OsPolicyAssignment is the Schema for the OsPolicyAssignments API. Represents an OSPolicyAssignment resource.
Type
CRD
Group
osconfig.gcp.upbound.io
Version
v1beta1
apiVersion: osconfig.gcp.upbound.io/v1beta1
kind: OsPolicyAssignment
OsPolicyAssignmentSpec defines the desired state of OsPolicyAssignment
No description provided.
Required. Filter to select VMs.
List of label sets used for VM exclusion. If the list has more than one label set, the VM is excluded if any of the label sets are applicable for the VM.
List of label sets used for VM inclusion. If the list has more than one LabelSet, the VM is included if any of the label sets are applicable for the VM.
List of inventories to select VMs. A VM is selected if its inventory data matches at least one of the following inventories.
Required. List of OS policies to be applied to the VMs.
Required. List of resource groups for the policy. For a particular VM, resource groups are evaluated in the order specified and the first resource group that is applicable is selected and the rest are ignored. If none of the resource groups are applicable for a VM, the VM is considered to be non-compliant w.r.t this policy. This behavior can be toggled by the flag allow_no_resource_group_match
List of inventory filters for the resource group. The resources in this resource group are applied to the target VM if it satisfies at least one of the following inventory filters. For example, to apply this resource group to VMs running either RHEL or CentOS operating systems, specify 2 items for the list with following values: inventory_filters[0].os_short_name='rhel' and inventory_filters[1].os_short_name='centos' If the list is empty, this resource group will be applied to the target VM unconditionally.
Required. List of resources configured for this resource group. The resources are executed in the exact order specified here.
Exec resource
What to run to bring this resource into the desired state. An exit code of 100 indicates "success", any other exit code indicates a failure running enforce.
Optional arguments to pass to the source during execution.
A remote or local file.
A Cloud Storage object.
A generic remote file.
Required. What to run to validate this resource is in the desired state. An exit code of 100 indicates "in desired state", and exit code of 101 indicates "not in desired state". Any other exit code indicates a failure running validate.
Optional arguments to pass to the source during execution.
A remote or local file.
A Cloud Storage object.
A generic remote file.
A remote or local file.
A remote or local file.
A Cloud Storage object.
A generic remote file.
Package resource
A deb package file.
Required. An rpm package.
A Cloud Storage object.
A generic remote file.
An MSI package.
Additional properties to use during installation. This should be in the format of Property=Setting. Appended to the defaults of ACTION=INSTALL REBOOT=ReallySuppress.
Required. An rpm package.
A Cloud Storage object.
A generic remote file.
An rpm package file.
Required. An rpm package.
A Cloud Storage object.
A generic remote file.
Package repository resource
An Apt Repository.
Required. List of components for this repository. Must contain at least one item.
A Yum Repository.
A Zypper Repository.
Required. Rollout to deploy the OS policy assignment. A rollout is triggered in the following situations: 1) OSPolicyAssignment is created. 2) OSPolicyAssignment is updated and the update contains changes to one of the following fields: - instance_filter - os_policies 3) OSPolicyAssignment is deleted.
ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
Policies for referencing.
ProviderReference specifies the provider that will be used to create, observe, update, and delete this managed resource. Deprecated: Please use ProviderConfigReference, i.e. providerConfigRef
Policies for referencing.
PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
OsPolicyAssignmentStatus defines the observed state of OsPolicyAssignment.
No description provided.
Required. List of OS policies to be applied to the VMs.
Required. List of resource groups for the policy. For a particular VM, resource groups are evaluated in the order specified and the first resource group that is applicable is selected and the rest are ignored. If none of the resource groups are applicable for a VM, the VM is considered to be non-compliant w.r.t this policy. This behavior can be toggled by the flag allow_no_resource_group_match
Required. List of resources configured for this resource group. The resources are executed in the exact order specified here.
A remote or local file.
Conditions of the resource.
os-policy-assignment-${Rand.RFC1123Subdomain}
apiVersion: osconfig.gcp.upbound.io/v1beta1
kind: OsPolicyAssignment
metadata:
annotations:
meta.upbound.io/example-id: osconfig/v1beta1/ospolicyassignment
labels:
testing.upbound.io/example-name: os-policy-assignment
name: os-policy-assignment-${Rand.RFC1123Subdomain}
spec:
forProvider:
description: A test os policy assignment
instanceFilter:
- all: false
exclusionLabels:
- labels:
label-two: value-two
inclusionLabels:
- labels:
label-one: value-one
inventories:
- osShortName: centos
osVersion: 8.*
location: us-central1-a
osPolicies:
- allowNoResourceGroupMatch: false
description: A test os policy
id: policy
mode: VALIDATION
resourceGroups:
- inventoryFilters:
- osShortName: centos
osVersion: 8.*
resources:
- id: apt
pkg:
- apt:
- name: bazel
desiredState: INSTALLED
- id: deb1
pkg:
- deb:
- source:
- localPath: $HOME/package.deb
desiredState: INSTALLED
- id: deb2
pkg:
- deb:
- pullDeps: true
source:
- allowInsecure: true
remote:
- sha256Checksum: 3bbfd1043cd7afdb78cf9afec36c0c5370d2fea98166537b4e67f3816f256025
uri: ftp.us.debian.org/debian/package.deb
desiredState: INSTALLED
- id: deb3
pkg:
- deb:
- pullDeps: true
source:
- gcs:
- bucket: test-bucket
generation: 1
object: test-object
desiredState: INSTALLED
- id: yum
pkg:
- desiredState: INSTALLED
yum:
- name: gstreamer-plugins-base-devel.x86_64
- id: zypper
pkg:
- desiredState: INSTALLED
zypper:
- name: gcc
- id: rpm1
pkg:
- desiredState: INSTALLED
rpm:
- pullDeps: true
source:
- localPath: $HOME/package.rpm
- id: rpm2
pkg:
- desiredState: INSTALLED
rpm:
- source:
- allowInsecure: true
remote:
- sha256Checksum: 3bbfd1043cd7afdb78cf9afec36c0c5370d2fea98166537b4e67f3816f256025
uri: https://mirror.jaleco.com/centos/8.3.2011/BaseOS/x86_64/os/Packages/efi-filesystem-3-2.el8.noarch.rpm
- id: rpm3
pkg:
- desiredState: INSTALLED
rpm:
- source:
- gcs:
- bucket: test-bucket
generation: 1
object: test-object
- resources:
- id: apt-to-deb
pkg:
- apt:
- name: bazel
desiredState: INSTALLED
- id: deb-local-path-to-gcs
pkg:
- deb:
- source:
- localPath: $HOME/package.deb
desiredState: INSTALLED
- id: googet
pkg:
- desiredState: INSTALLED
googet:
- name: gcc
- id: msi1
pkg:
- desiredState: INSTALLED
msi:
- properties:
- REBOOT=ReallySuppress
source:
- localPath: $HOME/package.msi
- id: msi2
pkg:
- desiredState: INSTALLED
msi:
- source:
- allowInsecure: true
remote:
- sha256Checksum: 3bbfd1043cd7afdb78cf9afec36c0c5370d2fea98166537b4e67f3816f256025
uri: https://remote.uri.com/package.msi
- id: msi3
pkg:
- desiredState: INSTALLED
msi:
- source:
- gcs:
- bucket: test-bucket
generation: 1
object: test-object
rollout:
- disruptionBudget:
- fixed: 1
minWaitDuration: 3.5s
© 2022 Upbound, Inc.
Discover the building blocksfor your internal cloud platform.