PatchConfig

Patch configuration specifications. Contains details on how to apply the patch(es) to a VM instance.

JSON representation

JSON representation
{"rebootConfig":enum (`RebootConfig`),"apt":{object (`AptSettings`)},"yum":{object (`YumSettings`)},"goo":{object (`GooSettings`)},"zypper":{object (`ZypperSettings`)},"windowsUpdate":{object (`WindowsUpdateSettings`)},"preStep":{object (`ExecStep`)},"postStep":{object (`ExecStep`)},"migInstancesAllowed":boolean,"skipUnpatchableVms":boolean}

{"rebootConfig":enum (RebootConfig),"apt":{object (AptSettings)},"yum":{object (YumSettings)},"goo":{object (GooSettings)},"zypper":{object (ZypperSettings)},"windowsUpdate":{object (WindowsUpdateSettings)},"preStep":{object (ExecStep)},"postStep":{object (ExecStep)},"migInstancesAllowed":boolean,"skipUnpatchableVms":boolean}

Fields
`rebootConfig`	`enum (RebootConfig)` Post-patch reboot settings.
`apt`	`object (AptSettings)` Apt update settings. Use this setting to override the default`apt` patch rules.
`yum`	`object (YumSettings)` Yum update settings. Use this setting to override the default`yum` patch rules.
`goo`	`object (GooSettings)` Goo update settings. Use this setting to override the default`goo` patch rules.
`zypper`	`object (ZypperSettings)` Zypper update settings. Use this setting to override the default`zypper` patch rules.
`windowsUpdate`	`object (WindowsUpdateSettings)` Windows update settings. Use this override the default windows patch rules.
`preStep`	`object (ExecStep)` The`ExecStep` to run before the patch update.
`postStep`	`object (ExecStep)` The`ExecStep` to run after the patch update.
`migInstancesAllowed`	`boolean` Allows the patch job to run on Managed instance groups (MIGs).
`skipUnpatchableVms`	`boolean` Optional. Enables enhanced reporting for the patch job: Allows the patch job to skip unpatchable instances, reporting them as`SKIPPED`. An instance can be unpatchable for two reasons: The instance runs Container-Optimized OS (COS), which cannot be patched. The instance is part of a managed instance group (MIG), and patching MIG instances is disabled in the patch job's configuration (`PatchConfig.migInstancesAllowed` is`false`). Reports the patch job as`SUCCEEDED` if it completes without errors, even if some instances were`SKIPPED`. Reports the patch job as`COMPLETED_WITH_INACTIVE_VMS` if it completes without errors, but some instances were`INACTIVE` and were not patched.

RebootConfig

Post-patch reboot settings.

Enums
`REBOOT_CONFIG_UNSPECIFIED`	The default behavior is DEFAULT.
`DEFAULT`	The agent decides if a reboot is necessary by checking signals such as registry keys on Windows or`/var/run/reboot-required` on APT based systems. On RPM based systems, a set of core system package install times are compared with system boot time.
`ALWAYS`	Always reboot the machine after the update completes.
`NEVER`	Never reboot the machine after the update completes.

AptSettings

Apt patching is completed by executingapt-get update && apt-get upgrade. Additional options can be set to control how this is executed.

JSON representation
{"type":enum (`Type`),"excludes":[string],"exclusivePackages":[string]}

Fields

Fields
`type`	`enum (Type)` By changing the type to DIST, the patching is performed using`apt-get dist-upgrade` instead.
`excludes[]`	`string` List of packages to exclude from update. These packages will be excluded
`exclusivePackages[]`	`string` An exclusive list of packages to be updated. These are the only packages that will be updated. If these packages are not installed, they will be ignored. This field cannot be specified with any other patch configuration fields.

type

enum (Type)

By changing the type to DIST, the patching is performed usingapt-get dist-upgrade instead.

excludes[]

string

List of packages to exclude from update. These packages will be excluded

exclusivePackages[]

string

An exclusive list of packages to be updated. These are the only packages that will be updated. If these packages are not installed, they will be ignored. This field cannot be specified with any other patch configuration fields.

Type

Apt patch type.

Enums
`TYPE_UNSPECIFIED`	By default, upgrade will be performed.
`DIST`	Runs`apt-get dist-upgrade`.
`UPGRADE`	Runs`apt-get upgrade`.

YumSettings

Yum patching is performed by executingyum update. Additional options can be set to control how this is executed.

Note that not all settings are supported on all platforms.

JSON representation
{"security":boolean,"minimal":boolean,"excludes":[string],"exclusivePackages":[string]}

Fields
`security`	`boolean` Adds the`--security` flag to`yum update`. Not supported on all platforms.
`minimal`	`boolean` Will cause patch to run`yum update-minimal` instead.
`excludes[]`	`string` List of packages to exclude from update. These packages are excluded by using the yum`--exclude` flag.
`exclusivePackages[]`	`string` An exclusive list of packages to be updated. These are the only packages that will be updated. If these packages are not installed, they will be ignored. This field must not be specified with any other patch configuration fields.

GooSettings

This type has no fields.

Googet patching is performed by runninggooget update.

ZypperSettings

Zypper patching is performed by runningzypper patch. See alsohttps://en.opensuse.org/SDB:Zypper_manual.

JSON representation
{"withOptional":boolean,"withUpdate":boolean,"categories":[string],"severities":[string],"excludes":[string],"exclusivePatches":[string]}

Fields
`withOptional`	`boolean` Adds the`--with-optional` flag to`zypper patch`.
`withUpdate`	`boolean` Adds the`--with-update` flag, to`zypper patch`.
`categories[]`	`string` Install only patches with these categories. Common categories include security, recommended, and feature.
`severities[]`	`string` Install only patches with these severities. Common severities include critical, important, moderate, and low.
`excludes[]`	`string` List of patches to exclude from update.
`exclusivePatches[]`	`string` An exclusive list of patches to be updated. These are the only patches that will be installed using 'zypper patch patch:' command. This field must not be used with any other patch configuration fields.

WindowsUpdateSettings

Windows patching is performed using the Windows Update Agent.

JSON representation
{"classifications":[enum (`Classification`)],"excludes":[string],"exclusivePatches":[string]}

Fields

Fields
`classifications[]`	`enum (Classification)` Only apply updates of these windows update classifications. If empty, all updates are applied.
`excludes[]`	`string` List of KBs to exclude from update.
`exclusivePatches[]`	`string` An exclusive list of kbs to be updated. These are the only patches that will be updated. This field must not be used with other patch configurations.

classifications[]

enum (Classification)

Only apply updates of these windows update classifications. If empty, all updates are applied.

excludes[]

string

List of KBs to exclude from update.

exclusivePatches[]

string

An exclusive list of kbs to be updated. These are the only patches that will be updated. This field must not be used with other patch configurations.

Classification

Microsoft Windows update classifications as defined in [1]https://support.microsoft.com/en-us/help/824684/description-of-the-standard-terminology-that-is-used-to-describe-micro

Enums
`CLASSIFICATION_UNSPECIFIED`	Invalid. If classifications are included, they must be specified.
`CRITICAL`	"A widely released fix for a specific problem that addresses a critical, non-security-related bug." [1]
`SECURITY`	"A widely released fix for a product-specific, security-related vulnerability. Security vulnerabilities are rated by their severity. The severity rating is indicated in the Microsoft security bulletin as critical, important, moderate, or low." [1]
`DEFINITION`	"A widely released and frequent software update that contains additions to a product's definition database. Definition databases are often used to detect objects that have specific attributes, such as malicious code, phishing websites, or junk mail." [1]
`DRIVER`	"Software that controls the input and output of a device." [1]
`FEATURE_PACK`	"New product functionality that is first distributed outside the context of a product release and that is typically included in the next full product release." [1]
`SERVICE_PACK`	"A tested, cumulative set of all hotfixes, security updates, critical updates, and updates. Additionally, service packs may contain additional fixes for problems that are found internally since the release of the product. Service packs my also contain a limited number of customer-requested design changes or features." [1]
`TOOL`	"A utility or feature that helps complete a task or set of tasks." [1]
`UPDATE_ROLLUP`	"A tested, cumulative set of hotfixes, security updates, critical updates, and updates that are packaged together for easy deployment. A rollup generally targets a specific area, such as security, or a component of a product, such as Internet Information Services (IIS)." [1]
`UPDATE`	"A widely released fix for a specific problem. An update addresses a noncritical, non-security-related bug." [1]

ExecStep

A step that runs an executable for a PatchJob.

JSON representation
{"linuxExecStepConfig":{object (`ExecStepConfig`)},"windowsExecStepConfig":{object (`ExecStepConfig`)}}

Fields

Fields
`linuxExecStepConfig`	`object (ExecStepConfig)` The ExecStepConfig for all Linux VMs targeted by the PatchJob.
`windowsExecStepConfig`	`object (ExecStepConfig)` The ExecStepConfig for all Windows VMs targeted by the PatchJob.

linuxExecStepConfig

object (ExecStepConfig)

The ExecStepConfig for all Linux VMs targeted by the PatchJob.

windowsExecStepConfig

object (ExecStepConfig)

The ExecStepConfig for all Windows VMs targeted by the PatchJob.

ExecStepConfig

Common configurations for an ExecStep.

JSON representation

JSON representation
{"allowedSuccessCodes":[integer],"interpreter":enum (`Interpreter`),// Union field`executable` can be only one of the following:"localPath":string,"gcsObject":{object (`GcsObject`)}// End of list of possible types for union field`executable`.}

{"allowedSuccessCodes":[integer],"interpreter":enum (Interpreter),// Union fieldexecutable can be only one of the following:"localPath":string,"gcsObject":{object (GcsObject)}// End of list of possible types for union fieldexecutable.}

Fields
`allowedSuccessCodes[]`	`integer` Defaults to [0]. A list of possible return values that the execution can return to indicate a success.
`interpreter`	`enum (Interpreter)` The script interpreter to use to run the script. If no interpreter is specified the script will be executed directly, which will likely only succeed for scripts withshebang lines.
Union field`executable`. Location of the executable.`executable` can be only one of the following:
`localPath`	`string` An absolute path to the executable on the VM.
`gcsObject`	`object (GcsObject)` A Cloud Storage object containing the executable.

GcsObject

Cloud Storage object representation.

JSON representation
{"bucket":string,"object":string,"generationNumber":string}

Fields

Fields
`bucket`	`string` Required. Bucket of the Cloud Storage object.
`object`	`string` Required. Name of the Cloud Storage object.
`generationNumber`	`string (int64 format)` Required. Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change.

bucket

string

Required. Bucket of the Cloud Storage object.

object

string

Required. Name of the Cloud Storage object.

generationNumber

string (int64 format)

Required. Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change.

Interpreter

The interpreter used to run the file.

Enums
`INTERPRETER_UNSPECIFIED`	If the interpreter is not specified, the value defaults to`NONE`.
`NONE`	Indicates that the file is run as follows on each operating system: + For Linux VMs, the file is ran as an executable and the interpreter might be parsed from the [shebang line](https://wikipedia.org/wiki/Shebang_(Unix)) of the file. + For Windows VM, this value is not supported.
`SHELL`	Indicates that the file is run with`/bin/sh` on Linux and`cmd` on Windows.
`POWERSHELL`	Indicates that the file is run with PowerShell.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-11-17 UTC.

Movatterモバイル変換

PatchConfig Stay organized with collections Save and categorize content based on your preferences.

RebootConfig

AptSettings

Type

YumSettings

GooSettings

ZypperSettings

WindowsUpdateSettings

Classification

ExecStep

ExecStepConfig

GcsObject

Interpreter

PatchConfig