I am able to display the OSConfig guest policies that are applied to a Google Cloud Platform (GCP) Compute Engine (GCE) instance ($GCE_INSTANCE_NAME) using the Cloud SDK (gcloud):
gcloud beta compute os-config guest-policies lookup \
$GCE_INSTANCE_NAME \
--zone=$GCE_INSTANCE_ZONE
#=>
┌──────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ SOFTWARE RECIPES │
├───────────────────────────────────────────────────────────┬────────────────────┬─────────┬───────────────┤
│ SOURCE │ NAME │ VERSION │ DESIRED_STATE │
├───────────────────────────────────────────────────────────┼────────────────────┼─────────┼───────────────┤
│ projects/$GCP_PROJECT_ID/guestPolicies/. . . │ . . . │ . . . │ . . . │
│ projects/$GCP_PROJECT_ID/guestPolicies/$GUEST_POLICY_NAME │ $GUEST_POLICY_NAME │ 1.0 │ INSTALLED │
│ projects/$GCP_PROJECT_ID/guestPolicies/. . . │ . . . │ . . . │ . . . │
└───────────────────────────────────────────────────────────┴────────────────────┴─────────┴───────────────┘
How would I retrieve the same response using the REST API? The lookup method seems to be missing from the projects.guestPolicies resource page here.
You're looking for the projects.zones.instances.lookupEffectiveGuestPolicy REST method, found here.
An example for a guest policy that installs software on any version of Ubuntu:
curl \
--data-raw '{ "osArchitecture": "", "osShortName": "UBUNTU", "osVersion": "" }' \
--header "Authorization: Bearer $(gcloud auth print-access-token)" \
--header 'Content-Type: text/plain' \
--location \
--request POST \
"https://osconfig.googleapis.com/v1beta/projects/$GCP_PROJECT_NUMBER/zones/$GCE_INSTANCE_ZONE/instances/$GCE_INSTANCE_NAME:lookupEffectiveGuestPolicy"
#=>
{
"softwareRecipes": [
. . .
{
"source": "projects/$GCP_PROJECT_NUMBER/guestPolicies/$GUEST_POLICY_NAME",
"softwareRecipe": {
"name": "$GUEST_POLICY_NAME",
"version": "1.0",
. . .
"desiredState": "INSTALLED"
}
},
. . .
]
}
Note: $GCP_PROJECT_NUMBER is different than $GCP_PROJECT_ID:
gcloud projects describe $GCP_PROJECT_NAME
#=>
. . .
projectId: $GCP_PROJECT_ID
projectNumber: "$GCP_PROJECT_NUMBER"
Note: The values for the POST body keys
"osArchitecture""osShortName""osVersion"can be found for $GUEST_POLICY_NAME using either gcloud:
gcloud beta compute os-config guest-policies describe \
$GUEST_POLICY_NAME \
--flatten="assignment.osTypes" \
--format="table[box](assignment.osTypes.osArchitecture,
assignment.osTypes.osShortName,
assignment.osTypes.osVersion)"
#=>
┌─────────────────┬───────────────┬────────────┐
│ OS_ARCHITECTURE │ OS_SHORT_NAME │ OS_VERSION │
├─────────────────┼───────────────┼────────────┤
│ . . . │ . . . │ . . . │
│ │ UBUNTU │ │
│ . . . │ . . . │ . . . │
└─────────────────┴───────────────┴────────────┘
or the REST API:
curl \
--header "Authorization: Bearer $(gcloud auth print-access-token)" \
--location \
--request GET \
"https://osconfig.googleapis.com/v1beta/projects/$GCP_PROJECT_NUMBER/guestPolicies/$GUEST_POLICY_NAME"
#=>
{
. . .
"assignment": {
. . .
"osTypes": [
. . .
{
"osShortName": "UBUNTU"
}
. . .
]
. . .
},
. . .
}
Note: if "osArchitecture" and/or "osVersion" are missing or blank, you should leave these values as empty strings when using the REST method above ("").