OS Config API

Name: OS Config API API
Brand: OS Config API
Availability: InStock

✓ Official Vendor SpecCloud InfrastructureComputeoauth217 EndpointsREST

For Agents

Manage VM patch deployments, OS policy assignments, and inventory across Google Cloud Compute Engine fleets.

Quickstart

Get started with OS Config API in minutes using your preferred integration method.

# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
  "jentic": {
    "url": "https://api.jentic.com/mcp",
    "auth": "oauth"
  }
}

# Then ask your agent:
"schedule a google cloud vm patch deployment"

# → Jentic returns the GET /events tool with parameter schema, agent executes.

Capabilities

What an agent can do with OS Config API API.

Schedule patch deployments with maintenance windows and reboot policies

Declare desired OS state via OS policy assignments and roll them out across zones

Pause and resume patch deployments and OS policy assignments mid-rollout

Read inventory of installed packages and detected vulnerabilities per VM

GET STARTED

Start building with OS Config API API

Explore with Jentic

View OpenAPI Document

Use for: Schedule a monthly patch deployment for production Linux VMs, Pause an in-flight OS policy rollout, List inventory of packages on a specific VM, Resume a previously paused patch deployment

Not supported: Does not provision VMs, run ad-hoc shell commands, or scan container images — use for declarative VM patching, OS policy assignment, and inventory only.

The OS Config API manages patch deployments, OS policy assignments, and inventory across Compute Engine VM fleets. It schedules patch jobs (with maintenance windows, reboot behaviour, and rollout strategies), declares desired OS state via OS Policies, and surfaces inventory and patch compliance per instance. Use it to keep Linux and Windows VM fleets compliant with security baselines and to drive scheduled patch rollouts. The spec exposes 17 endpoints.

Use Cases

Patterns agents use OS Config API API for, with concrete tasks.

★ Scheduled patch rollouts with maintenance windows

Schedule patch deployments that target a labelled fleet of VMs, restrict execution to defined maintenance windows, and choose whether to reboot. The OS Config API lets platform teams roll patches out in waves — for example dev first, then prod — and pause if early indicators look bad. This replaces ad-hoc SSH-and-apt scripts with a managed rollout plane.

Create a patch deployment named monthly-linux-prod that targets instances with label tier=prod and runs the third Sunday of the month between 02:00 and 04:00 UTC.

Desired-state OS policy management

Declare OS policies that assert package presence, file content, and shell-script execution on Linux and Windows VMs, then bind them to zones and instance filters via os policy assignments. The API tracks revisions so you can roll back to the prior policy if a change breaks workloads. Useful for fleets that need configuration drift detection without a separate config-management tool.

Create an OS policy assignment that ensures the package fail2ban is present on all Linux VMs in zone europe-west1-b, then list revisions to confirm the rollout.

Inventory and compliance reporting

Pull VM inventory — installed packages, configured services, and detected vulnerabilities — to feed compliance dashboards or security review tooling. The OS Config API surfaces inventories per instance plus aggregate patch compliance views, so an automation can produce a compliance score across thousands of VMs without remote command execution.

List inventory for every VM in zone us-central1-a, write the package list per instance to a Cloud Storage bucket, and flag any instance reporting a CRITICAL vulnerability.

Agent-driven patch operations via Jentic

An ops agent reacting to a CVE can use Jentic to schedule a patch deployment that closes the gap and watch the rollout via the operations endpoint. Credentials stay in the Jentic vault, so the agent runs under a scoped service-account token with audit trail. Useful for incident-response bots that need to mass-patch a fleet quickly.

Use Jentic to find the create-patch-deployment operation, load its schema, and schedule a one-off patch for tier=prod Linux VMs targeting CVE-2026-0001 within the next 4 hours.

Key Endpoints

17 endpoints — the os config api manages patch deployments, os policy assignments, and inventory across compute engine vm fleets.

METHOD

PATH

DESCRIPTION

POST

/v1/{+parent}/patchDeployments

Create a patch deployment

POST

/v1/{+name}:pause

Pause a patch deployment

POST

/v1/{+name}:resume

Resume a paused patch deployment

POST

/v1/{+parent}/osPolicyAssignments

Create an OS policy assignment

GET

/v1/{+name}:listRevisions

List OS policy assignment revisions

GET

/v1/{+parent}/inventories

List VM inventory

GET

/v1/{+parent}/instanceDetails

List per-instance compliance details

POST

/v1/{+parent}/patchDeployments

Create a patch deployment

POST

/v1/{+name}:pause

Pause a patch deployment

POST

/v1/{+name}:resume

Resume a paused patch deployment

POST

/v1/{+parent}/osPolicyAssignments

Create an OS policy assignment

GET

/v1/{+name}:listRevisions

List OS policy assignment revisions

Why though Jentic?

Three things that make agents converge on Jentic-routed access.

Credential isolation

Google OAuth 2.0 tokens are minted from a service account stored in the Jentic vault (MAXsystem). Agents act under scoped, short-lived tokens — the service-account key never enters their context.

Intent-based discovery

Agents search Jentic with intents like schedule patch deployment or apply os policy and Jentic returns the matching OS Config operation, its scopes, and its input schema.

Time to first call

Direct integration: 1-2 days for OAuth, instance filters, and operation polling. Through Jentic: under 30 minutes — search, load, execute.

Related APIs

Alternatives and complements available in the Jentic catalogue.

Complementary

Compute Engine API

Compute Engine owns the VM instances that OS Config patches and configures

Use Compute Engine when the agent needs to create, resize, or label VMs; use OS Config to keep them patched and configured.

Complementary

On-Demand Scanning API

On-Demand Scanning surfaces container CVEs that can drive OS Config patch decisions for hosts

Use On-Demand Scanning for container image vulnerabilities; use OS Config for the host OS package patching that closes related gaps.

Alternative

Container Analysis API

Container Analysis offers vulnerability data on artefacts rather than running VMs

Use Container Analysis when the unit of patching is an image; use OS Config when the unit is a running VM.

FAQs

Specific to using OS Config API API through Jentic.

What authentication does the OS Config API use?

The API uses Google OAuth 2.0 with the cloud-platform scope. Through Jentic, tokens are minted from a service account stored in the Jentic vault so agents never see raw credentials.

Can I target VMs by label with patch deployments?

Yes. The patch deployment instanceFilter accepts label selectors and zone filters, so you can scope a deployment to tier=prod or env=staging across selected zones.

What are the rate limits for the OS Config API?

Google Cloud applies per-project quotas on patch and OS policy mutations. Treat large rollouts as long-running — patch jobs and OS policy assignments return operations that need polling rather than retry on failure.

How do I pause a patch deployment through Jentic?

Search Jentic for pause patch deployment, load the schema for POST /v1/{+name}:pause, and execute it with the deployment resource name. Resume later with the matching :resume call.

Does this API run arbitrary commands on a VM?

Only via OS policy resources of type ExecResource and only as part of a declared policy. Ad-hoc command execution belongs in different products (SSH, IAP) — this API is for declarative state and patch orchestration.

How do I check patch compliance for a project?

Call GET /v1/{+parent}/instanceDetails for an OS policy assignment to see per-instance compliance, or pull patchJob status for the latest patch deployment run to see fleet-level results.