Os
OS policy assignment is an API resource that is used to apply a set of OS policies to a dynamically targeted group of Compute Engine VM instances. An OS policy is used to define the desired state configuration for a Compute Engine VM instance through a set of configuration resources that provide capabilities such as installing or removing software packages, or executing a script. For more information about the OS policy resource definitions and examples, see OS policy and OS policy assignment. To get more information about OSPolicyAssignment, see:
How-to Guides
Example Usage
Os Config Os Policy Assignment Basic
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.osconfig.OsPolicyAssignment;
import com.pulumi.gcp.osconfig.OsPolicyAssignmentArgs;
import com.pulumi.gcp.osconfig.inputs.OsPolicyAssignmentInstanceFilterArgs;
import com.pulumi.gcp.osconfig.inputs.OsPolicyAssignmentOsPolicyArgs;
import com.pulumi.gcp.osconfig.inputs.OsPolicyAssignmentRolloutArgs;
import com.pulumi.gcp.osconfig.inputs.OsPolicyAssignmentRolloutDisruptionBudgetArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var primary = new OsPolicyAssignment("primary", OsPolicyAssignmentArgs.builder()
.description("A test os policy assignment")
.instanceFilter(OsPolicyAssignmentInstanceFilterArgs.builder()
.all(false)
.exclusionLabels(OsPolicyAssignmentInstanceFilterExclusionLabelArgs.builder()
.labels(Map.of("label-two", "value-two"))
.build())
.inclusionLabels(OsPolicyAssignmentInstanceFilterInclusionLabelArgs.builder()
.labels(Map.of("label-one", "value-one"))
.build())
.inventories(OsPolicyAssignmentInstanceFilterInventoryArgs.builder()
.osShortName("centos")
.osVersion("8.*")
.build())
.build())
.location("us-central1-a")
.osPolicies(OsPolicyAssignmentOsPolicyArgs.builder()
.allowNoResourceGroupMatch(false)
.description("A test os policy")
.id("policy")
.mode("VALIDATION")
.resourceGroups(OsPolicyAssignmentOsPolicyResourceGroupArgs.builder()
.inventoryFilters(OsPolicyAssignmentOsPolicyResourceGroupInventoryFilterArgs.builder()
.osShortName("centos")
.osVersion("8.*")
.build())
.resources(
OsPolicyAssignmentOsPolicyResourceGroupResourceArgs.builder()
.id("apt-to-yum")
.repository(OsPolicyAssignmentOsPolicyResourceGroupResourceRepositoryArgs.builder()
.apt(OsPolicyAssignmentOsPolicyResourceGroupResourceRepositoryAptArgs.builder()
.archiveType("DEB")
.components("doc")
.distribution("debian")
.gpgKey(".gnupg/pubring.kbx")
.uri("https://atl.mirrors.clouvider.net/debian")
.build())
.build())
.build(),
OsPolicyAssignmentOsPolicyResourceGroupResourceArgs.builder()
.exec(OsPolicyAssignmentOsPolicyResourceGroupResourceExecArgs.builder()
.enforce(OsPolicyAssignmentOsPolicyResourceGroupResourceExecEnforceArgs.builder()
.args("arg1")
.file(OsPolicyAssignmentOsPolicyResourceGroupResourceExecEnforceFileArgs.builder()
.allowInsecure(true)
.remote(OsPolicyAssignmentOsPolicyResourceGroupResourceExecEnforceFileRemoteArgs.builder()
.sha256Checksum("c7938fed83afdccbb0e86a2a2e4cad7d5035012ca3214b4a61268393635c3063")
.uri("https://www.example.com/script.sh")
.build())
.build())
.interpreter("SHELL")
.outputFilePath("$HOME/out")
.build())
.validate(OsPolicyAssignmentOsPolicyResourceGroupResourceExecValidateArgs.builder()
.args("arg1")
.file(OsPolicyAssignmentOsPolicyResourceGroupResourceExecValidateFileArgs.builder()
.localPath("$HOME/script.sh")
.build())
.interpreter("SHELL")
.outputFilePath("$HOME/out")
.build())
.build())
.id("exec1")
.build())
.build())
.build())
.rollout(OsPolicyAssignmentRolloutArgs.builder()
.disruptionBudget(OsPolicyAssignmentRolloutDisruptionBudgetArgs.builder()
.percent(100)
.build())
.minWaitDuration("3s")
.build())
.build());
}
}Import
OSPolicyAssignment can be imported using any of these accepted formats
$ pulumi import gcp:osconfig/osPolicyAssignment:OsPolicyAssignment default projects/{{project}}/locations/{{location}}/osPolicyAssignments/{{name}}$ pulumi import gcp:osconfig/osPolicyAssignment:OsPolicyAssignment default {{project}}/{{location}}/{{name}}$ pulumi import gcp:osconfig/osPolicyAssignment:OsPolicyAssignment default {{location}}/{{name}}Properties
OS policy assignment description. Length of the description is limited to 1024 characters.
Filter to select VMs. Structure is documented below.
List of OS policies to be applied to the VMs. Structure is documented below.
Output only. Indicates that reconciliation is in progress for the revision. This value is true when the rollout_state is one of:
Output only. The timestamp that the revision was created.
Output only. The assignment revision ID A new revision is committed whenever a rollout is triggered for a OS policy assignment
Rollout to deploy the OS policy assignment. A rollout is triggered in the following situations: 1) OSPolicyAssignment is created.
Output only. OS policy assignment rollout state
Set to true to skip awaiting rollout during resource creation and update.