google_os_config_os_policy_assignment

OS policy assignment is an API resource that is used to apply a set of OS policies to a dynamically targeted group of Compute Engine VM instances. An OS policy is used to define the desired state configuration for a Compute Engine VM instance through a set of configuration resources that provide capabilities such as installing or removing software packages, or executing a script. For more information about the OS policy resource definitions and examples, see OS policy and OS policy assignment.

To get more information about OSPolicyAssignment, see:

Example Usage - Os Config Os Policy Assignment Basic

resource "google_os_config_os_policy_assignment" "primary" {
  instance_filter {
    all = false
    exclusion_labels {
      labels = {
        label-two = "value-two"
      }
    }
    inclusion_labels {
      labels = {
        label-one = "value-one"
      }
    }
    inventories {
      os_short_name = "centos"
      os_version    = "8.*"
    }
  }

  location = "us-central1-a"
  name     = "policy-assignment"

  os_policies {
    id   = "policy"
    mode = "VALIDATION"

    resource_groups {
      resources {
        id = "apt-to-yum"

        repository {
          apt {
            archive_type = "DEB"
            components   = ["doc"]
            distribution = "debian"
            uri          = "https://atl.mirrors.clouvider.net/debian"
            gpg_key      = ".gnupg/pubring.kbx"
          }
        }
      }
      inventory_filters {
        os_short_name = "centos"
        os_version    = "8.*"
      }

      resources {
        id = "exec1"
        exec {
          validate {
            interpreter = "SHELL"
            args        = ["arg1"]
            file {
              local_path = "$HOME/script.sh"
            }
            output_file_path = "$HOME/out"
          }
          enforce {
            interpreter = "SHELL"
            args        = ["arg1"]
            file {
              allow_insecure = true
              remote {
                uri             = "https://www.example.com/script.sh"
                sha256_checksum = "c7938fed83afdccbb0e86a2a2e4cad7d5035012ca3214b4a61268393635c3063"
              }
            }
            output_file_path = "$HOME/out"
          }
        }
      }
    }
    allow_no_resource_group_match = false
    description                   = "A test os policy"
  }

  rollout {
    disruption_budget {
      percent = 100
    }

    min_wait_duration = "3s"
  }

  description = "A test os policy assignment"
}

Argument Reference

The following arguments are supported:

The os_policies block supports:

The resource_groups block supports:

The inventory_filters block supports:

The resources block supports:

The pkg block supports:

The apt block supports:

The deb block supports:

The source block supports:

The remote block supports:

The gcs block supports:

The yum block supports:

The zypper block supports:

The rpm block supports:

The source block supports:

The remote block supports:

The gcs block supports:

The googet block supports:

The msi block supports:

The source block supports:

The remote block supports:

The gcs block supports:

The repository block supports:

The apt block supports:

The yum block supports:

The zypper block supports:

The goo block supports:

The exec block supports:

The validate block supports:

The file block supports:

The remote block supports:

The gcs block supports:

The enforce block supports:

The file block supports:

The remote block supports:

The gcs block supports:

The file block supports:

The file block supports:

The remote block supports:

The gcs block supports:

The instance_filter block supports:

The inclusion_labels block supports:

The exclusion_labels block supports:

The inventories block supports:

The rollout block supports:

The disruption_budget block supports:


Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Timeouts

This resource provides the following Timeouts configuration options:

Import

OSPolicyAssignment can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import OSPolicyAssignment using one of the formats above. For example:

import {
  id = "projects/{{project}}/locations/{{location}}/osPolicyAssignments/{{name}}"
  to = google_os_config_os_policy_assignment.default
}

When using the terraform import command, OSPolicyAssignment can be imported using one of the formats above. For example:

$ terraform import google_os_config_os_policy_assignment.default projects/{{project}}/locations/{{location}}/osPolicyAssignments/{{name}}
$ terraform import google_os_config_os_policy_assignment.default {{project}}/{{location}}/{{name}}
$ terraform import google_os_config_os_policy_assignment.default {{location}}/{{name}}

User Project Overrides

This resource supports User Project Overrides.