SrSSKJr SSKJr SSKJr SSKJr Sr "SS\R5r "S S \R5r "S S \R5r "S S\R5r"SS\R5r"SS\R5r"SS\R5r"SS\R5r"SS\R5r"SS\R5r"SS\R5r"SS\R5r"SS \R5r"S!S"\R5r"S#S$\R5r"S%S&\R5r"S'S(\R5r"S)S*\R5r"S+S,\R5r"S-S.\R5r"S/S0\R5r"S1S2\R5r "S3S4\R5r!"S5S6\R5r""S7S8\R5r#"S9S:\R5r$"S;S<\R5r%"S=S>\R5r&"S?S@\R5r'"SASB\R5r("SCSD\R5r)"SESF\R5r*"SGSH\R5r+"SISJ\R5r,"SKSL\R5r-"SMSN\R5r."SOSP\R5r/"SQSR\R5r0"SSST\R5r1"SUSV\R5r2"SWSX\R5r3"SYSZ\R5r4"S[S\\R5r5"S]S^\R5r6"S_S`\R5r7"SaSb\R5r8"ScSd\R5r9"SeSf\R5r:"SgSh\R5r;"SiSj\R5r<"SkSl\R5r="SmSn\R5r>"SoSp\R5r?"SqSr\R5r@"SsSt\R5rA"SuSv\R5rB"SwSx\R5rC"SySz\R5rD"S{S|\R5rE"S}S~\R5rF"SS\R5rG"SS\R5rH"SS\R5rI"SS\R5rJ"SS\R5rK"SS\R5rL"SS\R5rM"SS\R5rN"SS\R5rO"SS\R5rP"SS\R5rQ"SS\R5rR"SS\R5rS"SS\R5rT"SS\R5rU"SS\R5rV"SS\R5rW"SS\R5rX"SS\R5rY"SS\R5rZ"SS\R5r["SS\R5r\"SS\R5r]"SS\R5r^"SS\R5r_"SS\R5r`"SS\R5ra"SS\R5rb"SS\R5rc"SS\R5rd\R"\4SS5 \R"\]SS5 \R"\]RSS5 \R"\]RSS5 g)zGenerated message classes for osconfig version v1alpha. OS management tools that can be used for patch management, patch compliance, and configuration management on VM instances. )absolute_import)messages)encoding) extra_typesosconfigcv\rSrSrSr"SS\R 5r"SS\R 5r"SS\R 5r "S S \R 5r "S S \R 5r "S S\R 5r "SS\R 5r "SS\R 5r\R"SS5r\R"SS5r\R"SS5r\R&"S\R(R*S9r\R"S S5r\R&"S\R(R*S9r\R&"S\R(R*S9r\R"S S5r\R"SS5r\R"SS5r\R"SS5rSrg )!CVSSv3a Common Vulnerability Scoring System version 3. For details, see https://www.first.org/cvss/specification-document Enums: AttackComplexityValueValuesEnum: This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability. AttackVectorValueValuesEnum: This metric reflects the context by which vulnerability exploitation is possible. AvailabilityImpactValueValuesEnum: This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability. ConfidentialityImpactValueValuesEnum: This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability. IntegrityImpactValueValuesEnum: This metric measures the impact to integrity of a successfully exploited vulnerability. PrivilegesRequiredValueValuesEnum: This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability. ScopeValueValuesEnum: The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope. UserInteractionValueValuesEnum: This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component. Fields: attackComplexity: This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability. attackVector: This metric reflects the context by which vulnerability exploitation is possible. availabilityImpact: This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability. baseScore: The base score is a function of the base metric scores. https://www.first.org/cvss/specification-document#Base-Metrics confidentialityImpact: This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability. exploitabilityScore: The Exploitability sub-score equation is derived from the Base Exploitability metrics. https://www.first.org/cvss/specification-document#2-1-Exploitability- Metrics impactScore: The Impact sub-score equation is derived from the Base Impact metrics. integrityImpact: This metric measures the impact to integrity of a successfully exploited vulnerability. privilegesRequired: This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability. scope: The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope. userInteraction: This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component. c$\rSrSrSrSrSrSrSrg)&CVSSv3.AttackComplexityValueValuesEnumMaThis metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability. Values: ATTACK_COMPLEXITY_UNSPECIFIED: Invalid value. ATTACK_COMPLEXITY_LOW: Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success when attacking the vulnerable component. ATTACK_COMPLEXITY_HIGH: A successful attack depends on conditions beyond the attacker's control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected. rN) __name__ __module__ __qualname____firstlineno____doc__ATTACK_COMPLEXITY_UNSPECIFIEDATTACK_COMPLEXITY_LOWATTACK_COMPLEXITY_HIGH__static_attributes__rWlib/googlecloudsdk/generated_clients/apis/osconfig/v1alpha/osconfig_v1alpha_messages.pyAttackComplexityValueValuesEnumr Ms %&!rrc,\rSrSrSrSrSrSrSrSr Sr g ) "CVSSv3.AttackVectorValueValuesEnum`aThis metric reflects the context by which vulnerability exploitation is possible. Values: ATTACK_VECTOR_UNSPECIFIED: Invalid value. ATTACK_VECTOR_NETWORK: The vulnerable component is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. ATTACK_VECTOR_ADJACENT: The vulnerable component is bound to the network stack, but the attack is limited at the protocol level to a logically adjacent topology. ATTACK_VECTOR_LOCAL: The vulnerable component is not bound to the network stack and the attacker's path is via read/write/execute capabilities. ATTACK_VECTOR_PHYSICAL: The attack requires the attacker to physically touch or manipulate the vulnerable component. rrrrN) rrrrrATTACK_VECTOR_UNSPECIFIEDATTACK_VECTOR_NETWORKATTACK_VECTOR_ADJACENTATTACK_VECTOR_LOCALATTACK_VECTOR_PHYSICALrrrrAttackVectorValueValuesEnumr`s'"!"rr'c(\rSrSrSrSrSrSrSrSr g) (CVSSv3.AvailabilityImpactValueValuesEnumxaThis metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability. Values: IMPACT_UNSPECIFIED: Invalid value. IMPACT_HIGH: High impact. IMPACT_LOW: Low impact. IMPACT_NONE: No impact. rrrr rN rrrrrIMPACT_UNSPECIFIED IMPACT_HIGH IMPACT_LOW IMPACT_NONErrrr!AvailabilityImpactValueValuesEnumr)xKJKrr0c(\rSrSrSrSrSrSrSrSr g) +CVSSv3.ConfidentialityImpactValueValuesEnuma!This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability. Values: IMPACT_UNSPECIFIED: Invalid value. IMPACT_HIGH: High impact. IMPACT_LOW: Low impact. IMPACT_NONE: No impact. rrrr rNr+rrr$ConfidentialityImpactValueValuesEnumr3s KJKrr5c(\rSrSrSrSrSrSrSrSr g) %CVSSv3.IntegrityImpactValueValuesEnumzThis metric measures the impact to integrity of a successfully exploited vulnerability. Values: IMPACT_UNSPECIFIED: Invalid value. IMPACT_HIGH: High impact. IMPACT_LOW: Low impact. IMPACT_NONE: No impact. rrrr rNr+rrrIntegrityImpactValueValuesEnumr7r1rr9c(\rSrSrSrSrSrSrSrSr g) (CVSSv3.PrivilegesRequiredValueValuesEnuma_This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability. Values: PRIVILEGES_REQUIRED_UNSPECIFIED: Invalid value. PRIVILEGES_REQUIRED_NONE: The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files of the vulnerable system to carry out an attack. PRIVILEGES_REQUIRED_LOW: The attacker requires privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources. PRIVILEGES_REQUIRED_HIGH: The attacker requires privileges that provide significant (e.g., administrative) control over the vulnerable component allowing access to component-wide settings and files. rrrr rN) rrrrrPRIVILEGES_REQUIRED_UNSPECIFIEDPRIVILEGES_REQUIRED_NONEPRIVILEGES_REQUIRED_LOWPRIVILEGES_REQUIRED_HIGHrrrr!PrivilegesRequiredValueValuesEnumr;s! '(#  rrAc$\rSrSrSrSrSrSrSrg)CVSSv3.ScopeValueValuesEnumaThe Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope. Values: SCOPE_UNSPECIFIED: Invalid value. SCOPE_UNCHANGED: An exploited vulnerability can only affect resources managed by the same security authority. SCOPE_CHANGED: An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. rrrrN) rrrrrSCOPE_UNSPECIFIEDSCOPE_UNCHANGED SCOPE_CHANGEDrrrrScopeValueValuesEnumrCs OMrrHc$\rSrSrSrSrSrSrSrg)%CVSSv3.UserInteractionValueValuesEnumaThis metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component. Values: USER_INTERACTION_UNSPECIFIED: Invalid value. USER_INTERACTION_NONE: The vulnerable system can be exploited without interaction from any user. USER_INTERACTION_REQUIRED: Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited. rrrrN) rrrrrUSER_INTERACTION_UNSPECIFIEDUSER_INTERACTION_NONEUSER_INTERACTION_REQUIREDrrrrUserInteractionValueValuesEnumrJs $%  !rrOrrr r!variant rN)rrrrr _messagesEnumrr'r0r5r9rArHrO EnumFieldattackComplexity attackVectoravailabilityImpact FloatFieldVariantFLOAT baseScoreconfidentialityImpactexploitabilityScore impactScoreintegrityImpactprivilegesRequiredscopeuserInteractionrrrrr r s8t &INN0 ).. Y^^ y~~ !)..!,Y^^ "y~~""(()JAN$$%BAF, **+NPQR""1i.?.?.E.EF)#--.TVWX!,,Q 8I8I8O8OP$$Q 0A0A0G0GH+''(H!L/ **+NPQR   4b 9%''(H"M/rr c\rSrSrSrSrg)CancelOperationRequestz3The request message for Operations.CancelOperation.rNrrrrrrrrrrkrksB*   2A 6$$$Q'*rrc8\rSrSrSr\R "S5r\R "S5r\R "S5r \R "S5r \R "S5r \R "S5r \R "S 5r \R "S 5rS rg ) rijaiOperating system information for the VM. Fields: architecture: The system architecture of the operating system. hostname: The VM hostname. kernelRelease: The kernel release of the operating system. kernelVersion: The kernel version of the operating system. longName: The operating system long name. For example 'Debian GNU/Linux 9' or 'Microsoft Window Server 2019 Datacenter'. osconfigAgentVersion: The current version of the OS Config agent running on the VM. shortName: The operating system short name. For example, 'windows' or 'debian'. version: The version of the operating system. rrr r!rRrSrTrUrN)rrrrrrYr architecturehostname kernelRelease kernelVersionlongNameosconfigAgentVersion shortNameversionrrrrrrjs &&q),  " "1 %(''*-''*-  " "1 %("..q1##A&)  ! !! $'rrcn\rSrSrSr\R "SS5r\R "SS5r\R "SS5r \R "SS5r \R "S S 5r \R "S S 5r \R "SS 5r \R "SS5r\R "SS5rSrg)riaSoftware package information of the operating system. Fields: aptPackage: Details of an APT package. For details about the apt package manager, see https://wiki.debian.org/Apt. cosPackage: Details of a COS package. googetPackage: Details of a Googet package. For details about the googet package manager, see https://github.com/google/googet. qfePackage: Details of a Windows Quick Fix engineering package. See https://docs.microsoft.com/en- us/windows/win32/cimwin32prov/win32-quickfixengineering for info in Windows Quick Fix Engineering. windowsApplication: Details of Windows Application. wuaPackage: Details of a Windows Update package. See https://docs.microsoft.com/en-us/windows/win32/api/_wua/ for information about Windows Update. yumPackage: Yum package info. For details about the yum package manager, see https://access.redhat.com/documentation/en- us/red_hat_enterprise_linux/6/html/deployment_guide/ch-yum. zypperPackage: Details of a Zypper package. For details about the Zypper package manager, see https://en.opensuse.org/SDB:Zypper_manual. zypperPatch: Details of a Zypper patch. For details about the Zypper package manager, see https://en.opensuse.org/SDB:Zypper_manual. InventoryVersionedPackagerrr *InventoryWindowsQuickFixEngineeringPackager!InventoryWindowsApplicationrRInventoryWindowsUpdatePackagerSrTrUInventoryZypperPatchrVrN)rrrrrrYr aptPackage cosPackage googetPackage qfePackagewindowsApplication wuaPackage yumPackage zypperPackage zypperPatchrrrrrrs2%%&A1E*%%&A1E*(()DaH-%%&RTUV* --.KQO%%&EqI*%%&A1E*(()DaH-&&'=qA+rrc\rSrSrSr\R "S5r\R "S5r\R "S5r Sr g)ria%Information related to the a standard versioned package. This includes package info for APT, Yum, Zypper, and Googet package managers. Fields: architecture: The system architecture this package is intended for. packageName: The name of the package. version: The version of the package. rrr rN) rrrrrrYrr packageNamerrrrrrrs9&&q),%%a(+  ! !! $'rrc\rSrSrSr\R "S5r\R "S5r\R "S5r \R"SS5r \R "S5r S r g ) riaContains information about a Windows application that is retrieved from the Windows Registry. For more information about these fields, see: https://docs.microsoft.com/en-us/windows/win32/msi/uninstall-registry-key Fields: displayName: The name of the application or product. displayVersion: The version of the product or application in string format. helpLink: The internet address for technical support. installDate: The last time this product received service. The value of this property is replaced each time a patch is applied or removed from the product or the command-line option is used to repair the product. publisher: The name of the manufacturer for the product or application. rrr ror!rRrN)rrrrrrYr displayNamedisplayVersionhelpLinkr installDate publisherrrrrrrs[ %%a(+((+.  " "1 %(&&vq1+##A&)rrc\rSrSrSr\R "S5r\R "S5r\R "S5r \R "S5r Sr g) riaInformation related to a Quick Fix Engineering package. Fields are taken from Windows QuickFixEngineering Interface and match the source names: https://docs.microsoft.com/en- us/windows/win32/cimwin32prov/win32-quickfixengineering Fields: caption: A short textual description of the QFE update. description: A textual description of the QFE update. hotFixId: Unique identifier associated with a particular QFE update. installTime: Date that the QFE update was installed. Mapped from installed_on field. rrr r!rN) rrrrrrYrcaption descriptionhotFixId installTimerrrrrrsI   ! !! $'%%a(+  " "1 %(%%a(+rrc~\rSrSrSr\R "SSSS9r\R"S5r \R"SSS9r \R"S 5r \R"S SS9r \R"S \RRS 9r\R"S 5r\R"S5r\R"S5rSrg)ria Details related to a Windows Update package. Field data and names are taken from Windows Update API IUpdate Interface: https://docs.microsoft.com/en-us/windows/win32/api/_wua/ Descriptive fields like title, and description are localized based on the locale of the VM being updated. Fields: categories: The categories that are associated with this update package. description: The localized description of the update package. kbArticleIds: A collection of Microsoft Knowledge Base article IDs that are associated with the update package. lastDeploymentChangeTime: The last published date of the update, in (UTC) date and time. moreInfoUrls: A collection of URLs that provide more information about the update package. revisionNumber: The revision number of this update package. supportUrl: A hyperlink to the language-specific support information for the update. title: The localized title of the update package. updateId: Gets the identifier of an update package. Stays the same across revisions. 2InventoryWindowsUpdatePackageWindowsUpdateCategoryrTrrr r!rRrSrPrTrUrVrN)rrrrrrYr categoriesrr kbArticleIdslastDeploymentChangeTime moreInfoUrlsrqr`rrrevisionNumber supportUrltitleupdateIdrrrrrrs.%%&Z\]hlm*%%a(+&&q48,&2215&&q48,))!Y5F5F5L5LM.$$Q'*    "%  " "1 %(rrc`\rSrSrSr\R "S5r\R "S5rSr g)rizCategories specified by the Windows Update. Fields: id: The identifier of the windows update category. name: The name of the windows update category. rrrN) rrrrrrYrrrrrrrrrs)Q"   q !$rrc\rSrSrSr\R "S5r\R "S5r\R "S5r \R "S5r Sr g) rizDetails related to a Zypper Patch. Fields: category: The category of the patch. patchName: The name of the patch. severity: The severity specified for this patch summary: Any summary information provided about this patch. rrr r!rN) rrrrrrYrcategory patchNameseveritysummaryrrrrrrsI " "1 %(##A&)  " "1 %(  ! !! $'rrc`\rSrSrSr\R "SSSS9r\R"S5r Sr g ) )ListInstanceOSPoliciesCompliancesResponsei#a<A response message for listing OS policies compliance data for all Compute Engine VMs in the given location. Fields: instanceOsPoliciesCompliances: List of instance OS policies compliance objects. nextPageToken: The pagination token to retrieve the next page of instance OS policies compliance objects. rrTrrrN) rrrrrrYrinstanceOsPoliciesCompliancesr nextPageTokenrrrrr%r%#s1#,"8"89WYZei"j''*-rr%c`\rSrSrSr\R "SSSS9r\R"S5r Sr g ) ListInventoriesResponsei2zA response message for listing inventory data for all VMs in a specified location. Fields: inventories: List of inventory objects. nextPageToken: The pagination token to retrieve the next page of inventory objects. rrTrrrN) rrrrrrYr inventoriesrr'rrrrr)r)2s-&&{AE+''*-rr)c`\rSrSrSr\R "S5r\R"SSSS9r Sr g ) %ListOSPolicyAssignmentReportsResponsei@a"A response message for listing OS Policy assignment reports including the page of results and page token. Fields: nextPageToken: The pagination token to retrieve the next page of OS policy assignment report objects. osPolicyAssignmentReports: List of OS policy assignment reports. rOSPolicyAssignmentReportrTrrN) rrrrrrYrr'rosPolicyAssignmentReportsrrrrr,r,@s1''*-'445OQR]abrr,c`\rSrSrSr\R "S5r\R"SSSS9r Sr g ) 'ListOSPolicyAssignmentRevisionsResponseiNzA response message for listing all revisions for a OS policy assignment. Fields: nextPageToken: The pagination token to retrieve the next page of OS policy assignment revisions. osPolicyAssignments: The OS policy assignment revisions rOSPolicyAssignmentrTrrN rrrrrrYrr'rosPolicyAssignmentsrrrrr0r0N0''*-!../CQQUVrr0c`\rSrSrSr\R "S5r\R"SSSS9r Sr g ) ListOSPolicyAssignmentsResponsei[zA response message for listing all assignments under given parent. Fields: nextPageToken: The pagination token to retrieve the next page of OS policy assignments. osPolicyAssignments: The list of assignments rr1rTrrNr2rrrr6r6[r4rr6c`\rSrSrSr\R "S5r\R"SSSS9r Sr g ) ListVulnerabilityReportsResponseihaA response message for listing vulnerability reports for all VM instances in the specified location. Fields: nextPageToken: The pagination token to retrieve the next page of vulnerabilityReports object. vulnerabilityReports: List of vulnerabilityReport objects. rVulnerabilityReportrTrrN) rrrrrrYrr'rvulnerabilityReportsrrrrr8r8hs0''*-"//0EqSWXrr8c\rSrSrSrSrg) MessageSetivaThis is proto2's version of MessageSet. DEPRECATED: DO NOT USE FOR NEW FIELDS. If you are using editions or proto2, please make your own extendable messages for your use case. If you are using proto3, please use `Any` instead. MessageSet was the implementation of extensions for proto1. When proto2 was introduced, extensions were implemented as a first-class feature. This schema for MessageSet was meant to be a "bridge" solution to migrate MessageSet-bearing messages from proto1 to proto2. This schema has been open-sourced only to facilitate the migration of Google products with MessageSet-bearing messages to open-source environments. rNrmrrrr<r<vs rr<c\rSrSrSr"SS\R 5r\R"S5r \R"S5r \R"S5r \R"SS5r\R"S S S S 9rS rg)OSPolicyiaAn OS policy defines the desired state configuration for a VM. Enums: ModeValueValuesEnum: Required. Policy mode Fields: allowNoResourceGroupMatch: This flag determines the OS policy compliance status when none of the resource groups within the policy are applicable for a VM. Set this value to `true` if the policy needs to be reported as compliant even if the policy has nothing to validate or enforce. description: Policy description. Length of the description is limited to 1024 characters. id: Required. The id of the OS policy with the following restrictions: * Must contain only lowercase letters, numbers, and hyphens. * Must start with a letter. * Must be between 1-63 characters. * Must end with a number or a letter. * Must be unique within the assignment. mode: Required. Policy mode resourceGroups: Required. List of resource groups for the policy. For a particular VM, resource groups are evaluated in the order specified and the first resource group that is applicable is selected and the rest are ignored. If none of the resource groups are applicable for a VM, the VM is considered to be non-compliant w.r.t this policy. This behavior can be toggled by the flag `allow_no_resource_group_match` c$\rSrSrSrSrSrSrSrg)OSPolicy.ModeValueValuesEnumiaRequired. Policy mode Values: MODE_UNSPECIFIED: Invalid mode VALIDATION: This mode checks if the configuration resources in the policy are in their desired state. No actions are performed if they are not in the desired state. This mode is used for reporting purposes. ENFORCEMENT: This mode checks if the configuration resources in the policy are in their desired state, and if not, enforces the desired state. rrrrN) rrrrrMODE_UNSPECIFIED VALIDATION ENFORCEMENTrrrrModeValueValuesEnumr@s JKrrDrrr r!OSPolicyResourceGrouprRTrrN)rrrrrrYrZrDrallowNoResourceGroupMatchrrrr[moderresourceGroupsrrrrr>r>sr2INN"(44Q7%%a(+Q"   2A 6$))*A1tT.rr>c\rSrSrSr"SS\R 5r\R"S5r \R"S5r \R"S5r \R"S5r \R"S S 5r\R"S 5r\R"S S SS9r\R"S5r\R"S5r\R"S5r\R"SS5r\R,"SS5r\R"S5rSrg)r1ia OS policy assignment is an API resource that is used to apply a set of OS policies to a dynamically targeted group of Compute Engine VM instances. An OS policy is used to define the desired state configuration for a Compute Engine VM instance through a set of configuration resources that provide capabilities such as installing or removing software packages, or executing a script. For more information, see [OS policy and OS policy assignment](https://cloud.google.com/compute/docs/os-configuration- management/working-with-os-policies). Enums: RolloutStateValueValuesEnum: Output only. OS policy assignment rollout state Fields: baseline: Output only. Indicates that this revision has been successfully rolled out in this zone and new VMs will be assigned OS policies from this revision. For a given OS policy assignment, there is only one revision with a value of `true` for this field. deleted: Output only. Indicates that this revision deletes the OS policy assignment. description: OS policy assignment description. Length of the description is limited to 1024 characters. etag: The etag for this OS policy assignment. If this is provided on update, it must match the server's etag. instanceFilter: Required. Filter to select VMs. name: Resource name. Format: `projects/{project_number}/locations/{locatio n}/osPolicyAssignments/{os_policy_assignment_id}` This field is ignored when you create an OS policy assignment. osPolicies: Required. List of OS policies to be applied to the VMs. reconciling: Output only. Indicates that reconciliation is in progress for the revision. This value is `true` when the `rollout_state` is one of: * IN_PROGRESS * CANCELLING revisionCreateTime: Output only. The timestamp that the revision was created. revisionId: Output only. The assignment revision ID A new revision is committed whenever a rollout is triggered for a OS policy assignment rollout: Required. Rollout to deploy the OS policy assignment. A rollout is triggered in the following situations: 1) OSPolicyAssignment is created. 2) OSPolicyAssignment is updated and the update contains changes to one of the following fields: - instance_filter - os_policies 3) OSPolicyAssignment is deleted. rolloutState: Output only. OS policy assignment rollout state uid: Output only. Server generated unique id for the OS policy assignment resource. c,\rSrSrSrSrSrSrSrSr Sr g ) .OSPolicyAssignment.RolloutStateValueValuesEnumiaOutput only. OS policy assignment rollout state Values: ROLLOUT_STATE_UNSPECIFIED: Invalid value IN_PROGRESS: The rollout is in progress. CANCELLING: The rollout is being cancelled. CANCELLED: The rollout is cancelled. SUCCEEDED: The rollout has completed successfully. rrrr r!rNrrrrrrKrrrrrr r! OSPolicyAssignmentInstanceFilterrRrSr>rTTrrUrVrWOSPolicyAssignmentRolloutrX rN)rrrrrrYrZrrbaselinedeletedrretagrinstanceFilterr osPolicies reconcilingrevisionCreateTime revisionIdrolloutr[ruidrrrrr1r1s,\INN  # #A &(  " "1 %'%%a(+   q !$))*LaP.   q !$%%j!dC*&&q)+ ,,Q/$$R(*  " "#> C'$$%BBG,b!#rr1c\rSrSrSr\R "S5r\R"SSSS9r \R"SSSS9r \R"S S SS9r \R"S SS9r S rg )rLiaFilters to select target VMs for an assignment. If more than one filter criteria is specified below, a VM will be selected if and only if it satisfies all of them. Fields: all: Target all VMs in the project. If true, no other criteria is permitted. exclusionLabels: List of label sets used for VM exclusion. If the list has more than one label set, the VM is excluded if any of the label sets are applicable for the VM. inclusionLabels: List of label sets used for VM inclusion. If the list has more than one `LabelSet`, the VM is included if any of the label sets are applicable for the VM. inventories: List of inventories to select VMs. A VM is selected if its inventory data matches at least one of the following inventories. osShortNames: Deprecated. Use the `inventories` field instead. A VM is selected if it's OS short name matches with any of the values provided in this list. rOSPolicyAssignmentLabelSetrTrr )OSPolicyAssignmentInstanceFilterInventoryr!rRrN)rrrrrrYrallrexclusionLabelsinclusionLabelsr*r osShortNamesrrrrrLrLsn( q!#**+GUYZ/**+GUYZ/&&'RTU`de+&&q48,rrLc`\rSrSrSr\R "S5r\R "S5rSr g)r\i a[VM inventory details. Fields: osShortName: Required. The OS short name osVersion: The OS version Prefix matches are supported if asterisk(*) is provided as the last character. For example, to match all versions with a major version of `7`, specify the following value for this field `7.*` An empty string matches all OS versions. rrrN rrrrrrYr osShortName osVersionrrrrr\r\ )%%a(+##A&)rr\c\rSrSrSr\R "S5"SS\R55r \R"SS5r Sr g) r[i/aMessage representing label set. * A label is a key value pair set for a VM. * A LabelSet is a set of labels. * Labels within a LabelSet are ANDed. In other words, a LabelSet is applicable for a VM only if it matches all the labels in the LabelSet. * Example: A LabelSet with 2 labels: `env=prod` and `type=webserver` will only be applicable for those VMs with both labels present. Messages: LabelsValue: Labels are identified by key/value pairs in this map. A VM should contain all the key/value pairs specified in this map to be selected. Fields: labels: Labels are identified by key/value pairs in this map. A VM should contain all the key/value pairs specified in this map to be selected. rcf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) &OSPolicyAssignmentLabelSet.LabelsValueiAa%Labels are identified by key/value pairs in this map. A VM should contain all the key/value pairs specified in this map to be selected. Messages: AdditionalProperty: An additional property for a LabelsValue object. Fields: additionalProperties: Additional properties of type LabelsValue c`\rSrSrSr\R "S5r\R "S5rSr g)9OSPolicyAssignmentLabelSet.LabelsValue.AdditionalPropertyiMzAn additional property for a LabelsValue object. Fields: key: Name of the additional property. value: A string attribute. rrrN) rrrrrrYrrrrrrrrrjMs)   ! !! $c##A&errrTrrNrrrr LabelsValuerhAs2 'Y.. '%112FTXYrrkrrN) rrrrrrrrYrrkrlabelsrrrrr[r[/sK" !!"89ZI%%Z:Z0  ! !- 3&rr[c$\rSrSrSr"SS\R 5r"SS\R 5r\R"SS5r \R"S5r \R"S 5r \R"SS 5r\R"S 5rS rg )#OSPolicyAssignmentOperationMetadatai]r~c(\rSrSrSrSrSrSrSrSr g) y~~ ''(H!L/#//2$$Q'* ) 6 67}@ALP!Qrrtc\rSrSrSr"SS\R 5r\R"SS5r \R"S5r \R"SSS S 9r \R"S S 5r\R"S 5rSrg)r{iaCompliance data for an OS policy resource. Enums: ComplianceStateValueValuesEnum: The compliance state of the resource. Fields: complianceState: The compliance state of the resource. complianceStateReason: A reason for the resource to be in the given compliance state. This field is always populated when `compliance_state` is `UNKNOWN`. The following values are supported when `compliance_state == UNKNOWN` * `execution-errors`: Errors were encountered by the agent while executing the resource and the compliance state couldn't be determined. * `execution-skipped-by-agent`: Resource execution was skipped by the agent because errors were encountered while executing prior resources in the OS policy. * `os-policy-execution-attempt- failed`: The execution of the OS policy containing this resource failed and the compliance state couldn't be determined. * `os-policy-execution- pending`: OS policy that owns this resource was assigned to the given VM, but was not executed yet. configSteps: Ordered list of configuration completed by the agent for the OS policy resource. execResourceOutput: ExecResource specific output. osPolicyResourceId: The ID of the OS policy resource. c$\rSrSrSrSrSrSrSrg)cOSPolicyAssignmentReportOSPolicyComplianceOSPolicyResourceCompliance.ComplianceStateValueValuesEnumia7The compliance state of the resource. Values: UNKNOWN: The resource is in an unknown compliance state. To get more details about why the policy is in this state, review the output of the `compliance_state_reason` field. COMPLIANT: Resource is compliant. NON_COMPLIANT: Resource is non-compliant. rrrrNryrrrrzrsGIMrrzrr^OSPolicyAssignmentReportOSPolicyComplianceOSPolicyResourceComplianceOSPolicyResourceConfigStepr TrVOSPolicyAssignmentReportOSPolicyComplianceOSPolicyResourceComplianceExecResourceOutputr!rRrN)rrrrrrYrZrzr[r|rr}r configStepsexecResourceOutputosPolicyResourceIdrrrrr{r{s2 y~~ ''(H!L/#//2&&(HJKVZ[+ --/GIJK ,,Q/rr{c<\rSrSrSr\R "S5rSrg)rizExecResource specific output. Fields: enforcementOutput: Output from enforcement phase output file (if run). Output size is limited to 100K bytes. rrN rrrrrrY BytesFieldenforcementOutputrrrrrr **1-rrc\rSrSrSr"SS\R 5r\R"S5r \R"SS5r Sr g) ri#a\Step performed by the OS Config agent for configuring an `OSPolicy` resource to its desired state. Enums: TypeValueValuesEnum: Configuration step type. Fields: errorMessage: An error message recorded during the execution of this step. Only populated if errors were encountered during this step execution. type: Configuration step type. c,\rSrSrSrSrSrSrSrSr Sr g ) rOSPolicyAssignmentReportOSPolicyComplianceOSPolicyResourceComplianceOSPolicyResourceConfigStep.TypeValueValuesEnumi0aConfiguration step type. Values: TYPE_UNSPECIFIED: Default value. This value is unused. VALIDATION: Checks for resource conflicts such as schema errors. DESIRED_STATE_CHECK: Checks the current status of the desired state for a resource. DESIRED_STATE_ENFORCEMENT: Enforces the desired state for a resource that is not in desired state. DESIRED_STATE_CHECK_POST_ENFORCEMENT: Re-checks the status of the desired state. This check is done for a resource after the enforcement of all OS policies. This step is used to determine the final desired state status for the resource. It accounts for any resources that might have drifted from their desired state due to side effects from executing other resources. rrrr r!rN rrrrrrrBDESIRED_STATE_CHECKDESIRED_STATE_ENFORCEMENT$DESIRED_STATE_CHECK_POST_ENFORCEMENTrrrrrr0& J !+,(rrrrrN) rrrrrrYrZrr errorMessager[rrrrrrr#s< -INN-.&&q),   2A 6$rrcb\rSrSrSr\R "SS5r\R"S5r Sr g)rMiKa Message to configure the rollout at the zonal level for the OS policy assignment. Fields: disruptionBudget: Required. The maximum number (or percentage) of VMs per zone to disrupt at any given moment. minWaitDuration: Required. This determines the minimum duration of time to wait after the configuration changes are applied through the current rollout. A VM continues to count towards the `disruption_budget` at least until this duration of time has passed after configuration changes are applied. ryrrrN) rrrrrrYrdisruptionBudgetrminWaitDurationrrrrrMrMKs- ++, B$Q"@!D#%%&JAN*rrc\rSrSrSr"SS\R 5r\R"SSSS9r \R"S S 5r \R"S 5r \R"SS 5rS rg)riaCompliance data for an OS policy resource. Enums: StateValueValuesEnum: Compliance state of the OS policy resource. Fields: configSteps: Ordered list of configuration steps taken by the agent for the OS policy resource. execResourceOutput: ExecResource specific output. osPolicyResourceId: The id of the OS policy resource. state: Compliance state of the OS policy resource. c,\rSrSrSrSrSrSrSrSr Sr g ) /OSPolicyResourceCompliance.StateValueValuesEnumiawCompliance state of the OS policy resource. Values: OS_POLICY_COMPLIANCE_STATE_UNSPECIFIED: Default value. This value is unused. COMPLIANT: Compliant state. NON_COMPLIANT: Non-compliant state UNKNOWN: Unknown compliance state. NO_OS_POLICIES_APPLICABLE: No applicable OS policies were found for the instance. This state is only applicable to the instance. rrrr r!rNrrrrrrrrrOSPolicyResourceConfigSteprTr,OSPolicyResourceComplianceExecResourceOutputrr r!rN)rrrrrrYrZrrrrrrr[rrrrrrrsh "Y^^"$&&'CQQUV+ --.\^_` ,,Q/   4a 8%rrc<\rSrSrSr\R "S5rSrg)rizExecResource specific output. Fields: enforcementOutput: Output from Enforcement phase output file (if run). Output size is limited to 100K bytes. rrNrrrrrrrrrc\rSrSrSr"SS\R 5r"SS\R 5r\R"S5r \R"SS5r \R"SS 5r S rg ) riaStep performed by the OS Config agent for configuring an `OSPolicyResource` to its desired state. Enums: OutcomeValueValuesEnum: Outcome of the configuration step. TypeValueValuesEnum: Configuration step type. Fields: errorMessage: An error message recorded during the execution of this step. Only populated when outcome is FAILED. outcome: Outcome of the configuration step. type: Configuration step type. c$\rSrSrSrSrSrSrSrg)1OSPolicyResourceConfigStep.OutcomeValueValuesEnumizOutcome of the configuration step. Values: OUTCOME_UNSPECIFIED: Default value. This value is unused. SUCCEEDED: The step succeeded. FAILED: The step failed. rrrrN) rrrrrOUTCOME_UNSPECIFIEDrFAILEDrrrrOutcomeValueValuesEnumrsI Frrc,\rSrSrSrSrSrSrSrSr Sr g ) .OSPolicyResourceConfigStep.TypeValueValuesEnumia Configuration step type. Values: TYPE_UNSPECIFIED: Default value. This value is unused. VALIDATION: Validation to detect resource conflicts, schema errors, etc. DESIRED_STATE_CHECK: Check the current desired state status of the resource. DESIRED_STATE_ENFORCEMENT: Enforce the desired state for a resource that is not in desired state. DESIRED_STATE_CHECK_POST_ENFORCEMENT: Re-check desired state status for a resource after enforcement of all resources in the current configuration run. This step is used to determine the final desired state status for the resource. It accounts for any resources that might have drifted from their desired state due to side effects from configuring other resources during the current configuration run. rrrr r!rNrrrrrrrrrrrr rN)rrrrrrYrZrrrrr[outcomerrrrrrrs_  y~~ -INN-.&&q),    8! <'   2A 6$rrcd\rSrSrSr\R "SS5r\R "SS5rSr g)riaA resource that allows executing scripts on the VM. The `ExecResource` has 2 stages: `validate` and `enforce` and both stages accept a script as an argument to execute. When the `ExecResource` is applied by the agent, it first executes the script in the `validate` stage. The `validate` stage can signal that the `ExecResource` is already in the desired state by returning an exit code of `100`. If the `ExecResource` is not in the desired state, it should return an exit code of `101`. Any other exit code returned by this stage is considered an error. If the `ExecResource` is not in the desired state based on the exit code from the `validate` stage, the agent proceeds to execute the script from the `enforce` stage. If the `ExecResource` is already in the desired state, the `enforce` stage will not be run. Similar to `validate` stage, the `enforce` stage should return an exit code of `100` to indicate that the resource in now in its desired state. Any other exit code is considered an error. NOTE: An exit code of `100` was chosen over `0` (and `101` vs `1`) to have an explicit indicator of `in desired state`, `not in desired state` and errors. Because, for example, Powershell will always return an exit code of `0` unless an `exit` statement is provided in the script. So, for reasons of consistency and being explicit, exit codes `100` and `101` were chosen. Fields: enforce: What to run to bring this resource into the desired state. An exit code of 100 indicates "success", any other exit code indicates a failure running enforce. validate: Required. What to run to validate this resource is in the desired state. An exit code of 100 indicates "in desired state", and exit code of 101 indicates "not in desired state". Any other exit code indicates a failure running validate. OSPolicyResourceExecResourceExecrrrN) rrrrrrYrenforcevalidaterrrrrrs/<  " "#Eq I'  # #$F J(rrc\rSrSrSr"SS\R 5r\R"SSS9r \R"SS 5r \R"SS 5r \R"S 5r\R"S 5rS rg)ri aA file or script to execute. Enums: InterpreterValueValuesEnum: Required. The script interpreter to use. Fields: args: Optional arguments to pass to the source during execution. file: A remote or local file. interpreter: Required. The script interpreter to use. outputFilePath: Only recorded for enforce Exec. Path to an output file (that is created by this Exec) whose content will be recorded in OSPolicyResourceCompliance after a successful run. Absence or failure to read this file will result in this ExecResource being non-compliant. Output file size is limited to 100K bytes. script: An inline script. The size of the script is limited to 32KiB. c(\rSrSrSrSrSrSrSrSr g) ;OSPolicyResourceExecResourceExec.InterpreterValueValuesEnumi2aRequired. The script interpreter to use. Values: INTERPRETER_UNSPECIFIED: Invalid value, the request will return validation error. NONE: If an interpreter is not specified, the source is executed directly. This execution, without an interpreter, only succeeds for executables and scripts that have shebang lines. SHELL: Indicates that the script runs with `/bin/sh` on Linux and `cmd.exe` on Windows. POWERSHELL: Indicates that the script runs with PowerShell. rrrr rN) rrrrrINTERPRETER_UNSPECIFIEDNONESHELL POWERSHELLrrrrInterpreterValueValuesEnumr2s   D EJrrrTrOSPolicyResourceFilerr r!rRrN)rrrrrrYrZrrargsrrr[ interpreteroutputFilePathscriptrrrrrr sq"9>>$   q4 0$    6 :$##$@!D+((+.   #&rrc\rSrSrSr\R "S5r\R"SS5r \R"S5r \R"SS5r S r g ) riKafA remote or local file. Fields: allowInsecure: Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified. gcs: A Cloud Storage object. localPath: A local path within the VM to use. remote: A generic remote file. rOSPolicyResourceFileGcsrr OSPolicyResourceFileRemoter!rN)rrrrrrYr allowInsecurergcsr localPathremoterrrrrrKsO ((+-8!<###A&)  ! !"> B&rrc\rSrSrSr\R "S5r\R"S5r \R "S5r Sr g)ri]zSpecifies a file available as a Cloud Storage Object. Fields: bucket: Required. Bucket of the Cloud Storage object. generation: Generation number of the Cloud Storage object. object: Required. Name of the Cloud Storage object. rrr rN) rrrrrrYrbucketrq generationobjectrrrrrr]s9   #&%%a(*   #&rrc`\rSrSrSr\R "S5r\R "S5rSr g)rikzSpecifies a file available via some URI. Fields: sha256Checksum: SHA256 checksum of the remote file. uri: Required. URI from which to fetch the object. It should contain both the protocol and path following the format `{protocol}://{location}`. rrrN) rrrrrrYrsha256Checksumurirrrrrrks)((+.a #rrc\rSrSrSr"SS\R 5r\R"S5r \R"SS5r \R"S5r \R"S 5r \R"SS 5rS rg ) rixaA resource that manages the state of a file. Enums: StateValueValuesEnum: Required. Desired state of the file. Fields: content: A a file with this content. The size of the content is limited to 32KiB. file: A remote or local source. path: Required. The absolute path of the file within the VM. permissions: Consists of three octal digits which represent, in order, the permissions of the owner, group, and other users for the file (similarly to the numeric mode used in the linux chmod utility). Each digit represents a three bit number with the 4 bit corresponding to the read permissions, the 2 bit corresponds to the write bit, and the one bit corresponds to the execute permission. Default behavior is 755. Below are some examples of permissions and their associated values: read, write, and execute: 7 read and execute: 5 read and write: 6 read only: 4 state: Required. Desired state of the file. c(\rSrSrSrSrSrSrSrSr g) 1OSPolicyResourceFileResource.StateValueValuesEnumia-Required. Desired state of the file. Values: DESIRED_STATE_UNSPECIFIED: Unspecified is invalid. PRESENT: Ensure file at path is present. ABSENT: Ensure file at path is absent. CONTENTS_MATCH: Ensure the contents of the file at path matches. If the file does not exist it will be created. rrrr rN) rrrrrDESIRED_STATE_UNSPECIFIEDPRESENTABSENTCONTENTS_MATCHrrrrrrs!"G FNrrrrrr r!rRrN)rrrrrrYrZrrcontentrrpath permissionsr[rrrrrrrxso* Y^^   ! !! $'    6 :$   q !$%%a(+   4a 8%rrc\rSrSrSr\R "SSSS9r\R "SS5r\R "S S SS9r S r g ) rEiaResource groups provide a mechanism to group OS policy resources. Resource groups enable OS policy authors to create a single OS policy to be applied to VMs running different operating Systems. When the OS policy is applied to a target VM, the appropriate resource group within the OS policy is selected based on the `OSFilter` specified within the resource group. Fields: inventoryFilters: List of inventory filters for the resource group. The resources in this resource group are applied to the target VM if it satisfies at least one of the following inventory filters. For example, to apply this resource group to VMs running either `RHEL` or `CentOS` operating systems, specify 2 items for the list with following values: inventory_filters[0].os_short_name='rhel' and inventory_filters[1].os_short_name='centos' If the list is empty, this resource group will be applied to the target VM unconditionally. osFilter: Deprecated. Use the `inventory_filters` field instead. Used to specify the OS filter for a resource group resources: Required. List of resources configured for this resource group. The resources are executed in the exact order specified here. rrTrrrrr rN) rrrrrrYrinventoryFiltersosFilter resourcesrrrrrErEsH*++,EqSWX  # #$6 :($$%7TJ)rrEcr\rSrSrSr"SS\R 5r\R"SS5r \R"SS5r \R"SS 5r \R"S S 5r \R"S S 5r\R"SS5r\R"SS5r\R"SS5rSrg)riaA resource that manages a system package. Enums: DesiredStateValueValuesEnum: Required. The desired state the agent should maintain for this package. Fields: apt: A package managed by Apt. deb: A deb package file. desiredState: Required. The desired state the agent should maintain for this package. googet: A package managed by GooGet. msi: An MSI package. rpm: An rpm package file. yum: A package managed by YUM. zypper: A package managed by Zypper. c$\rSrSrSrSrSrSrSrg);OSPolicyResourcePackageResource.DesiredStateValueValuesEnumiaRequired. The desired state the agent should maintain for this package. Values: DESIRED_STATE_UNSPECIFIED: Unspecified is invalid. INSTALLED: Ensure that the package is installed. REMOVED: The agent ensures that the package is not installed and uninstalls it if detected. rrrrN) rrrrrr INSTALLEDREMOVEDrrrrDesiredStateValueValuesEnumrs!"IGrr"OSPolicyResourcePackageResourceAPTr"OSPolicyResourcePackageResourceDebrr %OSPolicyResourcePackageResourceGooGetr!"OSPolicyResourcePackageResourceMSIrR"OSPolicyResourcePackageResourceRPMrS"OSPolicyResourcePackageResourceYUMrT%OSPolicyResourcePackageResourceZypperrUrN)rrrrrrYrZrraptdebr[ desiredStategoogetmsirpmyumzypperrrrrrrs$ INN  CQG#CQG#$$%BAF,  ! !"I1 M&CQG#CQG#CQG#  ! !"I1 M&rrc<\rSrSrSr\R "S5rSrg)rizA package managed by APT. - install: `apt-get update && apt-get -y install [name]` - remove: `apt-get -y remove [name]` Fields: name: Required. Package name. rrN rrrrrrYrrrrrrrr   q !$rrcb\rSrSrSr\R "S5r\R"SS5r Sr g)riaA deb package file. dpkg packages only support INSTALLED state. Fields: pullDeps: Whether dependencies should also be installed. - install when false: `dpkg -i package` - install when true: `apt-get update && apt-get -y install package.deb` source: Required. A deb package. rrrrN rrrrrrYrpullDepsrsourcerrrrrr, # #A &(  ! !"8! <&rrc<\rSrSrSr\R "S5rSrg)rizA package managed by GooGet. - install: `googet -noconfirm install package` - remove: `googet -noconfirm remove package` Fields: name: Required. Package name. rrNrrrrrrrrrc`\rSrSrSr\R "SSS9r\R"SS5r Sr g ) ria'An MSI package. MSI packages only support INSTALLED state. Fields: properties: Additional properties to use during installation. This should be in the format of Property=Setting. Appended to the defaults of `ACTION=INSTALL REBOOT=ReallySuppress`. source: Required. The MSI package. rTrrrrN) rrrrrrYr propertiesrrrrrrrrs.$$Q6*  ! !"8! <&rrcb\rSrSrSr\R "S5r\R"SS5r Sr g)riaEAn RPM package file. RPM packages only support INSTALLED state. Fields: pullDeps: Whether dependencies should also be installed. - install when false: `rpm --upgrade --replacepkgs package.rpm` - install when true: `yum -y install package.rpm` or `zypper -y install package.rpm` source: Required. An rpm package. rrrrNrrrrrrrrrc<\rSrSrSr\R "S5rSrg)ri*zA package managed by YUM. - install: `yum -y install package` - remove: `yum -y remove package` Fields: name: Required. Package name. rrNrrrrrr*rrrc<\rSrSrSr\R "S5rSrg)ri5zA package managed by Zypper. - install: `zypper -y install package` - remove: `zypper -y rm package` Fields: name: Required. Package name. rrNrrrrrr5rrrc\rSrSrSr\R "SS5r\R "SS5r\R "SS5r \R "S S 5r S r g ) ri@zA resource that manages a package repository. Fields: apt: An Apt Repository. goo: A Goo Repository. yum: A Yum Repository. zypper: A Zypper Repository. /OSPolicyResourceRepositoryResourceAptRepositoryr/OSPolicyResourceRepositoryResourceGooRepositoryr/OSPolicyResourceRepositoryResourceYumRepositoryr 2OSPolicyResourceRepositoryResourceZypperRepositoryr!rN) rrrrrrYrrgoorrrrrrrr@sY PRST#PRST#PRST#  ! !"VXY Z&rrc\rSrSrSr"SS\R 5r\R"SS5r \R"SSS9r \R"S 5r \R"S 5r \R"S 5rS rg )riPaRepresents a single apt package repository. These will be added to a repo file that will be managed at `/etc/apt/sources.list.d/google_osconfig.list`. Enums: ArchiveTypeValueValuesEnum: Required. Type of archive files in this repository. Fields: archiveType: Required. Type of archive files in this repository. components: Required. List of components for this repository. Must contain at least one item. distribution: Required. Distribution of this repository. gpgKey: URI of the key file for this repository. The agent maintains a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg`. uri: Required. URI for this repository. c$\rSrSrSrSrSrSrSrg)JOSPolicyResourceRepositoryResourceAptRepository.ArchiveTypeValueValuesEnumiczRequired. Type of archive files in this repository. Values: ARCHIVE_TYPE_UNSPECIFIED: Unspecified is invalid. DEB: Deb indicates that the archive contains binary files. DEB_SRC: Deb-src indicates that the archive contains source files. rrrrN) rrrrrARCHIVE_TYPE_UNSPECIFIEDDEBDEB_SRCrrrrArchiveTypeValueValuesEnumr cs ! CGrrrrTrr r!rRrN)rrrrrrYrZrr[ archiveTyper components distributiongpgKeyrrrrrrrPsn$ 9>> ##$@!D+$$Q6*&&q),   #&a #rrc`\rSrSrSr\R "S5r\R "S5rSr g)rivzRepresents a Goo package repository. These are added to a repo file that is managed at `C:/ProgramData/GooGet/repos/google_osconfig.repo`. Fields: name: Required. The name of the repository. url: Required. The url of the repository. rrrN) rrrrrrYrrurlrrrrrrvs)   q !$a #rrc\rSrSrSr\R "S5r\R "S5r\R "SSS9r \R "S5r S r g ) ria#Represents a single yum package repository. These are added to a repo file that is managed at `/etc/yum.repos.d/google_osconfig.repo`. Fields: baseUrl: Required. The location of the repository directory. displayName: The display name of the repository. gpgKeys: URIs of GPG keys. id: Required. A one word, unique name for this repository. This is the `repo id` in the yum config file and also the `display_name` if `display_name` is omitted. This id is also used as the unique identifier when checking for resource conflicts. rrr Trr!rN rrrrrrYrbaseUrlr gpgKeysrrrrrrrK   ! !! $'%%a(+  ! !!d 3'Q"rrc\rSrSrSr\R "S5r\R "S5r\R "SSS9r \R "S5r S r g ) ria-Represents a single zypper package repository. These are added to a repo file that is managed at `/etc/zypp/repos.d/google_osconfig.repo`. Fields: baseUrl: Required. The location of the repository directory. displayName: The display name of the repository. gpgKeys: URIs of GPG keys. id: Required. A one word, unique name for this repository. This is the `repo id` in the zypper config file and also the `display_name` if `display_name` is omitted. This id is also used as the unique identifier when checking for GuestPolicy conflicts. rrr Trr!rNrrrrrrrrrcz\rSrSrSr\R "S5"SS\R55r \R "S5"SS\R55r \R"S5r \R"S S 5r\R"SS 5r\R "S 5r\R"SS 5rSrg) OperationiaThis resource represents a long-running operation that is the result of a network API call. Messages: MetadataValue: Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any. ResponseValue: The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. Fields: done: If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available. error: The error result of the operation in case of failure or cancellation. metadata: Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any. name: The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`. response: The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. rcf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) Operation.MetadataValueiaService-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any. Messages: AdditionalProperty: An additional property for a MetadataValue object. Fields: additionalProperties: Properties of the object. Contains field @type with type URL. cb\rSrSrSr\R "S5r\R"SS5r Sr g)*Operation.MetadataValue.AdditionalPropertyizAn additional property for a MetadataValue object. Fields: key: Name of the additional property. value: A extra_types.JsonValue attribute. rextra_types.JsonValuerrNrrrrrr",   ! !! $c$$%"  INN     q4 0$   2A 6$rr=c\rSrSrSr"SS\R 5r\R"S5r \R"S\RRS9r \R"S5r\R"S S S 9r\R "SS 5rS rg)8OsconfigProjectsLocationsInstancesInventoriesListRequestiaaA OsconfigProjectsLocationsInstancesInventoriesListRequest object. Enums: ViewValueValuesEnum: Inventory view indicating what information should be included in the inventory resource. If unspecified, the default view is BASIC. Fields: filter: If provided, this field specifies the criteria that must be met by a `Inventory` API resource to be included in the response. pageSize: The maximum number of results to return. pageToken: A pagination token returned from a previous call to `ListInventories` that indicates where this listing should continue from. parent: Required. The parent resource name. Format: `projects/{project}/locations/{location}/instances/-` For `{project}`, either `project-number` or `project-id` can be provided. view: Inventory view indicating what information should be included in the inventory resource. If unspecified, the default view is BASIC. c$\rSrSrSrSrSrSrSrg)LOsconfigProjectsLocationsInstancesInventoriesListRequest.ViewValueValuesEnumiwr@rrrrNrArrrrErKwrFrrErrrPr r!Tr2rRrN)rrrrrrYrZrErr8rqr`rrr9r:r;r[rGrrrrrIrIas|*  INN     #&  # #Ay/@/@/F/F G(##A&)  T 2&   2A 6$rrIc:\rSrSrSr\R "SSS9rSrg)FOsconfigProjectsLocationsInstancesOsPolicyAssignmentsReportsGetRequestiaA OsconfigProjectsLocationsInstancesOsPolicyAssignmentsReportsGetRequest object. Fields: name: Required. API resource name for OS policy assignment report. Format: `/projects/{project}/locations/{location}/instances/{instance}/osPolicyA ssignments/{assignment}/report` For `{project}`, either `project-number` or `project-id` can be provided. For `{instance_id}`, either Compute Engine `instance-id` or `instance-name` can be provided. For `{assignment_id}`, the OSPolicyAssignment id must be provided. rTr2rNrrrrrMrMs    q4 0$rrMc\rSrSrSr\R "S5r\R"S\RRS9r \R "S5r \R "SSS 9r S rg ) GOsconfigProjectsLocationsInstancesOsPolicyAssignmentsReportsListRequestiaA OsconfigProjectsLocationsInstancesOsPolicyAssignmentsReportsListRequest object. Fields: filter: If provided, this field specifies the criteria that must be met by the `OSPolicyAssignmentReport` API resource that is included in the response. pageSize: The maximum number of results to return. pageToken: A pagination token returned from a previous call to the `ListOSPolicyAssignmentReports` method that indicates where this listing should continue from. parent: Required. The parent resource name. Format: `projects/{project}/lo cations/{location}/instances/{instance}/osPolicyAssignments/{assignment} /reports` For `{project}`, either `project-number` or `project-id` can be provided. For `{instance}`, either `instance-name`, `instance-id`, or `-` can be provided. If '-' is provided, the response will include OSPolicyAssignmentReports for all instances in the project/location. For `{assignment}`, either `assignment-id` or `-` can be provided. If '-' is provided, the response will include OSPolicyAssignmentReports for all OSPolicyAssignments in the project/location. Either {instance} or {assignment} must be `-`. For example: `projects/{project}/locations/{lo cation}/instances/{instance}/osPolicyAssignments/-/reports` returns all reports for the instance `projects/{project}/locations/{location}/instan ces/-/osPolicyAssignments/{assignment-id}/reports` returns all the reports for the given assignment across all instances. `projects/{projec t}/locations/{location}/instances/-/osPolicyAssignments/-/reports` returns all the reports for all assignments across all instances. rrrPr r!Tr2rNr7rrrrOrOsY<   #&  # #Ay/@/@/F/F G(##A&)  T 2&rrOc:\rSrSrSr\R "SSS9rSrg)@OsconfigProjectsLocationsInstancesVulnerabilityReportsGetRequestiaA OsconfigProjectsLocationsInstancesVulnerabilityReportsGetRequest object. Fields: name: Required. API resource name for vulnerability resource. Format: `pro jects/{project}/locations/{location}/instances/{instance}/vulnerabilityR eport` For `{project}`, either `project-number` or `project-id` can be provided. For `{instance}`, either Compute Engine `instance-id` or `instance-name` can be provided. rTr2rNrrrrrQrQr4rrQc\rSrSrSr\R "S5r\R"S\RRS9r \R "S5r \R "SSS 9r S rg ) AOsconfigProjectsLocationsInstancesVulnerabilityReportsListRequestia/A OsconfigProjectsLocationsInstancesVulnerabilityReportsListRequest object. Fields: filter: This field supports filtering by the severity level for the vulnerability. For a list of severity levels, see [Severity levels for vulnerabilities](https://cloud.google.com/container- analysis/docs/container-scanning- overview#severity_levels_for_vulnerabilities). The filter field follows the rules described in the [AIP-160](https://google.aip.dev/160) guidelines as follows: + **Filter for a specific severity type**: you can list reports that contain vulnerabilities that are classified as medium by specifying `vulnerabilities.details.severity:MEDIUM`. + **Filter for a range of severities** : you can list reports that have vulnerabilities that are classified as critical or high by specifying `vulnerabilities.details.severity:HIGH OR vulnerabilities.details.severity:CRITICAL` pageSize: The maximum number of results to return. pageToken: A pagination token returned from a previous call to `ListVulnerabilityReports` that indicates where this listing should continue from. parent: Required. The parent resource name. Format: `projects/{project}/locations/{location}/instances/-` For `{project}`, either `project-number` or `project-id` can be provided. rrrPr r!Tr2rNr7rrrrSrSsY4   #&  # #Ay/@/@/F/F G(##A&)  T 2&rrSc\rSrSrSr\R "SS5r\R"S5r \R"SSS9r \R"S 5r S r g ) 9OsconfigProjectsLocationsOsPolicyAssignmentsCreateRequestia(A OsconfigProjectsLocationsOsPolicyAssignmentsCreateRequest object. Fields: oSPolicyAssignment: A OSPolicyAssignment resource to be passed as the request body. osPolicyAssignmentId: Required. The logical name of the OS policy assignment in the project with the following restrictions: * Must contain only lowercase letters, numbers, and hyphens. * Must start with a letter. * Must be between 1-63 characters. * Must end with a number or a letter. * Must be unique within the project. parent: Required. The parent resource name in the form: projects/{project}/locations/{location} requestId: Optional. A unique identifier for this request. Restricted to 36 ASCII characters. A random UUID is recommended. This request is only idempotent if a `request_id` is provided. r1rrr Tr2r!rN) rrrrrrYroSPolicyAssignmentrosPolicyAssignmentIdr; requestIdrrrrrUrUsP"!--.BAF"..q1  T 2&##A&)rrUc^\rSrSrSr\R "SSS9r\R "S5rSr g) 9OsconfigProjectsLocationsOsPolicyAssignmentsDeleteRequesti aWA OsconfigProjectsLocationsOsPolicyAssignmentsDeleteRequest object. Fields: name: Required. The name of the OS policy assignment to be deleted requestId: Optional. A unique identifier for this request. Restricted to 36 ASCII characters. A random UUID is recommended. This request is only idempotent if a `request_id` is provided. rTr2rrN) rrrrrrYrrrXrrrrrZrZ s+   q4 0$##A&)rrZc:\rSrSrSr\R "SSS9rSrg)6OsconfigProjectsLocationsOsPolicyAssignmentsGetRequesti zA OsconfigProjectsLocationsOsPolicyAssignmentsGetRequest object. Fields: name: Required. The resource name of OS policy assignment. Format: `projec ts/{project}/locations/{location}/osPolicyAssignments/{os_policy_assignm ent}@{revisionId}` rTr2rNrrrrr\r\ s   q4 0$rr\c\rSrSrSr\R "S\RRS9r \R"S5r \R"SSS9r S r g ) 7OsconfigProjectsLocationsOsPolicyAssignmentsListRequesti# aMA OsconfigProjectsLocationsOsPolicyAssignmentsListRequest object. Fields: pageSize: The maximum number of assignments to return. pageToken: A pagination token returned from a previous call to `ListOSPolicyAssignments` that indicates where this listing should continue from. parent: Required. The parent resource name. rrPrr Tr2rN)rrrrrrYrqr`rrr9rr:r;rrrrr^r^# sI # #Ay/@/@/F/F G(##A&)  T 2&rr^c\rSrSrSr\R "SSS9r\R"S\RRS9r \R "S5r S r g ) @OsconfigProjectsLocationsOsPolicyAssignmentsListRevisionsRequesti3 aA OsconfigProjectsLocationsOsPolicyAssignmentsListRevisionsRequest object. Fields: name: Required. The name of the OS policy assignment to list revisions for. pageSize: The maximum number of revisions to return. pageToken: A pagination token returned from a previous call to `ListOSPolicyAssignmentRevisions` that indicates where this listing should continue from. rTr2rrPr rN)rrrrrrYrrrqr`rrr9r:rrrrr`r`3 sI    q4 0$  # #Ay/@/@/F/F G(##A&)rr`c`\rSrSrSr\R "SS5r\R"SSS9r Sr g ) COsconfigProjectsLocationsOsPolicyAssignmentsOperationsCancelRequestiE zA OsconfigProjectsLocationsOsPolicyAssignmentsOperationsCancelRequest object. Fields: cancelOperationRequest: A CancelOperationRequest resource to be passed as the request body. name: The name of the operation resource to be cancelled. rkrrTr2rN) rrrrrrYrcancelOperationRequestrrrrrrrbrbE s/%112JAN   q4 0$rrbc:\rSrSrSr\R "SSS9rSrg)@OsconfigProjectsLocationsOsPolicyAssignmentsOperationsGetRequestiS zA OsconfigProjectsLocationsOsPolicyAssignmentsOperationsGetRequest object. Fields: name: The name of the operation resource. rTr2rNrrrrrereS s   q4 0$rrec\rSrSrSr\R "S5r\R"SSS9r \R"SS5r \R"S 5r \R"S 5r S rg ) 8OsconfigProjectsLocationsOsPolicyAssignmentsPatchRequesti^ aNA OsconfigProjectsLocationsOsPolicyAssignmentsPatchRequest object. Fields: allowMissing: Optional. If set to true, and the OS policy assignment is not found, a new OS policy assignment will be created. In this situation, `update_mask` is ignored. name: Resource name. Format: `projects/{project_number}/locations/{locatio n}/osPolicyAssignments/{os_policy_assignment_id}` This field is ignored when you create an OS policy assignment. oSPolicyAssignment: A OSPolicyAssignment resource to be passed as the request body. requestId: Optional. A unique identifier for this request. Restricted to 36 ASCII characters. A random UUID is recommended. This request is only idempotent if a `request_id` is provided. updateMask: Optional. Field mask that controls which fields of the assignment should be updated. rrTr2r1r r!rRrN)rrrrrrYr allowMissingrrrrVrX updateMaskrrrrrgrg^ s_$''*,   q4 0$ --.BAF##A&)$$Q'*rrgc\rSrSrSr"SS\R 5r"SS\R 5r\R"SS5r \R"S5r \R"SS S S 9r \R"S 5r\R"S 5r\R"S5r\R"S5r\R$"SSS 9r\R"S5r\R"S5r\R"S5r\R"S5rSrg)StandardQueryParametersix aQuery parameters accepted by all methods. Enums: FXgafvValueValuesEnum: V1 error format. AltValueValuesEnum: Data format for response. Fields: f__xgafv: V1 error format. access_token: OAuth access token. alt: Data format for response. callback: JSONP fields: Selector specifying which fields to include in a partial response. key: API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. oauth_token: OAuth 2.0 token for the current user. prettyPrint: Returns response with indentations and line breaks. quotaUser: Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. trace: A tracing token of the form "token:" to include in api requests. uploadType: Legacy upload protocol for media (e.g. "media", "multipart"). upload_protocol: Upload protocol for media (e.g. "raw", "multipart"). c$\rSrSrSrSrSrSrSrg)*StandardQueryParameters.AltValueValuesEnumi zData format for response. Values: json: Responses with Content-Type of application/json media: Media download with context-dependent Content-Type proto: Responses with Content-Type of application/x-protobuf rrrrN) rrrrrjsonmediaprotorrrrAltValueValuesEnumrm s D E Errqc \rSrSrSrSrSrSrg)-StandardQueryParameters.FXgafvValueValuesEnumi zFV1 error format. Values: _1: v1 error format _2: v2 error format rrrN)rrrrr_1_2rrrrFXgafvValueValuesEnumrs s B Brrvrrr rn)defaultr!rRrSrTrUTrVrWrXrNrN)rrrrrrYrZrqrvr[f__xgafvr access_tokenaltcallbackfieldsr oauth_tokenr prettyPrint quotaUsertrace uploadTypeupload_protocolrrrrrkrkx s4 9>>  inn  !8! <(&&q),0!VD#  " "1 %(   #&a #%%a(+&&q$7+##A&)    #%$$R(*))"-/rrkc\rSrSrSr\R "S5"SS\R55r \R"S\RRS9r \R"SSS S 9r\R "S 5rS rg )r+i aThe `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). Messages: DetailsValueListEntry: A DetailsValueListEntry object. Fields: code: The status code, which should be an enum value of google.rpc.Code. details: A list of messages that carry the error details. There is a common set of message types for APIs to use. message: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. rcf\rSrSrSr"SS\R 5r\R"SSSS9r Sr g ) Status.DetailsValueListEntryi zA DetailsValueListEntry object. Messages: AdditionalProperty: An additional property for a DetailsValueListEntry object. Fields: additionalProperties: Properties of the object. Contains field @type with type URL. cb\rSrSrSr\R "S5r\R"SS5r Sr g)/Status.DetailsValueListEntry.AdditionalPropertyi zAn additional property for a DetailsValueListEntry object. Fields: key: Name of the additional property. value: A extra_types.JsonValue attribute. rr#rrNrrrrrr r$rrrTrrNrrrrDetailsValueListEntryr s4  AY.. A%112FTXYrrrrPrTrr rN)rrrrrrrrYrrrqr`rrcoderdetailsrmessagerrrrr+r+ s|& !!"89Zi//Z:Z2   9+<+<+B+B C$  " "#:A M'  ! !! $'rr+c\rSrSrSr\R "S\RRS9r \R "S\RRS9r \R"S5r \R"SS5r\R"S 5rS rg ) StatusProtoi aWire-format for a Status object Fields: canonicalCode: copybara:strip_begin(b/383363683) copybara:strip_end_and_replace optional int32 canonical_code = 6; code: Numeric code drawn from the space specified below. Often, this is the canonical error space, and code is drawn from google3/util/task/codes.proto copybara:strip_begin(b/383363683) copybara:strip_end_and_replace optional int32 code = 1; message: Detail message copybara:strip_begin(b/383363683) copybara:strip_end_and_replace optional string message = 3; messageSet: message_set associates an arbitrary proto message with the status. copybara:strip_begin(b/383363683) copybara:strip_end_and_replace optional proto2.bridge.MessageSet message_set = 5; space: copybara:strip_begin(b/383363683) Space to which this status belongs copybara:strip_end_and_replace optional string space = 2; // Space to which this status belongs rrPrr r<r!rRrN)rrrrrrYrqr`rr canonicalCoderrrr messageSetspacerrrrrr sw&((I4E4E4K4KL-   9+<+<+B+B C$  ! !! $'%%lA6*    "%rrc\rSrSrSr"SS\R 5r\R"SS5r \R"S5r \R"S5r \R"SS S S 9rS rg )r9i aThis API resource represents the vulnerability report for a specified Compute Engine virtual machine (VM) instance at a given point in time. For more information, see [Vulnerability reports](https://cloud.google.com/compute/docs/instances/os-inventory- management#vulnerability-reports). Enums: HighestUpgradableCveSeverityValueValuesEnum: Output only. Highest level of severity among all the upgradable vulnerabilities with CVEs attached. Fields: highestUpgradableCveSeverity: Output only. Highest level of severity among all the upgradable vulnerabilities with CVEs attached. name: Output only. The `vulnerabilityReport` API resource name. Format: `p rojects/{project_number}/locations/{location}/instances/{instance_id}/vu lnerabilityReport` updateTime: Output only. The timestamp for when the last vulnerability report was generated for the VM. vulnerabilities: Output only. List of vulnerabilities affecting the VM. c4\rSrSrSrSrSrSrSrSr Sr S r S r g ) ?VulnerabilityReport.HighestUpgradableCveSeverityValueValuesEnumi aOutput only. Highest level of severity among all the upgradable vulnerabilities with CVEs attached. Values: VULNERABILITY_SEVERITY_LEVEL_UNSPECIFIED: Default SeverityLevel. This value is unused. NONE: Vulnerability has no severity level. MINIMAL: Vulnerability severity level is minimal. This is level below the low severity level. LOW: Vulnerability severity level is low. This is level below the medium severity level. MEDIUM: Vulnerability severity level is medium. This is level below the high severity level. HIGH: Vulnerability severity level is high. This is level below the critical severity level. CRITICAL: Vulnerability severity level is critical. This is the highest severity level. rrrr r!rRrSrN) rrrrr(VULNERABILITY_SEVERITY_LEVEL_UNSPECIFIEDrMINIMALLOWMEDIUMHIGHCRITICALrrrr+HighestUpgradableCveSeverityValueValuesEnumr s-$01, DG C F DHrrrrr VulnerabilityReportVulnerabilityr!TrrN)rrrrrrYrZrr[highestUpgradableCveSeverityrrrrvulnerabilitiesrrrrr9r9 sd*INN6"+!4!45bde!f   q !$$$Q'***+Mq[_`/rr9c\rSrSrSr\R "SSS9r\R "S5r\R"SS5r \R "S SS9r \R"S S SS9r \R "S 5r S rg)ri< aIA vulnerability affecting the VM instance. Fields: availableInventoryItemIds: Corresponds to the `AVAILABLE_PACKAGE` inventory item on the VM. If the vulnerability report was not updated after the VM inventory update, these values might not display in VM inventory. If there is no available fix, the field is empty. The `inventory_item` value specifies the latest `SoftwarePackage` available to the VM that fixes the vulnerability. createTime: The timestamp for when the vulnerability was first detected. details: Contains metadata as per the upstream feed of the operating system and NVD. installedInventoryItemIds: Corresponds to the `INSTALLED_PACKAGE` inventory item on the VM. This field displays the inventory items affected by this vulnerability. If the vulnerability report was not updated after the VM inventory update, these values might not display in VM inventory. For some distros, this field may be empty. items: List of items affected by the vulnerability. updateTime: The timestamp for when the vulnerability was last modified. rTrr'VulnerabilityReportVulnerabilityDetailsr r!$VulnerabilityReportVulnerabilityItemrRrSrN)rrrrrrYravailableInventoryItemIdsrrrinstalledInventoryItemIdsrrrrrrrr< sx*(33AE$$Q'*  " "#La P''33AE  !GUY Z%$$Q'*rrc\rSrSrSr\R "S5r\R"S\RRS9r \R"SS5r \R "S5r\R"S S S S 9r\R "S 5rSrg)riZ aContains metadata information for the vulnerability. This information is collected from the upstream feed of the operating system. Fields: cve: The CVE of the vulnerability. CVE cannot be empty and the combination of should be unique across vulnerabilities for a VM. cvssV2Score: The CVSS V2 score of this vulnerability. CVSS V2 score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity. cvssV3: The full description of the CVSSv3 for this vulnerability from NVD. description: The note or description describing the vulnerability from the distro. references: Corresponds to the references attached to the `VulnerabilityDetails`. severity: Assigned severity/impact ranking from the distro. rrrPr r r!0VulnerabilityReportVulnerabilityDetailsReferencerRTrrSrN)rrrrrrYrcver_r`ra cvssV2ScorercvssV3r referencesr"rrrrrrZ s$ a #$$Q 0A0A0G0GH+  ! !(A .&%%a(+%%&XZ[fjk*  " "1 %(rrc`\rSrSrSr\R "S5r\R "S5rSr g)riu z~A reference for this vulnerability. Fields: source: The source of the reference e.g. NVD. url: The url of the reference. rrrN) rrrrrrYrrrrrrrrru s)   #&a #rrc\rSrSrSr\R "S5r\R "S5r\R "S5r \R "S5r Sr g) ri aBOS inventory item that is affected by a vulnerability or fixed as a result of a vulnerability. Fields: availableInventoryItemId: Corresponds to the `AVAILABLE_PACKAGE` inventory item on the VM. If the vulnerability report was not updated after the VM inventory update, these values might not display in VM inventory. If there is no available fix, the field is empty. The `inventory_item` value specifies the latest `SoftwarePackage` available to the VM that fixes the vulnerability. fixedCpeUri: The recommended [CPE URI](https://cpe.mitre.org/specification/) update that contains a fix for this vulnerability. installedInventoryItemId: Corresponds to the `INSTALLED_PACKAGE` inventory item on the VM. This field displays the inventory items affected by this vulnerability. If the vulnerability report was not updated after the VM inventory update, these values might not display in VM inventory. For some operating systems, this field might be empty. upstreamFix: The upstream OS patch, packages or KB that fixes the vulnerability. rrr r!rN) rrrrrrYravailableInventoryItemId fixedCpeUriinstalledInventoryItemId upstreamFixrrrrrr sK,'2215%%a(+&2215%%a(+rrrexecrxz$.xgafvrt1ru2N)hr __future__rapitools.base.protorpcliterrYapitools.base.pyrrpackagerr rkrorwryr}rrrrrrrrrrrrrrr%r)r,r0r6r8r<r>r1rLr\r[rnr-rtr{rrrMrrrrrrrrrrrrrErrrrrrrrrrrrrrr1r6r=rIrMrOrQrSrUrZr\r^r`rbrergrkr+rr9rrrrAddCustomJsonFieldMappingAddCustomJsonEnumMappingrvrrrrs'<%( UNY  UNp=Y..=D9  D4I   GY&& G4/y?P?P4/n"Y->->"6"1B1B"6B99#4#4B9J&9Y5F5F&9R8( !!8(v2(I%%2(j%i''%6"By00"BJ % 1 1 %')"3"3'.)1B1B)( &I$5$5 &F "9J9J " %9,, % + 0A0A + +i// + cI,=,= c Wi.?.? W Wi&7&7 W Yy'8'8 Y "" /Uy  /UdK"**K"\9y'8'898 ' 0A0A '+4!2!2+4\4/)*;*;4/n(y00(>3Q1B1B3Ql,09K\K\,0^.]f]n]n.%7enevev%7P- 1 1-$ 'i// ' 'y(( ' Oy((O2#9!2!2#9L.93D3D.47!2!247n K9#4#4 KF($y'8'8($VC9,,C$ $i// $ !!2!2 !)99#4#4)9XKI--K6(Ni&7&7(NV"):):" =):): ="I,=,=" =):): = =):): ="):):""I,=,=" [):): [ #!i6G6G#!L !i6G6G ! i6G6G ( 9J9J (i8 !!i8X 1yGXGX 13 HYHY3.!7i>O>O!7H(7y?P?P(7V 1YM^M^ 1 "3iN_N_"3J 1yGXGX 13 HYHY3B' @Q@Q'0 ' @Q@Q ' 1Y=N=N 1 3i>O>O 3 'yGXGX'$ 1)J[J[ 11yGXGX1(y?P?P(4<.i//<.~0%Y  0%f#)###64a)++4an(y'8'8(<&i.?.?&6 !y7H7H !)9+<+<): ""gv'""Z4!!114>!!114>r