OsPolicyAssignment is the Schema for the OsPolicyAssignments API. OS policy assignment is an API resource that is used to apply a set of OS policies to a dynamically targeted group of Compute Engine VM instances.
Type
CRD
Group
osconfig.gcp.upbound.io
Version
v1beta1
apiVersion: osconfig.gcp.upbound.io/v1beta1
kind: OsPolicyAssignment
OsPolicyAssignmentSpec defines the desired state of OsPolicyAssignment
No description provided.
Filter to select VMs. Structure is documented below.
List of label sets used for VM exclusion. If the list has more than one label set, the VM is excluded if any of the label sets are applicable for the VM. Structure is documented below.
List of label sets used for VM inclusion. If the list has more than one LabelSet, the VM is included if any of the label sets are applicable for the VM. Structure is documented below.
List of inventories to select VMs. A VM is selected if its inventory data matches at least one of the following inventories. Structure is documented below.
List of OS policies to be applied to the VMs. Structure is documented below.
List of resource groups for the policy. For a particular VM, resource groups are evaluated in the order specified and the first resource group that is applicable is selected and the rest are ignored. If none of the resource groups are applicable for a VM, the VM is considered to be non-compliant w.r.t this policy. This behavior can be toggled by the flag allow_no_resource_group_match Structure is documented below.
List of inventory filters for the resource group. The resources in this resource group are applied to the target VM if it satisfies at least one of the following inventory filters. For example, to apply this resource group to VMs running either RHEL or CentOS operating systems, specify 2 items for the list with following values: inventory_filters[0].os_short_name='rhel' and inventory_filters[1].os_short_name='centos' If the list is empty, this resource group will be applied to the target VM unconditionally. Structure is documented below.
List of resources configured for this resource group. The resources are executed in the exact order specified here. Structure is documented below.
Exec resource Structure is documented below.
What to run to bring this resource into the desired state. An exit code of 100 indicates "success", any other exit code indicates a failure running enforce. Structure is documented below.
Optional arguments to pass to the source during execution.
A remote or local file. Structure is documented below.
A Cloud Storage object. Structure is documented below.
A generic remote file. Structure is documented below.
What to run to validate this resource is in the desired state. An exit code of 100 indicates "in desired state", and exit code of 101 indicates "not in desired state". Any other exit code indicates a failure running validate. Structure is documented below.
Optional arguments to pass to the source during execution.
A remote or local file. Structure is documented below.
A Cloud Storage object. Structure is documented below.
A generic remote file. Structure is documented below.
A remote or local file. Structure is documented below.
A remote or local file. Structure is documented below.
A Cloud Storage object. Structure is documented below.
A generic remote file. Structure is documented below.
Package resource Structure is documented below.
A deb package file. Structure is documented below.
An rpm package. Structure is documented below.
A Cloud Storage object. Structure is documented below.
A generic remote file. Structure is documented below.
An MSI package. Structure is documented below.
Additional properties to use during installation. This should be in the format of Property=Setting. Appended to the defaults of ACTION=INSTALL REBOOT=ReallySuppress.
An rpm package. Structure is documented below.
A Cloud Storage object. Structure is documented below.
A generic remote file. Structure is documented below.
An rpm package file. Structure is documented below.
An rpm package. Structure is documented below.
A Cloud Storage object. Structure is documented below.
A generic remote file. Structure is documented below.
Package repository resource Structure is documented below.
An Apt Repository. Structure is documented below.
List of components for this repository. Must contain at least one item.
A Yum Repository. Structure is documented below.
A Zypper Repository. Structure is documented below.
Rollout to deploy the OS policy assignment. A rollout is triggered in the following situations: 1) OSPolicyAssignment is created.
THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
Filter to select VMs. Structure is documented below.
List of label sets used for VM exclusion. If the list has more than one label set, the VM is excluded if any of the label sets are applicable for the VM. Structure is documented below.
List of label sets used for VM inclusion. If the list has more than one LabelSet, the VM is included if any of the label sets are applicable for the VM. Structure is documented below.
List of inventories to select VMs. A VM is selected if its inventory data matches at least one of the following inventories. Structure is documented below.
List of OS policies to be applied to the VMs. Structure is documented below.
List of resource groups for the policy. For a particular VM, resource groups are evaluated in the order specified and the first resource group that is applicable is selected and the rest are ignored. If none of the resource groups are applicable for a VM, the VM is considered to be non-compliant w.r.t this policy. This behavior can be toggled by the flag allow_no_resource_group_match Structure is documented below.
List of inventory filters for the resource group. The resources in this resource group are applied to the target VM if it satisfies at least one of the following inventory filters. For example, to apply this resource group to VMs running either RHEL or CentOS operating systems, specify 2 items for the list with following values: inventory_filters[0].os_short_name='rhel' and inventory_filters[1].os_short_name='centos' If the list is empty, this resource group will be applied to the target VM unconditionally. Structure is documented below.
List of resources configured for this resource group. The resources are executed in the exact order specified here. Structure is documented below.
Exec resource Structure is documented below.
What to run to bring this resource into the desired state. An exit code of 100 indicates "success", any other exit code indicates a failure running enforce. Structure is documented below.
Optional arguments to pass to the source during execution.
A remote or local file. Structure is documented below.
A Cloud Storage object. Structure is documented below.
A generic remote file. Structure is documented below.
What to run to validate this resource is in the desired state. An exit code of 100 indicates "in desired state", and exit code of 101 indicates "not in desired state". Any other exit code indicates a failure running validate. Structure is documented below.
Optional arguments to pass to the source during execution.
A remote or local file. Structure is documented below.
A Cloud Storage object. Structure is documented below.
A generic remote file. Structure is documented below.
A remote or local file. Structure is documented below.
A remote or local file. Structure is documented below.
A Cloud Storage object. Structure is documented below.
A generic remote file. Structure is documented below.
Package resource Structure is documented below.
A deb package file. Structure is documented below.
An rpm package. Structure is documented below.
A Cloud Storage object. Structure is documented below.
A generic remote file. Structure is documented below.
An MSI package. Structure is documented below.
Additional properties to use during installation. This should be in the format of Property=Setting. Appended to the defaults of ACTION=INSTALL REBOOT=ReallySuppress.
An rpm package. Structure is documented below.
A Cloud Storage object. Structure is documented below.
A generic remote file. Structure is documented below.
An rpm package file. Structure is documented below.
An rpm package. Structure is documented below.
A Cloud Storage object. Structure is documented below.
A generic remote file. Structure is documented below.
Package repository resource Structure is documented below.
An Apt Repository. Structure is documented below.
List of components for this repository. Must contain at least one item.
A Yum Repository. Structure is documented below.
A Zypper Repository. Structure is documented below.
Rollout to deploy the OS policy assignment. A rollout is triggered in the following situations: 1) OSPolicyAssignment is created.
THIS IS A BETA FIELD. It is on by default but can be opted out through a Crossplane feature flag. ManagementPolicies specify the array of actions Crossplane is allowed to take on the managed and external resources. This field is planned to replace the DeletionPolicy field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. If both are custom, the DeletionPolicy field will be ignored. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
Policies for referencing.
PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
OsPolicyAssignmentStatus defines the observed state of OsPolicyAssignment.
No description provided.
Filter to select VMs. Structure is documented below.
List of label sets used for VM exclusion. If the list has more than one label set, the VM is excluded if any of the label sets are applicable for the VM. Structure is documented below.
List of label sets used for VM inclusion. If the list has more than one LabelSet, the VM is included if any of the label sets are applicable for the VM. Structure is documented below.
List of inventories to select VMs. A VM is selected if its inventory data matches at least one of the following inventories. Structure is documented below.
List of OS policies to be applied to the VMs. Structure is documented below.
List of resource groups for the policy. For a particular VM, resource groups are evaluated in the order specified and the first resource group that is applicable is selected and the rest are ignored. If none of the resource groups are applicable for a VM, the VM is considered to be non-compliant w.r.t this policy. This behavior can be toggled by the flag allow_no_resource_group_match Structure is documented below.
List of inventory filters for the resource group. The resources in this resource group are applied to the target VM if it satisfies at least one of the following inventory filters. For example, to apply this resource group to VMs running either RHEL or CentOS operating systems, specify 2 items for the list with following values: inventory_filters[0].os_short_name='rhel' and inventory_filters[1].os_short_name='centos' If the list is empty, this resource group will be applied to the target VM unconditionally. Structure is documented below.
List of resources configured for this resource group. The resources are executed in the exact order specified here. Structure is documented below.
Exec resource Structure is documented below.
What to run to bring this resource into the desired state. An exit code of 100 indicates "success", any other exit code indicates a failure running enforce. Structure is documented below.
Optional arguments to pass to the source during execution.
A remote or local file. Structure is documented below.
A Cloud Storage object. Structure is documented below.
A generic remote file. Structure is documented below.
What to run to validate this resource is in the desired state. An exit code of 100 indicates "in desired state", and exit code of 101 indicates "not in desired state". Any other exit code indicates a failure running validate. Structure is documented below.
Optional arguments to pass to the source during execution.
A remote or local file. Structure is documented below.
A Cloud Storage object. Structure is documented below.
A generic remote file. Structure is documented below.
A remote or local file. Structure is documented below.
A remote or local file. Structure is documented below.
A Cloud Storage object. Structure is documented below.
A generic remote file. Structure is documented below.
Package resource Structure is documented below.
A deb package file. Structure is documented below.
An rpm package. Structure is documented below.
A Cloud Storage object. Structure is documented below.
A generic remote file. Structure is documented below.
An MSI package. Structure is documented below.
Additional properties to use during installation. This should be in the format of Property=Setting. Appended to the defaults of ACTION=INSTALL REBOOT=ReallySuppress.
An rpm package. Structure is documented below.
A Cloud Storage object. Structure is documented below.
A generic remote file. Structure is documented below.
An rpm package file. Structure is documented below.
An rpm package. Structure is documented below.
A Cloud Storage object. Structure is documented below.
A generic remote file. Structure is documented below.
Package repository resource Structure is documented below.
An Apt Repository. Structure is documented below.
List of components for this repository. Must contain at least one item.
A Yum Repository. Structure is documented below.
A Zypper Repository. Structure is documented below.
Rollout to deploy the OS policy assignment. A rollout is triggered in the following situations: 1) OSPolicyAssignment is created.
Conditions of the resource.
os-policy-assignment-${Rand.RFC1123Subdomain}
apiVersion: osconfig.gcp.upbound.io/v1beta1
kind: OsPolicyAssignment
metadata:
annotations:
meta.upbound.io/example-id: osconfig/v1beta1/ospolicyassignment
labels:
testing.upbound.io/example-name: os-policy-assignment
name: os-policy-assignment-${Rand.RFC1123Subdomain}
spec:
forProvider:
description: A test os policy assignment
instanceFilter:
- all: false
exclusionLabels:
- labels:
label-two: value-two
inclusionLabels:
- labels:
label-one: value-one
inventories:
- osShortName: centos
osVersion: 8.*
location: us-central1-a
osPolicies:
- allowNoResourceGroupMatch: false
description: A test os policy
id: policy
mode: VALIDATION
resourceGroups:
- inventoryFilters:
- osShortName: centos
osVersion: 8.*
resources:
- id: apt
pkg:
- apt:
- name: bazel
desiredState: INSTALLED
- id: deb1
pkg:
- deb:
- source:
- localPath: $HOME/package.deb
desiredState: INSTALLED
- id: deb2
pkg:
- deb:
- pullDeps: true
source:
- allowInsecure: true
remote:
- sha256Checksum: 3bbfd1043cd7afdb78cf9afec36c0c5370d2fea98166537b4e67f3816f256025
uri: ftp.us.debian.org/debian/package.deb
desiredState: INSTALLED
- id: deb3
pkg:
- deb:
- pullDeps: true
source:
- gcs:
- bucket: test-bucket
generation: 1
object: test-object
desiredState: INSTALLED
- id: yum
pkg:
- desiredState: INSTALLED
yum:
- name: gstreamer-plugins-base-devel.x86_64
- id: zypper
pkg:
- desiredState: INSTALLED
zypper:
- name: gcc
- id: rpm1
pkg:
- desiredState: INSTALLED
rpm:
- pullDeps: true
source:
- localPath: $HOME/package.rpm
- id: rpm2
pkg:
- desiredState: INSTALLED
rpm:
- source:
- allowInsecure: true
remote:
- sha256Checksum: 3bbfd1043cd7afdb78cf9afec36c0c5370d2fea98166537b4e67f3816f256025
uri: https://mirror.jaleco.com/centos/8.3.2011/BaseOS/x86_64/os/Packages/efi-filesystem-3-2.el8.noarch.rpm
- id: rpm3
pkg:
- desiredState: INSTALLED
rpm:
- source:
- gcs:
- bucket: test-bucket
generation: 1
object: test-object
- resources:
- id: apt-to-deb
pkg:
- apt:
- name: bazel
desiredState: INSTALLED
- id: deb-local-path-to-gcs
pkg:
- deb:
- source:
- localPath: $HOME/package.deb
desiredState: INSTALLED
- id: googet
pkg:
- desiredState: INSTALLED
googet:
- name: gcc
- id: msi1
pkg:
- desiredState: INSTALLED
msi:
- properties:
- REBOOT=ReallySuppress
source:
- localPath: $HOME/package.msi
- id: msi2
pkg:
- desiredState: INSTALLED
msi:
- source:
- allowInsecure: true
remote:
- sha256Checksum: 3bbfd1043cd7afdb78cf9afec36c0c5370d2fea98166537b4e67f3816f256025
uri: https://remote.uri.com/package.msi
- id: msi3
pkg:
- desiredState: INSTALLED
msi:
- source:
- gcs:
- bucket: test-bucket
generation: 1
object: test-object
rollout:
- disruptionBudget:
- fixed: 1
minWaitDuration: 3.5s
© 2022 Upbound, Inc.
Discover the building blocksfor your internal cloud platform.