feat: add ExecResourceOutput for OSConfig AgentEndpoint, add error_message field to OSPolicyResourceConfigStep

Committer: @adjackura PiperOrigin-RevId: 373391138
4 years ago · 1fb8e3eee9
parent 7d55f1b762
commit 1fb8e3eee9
5 changed files with 77 additions and 71 deletions
--- a/.github/workflows/generate_api_index.yaml
+++ b/.github/workflows/generate_api_index.yaml
@ -1,30 +0,0 @@
-name: Generate API Index
-on:
-  push:
-    branches: [master]
-  workflow_dispatch:
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Setup .NET Core SDK
-        uses: actions/setup-dotnet@v1.8.0
-      - name: Checkout googleapis (this repository)
-        uses: actions/checkout@v2
-      - name: Checkout index generator
-        uses: actions/checkout@v2
-        with:
-          repository: googleapis/googleapis-api-index-generator
-          path: gen
-      - name: Generate API index
-        run: |
-          gen/scripts/generate-schema.sh
-          gen/scripts/generate-index.sh $PWD
-          cp gen/tmp/api-index-v1.json $PWD
-      - name: Commit API index
-        run: |
-          [[ ! $(git diff --exit-code api-index-v1.json) ]] && echo "Nothing to commit." && exit 0
-          git config user.name "Google APIs"
-          git add api-index-v1.json
-          git commit -m "chore: regenerate API index"
-          git push
--- a/google/cloud/osconfig/agentendpoint/v1/agentendpoint.proto
+++ b/google/cloud/osconfig/agentendpoint/v1/agentendpoint.proto
@ -31,7 +31,8 @@ service AgentEndpointService {
  option (google.api.default_host) = "osconfig.googleapis.com";

  // Stream established by client to receive Task notifications.
-  rpc ReceiveTaskNotification(ReceiveTaskNotificationRequest) returns (stream ReceiveTaskNotificationResponse) {
+  rpc ReceiveTaskNotification(ReceiveTaskNotificationRequest)
+      returns (stream ReceiveTaskNotificationResponse) {
    option (google.api.method_signature) = "instance_id_token,agent_version";
  }

@ -41,24 +42,31 @@ service AgentEndpointService {
  }

  // Signals an intermediary progress checkpoint in task execution.
-  rpc ReportTaskProgress(ReportTaskProgressRequest) returns (ReportTaskProgressResponse) {
-    option (google.api.method_signature) = "instance_id_token,task_id,task_type";
+  rpc ReportTaskProgress(ReportTaskProgressRequest)
+      returns (ReportTaskProgressResponse) {
+    option (google.api.method_signature) =
+        "instance_id_token,task_id,task_type";
  }

  // Signals that the task execution is complete and optionally returns the next
  // task.
-  rpc ReportTaskComplete(ReportTaskCompleteRequest) returns (ReportTaskCompleteResponse) {
-    option (google.api.method_signature) = "instance_id_token,task_id,task_type,error_message";
+  rpc ReportTaskComplete(ReportTaskCompleteRequest)
+      returns (ReportTaskCompleteResponse) {
+    option (google.api.method_signature) =
+        "instance_id_token,task_id,task_type,error_message";
  }

  // Registers the agent running on the VM.
  rpc RegisterAgent(RegisterAgentRequest) returns (RegisterAgentResponse) {
-    option (google.api.method_signature) = "instance_id_token,agent_version,supported_capabilities";
+    option (google.api.method_signature) =
+        "instance_id_token,agent_version,supported_capabilities";
  }

  // Reports the VMs current inventory.
-  rpc ReportInventory(ReportInventoryRequest) returns (ReportInventoryResponse) {
-    option (google.api.method_signature) = "instance_id_token,inventory_checksum,inventory";
+  rpc ReportInventory(ReportInventoryRequest)
+      returns (ReportInventoryResponse) {
+    option (google.api.method_signature) =
+        "instance_id_token,inventory_checksum,inventory";
  }
 }

@ -75,9 +83,7 @@ message ReceiveTaskNotificationRequest {

 // The streaming rpc message that will notify the agent when it has a task
 // it needs to perform on the instance.
-message ReceiveTaskNotificationResponse {
-
-}
+message ReceiveTaskNotificationResponse {}

 // A request message for signaling the start of a task execution.
 message StartNextTaskRequest {
@ -110,6 +116,7 @@ message ReportTaskProgressRequest {
  // specified below:
  // APPLY_PATCHES = ApplyPatchesTaskProgress
  // EXEC_STEP = Progress not supported for this type.
+  // APPLY_CONFIG_TASK = ApplyConfigTaskProgress
  TaskType task_type = 3 [(google.api.field_behavior) = REQUIRED];

  // Intermediate progress of the current task.
@ -147,6 +154,7 @@ message ReportTaskCompleteRequest {
  // specified below:
  // APPLY_PATCHES = ApplyPatchesTaskOutput
  // EXEC_STEP = ExecStepTaskOutput
+  // APPLY_CONFIG_TASK = ApplyConfigTaskOutput
  TaskType task_type = 3 [(google.api.field_behavior) = REQUIRED];

  // Descriptive error message if the task execution ended in error.
@ -166,9 +174,7 @@ message ReportTaskCompleteRequest {
 }

 // The response message after the agent signaled the current task complete.
-message ReportTaskCompleteResponse {
-
-}
+message ReportTaskCompleteResponse {}

 // The request message for registering the agent.
 message RegisterAgentRequest {
@ -183,13 +189,13 @@ message RegisterAgentRequest {
  // Required. The capabilities supported by the agent. Supported values are:
  // PATCH_GA
  // GUEST_POLICY_BETA
-  repeated string supported_capabilities = 3 [(google.api.field_behavior) = REQUIRED];
+  // CONFIG_V1
+  repeated string supported_capabilities = 3
+      [(google.api.field_behavior) = REQUIRED];
 }

 // The response message after the agent registered.
-message RegisterAgentResponse {
-
-}
+message RegisterAgentResponse {}

 // The request message for having the agent report inventory.
 message ReportInventoryRequest {
@ -198,13 +204,13 @@ message ReportInventoryRequest {
  // where the audience is 'osconfig.googleapis.com' and the format is 'full'.
  string instance_id_token = 1 [(google.api.field_behavior) = REQUIRED];

-  // Required. This is a client created checksum that should be generated based on the
-  // contents of the reported inventory.  This will be used by the service to
-  // determine if it has the latest version of inventory.
+  // Required. This is a client created checksum that should be generated based
+  // on the contents of the reported inventory.  This will be used by the
+  // service to determine if it has the latest version of inventory.
  string inventory_checksum = 2 [(google.api.field_behavior) = REQUIRED];

-  // Optional. This is the details of the inventory.  Should only be provided if the
-  // inventory has changed since the last report, or if instructed by the
+  // Optional. This is the details of the inventory.  Should only be provided if
+  // the inventory has changed since the last report, or if instructed by the
  // service to provide full inventory.
  Inventory inventory = 3 [(google.api.field_behavior) = OPTIONAL];
 }
--- a/google/cloud/osconfig/agentendpoint/v1/config_common.proto
+++ b/google/cloud/osconfig/agentendpoint/v1/config_common.proto
@ -65,10 +65,21 @@ message OSPolicyResourceConfigStep {

  // Outcome of the configuration step.
  Outcome outcome = 2;
+
+  // An error message recorded during the execution of this step.
+  // Only populated when outcome is FAILED.
+  string error_message = 3;
 }

 // Compliance data for an OS policy resource.
 message OSPolicyResourceCompliance {
+  // ExecResource specific output.
+  message ExecResourceOutput {
+    // Output from Enforcement phase output file (if run).
+    // Output size is limited to 100K bytes.
+    bytes enforcement_output = 2;
+  }
+
  // The id of the OS policy resource.
  string os_policy_resource_id = 1;

@ -78,6 +89,12 @@ message OSPolicyResourceCompliance {

  // Compliance state of the OS policy resource.
  OSPolicyComplianceState state = 3;
+
+  // Resource specific output.
+  oneof output {
+    // ExecResource specific output.
+    ExecResourceOutput exec_resource_output = 4;
+  }
 }

 // Supported OSPolicy compliance states.
--- a/google/cloud/osconfig/agentendpoint/v1/os_policy.proto
+++ b/google/cloud/osconfig/agentendpoint/v1/os_policy.proto
@ -36,8 +36,8 @@ message OSPolicy {
    message File {
      // Specifies a file available via some URI.
      message Remote {
-        // Required. URI from which to fetch the object. It should contain both the
-        // protocol and path following the format `{protocol}://{location}`.
+        // Required. URI from which to fetch the object. It should contain both
+        // the protocol and path following the format `{protocol}://{location}`.
        string uri = 1 [(google.api.field_behavior) = REQUIRED];

        // SHA256 checksum of the remote file.
@ -159,8 +159,8 @@ message OSPolicy {
        REMOVED = 2;
      }

-      // Required. The desired state the agent should maintain for this package. The
-      // default is to ensure the package is installed.
+      // Required. The desired state the agent should maintain for this package.
+      // The default is to ensure the package is installed.
      DesiredState desired_state = 1 [(google.api.field_behavior) = REQUIRED];

      // A system package.
@ -206,8 +206,8 @@ message OSPolicy {
          DEB_SRC = 2;
        }

-        // Required. Type of archive files in this repository. The default behavior is
-        // DEB.
+        // Required. Type of archive files in this repository. The default
+        // behavior is DEB.
        ArchiveType archive_type = 1 [(google.api.field_behavior) = REQUIRED];

        // Required. URI for this repository.
@ -216,8 +216,8 @@ message OSPolicy {
        // Required. Distribution of this repository.
        string distribution = 3 [(google.api.field_behavior) = REQUIRED];

-        // Required. List of components for this repository. Must contain at least one
-        // item.
+        // Required. List of components for this repository. Must contain at
+        // least one item.
        repeated string components = 4 [(google.api.field_behavior) = REQUIRED];

        // URI of the key file for this repository. The agent maintains a
@ -229,8 +229,8 @@ message OSPolicy {
      // repo file that is managed at
      // `/etc/yum.repos.d/google_osconfig.repo`.
      message YumRepository {
-        // Required. A one word, unique name for this repository. This is  the `repo
-        // id` in the yum config file and also the `display_name` if
+        // Required. A one word, unique name for this repository. This is  the
+        // `repo id` in the yum config file and also the `display_name` if
        // `display_name` is omitted. This id is also used as the unique
        // identifier when checking for resource conflicts.
        string id = 1 [(google.api.field_behavior) = REQUIRED];
@ -249,8 +249,8 @@ message OSPolicy {
      // repo file that is managed at
      // `/etc/zypp/repos.d/google_osconfig.repo`.
      message ZypperRepository {
-        // Required. A one word, unique name for this repository. This is the `repo
-        // id` in the zypper config file and also the `display_name` if
+        // Required. A one word, unique name for this repository. This is the
+        // `repo id` in the zypper config file and also the `display_name` if
        // `display_name` is omitted. This id is also used as the unique
        // identifier when checking for GuestPolicy conflicts.
        string id = 1 [(google.api.field_behavior) = REQUIRED];
@ -330,12 +330,20 @@ message OSPolicy {

        // Required. The script interpreter to use.
        Interpreter interpreter = 4 [(google.api.field_behavior) = REQUIRED];
+
+        // Only recorded for enforce Exec.
+        // Path to an output file (that is created by this Exec) whose
+        // content will be recorded in OSPolicyResourceCompliance after a
+        // successful run. Absence or failure to read this file will result in
+        // this ExecResource being non-compliant. Output file size is limited to
+        // 100K bytes.
+        string output_file_path = 5;
      }

-      // Required. What to run to validate this resource is in the desired state.
-      // An exit code of 100 indicates "in desired state", and exit code of 101
-      // indicates "not in desired state". Any other exit code indicates a
-      // failure running validate.
+      // Required. What to run to validate this resource is in the desired
+      // state. An exit code of 100 indicates "in desired state", and exit code
+      // of 101 indicates "not in desired state". Any other exit code indicates
+      // a failure running validate.
      Exec validate = 1 [(google.api.field_behavior) = REQUIRED];

      // What to run to bring this resource into the desired state.
@ -432,6 +440,4 @@ message OSPolicy {
    // their desired state, and if not, enforces the desired state.
    ENFORCEMENT = 2;
  }
-
-
 }
--- a/google/cloud/osconfig/agentendpoint/v1/osconfig_v1.yaml
+++ b/google/cloud/osconfig/agentendpoint/v1/osconfig_v1.yaml
@ -17,3 +17,10 @@ backend:
    deadline: 30.0
  - selector: google.cloud.osconfig.agentendpoint.v1.AgentEndpointService.ReceiveTaskNotification
    deadline: 3600.0
+
+authentication:
+  rules:
+  - selector: 'google.longrunning.Operations.*'
+    oauth:
+      canonical_scopes: |-
+        https://www.googleapis.com/auth/cloud-platform