can have multiple OS policies. As a result, multiple OS policies +// could be applied to a single VM. +// +// You can use this API resource to determine both the compliance state of your +// VM as well as the compliance state of an individual OS policy. +// +// For more information, see [View +// compliance](https://cloud.google.com/compute/docs/os-configuration-management/view-compliance). +message InstanceOSPoliciesCompliance { + option deprecated = true; + option (google.api.resource) = { + type: "osconfig.googleapis.com/InstanceOSPoliciesCompliance" + pattern: "projects/{project}/locations/{location}/instanceOSPoliciesCompliances/{instance}" + }; + + // Compliance data for an OS policy + message OSPolicyCompliance { + option deprecated = true; + + // The OS policy id + string os_policy_id = 1; + + // Reference to the `OSPolicyAssignment` API resource that the `OSPolicy` + // belongs to. + // + // Format: + // `projects/{project_number}/locations/{location}/osPolicyAssignments/{os_policy_assignment_id@revision_id}` + string os_policy_assignment = 2 [(google.api.resource_reference) = { + type: "osconfig.googleapis.com/OSPolicyAssignment" + }]; + + // Compliance state of the OS policy. + OSPolicyComplianceState state = 4; + + // Compliance data for each `OSPolicyResource` that is applied to the + // VM. + repeated OSPolicyResourceCompliance os_policy_resource_compliances = 5; + } + + // Output only. The `InstanceOSPoliciesCompliance` API resource name. + // + // Format: + // `projects/{project_number}/locations/{location}/instanceOSPoliciesCompliances/{instance_id}` + string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The Compute Engine VM instance name. + string instance = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Compliance state of the VM. + OSPolicyComplianceState state = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Detailed compliance state of the VM. + // This field is populated only when compliance state is `UNKNOWN`. + // + // It may contain one of the following values: + // + // * `no-compliance-data`: Compliance data is not available for this VM. + // * `no-agent-detected`: OS Config agent is not detected for this VM. + // * `config-not-supported-by-agent`: The version of the OS Config agent + // running on this VM does not support configuration management. + // * `inactive`: VM is not running. + // * `internal-service-errors`: There were internal service errors encountered + // while enforcing compliance. + // * `agent-errors`: OS config agent encountered errors while enforcing + // compliance. + string detailed_state = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The reason for the `detailed_state` of the VM (if any). + string detailed_state_reason = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Compliance data for each `OSPolicy` that is applied to the VM. + repeated OSPolicyCompliance os_policy_compliances = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Timestamp of the last compliance check for the VM. + google.protobuf.Timestamp last_compliance_check_time = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Unique identifier for the last compliance run. + // This id will be logged by the OS config agent during a compliance run and + // can be used for debugging and tracing purpose. + string last_compliance_run_id = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; +} + +// A request message for getting OS policies compliance data for the given +// Compute Engine VM instance. +message GetInstanceOSPoliciesComplianceRequest { + option deprecated = true; + + // Required. API resource name for instance OS policies compliance resource. + // + // Format: + // `projects/{project}/locations/{location}/instanceOSPoliciesCompliances/{instance}` + // + // For `{project}`, either Compute Engine project-number or project-id can be + // provided. + // For `{instance}`, either Compute Engine VM instance-id or instance-name can + // be provided. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "osconfig.googleapis.com/InstanceOSPoliciesCompliance" + } + ]; +} + +// A request message for listing OS policies compliance data for all Compute +// Engine VMs in the given location. +message ListInstanceOSPoliciesCompliancesRequest { + option deprecated = true; + + // Required. The parent resource name. + // + // Format: `projects/{project}/locations/{location}` + // + // For `{project}`, either Compute Engine project-number or project-id can be + // provided. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "locations.googleapis.com/Location" + } + ]; + + // The maximum number of results to return. + int32 page_size = 2; + + // A pagination token returned from a previous call to + // `ListInstanceOSPoliciesCompliances` that indicates where this listing + // should continue from. + string page_token = 3; + + // If provided, this field specifies the criteria that must be met by a + // `InstanceOSPoliciesCompliance` API resource to be included in the response. + string filter = 4; +} + +// A response message for listing OS policies compliance data for all Compute +// Engine VMs in the given location. +message ListInstanceOSPoliciesCompliancesResponse { + option deprecated = true; + + // List of instance OS policies compliance objects. + repeated InstanceOSPoliciesCompliance instance_os_policies_compliances = 1; + + // The pagination token to retrieve the next page of instance OS policies + // compliance objects. + string next_page_token = 2; +} diff --git a/third_party/googleapis/google/cloud/osconfig/v1alpha/inventory.proto b/third_party/googleapis/google/cloud/osconfig/v1alpha/inventory.proto new file mode 100644 index 0000000..c524ae1 --- /dev/null +++ b/third_party/googleapis/google/cloud/osconfig/v1alpha/inventory.proto @@ -0,0 +1,383 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.osconfig.v1alpha; + +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; +import "google/protobuf/timestamp.proto"; +import "google/type/date.proto"; + +option csharp_namespace = "Google.Cloud.OsConfig.V1Alpha"; +option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1alpha;osconfig"; +option java_multiple_files = true; +option java_outer_classname = "Inventories"; +option java_package = "com.google.cloud.osconfig.v1alpha"; +option php_namespace = "Google\\Cloud\\OsConfig\\V1alpha"; +option ruby_package = "Google::Cloud::OsConfig::V1alpha"; + +// OS Inventory is a service for collecting and reporting operating +// system and package information on VM instances. + +// This API resource represents the available inventory data for a +// Compute Engine virtual machine (VM) instance at a given point in time. +// +// You can use this API resource to determine the inventory data of your VM. +// +// For more information, see [Information provided by OS inventory +// management](https://cloud.google.com/compute/docs/instances/os-inventory-management#data-collected). +message Inventory { + option (google.api.resource) = { + type: "osconfig.googleapis.com/Inventory" + pattern: "projects/{project}/locations/{location}/instances/{instance}/inventory" + }; + + // Operating system information for the VM. + message OsInfo { + // The VM hostname. + string hostname = 9; + + // The operating system long name. + // For example 'Debian GNU/Linux 9' or 'Microsoft Window Server 2019 + // Datacenter'. + string long_name = 2; + + // The operating system short name. + // For example, 'windows' or 'debian'. + string short_name = 3; + + // The version of the operating system. + string version = 4; + + // The system architecture of the operating system. + string architecture = 5; + + // The kernel version of the operating system. + string kernel_version = 6; + + // The kernel release of the operating system. + string kernel_release = 7; + + // The current version of the OS Config agent running on the VM. + string osconfig_agent_version = 8; + } + + // A single piece of inventory on a VM. + message Item { + // The origin of a specific inventory item. + enum OriginType { + // Invalid. An origin type must be specified. + ORIGIN_TYPE_UNSPECIFIED = 0; + + // This inventory item was discovered as the result of the agent + // reporting inventory via the reporting API. + INVENTORY_REPORT = 1; + } + + // The different types of inventory that are tracked on a VM. + enum Type { + // Invalid. An type must be specified. + TYPE_UNSPECIFIED = 0; + + // This represents a package that is installed on the VM. + INSTALLED_PACKAGE = 1; + + // This represents an update that is available for a package. + AVAILABLE_PACKAGE = 2; + } + + // Identifier for this item, unique across items for this VM. + string id = 1; + + // The origin of this inventory item. + OriginType origin_type = 2; + + // When this inventory item was first detected. + google.protobuf.Timestamp create_time = 8; + + // When this inventory item was last modified. + google.protobuf.Timestamp update_time = 9; + + // The specific type of inventory, correlating to its specific details. + Type type = 5; + + // Specific details of this inventory item based on its type. + oneof details { + // Software package present on the VM instance. + SoftwarePackage installed_package = 6; + + // Software package available to be installed on the VM instance. + SoftwarePackage available_package = 7; + } + } + + // Software package information of the operating system. + message SoftwarePackage { + // Information about the different types of software packages. + oneof details { + // Yum package info. + // For details about the yum package manager, see + // https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/ch-yum. + VersionedPackage yum_package = 1; + + // Details of an APT package. + // For details about the apt package manager, see + // https://wiki.debian.org/Apt. + VersionedPackage apt_package = 2; + + // Details of a Zypper package. + // For details about the Zypper package manager, see + // https://en.opensuse.org/SDB:Zypper_manual. + VersionedPackage zypper_package = 3; + + // Details of a Googet package. + // For details about the googet package manager, see + // https://github.com/google/googet. + VersionedPackage googet_package = 4; + + // Details of a Zypper patch. + // For details about the Zypper package manager, see + // https://en.opensuse.org/SDB:Zypper_manual. + ZypperPatch zypper_patch = 5; + + // Details of a Windows Update package. + // See https://docs.microsoft.com/en-us/windows/win32/api/_wua/ for + // information about Windows Update. + WindowsUpdatePackage wua_package = 6; + + // Details of a Windows Quick Fix engineering package. + // See + // https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-quickfixengineering + // for info in Windows Quick Fix Engineering. + WindowsQuickFixEngineeringPackage qfe_package = 7; + + // Details of a COS package. + VersionedPackage cos_package = 8; + + // Details of Windows Application. + WindowsApplication windows_application = 9; + } + } + + // Information related to the a standard versioned package. This includes + // package info for APT, Yum, Zypper, and Googet package managers. + message VersionedPackage { + // The name of the package. + string package_name = 4; + + // The system architecture this package is intended for. + string architecture = 2; + + // The version of the package. + string version = 3; + } + + // Details related to a Zypper Patch. + message ZypperPatch { + // The name of the patch. + string patch_name = 5; + + // The category of the patch. + string category = 2; + + // The severity specified for this patch + string severity = 3; + + // Any summary information provided about this patch. + string summary = 4; + } + + // Details related to a Windows Update package. + // Field data and names are taken from Windows Update API IUpdate Interface: + // https://docs.microsoft.com/en-us/windows/win32/api/_wua/ + // Descriptive fields like title, and description are localized based on + // the locale of the VM being updated. + message WindowsUpdatePackage { + // Categories specified by the Windows Update. + message WindowsUpdateCategory { + // The identifier of the windows update category. + string id = 1; + + // The name of the windows update category. + string name = 2; + } + + // The localized title of the update package. + string title = 1; + + // The localized description of the update package. + string description = 2; + + // The categories that are associated with this update package. + repeated WindowsUpdateCategory categories = 3; + + // A collection of Microsoft Knowledge Base article IDs that are associated + // with the update package. + repeated string kb_article_ids = 4; + + // A hyperlink to the language-specific support information for the update. + string support_url = 11; + + // A collection of URLs that provide more information about the update + // package. + repeated string more_info_urls = 5; + + // Gets the identifier of an update package. Stays the same across + // revisions. + string update_id = 6; + + // The revision number of this update package. + int32 revision_number = 7; + + // The last published date of the update, in (UTC) date and time. + google.protobuf.Timestamp last_deployment_change_time = 10; + } + + // Information related to a Quick Fix Engineering package. + // Fields are taken from Windows QuickFixEngineering Interface and match + // the source names: + // https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-quickfixengineering + message WindowsQuickFixEngineeringPackage { + // A short textual description of the QFE update. + string caption = 1; + + // A textual description of the QFE update. + string description = 2; + + // Unique identifier associated with a particular QFE update. + string hot_fix_id = 3; + + // Date that the QFE update was installed. Mapped from installed_on field. + google.protobuf.Timestamp install_time = 5; + } + + // Contains information about a Windows application that is retrieved from the + // Windows Registry. For more information about these fields, see: + // https://docs.microsoft.com/en-us/windows/win32/msi/uninstall-registry-key + message WindowsApplication { + // The name of the application or product. + string display_name = 1; + + // The version of the product or application in string format. + string display_version = 2; + + // The name of the manufacturer for the product or application. + string publisher = 3; + + // The last time this product received service. The value of this property + // is replaced each time a patch is applied or removed from the product or + // the command-line option is used to repair the product. + google.type.Date install_date = 4; + + // The internet address for technical support. + string help_link = 5; + } + + // Output only. The `Inventory` API resource name. + // + // Format: + // `projects/{project_number}/locations/{location}/instances/{instance_id}/inventory` + string name = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Base level operating system information for the VM. + OsInfo os_info = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Inventory items related to the VM keyed by an opaque unique identifier for + // each inventory item. The identifier is unique to each distinct and + // addressable inventory item and will change, when there is a new package + // version. + map<string, Item> items = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Timestamp of the last reported inventory for the VM. + google.protobuf.Timestamp update_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; +} + +// A request message for getting inventory data for the specified VM. +message GetInventoryRequest { + // Required. API resource name for inventory resource. + // + // Format: + // `projects/{project}/locations/{location}/instances/{instance}/inventory` + // + // For `{project}`, either `project-number` or `project-id` can be provided. + // For `{instance}`, either Compute Engine `instance-id` or `instance-name` + // can be provided. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "osconfig.googleapis.com/Inventory" + } + ]; + + // Inventory view indicating what information should be included in the + // inventory resource. If unspecified, the default view is BASIC. + InventoryView view = 2; +} + +// A request message for listing inventory data for all VMs in the specified +// location. +message ListInventoriesRequest { + // Required. The parent resource name. + // + // Format: `projects/{project}/locations/{location}/instances/-` + // + // For `{project}`, either `project-number` or `project-id` can be provided. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "compute.googleapis.com/Instance" + } + ]; + + // Inventory view indicating what information should be included in the + // inventory resource. If unspecified, the default view is BASIC. + InventoryView view = 2; + + // The maximum number of results to return. + int32 page_size = 3; + + // A pagination token returned from a previous call to + // `ListInventories` that indicates where this listing + // should continue from. + string page_token = 4; + + // If provided, this field specifies the criteria that must be met by a + // `Inventory` API resource to be included in the response. + string filter = 5; +} + +// A response message for listing inventory data for all VMs in a specified +// location. +message ListInventoriesResponse { + // List of inventory objects. + repeated Inventory inventories = 1; + + // The pagination token to retrieve the next page of inventory objects. + string next_page_token = 2; +} + +// The view for inventory objects. +enum InventoryView { + // The default value. + // The API defaults to the BASIC view. + INVENTORY_VIEW_UNSPECIFIED = 0; + + // Returns the basic inventory information that includes `os_info`. + BASIC = 1; + + // Returns all fields. + FULL = 2; +} diff --git a/third_party/googleapis/google/cloud/osconfig/v1alpha/os_policy.proto b/third_party/googleapis/google/cloud/osconfig/v1alpha/os_policy.proto new file mode 100644 index 0000000..578d82a --- /dev/null +++ b/third_party/googleapis/google/cloud/osconfig/v1alpha/os_policy.proto @@ -0,0 +1,565 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.osconfig.v1alpha; + +import "google/api/field_behavior.proto"; + +option csharp_namespace = "Google.Cloud.OsConfig.V1Alpha"; +option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1alpha;osconfig"; +option java_multiple_files = true; +option java_outer_classname = "OsPolicyProto"; +option java_package = "com.google.cloud.osconfig.v1alpha"; +option php_namespace = "Google\\Cloud\\OsConfig\\V1alpha"; +option ruby_package = "Google::Cloud::OsConfig::V1alpha"; + +// An OS policy defines the desired state configuration for a VM. +message OSPolicy { + // Policy mode + enum Mode { + // Invalid mode + MODE_UNSPECIFIED = 0; + + // This mode checks if the configuration resources in the policy are in + // their desired state. No actions are performed if they are not in the + // desired state. This mode is used for reporting purposes. + VALIDATION = 1; + + // This mode checks if the configuration resources in the policy are in + // their desired state, and if not, enforces the desired state. + ENFORCEMENT = 2; + } + + // Filtering criteria to select VMs based on OS details. + message OSFilter { + // This should match OS short name emitted by the OS inventory agent. + // An empty value matches any OS. + string os_short_name = 1; + + // This value should match the version emitted by the OS inventory + // agent. + // Prefix matches are supported if asterisk(*) is provided as the + // last character. For example, to match all versions with a major + // version of `7`, specify the following value for this field `7.*` + string os_version = 2; + } + + // Filtering criteria to select VMs based on inventory details. + message InventoryFilter { + // Required. The OS short name + string os_short_name = 1 [(google.api.field_behavior) = REQUIRED]; + + // The OS version + // + // Prefix matches are supported if asterisk(*) is provided as the + // last character. For example, to match all versions with a major + // version of `7`, specify the following value for this field `7.*` + // + // An empty string matches all OS versions. + string os_version = 2; + } + + // An OS policy resource is used to define the desired state configuration + // and provides a specific functionality like installing/removing packages, + // executing a script etc. + // + // The system ensures that resources are always in their desired state by + // taking necessary actions if they have drifted from their desired state. + message Resource { + // A remote or local file. + message File { + // Specifies a file available via some URI. + message Remote { + // Required. URI from which to fetch the object. It should contain both the + // protocol and path following the format `{protocol}://{location}`. + string uri = 1 [(google.api.field_behavior) = REQUIRED]; + + // SHA256 checksum of the remote file. + string sha256_checksum = 2; + } + + // Specifies a file available as a Cloud Storage Object. + message Gcs { + // Required. Bucket of the Cloud Storage object. + string bucket = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. Name of the Cloud Storage object. + string object = 2 [(google.api.field_behavior) = REQUIRED]; + + // Generation number of the Cloud Storage object. + int64 generation = 3; + } + + // A specific type of file. + oneof type { + // A generic remote file. + Remote remote = 1; + + // A Cloud Storage object. + Gcs gcs = 2; + + // A local path within the VM to use. + string local_path = 3; + } + + // Defaults to false. When false, files are subject to validations + // based on the file type: + // + // Remote: A checksum must be specified. + // Cloud Storage: An object generation number must be specified. + bool allow_insecure = 4; + } + + // A resource that manages a system package. + message PackageResource { + // The desired state that the OS Config agent maintains on the VM. + enum DesiredState { + // Unspecified is invalid. + DESIRED_STATE_UNSPECIFIED = 0; + + // Ensure that the package is installed. + INSTALLED = 1; + + // The agent ensures that the package is not installed and + // uninstalls it if detected. + REMOVED = 2; + } + + // A deb package file. dpkg packages only support INSTALLED state. + message Deb { + // Required. A deb package. + File source = 1 [(google.api.field_behavior) = REQUIRED]; + + // Whether dependencies should also be installed. + // - install when false: `dpkg -i package` + // - install when true: `apt-get update && apt-get -y install + // package.deb` + bool pull_deps = 2; + } + + // A package managed by APT. + // - install: `apt-get update && apt-get -y install [name]` + // - remove: `apt-get -y remove [name]` + message APT { + // Required. Package name. + string name = 1 [(google.api.field_behavior) = REQUIRED]; + } + + // An RPM package file. RPM packages only support INSTALLED state. + message RPM { + // Required. An rpm package. + File source = 1 [(google.api.field_behavior) = REQUIRED]; + + // Whether dependencies should also be installed. + // - install when false: `rpm --upgrade --replacepkgs package.rpm` + // - install when true: `yum -y install package.rpm` or + // `zypper -y install package.rpm` + bool pull_deps = 2; + } + + // A package managed by YUM. + // - install: `yum -y install package` + // - remove: `yum -y remove package` + message YUM { + // Required. Package name. + string name = 1 [(google.api.field_behavior) = REQUIRED]; + } + + // A package managed by Zypper. + // - install: `zypper -y install package` + // - remove: `zypper -y rm package` + message Zypper { + // Required. Package name. + string name = 1 [(google.api.field_behavior) = REQUIRED]; + } + + // A package managed by GooGet. + // - install: `googet -noconfirm install package` + // - remove: `googet -noconfirm remove package` + message GooGet { + // Required. Package name. + string name = 1 [(google.api.field_behavior) = REQUIRED]; + } + + // An MSI package. MSI packages only support INSTALLED state. + message MSI { + // Required. The MSI package. + File source = 1 [(google.api.field_behavior) = REQUIRED]; + + // Additional properties to use during installation. + // This should be in the format of Property=Setting. + // Appended to the defaults of `ACTION=INSTALL + // REBOOT=ReallySuppress`. + repeated string properties = 2; + } + + // Required. The desired state the agent should maintain for this package. + DesiredState desired_state = 1 [(google.api.field_behavior) = REQUIRED]; + + // A system package. + oneof system_package { + // A package managed by Apt. + APT apt = 2; + + // A deb package file. + Deb deb = 3; + + // A package managed by YUM. + YUM yum = 4; + + // A package managed by Zypper. + Zypper zypper = 5; + + // An rpm package file. + RPM rpm = 6; + + // A package managed by GooGet. + GooGet googet = 7; + + // An MSI package. + MSI msi = 8; + } + } + + // A resource that manages a package repository. + message RepositoryResource { + // Represents a single apt package repository. These will be added to + // a repo file that will be managed at + // `/etc/apt/sources.list.d/google_osconfig.list`. + message AptRepository { + // Type of archive. + enum ArchiveType { + // Unspecified is invalid. + ARCHIVE_TYPE_UNSPECIFIED = 0; + + // Deb indicates that the archive contains binary files. + DEB = 1; + + // Deb-src indicates that the archive contains source files. + DEB_SRC = 2; + } + + // Required. Type of archive files in this repository. + ArchiveType archive_type = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. URI for this repository. + string uri = 2 [(google.api.field_behavior) = REQUIRED]; + + // Required. Distribution of this repository. + string distribution = 3 [(google.api.field_behavior) = REQUIRED]; + + // Required. List of components for this repository. Must contain at least one + // item. + repeated string components = 4 [(google.api.field_behavior) = REQUIRED]; + + // URI of the key file for this repository. The agent maintains a + // keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg`. + string gpg_key = 5; + } + + // Represents a single yum package repository. These are added to a + // repo file that is managed at + // `/etc/yum.repos.d/google_osconfig.repo`. + message YumRepository { + // Required. A one word, unique name for this repository. This is the `repo + // id` in the yum config file and also the `display_name` if + // `display_name` is omitted. This id is also used as the unique + // identifier when checking for resource conflicts. + string id = 1 [(google.api.field_behavior) = REQUIRED]; + + // The display name of the repository. + string display_name = 2; + + // Required. The location of the repository directory. + string base_url = 3 [(google.api.field_behavior) = REQUIRED]; + + // URIs of GPG keys. + repeated string gpg_keys = 4; + } + + // Represents a single zypper package repository. These are added to a + // repo file that is managed at + // `/etc/zypp/repos.d/google_osconfig.repo`. + message ZypperRepository { + // Required. A one word, unique name for this repository. This is the `repo + // id` in the zypper config file and also the `display_name` if + // `display_name` is omitted. This id is also used as the unique + // identifier when checking for GuestPolicy conflicts. + string id = 1 [(google.api.field_behavior) = REQUIRED]; + + // The display name of the repository. + string display_name = 2; + + // Required. The location of the repository directory. + string base_url = 3 [(google.api.field_behavior) = REQUIRED]; + + // URIs of GPG keys. + repeated string gpg_keys = 4; + } + + // Represents a Goo package repository. These are added to a repo file + // that is managed at + // `C:/ProgramData/GooGet/repos/google_osconfig.repo`. + message GooRepository { + // Required. The name of the repository. + string name = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. The url of the repository. + string url = 2 [(google.api.field_behavior) = REQUIRED]; + } + + // A specific type of repository. + oneof repository { + // An Apt Repository. + AptRepository apt = 1; + + // A Yum Repository. + YumRepository yum = 2; + + // A Zypper Repository. + ZypperRepository zypper = 3; + + // A Goo Repository. + GooRepository goo = 4; + } + } + + // A resource that allows executing scripts on the VM. + // + // The `ExecResource` has 2 stages: `validate` and `enforce` and both stages + // accept a script as an argument to execute. + // + // When the `ExecResource` is applied by the agent, it first executes the + // script in the `validate` stage. The `validate` stage can signal that the + // `ExecResource` is already in the desired state by returning an exit code + // of `100`. If the `ExecResource` is not in the desired state, it should + // return an exit code of `101`. Any other exit code returned by this stage + // is considered an error. + // + // If the `ExecResource` is not in the desired state based on the exit code + // from the `validate` stage, the agent proceeds to execute the script from + // the `enforce` stage. If the `ExecResource` is already in the desired + // state, the `enforce` stage will not be run. + // Similar to `validate` stage, the `enforce` stage should return an exit + // code of `100` to indicate that the resource in now in its desired state. + // Any other exit code is considered an error. + // + // NOTE: An exit code of `100` was chosen over `0` (and `101` vs `1`) to + // have an explicit indicator of `in desired state`, `not in desired state` + // and errors. Because, for example, Powershell will always return an exit + // code of `0` unless an `exit` statement is provided in the script. So, for + // reasons of consistency and being explicit, exit codes `100` and `101` + // were chosen. + message ExecResource { + // A file or script to execute. + message Exec { + // The interpreter to use. + enum Interpreter { + // Invalid value, the request will return validation error. + INTERPRETER_UNSPECIFIED = 0; + + // If an interpreter is not specified, the + // source is executed directly. This execution, without an + // interpreter, only succeeds for executables and scripts that have <a + // href="https://en.wikipedia.org/wiki/Shebang_(Unix)" + // class="external">shebang lines</a>. + NONE = 1; + + // Indicates that the script runs with `/bin/sh` on Linux and + // `cmd.exe` on Windows. + SHELL = 2; + + // Indicates that the script runs with PowerShell. + POWERSHELL = 3; + } + + // What to execute. + oneof source { + // A remote or local file. + File file = 1; + + // An inline script. + // The size of the script is limited to 1024 characters. + string script = 2; + } + + // Optional arguments to pass to the source during execution. + repeated string args = 3; + + // Required. The script interpreter to use. + Interpreter interpreter = 4 [(google.api.field_behavior) = REQUIRED]; + + // Only recorded for enforce Exec. + // Path to an output file (that is created by this Exec) whose + // content will be recorded in OSPolicyResourceCompliance after a + // successful run. Absence or failure to read this file will result in + // this ExecResource being non-compliant. Output file size is limited to + // 100K bytes. + string output_file_path = 5; + } + + // Required. What to run to validate this resource is in the desired state. + // An exit code of 100 indicates "in desired state", and exit code of 101 + // indicates "not in desired state". Any other exit code indicates a + // failure running validate. + Exec validate = 1 [(google.api.field_behavior) = REQUIRED]; + + // What to run to bring this resource into the desired state. + // An exit code of 100 indicates "success", any other exit code indicates + // a failure running enforce. + Exec enforce = 2; + } + + // A resource that manages the state of a file. + message FileResource { + // Desired state of the file. + enum DesiredState { + // Unspecified is invalid. + DESIRED_STATE_UNSPECIFIED = 0; + + // Ensure file at path is present. + PRESENT = 1; + + // Ensure file at path is absent. + ABSENT = 2; + + // Ensure the contents of the file at path matches. If the file does + // not exist it will be created. + CONTENTS_MATCH = 3; + } + + // The source for the contents of the file. + oneof source { + // A remote or local source. + File file = 1; + + // A a file with this content. + // The size of the content is limited to 1024 characters. + string content = 2; + } + + // Required. The absolute path of the file within the VM. + string path = 3 [(google.api.field_behavior) = REQUIRED]; + + // Required. Desired state of the file. + DesiredState state = 4 [(google.api.field_behavior) = REQUIRED]; + + // Consists of three octal digits which represent, in + // order, the permissions of the owner, group, and other users for the + // file (similarly to the numeric mode used in the linux chmod + // utility). Each digit represents a three bit number with the 4 bit + // corresponding to the read permissions, the 2 bit corresponds to the + // write bit, and the one bit corresponds to the execute permission. + // Default behavior is 755. + // + // Below are some examples of permissions and their associated values: + // read, write, and execute: 7 + // read and execute: 5 + // read and write: 6 + // read only: 4 + string permissions = 5; + } + + // Required. The id of the resource with the following restrictions: + // + // * Must contain only lowercase letters, numbers, and hyphens. + // * Must start with a letter. + // * Must be between 1-63 characters. + // * Must end with a number or a letter. + // * Must be unique within the OS policy. + string id = 1 [(google.api.field_behavior) = REQUIRED]; + + // Resource type. + oneof resource_type { + // Package resource + PackageResource pkg = 2; + + // Package repository resource + RepositoryResource repository = 3; + + // Exec resource + ExecResource exec = 4; + + // File resource + FileResource file = 5; + } + } + + // Resource groups provide a mechanism to group OS policy resources. + // + // Resource groups enable OS policy authors to create a single OS policy + // to be applied to VMs running different operating Systems. + // + // When the OS policy is applied to a target VM, the appropriate resource + // group within the OS policy is selected based on the `OSFilter` specified + // within the resource group. + message ResourceGroup { + // Deprecated. Use the `inventory_filters` field instead. + // Used to specify the OS filter for a resource group + OSFilter os_filter = 1 [deprecated = true]; + + // List of inventory filters for the resource group. + // + // The resources in this resource group are applied to the target VM if it + // satisfies at least one of the following inventory filters. + // + // For example, to apply this resource group to VMs running either `RHEL` or + // `CentOS` operating systems, specify 2 items for the list with following + // values: + // inventory_filters[0].os_short_name='rhel' and + // inventory_filters[1].os_short_name='centos' + // + // If the list is empty, this resource group will be applied to the target + // VM unconditionally. + repeated InventoryFilter inventory_filters = 3; + + // Required. List of resources configured for this resource group. + // The resources are executed in the exact order specified here. + repeated Resource resources = 2 [(google.api.field_behavior) = REQUIRED]; + } + + // Required. The id of the OS policy with the following restrictions: + // + // * Must contain only lowercase letters, numbers, and hyphens. + // * Must start with a letter. + // * Must be between 1-63 characters. + // * Must end with a number or a letter. + // * Must be unique within the assignment. + string id = 1 [(google.api.field_behavior) = REQUIRED]; + + // Policy description. + // Length of the description is limited to 1024 characters. + string description = 2; + + // Required. Policy mode + Mode mode = 3 [(google.api.field_behavior) = REQUIRED]; + + // Required. List of resource groups for the policy. + // For a particular VM, resource groups are evaluated in the order specified + // and the first resource group that is applicable is selected and the rest + // are ignored. + // + // If none of the resource groups are applicable for a VM, the VM is + // considered to be non-compliant w.r.t this policy. This behavior can be + // toggled by the flag `allow_no_resource_group_match` + repeated ResourceGroup resource_groups = 4 [(google.api.field_behavior) = REQUIRED]; + + // This flag determines the OS policy compliance status when none of the + // resource groups within the policy are applicable for a VM. Set this value + // to `true` if the policy needs to be reported as compliant even if the + // policy has nothing to validate or enforce. + bool allow_no_resource_group_match = 5; +} diff --git a/third_party/googleapis/google/cloud/osconfig/v1alpha/os_policy_assignment_reports.proto b/third_party/googleapis/google/cloud/osconfig/v1alpha/os_policy_assignment_reports.proto new file mode 100644 index 0000000..87905bb --- /dev/null +++ b/third_party/googleapis/google/cloud/osconfig/v1alpha/os_policy_assignment_reports.proto @@ -0,0 +1,296 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.osconfig.v1alpha; + +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; +import "google/protobuf/timestamp.proto"; + +option csharp_namespace = "Google.Cloud.OsConfig.V1Alpha"; +option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1alpha;osconfig"; +option java_multiple_files = true; +option java_outer_classname = "OSPolicyAssignmentReportsProto"; +option java_package = "com.google.cloud.osconfig.v1alpha"; +option php_namespace = "Google\\Cloud\\OsConfig\\V1alpha"; +option ruby_package = "Google::Cloud::OsConfig::V1alpha"; +option (google.api.resource_definition) = { + type: "compute.googleapis.com/InstanceOSPolicyAssignment" + pattern: "projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/{assignment}" +}; + +// Get a report of the OS policy assignment for a VM instance. +message GetOSPolicyAssignmentReportRequest { + // Required. API resource name for OS policy assignment report. + // + // Format: + // `/projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/{assignment}/report` + // + // For `{project}`, either `project-number` or `project-id` can be provided. + // For `{instance_id}`, either Compute Engine `instance-id` or `instance-name` + // can be provided. + // For `{assignment_id}`, the OSPolicyAssignment id must be provided. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "osconfig.googleapis.com/OSPolicyAssignmentReport" + } + ]; +} + +// List the OS policy assignment reports for VM instances. +message ListOSPolicyAssignmentReportsRequest { + // Required. The parent resource name. + // + // Format: + // `projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/{assignment}/reports` + // + // For `{project}`, either `project-number` or `project-id` can be provided. + // For `{instance}`, either `instance-name`, `instance-id`, or `-` can be + // provided. If '-' is provided, the response will include + // OSPolicyAssignmentReports for all instances in the project/location. + // For `{assignment}`, either `assignment-id` or `-` can be provided. If '-' + // is provided, the response will include OSPolicyAssignmentReports for all + // OSPolicyAssignments in the project/location. + // Either {instance} or {assignment} must be `-`. + // + // For example: + // `projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/-/reports` + // returns all reports for the instance + // `projects/{project}/locations/{location}/instances/-/osPolicyAssignments/{assignment-id}/reports` + // returns all the reports for the given assignment across all instances. + // `projects/{project}/locations/{location}/instances/-/osPolicyAssignments/-/reports` + // returns all the reports for all assignments across all instances. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "compute.googleapis.com/InstanceOSPolicyAssignment" + } + ]; + + // The maximum number of results to return. + int32 page_size = 2; + + // If provided, this field specifies the criteria that must be met by the + // `OSPolicyAssignmentReport` API resource that is included in the response. + string filter = 3; + + // A pagination token returned from a previous call to the + // `ListOSPolicyAssignmentReports` method that indicates where this listing + // should continue from. + string page_token = 4; +} + +// A response message for listing OS Policy assignment reports including the +// page of results and page token. +message ListOSPolicyAssignmentReportsResponse { + // List of OS policy assignment reports. + repeated OSPolicyAssignmentReport os_policy_assignment_reports = 1; + + // The pagination token to retrieve the next page of OS policy assignment + // report objects. + string next_page_token = 2; +} + +// A report of the OS policy assignment status for a given instance. +message OSPolicyAssignmentReport { + option (google.api.resource) = { + type: "osconfig.googleapis.com/OSPolicyAssignmentReport" + pattern: "projects/{project}/locations/{location}/instances/{instance}/osPolicyAssignments/{assignment}/report" + }; + + // Compliance data for an OS policy + message OSPolicyCompliance { + // Possible compliance states for an os policy. + enum ComplianceState { + // The policy is in an unknown compliance state. + // + // Refer to the field `compliance_state_reason` to learn the exact reason + // for the policy to be in this compliance state. + UNKNOWN = 0; + + // Policy is compliant. + // + // The policy is compliant if all the underlying resources are also + // compliant. + COMPLIANT = 1; + + // Policy is non-compliant. + // + // The policy is non-compliant if one or more underlying resources are + // non-compliant. + NON_COMPLIANT = 2; + } + + // Compliance data for an OS policy resource. + message OSPolicyResourceCompliance { + // Step performed by the OS Config agent for configuring an + // `OSPolicy` resource to its desired state. + message OSPolicyResourceConfigStep { + // Supported configuration step types + enum Type { + // Default value. This value is unused. + TYPE_UNSPECIFIED = 0; + + // Checks for resource conflicts such as schema errors. + VALIDATION = 1; + + // Checks the current status of the desired state for a resource. + DESIRED_STATE_CHECK = 2; + + // Enforces the desired state for a resource that is not in desired + // state. + DESIRED_STATE_ENFORCEMENT = 3; + + // Re-checks the status of the desired state. This check is done + // for a resource after the enforcement of all OS policies. + // + // This step is used to determine the final desired state status for + // the resource. It accounts for any resources that might have drifted + // from their desired state due to side effects from executing other + // resources. + DESIRED_STATE_CHECK_POST_ENFORCEMENT = 4; + } + + // Configuration step type. + Type type = 1; + + // An error message recorded during the execution of this step. + // Only populated if errors were encountered during this step execution. + string error_message = 2; + } + + // Possible compliance states for a resource. + enum ComplianceState { + // The resource is in an unknown compliance state. + // + // To get more details about why the policy is in this state, review + // the output of the `compliance_state_reason` field. + UNKNOWN = 0; + + // Resource is compliant. + COMPLIANT = 1; + + // Resource is non-compliant. + NON_COMPLIANT = 2; + } + + // ExecResource specific output. + message ExecResourceOutput { + // Output from enforcement phase output file (if run). + // Output size is limited to 100K bytes. + bytes enforcement_output = 2; + } + + // The ID of the OS policy resource. + string os_policy_resource_id = 1; + + // Ordered list of configuration completed by the agent for the OS policy + // resource. + repeated OSPolicyResourceConfigStep config_steps = 2; + + // The compliance state of the resource. + ComplianceState compliance_state = 3; + + // A reason for the resource to be in the given compliance state. + // This field is always populated when `compliance_state` is `UNKNOWN`. + // + // The following values are supported when `compliance_state == UNKNOWN` + // + // * `execution-errors`: Errors were encountered by the agent while + // executing the resource and the compliance state couldn't be + // determined. + // * `execution-skipped-by-agent`: Resource execution was skipped by the + // agent because errors were encountered while executing prior resources + // in the OS policy. + // * `os-policy-execution-attempt-failed`: The execution of the OS policy + // containing this resource failed and the compliance state couldn't be + // determined. + string compliance_state_reason = 4; + + // Resource specific output. + oneof output { + // ExecResource specific output. + ExecResourceOutput exec_resource_output = 5; + } + } + + // The OS policy id + string os_policy_id = 1; + + // The compliance state of the OS policy. + ComplianceState compliance_state = 2; + + // The reason for the OS policy to be in an unknown compliance state. + // This field is always populated when `compliance_state` is `UNKNOWN`. + // + // If populated, the field can contain one of the following values: + // + // * `vm-not-running`: The VM was not running. + // * `os-policies-not-supported-by-agent`: The version of the OS Config + // agent running on the VM does not support running OS policies. + // * `no-agent-detected`: The OS Config agent is not detected for the VM. + // * `resource-execution-errors`: The OS Config agent encountered errors + // while executing one or more resources in the policy. See + // `os_policy_resource_compliances` for details. + // * `task-timeout`: The task sent to the agent to apply the policy timed + // out. + // * `unexpected-agent-state`: The OS Config agent did not report the final + // status of the task that attempted to apply the policy. Instead, the agent + // unexpectedly started working on a different task. This mostly happens + // when the agent or VM unexpectedly restarts while applying OS policies. + // * `internal-service-errors`: Internal service errors were encountered + // while attempting to apply the policy. + string compliance_state_reason = 3; + + // Compliance data for each resource within the policy that is applied to + // the VM. + repeated OSPolicyResourceCompliance os_policy_resource_compliances = 4; + } + + // The `OSPolicyAssignmentReport` API resource name. + // + // Format: + // `projects/{project_number}/locations/{location}/instances/{instance_id}/osPolicyAssignments/{os_policy_assignment_id}/report` + string name = 1; + + // The Compute Engine VM instance name. + string instance = 2; + + // Reference to the `OSPolicyAssignment` API resource that the `OSPolicy` + // belongs to. + // + // Format: + // `projects/{project_number}/locations/{location}/osPolicyAssignments/{os_policy_assignment_id@revision_id}` + string os_policy_assignment = 3 [(google.api.resource_reference) = { + type: "osconfig.googleapis.com/OSPolicyAssignment" + }]; + + // Compliance data for each `OSPolicy` that is applied to the VM. + repeated OSPolicyCompliance os_policy_compliances = 4; + + // Timestamp for when the report was last generated. + google.protobuf.Timestamp update_time = 5; + + // Unique identifier of the last attempted run to apply the OS policies + // associated with this assignment on the VM. + // + // This ID is logged by the OS Config agent while applying the OS + // policies associated with this assignment on the VM. + // NOTE: If the service is unable to successfully connect to the agent for + // this run, then this id will not be available in the agent logs. + string last_run_id = 6; +} diff --git a/third_party/googleapis/google/cloud/osconfig/v1alpha/os_policy_assignments.proto b/third_party/googleapis/google/cloud/osconfig/v1alpha/os_policy_assignments.proto new file mode 100644 index 0000000..3010656 --- /dev/null +++ b/third_party/googleapis/google/cloud/osconfig/v1alpha/os_policy_assignments.proto @@ -0,0 +1,383 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.osconfig.v1alpha; + +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; +import "google/cloud/osconfig/v1alpha/os_policy.proto"; +import "google/cloud/osconfig/v1alpha/osconfig_common.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/field_mask.proto"; +import "google/protobuf/timestamp.proto"; + +option csharp_namespace = "Google.Cloud.OsConfig.V1Alpha"; +option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1alpha;osconfig"; +option java_multiple_files = true; +option java_outer_classname = "OsPolicyAssignmentsProto"; +option java_package = "com.google.cloud.osconfig.v1alpha"; +option php_namespace = "Google\\Cloud\\OsConfig\\V1alpha"; +option ruby_package = "Google::Cloud::OsConfig::V1alpha"; + +// OS policy assignment is an API resource that is used to +// apply a set of OS policies to a dynamically targeted group of Compute Engine +// VM instances. +// +// An OS policy is used to define the desired state configuration for a +// Compute Engine VM instance through a set of configuration resources that +// provide capabilities such as installing or removing software packages, or +// executing a script. +// +// For more information, see [OS policy and OS policy +// assignment](https://cloud.google.com/compute/docs/os-configuration-management/working-with-os-policies). +message OSPolicyAssignment { + option (google.api.resource) = { + type: "osconfig.googleapis.com/OSPolicyAssignment" + pattern: "projects/{project}/locations/{location}/osPolicyAssignments/{os_policy_assignment}" + }; + + // Message representing label set. + // * A label is a key value pair set for a VM. + // * A LabelSet is a set of labels. + // * Labels within a LabelSet are ANDed. In other words, a LabelSet is + // applicable for a VM only if it matches all the labels in the + // LabelSet. + // * Example: A LabelSet with 2 labels: `env=prod` and `type=webserver` will + // only be applicable for those VMs with both labels + // present. + message LabelSet { + // Labels are identified by key/value pairs in this map. + // A VM should contain all the key/value pairs specified in this + // map to be selected. + map<string, string> labels = 1; + } + + // Filters to select target VMs for an assignment. + // + // If more than one filter criteria is specified below, a VM will be selected + // if and only if it satisfies all of them. + message InstanceFilter { + // VM inventory details. + message Inventory { + // Required. The OS short name + string os_short_name = 1 [(google.api.field_behavior) = REQUIRED]; + + // The OS version + // + // Prefix matches are supported if asterisk(*) is provided as the + // last character. For example, to match all versions with a major + // version of `7`, specify the following value for this field `7.*` + // + // An empty string matches all OS versions. + string os_version = 2; + } + + // Target all VMs in the project. If true, no other criteria is + // permitted. + bool all = 1; + + // Deprecated. Use the `inventories` field instead. + // A VM is selected if it's OS short name matches with any of the + // values provided in this list. + repeated string os_short_names = 2 [deprecated = true]; + + // List of label sets used for VM inclusion. + // + // If the list has more than one `LabelSet`, the VM is included if any + // of the label sets are applicable for the VM. + repeated LabelSet inclusion_labels = 3; + + // List of label sets used for VM exclusion. + // + // If the list has more than one label set, the VM is excluded if any + // of the label sets are applicable for the VM. + repeated LabelSet exclusion_labels = 4; + + // List of inventories to select VMs. + // + // A VM is selected if its inventory data matches at least one of the + // following inventories. + repeated Inventory inventories = 5; + } + + // Message to configure the rollout at the zonal level for the OS policy + // assignment. + message Rollout { + // Required. The maximum number (or percentage) of VMs per zone to disrupt at + // any given moment. + FixedOrPercent disruption_budget = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. This determines the minimum duration of time to wait after the + // configuration changes are applied through the current rollout. A + // VM continues to count towards the `disruption_budget` at least + // until this duration of time has passed after configuration changes are + // applied. + google.protobuf.Duration min_wait_duration = 2 [(google.api.field_behavior) = REQUIRED]; + } + + // OS policy assignment rollout state + enum RolloutState { + // Invalid value + ROLLOUT_STATE_UNSPECIFIED = 0; + + // The rollout is in progress. + IN_PROGRESS = 1; + + // The rollout is being cancelled. + CANCELLING = 2; + + // The rollout is cancelled. + CANCELLED = 3; + + // The rollout has completed successfully. + SUCCEEDED = 4; + } + + // Resource name. + // + // Format: + // `projects/{project_number}/locations/{location}/osPolicyAssignments/{os_policy_assignment_id}` + // + // This field is ignored when you create an OS policy assignment. + string name = 1; + + // OS policy assignment description. + // Length of the description is limited to 1024 characters. + string description = 2; + + // Required. List of OS policies to be applied to the VMs. + repeated OSPolicy os_policies = 3 [(google.api.field_behavior) = REQUIRED]; + + // Required. Filter to select VMs. + InstanceFilter instance_filter = 4 [(google.api.field_behavior) = REQUIRED]; + + // Required. Rollout to deploy the OS policy assignment. + // A rollout is triggered in the following situations: + // 1) OSPolicyAssignment is created. + // 2) OSPolicyAssignment is updated and the update contains changes to one of + // the following fields: + // - instance_filter + // - os_policies + // 3) OSPolicyAssignment is deleted. + Rollout rollout = 5 [(google.api.field_behavior) = REQUIRED]; + + // Output only. The assignment revision ID + // A new revision is committed whenever a rollout is triggered for a OS policy + // assignment + string revision_id = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The timestamp that the revision was created. + google.protobuf.Timestamp revision_create_time = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // The etag for this OS policy assignment. + // If this is provided on update, it must match the server's etag. + string etag = 8; + + // Output only. OS policy assignment rollout state + RolloutState rollout_state = 9 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Indicates that this revision has been successfully rolled out in this zone + // and new VMs will be assigned OS policies from this revision. + // + // For a given OS policy assignment, there is only one revision with a value + // of `true` for this field. + bool baseline = 10 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Indicates that this revision deletes the OS policy assignment. + bool deleted = 11 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Indicates that reconciliation is in progress for the revision. + // This value is `true` when the `rollout_state` is one of: + // * IN_PROGRESS + // * CANCELLING + bool reconciling = 12 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Server generated unique id for the OS policy assignment resource. + string uid = 13 [(google.api.field_behavior) = OUTPUT_ONLY]; +} + +// OS policy assignment operation metadata provided by OS policy assignment API +// methods that return long running operations. +message OSPolicyAssignmentOperationMetadata { + // The OS policy assignment API method. + enum APIMethod { + // Invalid value + API_METHOD_UNSPECIFIED = 0; + + // Create OS policy assignment API method + CREATE = 1; + + // Update OS policy assignment API method + UPDATE = 2; + + // Delete OS policy assignment API method + DELETE = 3; + } + + // State of the rollout + enum RolloutState { + // Invalid value + ROLLOUT_STATE_UNSPECIFIED = 0; + + // The rollout is in progress. + IN_PROGRESS = 1; + + // The rollout is being cancelled. + CANCELLING = 2; + + // The rollout is cancelled. + CANCELLED = 3; + + // The rollout has completed successfully. + SUCCEEDED = 4; + } + + // Reference to the `OSPolicyAssignment` API resource. + // + // Format: + // `projects/{project_number}/locations/{location}/osPolicyAssignments/{os_policy_assignment_id@revision_id}` + string os_policy_assignment = 1 [(google.api.resource_reference) = { + type: "osconfig.googleapis.com/OSPolicyAssignment" + }]; + + // The OS policy assignment API method. + APIMethod api_method = 2; + + // State of the rollout + RolloutState rollout_state = 3; + + // Rollout start time + google.protobuf.Timestamp rollout_start_time = 4; + + // Rollout update time + google.protobuf.Timestamp rollout_update_time = 5; +} + +// A request message to create an OS policy assignment +message CreateOSPolicyAssignmentRequest { + // Required. The parent resource name in the form: + // projects/{project}/locations/{location} + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "locations.googleapis.com/Location" + } + ]; + + // Required. The OS policy assignment to be created. + OSPolicyAssignment os_policy_assignment = 2 [(google.api.field_behavior) = REQUIRED]; + + // Required. The logical name of the OS policy assignment in the project + // with the following restrictions: + // + // * Must contain only lowercase letters, numbers, and hyphens. + // * Must start with a letter. + // * Must be between 1-63 characters. + // * Must end with a number or a letter. + // * Must be unique within the project. + string os_policy_assignment_id = 3 [(google.api.field_behavior) = REQUIRED]; +} + +// A request message to update an OS policy assignment +message UpdateOSPolicyAssignmentRequest { + // Required. The updated OS policy assignment. + OSPolicyAssignment os_policy_assignment = 1 [(google.api.field_behavior) = REQUIRED]; + + // Optional. Field mask that controls which fields of the assignment should be updated. + google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = OPTIONAL]; +} + +// A request message to get an OS policy assignment +message GetOSPolicyAssignmentRequest { + // Required. The resource name of OS policy assignment. + // + // Format: + // `projects/{project}/locations/{location}/osPolicyAssignments/{os_policy_assignment}@{revisionId}` + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "osconfig.googleapis.com/OSPolicyAssignment" + } + ]; +} + +// A request message to list OS policy assignments for a parent resource +message ListOSPolicyAssignmentsRequest { + // Required. The parent resource name. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "locations.googleapis.com/Location" + } + ]; + + // The maximum number of assignments to return. + int32 page_size = 2; + + // A pagination token returned from a previous call to + // `ListOSPolicyAssignments` that indicates where this listing should continue + // from. + string page_token = 3; +} + +// A response message for listing all assignments under given parent. +message ListOSPolicyAssignmentsResponse { + // The list of assignments + repeated OSPolicyAssignment os_policy_assignments = 1; + + // The pagination token to retrieve the next page of OS policy assignments. + string next_page_token = 2; +} + +// A request message to list revisions for a OS policy assignment +message ListOSPolicyAssignmentRevisionsRequest { + // Required. The name of the OS policy assignment to list revisions for. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "osconfig.googleapis.com/OSPolicyAssignment" + } + ]; + + // The maximum number of revisions to return. + int32 page_size = 2; + + // A pagination token returned from a previous call to + // `ListOSPolicyAssignmentRevisions` that indicates where this listing should + // continue from. + string page_token = 3; +} + +// A response message for listing all revisions for a OS policy assignment. +message ListOSPolicyAssignmentRevisionsResponse { + // The OS policy assignment revisions + repeated OSPolicyAssignment os_policy_assignments = 1; + + // The pagination token to retrieve the next page of OS policy assignment + // revisions. + string next_page_token = 2; +} + +// A request message for deleting a OS policy assignment. +message DeleteOSPolicyAssignmentRequest { + // Required. The name of the OS policy assignment to be deleted + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "osconfig.googleapis.com/OSPolicyAssignment" + } + ]; +} diff --git a/third_party/googleapis/google/cloud/osconfig/v1alpha/osconfig_common.proto b/third_party/googleapis/google/cloud/osconfig/v1alpha/osconfig_common.proto new file mode 100644 index 0000000..1d2b58a --- /dev/null +++ b/third_party/googleapis/google/cloud/osconfig/v1alpha/osconfig_common.proto @@ -0,0 +1,40 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.osconfig.v1alpha; + + +option csharp_namespace = "Google.Cloud.OsConfig.V1Alpha"; +option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1alpha;osconfig"; +option java_multiple_files = true; +option java_outer_classname = "Common"; +option java_package = "com.google.cloud.osconfig.v1alpha"; +option php_namespace = "Google\\Cloud\\OsConfig\\V1alpha"; +option ruby_package = "Google::Cloud::OsConfig::V1alpha"; + +// Message encapsulating a value that can be either absolute ("fixed") or +// relative ("percent") to a value. +message FixedOrPercent { + // Type of the value. + oneof mode { + // Specifies a fixed value. + int32 fixed = 1; + + // Specifies the relative value defined as a percentage, which will be + // multiplied by a reference value. + int32 percent = 2; + } +} diff --git a/third_party/googleapis/google/cloud/osconfig/v1alpha/osconfig_grpc_service_config.json b/third_party/googleapis/google/cloud/osconfig/v1alpha/osconfig_grpc_service_config.json new file mode 100644 index 0000000..69b69d8 --- /dev/null +++ b/third_party/googleapis/google/cloud/osconfig/v1alpha/osconfig_grpc_service_config.json @@ -0,0 +1,13 @@ +{ + "methodConfig": [{ + "name": [{ "service": "google.cloud.osconfig.v1alpha.OsConfigZonalService" }], + "timeout": "60s", + "retryPolicy": { + "maxAttempts": 5, + "initialBackoff": "1s", + "maxBackoff": "60s", + "backoffMultiplier": 1.3, + "retryableStatusCodes": ["UNAVAILABLE"] + } + }] +} diff --git a/third_party/googleapis/google/cloud/osconfig/v1alpha/osconfig_v1alpha.yaml b/third_party/googleapis/google/cloud/osconfig/v1alpha/osconfig_v1alpha.yaml new file mode 100644 index 0000000..0bc2f30 --- /dev/null +++ b/third_party/googleapis/google/cloud/osconfig/v1alpha/osconfig_v1alpha.yaml @@ -0,0 +1,43 @@ +type: google.api.Service +config_version: 3 +name: osconfig.googleapis.com +title: OS Config API + +apis: +- name: google.cloud.osconfig.v1alpha.OsConfigZonalService + +types: +- name: google.cloud.osconfig.v1alpha.OSPolicyAssignmentOperationMetadata + +documentation: + summary: |- + OS management tools that can be used for patch management, patch + compliance, and configuration management on VM instances. + +backend: + rules: + - selector: 'google.cloud.osconfig.v1alpha.OsConfigZonalService.*' + deadline: 30.0 + +http: + rules: + - selector: google.longrunning.Operations.CancelOperation + post: '/v1alpha/{name=projects/*/locations/*/osPolicyAssignments/*/operations/*}:cancel' + body: '*' + - selector: google.longrunning.Operations.GetOperation + get: '/v1alpha/{name=projects/*/locations/*/osPolicyAssignments/*/operations/*}' + +authentication: + rules: + - selector: 'google.cloud.osconfig.v1alpha.OsConfigZonalService.*' + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform + - selector: google.longrunning.Operations.CancelOperation + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform + - selector: google.longrunning.Operations.GetOperation + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform diff --git a/third_party/googleapis/google/cloud/osconfig/v1alpha/osconfig_zonal_service.proto b/third_party/googleapis/google/cloud/osconfig/v1alpha/osconfig_zonal_service.proto new file mode 100644 index 0000000..bb73fbd --- /dev/null +++ b/third_party/googleapis/google/cloud/osconfig/v1alpha/osconfig_zonal_service.proto @@ -0,0 +1,215 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.osconfig.v1alpha; + +import "google/api/annotations.proto"; +import "google/api/client.proto"; +import "google/api/resource.proto"; +import "google/cloud/osconfig/v1alpha/instance_os_policies_compliance.proto"; +import "google/cloud/osconfig/v1alpha/inventory.proto"; +import "google/cloud/osconfig/v1alpha/os_policy_assignment_reports.proto"; +import "google/cloud/osconfig/v1alpha/os_policy_assignments.proto"; +import "google/cloud/osconfig/v1alpha/vulnerability.proto"; +import "google/longrunning/operations.proto"; + +option csharp_namespace = "Google.Cloud.OsConfig.V1Alpha"; +option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1alpha;osconfig"; +option java_multiple_files = true; +option java_outer_classname = "OsConfigZonalServiceProto"; +option java_package = "com.google.cloud.osconfig.v1alpha"; +option php_namespace = "Google\\Cloud\\OsConfig\\V1alpha"; +option ruby_package = "Google::Cloud::OsConfig::V1alpha"; +option (google.api.resource_definition) = { + type: "compute.googleapis.com/Instance" + pattern: "projects/{project}/locations/{location}/instances/{instance}" +}; + +// Zonal OS Config API +// +// The OS Config service is the server-side component that allows users to +// manage package installations and patch jobs for Compute Engine VM instances. +service OsConfigZonalService { + option (google.api.default_host) = "osconfig.googleapis.com"; + option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; + + // Create an OS policy assignment. + // + // This method also creates the first revision of the OS policy assignment. + // + // This method returns a long running operation (LRO) that contains the + // rollout details. The rollout can be cancelled by cancelling the LRO. + // + // For more information, see [Method: + // projects.locations.osPolicyAssignments.operations.cancel](https://cloud.google.com/compute/docs/osconfig/rest/v1alpha/projects.locations.osPolicyAssignments.operations/cancel). + rpc CreateOSPolicyAssignment(CreateOSPolicyAssignmentRequest) returns (google.longrunning.Operation) { + option (google.api.http) = { + post: "/v1alpha/{parent=projects/*/locations/*}/osPolicyAssignments" + body: "os_policy_assignment" + }; + option (google.api.method_signature) = "parent,os_policy_assignment,os_policy_assignment_id"; + option (google.longrunning.operation_info) = { + response_type: "OSPolicyAssignment" + metadata_type: "OSPolicyAssignmentOperationMetadata" + }; + } + + // Update an existing OS policy assignment. + // + // This method creates a new revision of the OS policy assignment. + // + // This method returns a long running operation (LRO) that contains the + // rollout details. The rollout can be cancelled by cancelling the LRO. + // + // For more information, see [Method: + // projects.locations.osPolicyAssignments.operations.cancel](https://cloud.google.com/compute/docs/osconfig/rest/v1alpha/projects.locations.osPolicyAssignments.operations/cancel). + rpc UpdateOSPolicyAssignment(UpdateOSPolicyAssignmentRequest) returns (google.longrunning.Operation) { + option (google.api.http) = { + patch: "/v1alpha/{os_policy_assignment.name=projects/*/locations/*/osPolicyAssignments/*}" + body: "os_policy_assignment" + }; + option (google.api.method_signature) = "os_policy_assignment,update_mask"; + option (google.longrunning.operation_info) = { + response_type: "OSPolicyAssignment" + metadata_type: "OSPolicyAssignmentOperationMetadata" + }; + } + + // Retrieve an existing OS policy assignment. + // + // This method always returns the latest revision. In order to retrieve a + // previous revision of the assignment, also provide the revision ID in the + // `name` parameter. + rpc GetOSPolicyAssignment(GetOSPolicyAssignmentRequest) returns (OSPolicyAssignment) { + option (google.api.http) = { + get: "/v1alpha/{name=projects/*/locations/*/osPolicyAssignments/*}" + }; + option (google.api.method_signature) = "name"; + } + + // List the OS policy assignments under the parent resource. + // + // For each OS policy assignment, the latest revision is returned. + rpc ListOSPolicyAssignments(ListOSPolicyAssignmentsRequest) returns (ListOSPolicyAssignmentsResponse) { + option (google.api.http) = { + get: "/v1alpha/{parent=projects/*/locations/*}/osPolicyAssignments" + }; + option (google.api.method_signature) = "parent"; + } + + // List the OS policy assignment revisions for a given OS policy assignment. + rpc ListOSPolicyAssignmentRevisions(ListOSPolicyAssignmentRevisionsRequest) returns (ListOSPolicyAssignmentRevisionsResponse) { + option (google.api.http) = { + get: "/v1alpha/{name=projects/*/locations/*/osPolicyAssignments/*}:listRevisions" + }; + option (google.api.method_signature) = "name"; + } + + // Delete the OS policy assignment. + // + // This method creates a new revision of the OS policy assignment. + // + // This method returns a long running operation (LRO) that contains the + // rollout details. The rollout can be cancelled by cancelling the LRO. + // + // If the LRO completes and is not cancelled, all revisions associated with + // the OS policy assignment are deleted. + // + // For more information, see [Method: + // projects.locations.osPolicyAssignments.operations.cancel](https://cloud.google.com/compute/docs/osconfig/rest/v1alpha/projects.locations.osPolicyAssignments.operations/cancel). + rpc DeleteOSPolicyAssignment(DeleteOSPolicyAssignmentRequest) returns (google.longrunning.Operation) { + option (google.api.http) = { + delete: "/v1alpha/{name=projects/*/locations/*/osPolicyAssignments/*}" + }; + option (google.api.method_signature) = "name"; + option (google.longrunning.operation_info) = { + response_type: "google.protobuf.Empty" + metadata_type: "OSPolicyAssignmentOperationMetadata" + }; + } + + // Get OS policies compliance data for the specified Compute Engine VM + // instance. + rpc GetInstanceOSPoliciesCompliance(GetInstanceOSPoliciesComplianceRequest) returns (InstanceOSPoliciesCompliance) { + option deprecated = true; + option (google.api.http) = { + get: "/v1alpha/{name=projects/*/locations/*/instanceOSPoliciesCompliances/*}" + }; + option (google.api.method_signature) = "name"; + } + + // List OS policies compliance data for all Compute Engine VM instances in the + // specified zone. + rpc ListInstanceOSPoliciesCompliances(ListInstanceOSPoliciesCompliancesRequest) returns (ListInstanceOSPoliciesCompliancesResponse) { + option deprecated = true; + option (google.api.http) = { + get: "/v1alpha/{parent=projects/*/locations/*}/instanceOSPoliciesCompliances" + }; + option (google.api.method_signature) = "parent"; + } + + // Get the OS policy asssignment report for the specified Compute Engine VM + // instance. + rpc GetOSPolicyAssignmentReport(GetOSPolicyAssignmentReportRequest) returns (OSPolicyAssignmentReport) { + option (google.api.http) = { + get: "/v1alpha/{name=projects/*/locations/*/instances/*/osPolicyAssignments/*/report}" + }; + option (google.api.method_signature) = "name"; + } + + // List OS policy asssignment reports for all Compute Engine VM instances in + // the specified zone. + rpc ListOSPolicyAssignmentReports(ListOSPolicyAssignmentReportsRequest) returns (ListOSPolicyAssignmentReportsResponse) { + option (google.api.http) = { + get: "/v1alpha/{parent=projects/*/locations/*/instances/*/osPolicyAssignments/*}/reports" + }; + option (google.api.method_signature) = "parent"; + } + + // Get inventory data for the specified VM instance. If the VM has no + // associated inventory, the message `NOT_FOUND` is returned. + rpc GetInventory(GetInventoryRequest) returns (Inventory) { + option (google.api.http) = { + get: "/v1alpha/{name=projects/*/locations/*/instances/*/inventory}" + }; + option (google.api.method_signature) = "name"; + } + + // List inventory data for all VM instances in the specified zone. + rpc ListInventories(ListInventoriesRequest) returns (ListInventoriesResponse) { + option (google.api.http) = { + get: "/v1alpha/{parent=projects/*/locations/*/instances/*}/inventories" + }; + option (google.api.method_signature) = "parent"; + } + + // Gets the vulnerability report for the specified VM instance. Only VMs with + // inventory data have vulnerability reports associated with them. + rpc GetVulnerabilityReport(GetVulnerabilityReportRequest) returns (VulnerabilityReport) { + option (google.api.http) = { + get: "/v1alpha/{name=projects/*/locations/*/instances/*/vulnerabilityReport}" + }; + option (google.api.method_signature) = "name"; + } + + // List vulnerability reports for all VM instances in the specified zone. + rpc ListVulnerabilityReports(ListVulnerabilityReportsRequest) returns (ListVulnerabilityReportsResponse) { + option (google.api.http) = { + get: "/v1alpha/{parent=projects/*/locations/*/instances/*}/vulnerabilityReports" + }; + option (google.api.method_signature) = "parent"; + } +} diff --git a/third_party/googleapis/google/cloud/osconfig/v1alpha/vulnerability.proto b/third_party/googleapis/google/cloud/osconfig/v1alpha/vulnerability.proto new file mode 100644 index 0000000..54080ba --- /dev/null +++ b/third_party/googleapis/google/cloud/osconfig/v1alpha/vulnerability.proto @@ -0,0 +1,365 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.osconfig.v1alpha; + +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; +import "google/protobuf/timestamp.proto"; + +option csharp_namespace = "Google.Cloud.OsConfig.V1Alpha"; +option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1alpha;osconfig"; +option java_multiple_files = true; +option java_outer_classname = "VulnerabilityProto"; +option java_package = "com.google.cloud.osconfig.v1alpha"; +option php_namespace = "Google\\Cloud\\OsConfig\\V1alpha"; +option ruby_package = "Google::Cloud::OsConfig::V1alpha"; + +// This API resource represents the vulnerability report for a specified +// Compute Engine virtual machine (VM) instance at a given point in time. +// +// For more information, see [Vulnerability +// reports](https://cloud.google.com/compute/docs/instances/os-inventory-management#vulnerability-reports). +message VulnerabilityReport { + option (google.api.resource) = { + type: "osconfig.googleapis.com/VulnerabilityReport" + pattern: "projects/{project}/locations/{location}/instances/{instance}/vulnerabilityReport" + }; + + // A vulnerability affecting the VM instance. + message Vulnerability { + // Contains metadata information for the vulnerability. This information is + // collected from the upstream feed of the operating system. + message Details { + // A reference for this vulnerability. + message Reference { + // The url of the reference. + string url = 1; + + // The source of the reference e.g. NVD. + string source = 2; + } + + // The CVE of the vulnerability. CVE cannot be + // empty and the combination of <cve, classification> should be unique + // across vulnerabilities for a VM. + string cve = 1; + + // The CVSS V2 score of this vulnerability. CVSS V2 score is on a scale of + // 0 - 10 where 0 indicates low severity and 10 indicates high severity. + float cvss_v2_score = 2; + + // The full description of the CVSSv3 for this vulnerability from NVD. + CVSSv3 cvss_v3 = 3; + + // Assigned severity/impact ranking from the distro. + string severity = 4; + + // The note or description describing the vulnerability from the distro. + string description = 5; + + // Corresponds to the references attached to the `VulnerabilityDetails`. + repeated Reference references = 6; + } + + // OS inventory item that is affected by a vulnerability or fixed as a + // result of a vulnerability. + message Item { + // Corresponds to the `INSTALLED_PACKAGE` inventory item on the VM. + // This field displays the inventory items affected by this vulnerability. + // If the vulnerability report was not updated after the VM inventory + // update, these values might not display in VM inventory. For some + // operating systems, this field might be empty. + string installed_inventory_item_id = 1; + + // Corresponds to the `AVAILABLE_PACKAGE` inventory item on the VM. + // If the vulnerability report was not updated after the VM inventory + // update, these values might not display in VM inventory. If there is no + // available fix, the field is empty. The `inventory_item` value specifies + // the latest `SoftwarePackage` available to the VM that fixes the + // vulnerability. + string available_inventory_item_id = 2; + + // The recommended [CPE URI](https://cpe.mitre.org/specification/) update + // that contains a fix for this vulnerability. + string fixed_cpe_uri = 3; + + // The upstream OS patch, packages or KB that fixes the vulnerability. + string upstream_fix = 4; + } + + // Contains metadata as per the upstream feed of the operating system and + // NVD. + Details details = 1; + + // Corresponds to the `INSTALLED_PACKAGE` inventory item on the VM. + // This field displays the inventory items affected by this vulnerability. + // If the vulnerability report was not updated after the VM inventory + // update, these values might not display in VM inventory. For some distros, + // this field may be empty. + repeated string installed_inventory_item_ids = 2 [deprecated = true]; + + // Corresponds to the `AVAILABLE_PACKAGE` inventory item on the VM. + // If the vulnerability report was not updated after the VM inventory + // update, these values might not display in VM inventory. If there is no + // available fix, the field is empty. The `inventory_item` value specifies + // the latest `SoftwarePackage` available to the VM that fixes the + // vulnerability. + repeated string available_inventory_item_ids = 3 [deprecated = true]; + + // The timestamp for when the vulnerability was first detected. + google.protobuf.Timestamp create_time = 4; + + // The timestamp for when the vulnerability was last modified. + google.protobuf.Timestamp update_time = 5; + + // List of items affected by the vulnerability. + repeated Item items = 6; + } + + // Output only. The `vulnerabilityReport` API resource name. + // + // Format: + // `projects/{project_number}/locations/{location}/instances/{instance_id}/vulnerabilityReport` + string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. List of vulnerabilities affecting the VM. + repeated Vulnerability vulnerabilities = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The timestamp for when the last vulnerability report was generated for the + // VM. + google.protobuf.Timestamp update_time = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; +} + +// A request message for getting the vulnerability report for the specified VM. +message GetVulnerabilityReportRequest { + // Required. API resource name for vulnerability resource. + // + // Format: + // `projects/{project}/locations/{location}/instances/{instance}/vulnerabilityReport` + // + // For `{project}`, either `project-number` or `project-id` can be provided. + // For `{instance}`, either Compute Engine `instance-id` or `instance-name` + // can be provided. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "osconfig.googleapis.com/VulnerabilityReport" + } + ]; +} + +// A request message for listing vulnerability reports for all VM instances in +// the specified location. +message ListVulnerabilityReportsRequest { + // Required. The parent resource name. + // + // Format: `projects/{project}/locations/{location}/instances/-` + // + // For `{project}`, either `project-number` or `project-id` can be provided. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "compute.googleapis.com/Instance" + } + ]; + + // The maximum number of results to return. + int32 page_size = 2; + + // A pagination token returned from a previous call to + // `ListVulnerabilityReports` that indicates where this listing + // should continue from. + string page_token = 3; + + // If provided, this field specifies the criteria that must be met by a + // `vulnerabilityReport` API resource to be included in the response. + string filter = 4; +} + +// A response message for listing vulnerability reports for all VM instances in +// the specified location. +message ListVulnerabilityReportsResponse { + // List of vulnerabilityReport objects. + repeated VulnerabilityReport vulnerability_reports = 1; + + // The pagination token to retrieve the next page of vulnerabilityReports + // object. + string next_page_token = 2; +} + +// Common Vulnerability Scoring System version 3. +// For details, see https://www.first.org/cvss/specification-document +message CVSSv3 { + // This metric reflects the context by which vulnerability exploitation is + // possible. + enum AttackVector { + // Invalid value. + ATTACK_VECTOR_UNSPECIFIED = 0; + + // The vulnerable component is bound to the network stack and the set of + // possible attackers extends beyond the other options listed below, up to + // and including the entire Internet. + ATTACK_VECTOR_NETWORK = 1; + + // The vulnerable component is bound to the network stack, but the attack is + // limited at the protocol level to a logically adjacent topology. + ATTACK_VECTOR_ADJACENT = 2; + + // The vulnerable component is not bound to the network stack and the + // attacker's path is via read/write/execute capabilities. + ATTACK_VECTOR_LOCAL = 3; + + // The attack requires the attacker to physically touch or manipulate the + // vulnerable component. + ATTACK_VECTOR_PHYSICAL = 4; + } + + // This metric describes the conditions beyond the attacker's control that + // must exist in order to exploit the vulnerability. + enum AttackComplexity { + // Invalid value. + ATTACK_COMPLEXITY_UNSPECIFIED = 0; + + // Specialized access conditions or extenuating circumstances do not exist. + // An attacker can expect repeatable success when attacking the vulnerable + // component. + ATTACK_COMPLEXITY_LOW = 1; + + // A successful attack depends on conditions beyond the attacker's control. + // That is, a successful attack cannot be accomplished at will, but requires + // the attacker to invest in some measurable amount of effort in preparation + // or execution against the vulnerable component before a successful attack + // can be expected. + ATTACK_COMPLEXITY_HIGH = 2; + } + + // This metric describes the level of privileges an attacker must possess + // before successfully exploiting the vulnerability. + enum PrivilegesRequired { + // Invalid value. + PRIVILEGES_REQUIRED_UNSPECIFIED = 0; + + // The attacker is unauthorized prior to attack, and therefore does not + // require any access to settings or files of the vulnerable system to + // carry out an attack. + PRIVILEGES_REQUIRED_NONE = 1; + + // The attacker requires privileges that provide basic user capabilities + // that could normally affect only settings and files owned by a user. + // Alternatively, an attacker with Low privileges has the ability to access + // only non-sensitive resources. + PRIVILEGES_REQUIRED_LOW = 2; + + // The attacker requires privileges that provide significant (e.g., + // administrative) control over the vulnerable component allowing access to + // component-wide settings and files. + PRIVILEGES_REQUIRED_HIGH = 3; + } + + // This metric captures the requirement for a human user, other than the + // attacker, to participate in the successful compromise of the vulnerable + // component. + enum UserInteraction { + // Invalid value. + USER_INTERACTION_UNSPECIFIED = 0; + + // The vulnerable system can be exploited without interaction from any user. + USER_INTERACTION_NONE = 1; + + // Successful exploitation of this vulnerability requires a user to take + // some action before the vulnerability can be exploited. + USER_INTERACTION_REQUIRED = 2; + } + + // The Scope metric captures whether a vulnerability in one vulnerable + // component impacts resources in components beyond its security scope. + enum Scope { + // Invalid value. + SCOPE_UNSPECIFIED = 0; + + // An exploited vulnerability can only affect resources managed by the same + // security authority. + SCOPE_UNCHANGED = 1; + + // An exploited vulnerability can affect resources beyond the security scope + // managed by the security authority of the vulnerable component. + SCOPE_CHANGED = 2; + } + + // The Impact metrics capture the effects of a successfully exploited + // vulnerability on the component that suffers the worst outcome that is most + // directly and predictably associated with the attack. + enum Impact { + // Invalid value. + IMPACT_UNSPECIFIED = 0; + + // High impact. + IMPACT_HIGH = 1; + + // Low impact. + IMPACT_LOW = 2; + + // No impact. + IMPACT_NONE = 3; + } + + // The base score is a function of the base metric scores. + // https://www.first.org/cvss/specification-document#Base-Metrics + float base_score = 1; + + // The Exploitability sub-score equation is derived from the Base + // Exploitability metrics. + // https://www.first.org/cvss/specification-document#2-1-Exploitability-Metrics + float exploitability_score = 2; + + // The Impact sub-score equation is derived from the Base Impact metrics. + float impact_score = 3; + + // This metric reflects the context by which vulnerability exploitation is + // possible. + AttackVector attack_vector = 5; + + // This metric describes the conditions beyond the attacker's control that + // must exist in order to exploit the vulnerability. + AttackComplexity attack_complexity = 6; + + // This metric describes the level of privileges an attacker must possess + // before successfully exploiting the vulnerability. + PrivilegesRequired privileges_required = 7; + + // This metric captures the requirement for a human user, other than the + // attacker, to participate in the successful compromise of the vulnerable + // component. + UserInteraction user_interaction = 8; + + // The Scope metric captures whether a vulnerability in one vulnerable + // component impacts resources in components beyond its security scope. + Scope scope = 9; + + // This metric measures the impact to the confidentiality of the information + // resources managed by a software component due to a successfully exploited + // vulnerability. + Impact confidentiality_impact = 10; + + // This metric measures the impact to integrity of a successfully exploited + // vulnerability. + Impact integrity_impact = 11; + + // This metric measures the impact to the availability of the impacted + // component resulting from a successfully exploited vulnerability. + Impact availability_impact = 12; +} |