1# Copyright 2021 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: osconfig.cnrm.cloud.google.com/v1beta1
16kind: OSConfigOSPolicyAssignment
17metadata:
18 name: osconfigospolicyassignment-sample-percentospolicyassignment
19spec:
20 projectRef:
21 # Replace ${PROJECT_ID?} with your project ID
22 external: "projects/${PROJECT_ID?}"
23 location: "us-west2-a"
24 description: "A test os policy assignment"
25 osPolicies:
26 - id: "policy"
27 mode: "VALIDATION"
28 resourceGroups:
29 - resources:
30 - id: "apt-to-yum"
31 repository:
32 apt:
33 archiveType: "DEB"
34 uri: "https://atl.mirrors.clouvider.net/debian"
35 distribution: "debian"
36 components:
37 - "doc"
38 gpgKey: ".gnupg/pubring.kbx"
39 - id: "yum"
40 repository:
41 yum:
42 id: "yum"
43 displayName: "yum"
44 baseUrl: "http://centos.s.uw.edu/centos/"
45 gpgKeys:
46 - "RPM-GPG-KEY-CentOS-7"
47 - id: "zypper"
48 repository:
49 zypper:
50 id: "zypper"
51 displayName: "zypper"
52 baseUrl: "http://mirror.dal10.us.leaseweb.net/opensuse"
53 gpgKeys:
54 - "sample-key-uri"
55 - id: "goo"
56 repository:
57 goo:
58 name: "goo"
59 url: "https://foo.com/googet/bar"
60 - id: "exec1"
61 exec:
62 validate:
63 args:
64 - "arg1"
65 interpreter: "SHELL"
66 outputFilePath: "$HOME/out"
67 file:
68 localPath: "$HOME/script.sh"
69 enforce:
70 args:
71 - "arg1"
72 interpreter: "SHELL"
73 outputFilePath: "$HOME/out"
74 file:
75 allowInsecure: true
76 remote:
77 uri: "https://www.example.com/script.sh"
78 sha256Checksum: "c7938fed83afdccbb0e86a2a2e4cad7d5035012ca3214b4a61268393635c3063"
79 - id: "exec2"
80 exec:
81 validate:
82 args:
83 - "arg1"
84 interpreter: "SHELL"
85 outputFilePath: "$HOME/out"
86 file:
87 allowInsecure: true
88 remote:
89 uri: "https://www.example.com/script.sh"
90 sha256Checksum: "c7938fed83afdccbb0e86a2a2e4cad7d5035012ca3214b4a61268393635c3063"
91 enforce:
92 args:
93 - "arg1"
94 interpreter: "SHELL"
95 outputFilePath: "$HOME/out"
96 file:
97 localPath: "$HOME/script.sh"
98 - id: "exec3"
99 exec:
100 validate:
101 interpreter: "SHELL"
102 outputFilePath: "$HOME/out"
103 file:
104 allowInsecure: true
105 gcs:
106 bucket: "test-bucket"
107 object: "test-object"
108 generation: 1
109 enforce:
110 interpreter: "SHELL"
111 outputFilePath: "$HOME/out"
112 script: "pwd"
113 - id: "exec4"
114 exec:
115 validate:
116 interpreter: "SHELL"
117 outputFilePath: "$HOME/out"
118 script: "pwd"
119 enforce:
120 interpreter: "SHELL"
121 outputFilePath: "$HOME/out"
122 file:
123 allowInsecure: true
124 gcs:
125 bucket: "test-bucket"
126 object: "test-object"
127 generation: 1
128 - id: "file1"
129 file:
130 path: "$HOME/file"
131 state: "PRESENT"
132 file:
133 localPath: "$HOME/file"
134 - resources:
135 - id: "file2"
136 file:
137 path: "$HOME/file"
138 state: "PRESENT"
139 permissions: "755"
140 file:
141 allowInsecure: true
142 remote:
143 uri: "https://www.example.com/file"
144 sha256Checksum: "c7938fed83afdccbb0e86a2a2e4cad7d5035012ca3214b4a61268393635c3063"
145 - id: "file3"
146 file:
147 path: "$HOME/file"
148 state: "PRESENT"
149 file:
150 gcs:
151 bucket: "test-bucket"
152 object: "test-object"
153 generation: 1
154 - id: "file4"
155 file:
156 path: "$HOME/file"
157 state: "PRESENT"
158 content: "sample-content"
159 instanceFilter:
160 all: true
161 rollout:
162 disruptionBudget:
163 percent: 1
164 minWaitDuration: "3.5s"
View as plain text