From 07a2bad809f35765c9941dd2dd63755e1c5d03a6 Mon Sep 17 00:00:00 2001 From: Venkat Reddy Marepally <102700175+vrmare@users.noreply.github.com> Date: Wed, 1 Oct 2025 14:45:35 -0700 Subject: [PATCH] feat: templates and app-protect signatures api --- static/nginx-one/api/one.json | 6210 +++++++++++++++++++++------------ 1 file changed, 3978 insertions(+), 2232 deletions(-) diff --git a/static/nginx-one/api/one.json b/static/nginx-one/api/one.json index 00154c9a0..3440c9564 100644 --- a/static/nginx-one/api/one.json +++ b/static/nginx-one/api/one.json @@ -18,6 +18,14 @@ "default": "tenant-example" } } + }, + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + } } ], "tags": [ @@ -74,6 +82,11 @@ "name": "NGINX App Protect", "description": "Manage and publish security policies on your NGINX data plane instances.\n", "x-displayName": "NGINX App Protect" + }, + { + "name": "Templates", + "description": "**⚠️ Experimental API** - This API is in active development and subject to breaking changes.\n\n* Import, list, and retrieve NGINX configuration templates.\n* Generate and preview full NGINX configurations by composing templates, before saving it as a staged config.\n", + "x-displayName": "Templates" } ], "paths": { @@ -558,6 +571,58 @@ } } }, + "patch": { + "x-nginx-one-action": "bulk", + "x-nginx-one-entity": "NGINX certificate", + "tags": [ + "Certificates" + ], + "summary": "Bulk operation on multiple managed certificates", + "operationId": "bulkCertificates", + "description": "Performs bulk operation on one or more managed certificates, only delete is supported.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CertificateBulkRequest" + } + } + } + }, + "responses": { + "200": { + "description": "Batch request completed.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CertificateBulkResponse" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, "post": { "x-nginx-one-action": "create", "x-nginx-one-entity": "NGINX certificate", @@ -965,7 +1030,70 @@ } } }, - "/config-report": {}, + "/config-report": { + "post": { + "x-nginx-one-action": "analyze", + "x-nginx-one-entity": "NGINX configuration", + "tags": [ + "Staged Configs" + ], + "summary": "Generate an analysis report for the provided NGINX configuration", + "operationId": "analyzeNginxConfig", + "description": "Returns an analysis report for the provided NGINX configuration. This report includes insights, identified issues, and recommendations for optimizing and troubleshooting. Note that this operation is for analysis purposes only and does not affect any resources. The report is not stored and is provided only in the API response.\n", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NginxConfigRequest" + } + } + } + }, + "responses": { + "200": { + "description": "Successfully analyzed the provided NGINX configuration.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NginxConfigReports" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, "/config-sync-groups": { "get": { "tags": [ @@ -3315,7 +3443,6 @@ }, "/staged-configs": { "get": { - "x-feature-flag": "staged-configs", "tags": [ "Staged Configs" ], @@ -3381,8 +3508,59 @@ } } }, + "patch": { + "x-nginx-one-action": "bulk", + "x-nginx-one-entity": "NGINX staged configs", + "tags": [ + "Staged Configs" + ], + "summary": "Bulk operation on multiple staged configs", + "operationId": "bulkStagedConfigs", + "description": "Performs bulk operation on one or more staged configs, only delete is supported.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/StagedConfigBulkRequest" + } + } + } + }, + "responses": { + "200": { + "description": "Batch request completed.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/StagedConfigBulkResponse" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, "post": { - "x-feature-flag": "staged-configs", "x-nginx-one-action": "create", "x-nginx-one-entity": "NGINX staged configs", "tags": [ @@ -3447,7 +3625,6 @@ }, "/staged-configs/{stagedConfigObjectID}": { "delete": { - "x-feature-flag": "staged-configs", "x-nginx-one-action": "delete", "x-nginx-one-entity": "NGINX staged config", "tags": [ @@ -3493,7 +3670,6 @@ } }, "get": { - "x-feature-flag": "staged-configs", "tags": [ "Staged Configs" ], @@ -3554,7 +3730,6 @@ "tags": [ "Staged Configs" ], - "x-feature-flag": "staged-configs", "summary": "Retrieve an NGINX staged config", "description": "Retrieve the details for an NGINX staged config.\n", "operationId": "getStagedConfig", @@ -3610,7 +3785,6 @@ "tags": [ "Staged Configs" ], - "x-feature-flag": "staged-configs", "x-nginx-one-action": "update", "x-nginx-one-entity": "NGINX staged config", "summary": "Apply partial updates to staged config", @@ -3693,7 +3867,6 @@ "tags": [ "Staged Configs" ], - "x-feature-flag": "staged-configs", "x-nginx-one-action": "create", "x-nginx-one-entity": "NGINX staged config", "summary": "Replace existing state", @@ -3768,7 +3941,6 @@ "tags": [ "Staged Configs" ], - "x-feature-flag": "staged-configs", "summary": "Retrieve an analysis report for the NGINX staged config", "description": "Analyzes the NGINX staged config and returns a detailed report.\nThe report includes insights, identified issues, and recommendations for optimizing and troubleshooting.\n", "operationId": "getStagedConfigReport", @@ -3814,7 +3986,6 @@ } ], "patch": { - "x-feature-flag": "staged-configs", "x-nginx-one-action": "analyze", "x-nginx-one-entity": "NGINX staged configuration", "tags": [ @@ -3887,49 +4058,36 @@ } } }, - "/monitor/metrics_query_topx": { - "post": { + "/staged-configs/{stagedConfigObjectID}/export": { + "get": { + "parameters": [ + { + "$ref": "#/components/parameters/StagedConfigParamObjectID" + } + ], "tags": [ - "Metrics" + "Staged Configs" ], - "summary": "Retrieve system metrics for instances with series limit", - "operationId": "queryMetricsInputTopX", - "description": "Returns (up to 10,000) system metrics for NGINX instances with series limit based on query parameters.\n\nYou can filter metrics by name and timestamp, aggregate metrics over a configurable period of time, and group metrics by dimension.\n", - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/MetricTopXQueryRequest" - }, - "example": { - "start_time": "now-1h", - "end_time": "now", - "resolution": "1m", - "metrics": [ - { - "aggregate": "sum", - "name": "nginx.http.request.count" - } - ], - "series_limit": 1, - "group_series_by": "instance_object_id" - } - } - } - }, + "x-nginx-one-action": "export", + "x-nginx-one-entity": "NGINX staged config", + "summary": "Export staged configuration", + "description": "Exports staged configuration as a gzipped tar archive. Does not include sensitive data such as SSL certificates. [Learn more](https://docs.nginx.com/nginx-one/how-to/staged-configs/import-export-staged-config/).\n", + "operationId": "exportStagedConfig", "responses": { "200": { - "description": "Successfully retrieved system metrics.", + "description": "Successfully exported the staged configuration.", "content": { - "application/json": { + "application/gzip": { "schema": { - "$ref": "#/components/schemas/MetricQueryResultEx" + "type": "string", + "format": "binary", + "example": "my-staged-config-2025-01-01T20_25_03.tar.gz" } } } }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "401": { + "description": "Access denied", "content": { "application/json": { "schema": { @@ -3939,7 +4097,7 @@ } }, "404": { - "description": "The requested metric resource was not found. Check that the resource name provided is correct and corresponds to an existing resource.", + "description": "The NGINX staged config with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -3961,70 +4119,228 @@ } } }, - "/settings/instance-cleanup": { - "get": { + "/staged-configs/import": { + "post": { "tags": [ - "Settings" + "Staged Configs" ], - "summary": "Retrieve settings", - "description": "Retrieves settings for NGINX Instance cleanup\n", - "operationId": "getSettingInstanceCleanup", - "responses": { - "200": { - "description": "Successfully retrieved the setting for NGINX Instance cleanup.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/SettingsInstanceCleanup" - } - } - } - }, - "400": { - "$ref": "#/components/responses/InvalidRequest" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" + "x-nginx-one-action": "import", + "x-nginx-one-entity": "NGINX staged config", + "summary": "Import staged configuration\n", + "description": "Imports a gzipped tar archive (.tar.gz) containing configuration and aux files into NGINX One. \nOnly non-hidden files are included in the import.\n\nMaximum compressed archive size: **5 MB**\nMaximum uncompressed individual file size: **10 MB**\n\nIf `parse_only` is set to `true`, the configuration is only validated and not staged.\nBy default, validation is performed and a staged configuration is created upon success.\n", + "parameters": [ + { + "$ref": "#/components/parameters/StagedConfigImportParseOnly" } - } - }, - "put": { - "x-nginx-one-action": "update", - "x-nginx-one-entity": "NGINX Instance Cleanup Setting", - "tags": [ - "Settings" ], - "summary": "Update settings", - "description": "Update settings for NGINX Instance cleanup\n", - "operationId": "updateSettingInstanceCleanup", + "operationId": "importStagedConfig", "requestBody": { "required": true, "content": { - "application/json": { + "multipart/form-data": { "schema": { - "$ref": "#/components/schemas/SettingsInstanceCleanup" + "$ref": "#/components/schemas/StagedConfigImportRequest" + }, + "encoding": { + "file": { + "contentType": "application/gzip, application/x-gzip" + } } } } }, "responses": { "200": { - "description": "Successfully updated settings for NGINX Instance cleanup.", + "description": "Return if `parse_only` is `true`: Returns data matching `StagedConfigCreateRequest` that can be used to create the staged config later. \n", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/SettingsInstanceCleanup" + "$ref": "#/components/schemas/StagedConfigCreateRequest" } } } }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/app-protect/policies": { + "201": { + "description": "Return if `parse_only` is `false` or omitted: Confirms the import parsed successfully and the staged config was created.\n", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/StagedConfigCreateResponse" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/monitor/metrics_query_topx": { + "post": { + "tags": [ + "Metrics" + ], + "summary": "Retrieve system metrics for instances with series limit", + "operationId": "queryMetricsInputTopX", + "description": "Returns (up to 10,000) system metrics for NGINX instances with series limit based on query parameters.\n\nYou can filter metrics by name and timestamp, aggregate metrics over a configurable period of time, and group metrics by dimension.\n", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/MetricTopXQueryRequest" + }, + "example": { + "start_time": "now-1h", + "end_time": "now", + "resolution": "1m", + "metrics": [ + { + "aggregate": "sum", + "name": "nginx.http.request.count" + } + ], + "series_limit": 1, + "group_series_by": "instance_object_id" + } + } + } + }, + "responses": { + "200": { + "description": "Successfully retrieved system metrics.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/MetricQueryResultEx" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The requested metric resource was not found. Check that the resource name provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/settings/instance-cleanup": { + "get": { + "tags": [ + "Settings" + ], + "summary": "Retrieve settings", + "description": "Retrieves settings for NGINX Instance cleanup\n", + "operationId": "getSettingInstanceCleanup", + "responses": { + "200": { + "description": "Successfully retrieved the setting for NGINX Instance cleanup.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SettingsInstanceCleanup" + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + }, + "put": { + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX Instance Cleanup Setting", + "tags": [ + "Settings" + ], + "summary": "Update settings", + "description": "Update settings for NGINX Instance cleanup\n", + "operationId": "updateSettingInstanceCleanup", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SettingsInstanceCleanup" + } + } + } + }, + "responses": { + "200": { + "description": "Successfully updated settings for NGINX Instance cleanup.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SettingsInstanceCleanup" + } + } + } + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/app-protect/policies": { "get": { "tags": [ "NGINX App Protect" @@ -4771,58 +5087,521 @@ } } } - } - }, - "components": { - "parameters": { - "Paginated": { - "name": "paginated", - "in": "query", - "schema": { - "type": "boolean", - "default": true - }, - "description": "A boolean indicating if the results should be presented as a paginated list. Defaults to `true`. \nWhen set to `false` a maximum of 3000 results are returned.\n", - "required": false - }, - "Limit": { - "name": "limit", - "in": "query", - "schema": { - "type": "integer", - "minimum": 0 - }, - "description": "An integer that specifies the maximum number of items to be returned. \nSetting this to `0` will result in no items being returned, but a total count will still be provided. \nThis parameter is not applicable if `paginated` is `false`.\n", - "required": false - }, - "Offset": { - "name": "offset", - "in": "query", - "schema": { - "type": "integer", - "minimum": 1 - }, - "description": "An integer that specifies the starting position of the results, starting at `1`.\nThis parameter is not applicable if `paginated` is `false`.\n" - }, - "FilterFieldDataPlaneKeys": { - "name": "filter_fields", - "in": "query", - "description": "Filter options for data plane keys; used in conjunction with other filter parameters having the same array length.\n\nWhen filtering on `status`, only the following `filter_values` are supported:\n * revoked\n * expired\n * valid\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameDataPlaneKeys" + }, + "/app-protect/signature-sets": { + "get": { + "x-feature-flag": "nap-waf-m3", + "tags": [ + "NGINX App Protect" + ], + "summary": "List NGINX App Protect signature sets", + "description": "Returns NGINX App Protect signature sets. Signature sets are predefined or user-defined groups of detection mechanisms (signatures) \nthat identify specific attack types, such as SQL injection, Cross-Site Scripting (XSS), or other web-based threats.\n", + "operationId": "listSignatureSets", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameNapSignatureSets" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldNapSignatureSets" + } + ], + "responses": { + "200": { + "description": "Successfully returned signature sets.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapSignatureSetListResponse" + } + } + } + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/app-protect/signature-sets/{signatureSetObjectID}": { + "get": { + "x-feature-flag": "nap-waf-m3", + "tags": [ + "NGINX App Protect" + ], + "summary": "Retrieve a NGINX App Protect signature set", + "description": "Returns a NGINX App Protect signature set. Signature sets are predefined or user-defined groups of detection \nmechanisms (signatures) that identify specific attack types, such as SQL injection, Cross-Site Scripting (XSS), \nor other web-based threats.\n", + "operationId": "getSignatureSet", + "parameters": [ + { + "$ref": "#/components/parameters/NapSignatureSetObjectID" + } + ], + "responses": { + "200": { + "description": "Successfully returned Signature Sets.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapSignatureSet" + } + } + } + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/app-protect/signature-sets/{signatureSetObjectID}/signatures": { + "get": { + "x-feature-flag": "nap-waf-m3", + "tags": [ + "NGINX App Protect" + ], + "summary": "List NGINX App Protect signatures in the specified signature set.", + "description": "Returns a list of signatures in the NGINX App Protect signature set.\n", + "operationId": "listSignatureSetSignatures", + "parameters": [ + { + "$ref": "#/components/parameters/NapSignatureSetObjectID" + } + ], + "responses": { + "200": { + "description": "Successfully returned signatures for signature set.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NapSignatureMeta" + } + } + } + } + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/app-protect/signatures": { + "get": { + "x-feature-flag": "nap-waf-m3", + "tags": [ + "NGINX App Protect" + ], + "summary": "List Signatures", + "description": "Returns signatures. A signature is a predefined detection rule that identifies specific attack patterns or\ncharacteristics commonly associated with web application security threats.\n", + "operationId": "listSignatures", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameNapSignatures" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldNapSignatures" + } + ], + "responses": { + "200": { + "description": "Successfully returned list of signatures.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapSignatureListResponse" + } + } + } + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/app-protect/signatures/{signatureID}": { + "get": { + "x-feature-flag": "nap-waf-m3", + "tags": [ + "NGINX App Protect" + ], + "summary": "Retrieve a NGINX App Protect signature.", + "description": "A signature is a predefined detection rule that identifies specific attack patterns or characteristics commonly \nassociated with web application security threats.\n", + "parameters": [ + { + "$ref": "#/components/parameters/NapSignatureID" + } + ], + "operationId": "getSignature", + "responses": { + "200": { + "description": "Successfully returned the specified signature.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapSignature" + } + } + } + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/templates": { + "get": { + "x-feature-flag": "templates-m1", + "tags": [ + "Templates" + ], + "summary": "List Templates", + "description": "Retrieves a list of templates.\n", + "operationId": "listTemplates", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameTemplates" + } + ], + "responses": { + "200": { + "description": "Successfully returned list of templates.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplatesListResponse" + } + } + } + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/templates/{templateObjectID}": { + "delete": { + "x-feature-flag": "templates-m1", + "tags": [ + "Templates" + ], + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "NGINX config templates", + "summary": "Delete a Template", + "description": "Deletes an NGINX configuration template by its unique identifier.\n", + "operationId": "deleteTemplate", + "parameters": [ + { + "$ref": "#/components/parameters/TemplateParamObjectID" + } + ], + "responses": { + "204": { + "description": "Successfully deleted the template." + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "Template with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } } } }, - "FilterOperands": { - "name": "filter_ops", - "in": "query", - "description": "An array of strings defining the operands for filtering, to be used in conjunction with `filter_fields` and `filter_values`. \nAll filter parameters must have matching array lengths. Currently, the only supported operand is `\"IN\"`.\n", - "schema": { - "$ref": "#/components/schemas/FilterOperands" - } - }, + "get": { + "x-feature-flag": "templates-m1", + "tags": [ + "Templates" + ], + "summary": "Retrieve a Template", + "description": "Retrieves detailed information about a template by its unique identifier.\n", + "parameters": [ + { + "$ref": "#/components/parameters/TemplateParamObjectID" + } + ], + "operationId": "getTemplate", + "responses": { + "200": { + "description": "Successfully returned details of the specified template.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateDetails" + } + } + } + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/templates/import": { + "post": { + "tags": [ + "Templates" + ], + "x-feature-flag": "templates-m1", + "x-nginx-one-action": "import", + "x-nginx-one-entity": "NGINX config templates", + "summary": "Import a template\n", + "description": "Imports a new template from a `.tar.gz` archive.\n\nUpon successful validation, the template will be created and made available for use.\n\n**Size limits:**\n- Maximum compressed archive size: 1 MB\n- Maximum uncompressed file size (per file): 5 MB\n\nRefer to the [Template Authoring Guide](**link**) for best practices on writing Go-based NGINX templates.\n", + "operationId": "importTemplate", + "requestBody": { + "required": true, + "content": { + "multipart/form-data": { + "schema": { + "$ref": "#/components/schemas/TemplateImportRequest" + }, + "encoding": { + "file": { + "contentType": "application/gzip, application/x-gzip" + } + }, + "examples": { + "TemplateBaseExample": { + "$ref": "#/components/examples/TemplateBaseSummary" + }, + "TemplateAugmentExample": { + "$ref": "#/components/examples/TemplateAugmentSummary" + } + } + } + } + }, + "responses": { + "201": { + "description": "Successfully imported and created the template.\n", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateSummary" + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/templates/submissions": { + "post": { + "x-feature-flag": "templates-m1", + "tags": [ + "Templates" + ], + "summary": "Submit templates for previewing NGINX configuration.", + "description": "Submits a set of templates for rendering NGINX configuration.\n\nThe `preview_only` query parameter controls how the request is processed:\n - When `preview_only` is `true`, the API validates template parameters and renders the full NGINX configuration for preview **without creating a template submission object**. (**Currently, only this mode is supported.**)\n - When `preview_only` is `false` or omitted, the API is intended to render and create a submission. This feature is **not supported yet**.\n\n**Note:** Currently, only preview mode is implemented. Submission creation will be supported in a future release.\n", + "parameters": [ + { + "$ref": "#/components/parameters/TemplateSubmissionPreviewOnly" + } + ], + "operationId": "submitTemplates", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TemplateSubmissionRequest" + } + } + } + }, + "responses": { + "200": { + "description": "Returned only when the `preview_only` flag is set to `true`.\nResponds with the rendered NGINX configuration that can be used for preview or to create/replace a staged configuration manually.\n\nNote: If `preview_only` is `false` or omitted, this operation is not yet supported and will return an error instead.\n", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PreviewNginxConfig" + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "405": { + "description": "This operation is not yet implemented. Please use preview mode (`preview_only=true`).\n", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + } + }, + "components": { + "parameters": { + "Paginated": { + "name": "paginated", + "in": "query", + "schema": { + "type": "boolean", + "default": true + }, + "description": "A boolean indicating if the results should be presented as a paginated list. Defaults to `true`. \nWhen set to `false` a maximum of 3000 results are returned.\n", + "required": false + }, + "Limit": { + "name": "limit", + "in": "query", + "schema": { + "type": "integer", + "minimum": 0 + }, + "description": "An integer that specifies the maximum number of items to be returned. \nSetting this to `0` will result in no items being returned, but a total count will still be provided. \nThis parameter is not applicable if `paginated` is `false`.\n", + "required": false + }, + "Offset": { + "name": "offset", + "in": "query", + "schema": { + "type": "integer", + "minimum": 1 + }, + "description": "An integer that specifies the starting position of the results, starting at `1`.\nThis parameter is not applicable if `paginated` is `false`.\n" + }, + "FilterFieldDataPlaneKeys": { + "name": "filter_fields", + "in": "query", + "description": "Filter options for data plane keys; used in conjunction with other filter parameters having the same array length.\n\nWhen filtering on `status`, only the following `filter_values` are supported:\n * revoked\n * expired\n * valid\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameDataPlaneKeys" + } + } + }, + "FilterOperands": { + "name": "filter_ops", + "in": "query", + "description": "An array of strings defining the operands for filtering, to be used in conjunction with `filter_fields` and `filter_values`. \nAll filter parameters must have matching array lengths. Currently, the only supported operand is `\"IN\"`.\n", + "schema": { + "$ref": "#/components/schemas/FilterOperands" + } + }, "FilterValues": { "name": "filter_values", "in": "query", @@ -5194,6 +5973,94 @@ "description": "A globally unique identifier for the NGINX staged config.\n", "required": true }, + "StagedConfigImportParseOnly": { + "name": "parseOnly", + "in": "query", + "schema": { + "type": "boolean", + "default": false + }, + "description": "Optional flag to control how the request is processed.\n - When `false` or omitted (by default), the request creates a Staged Config directly. (`StagedConfigCreateResponse`)\n - When `true`, the request parses the import and returns metadata you can use to create a Staged Config through a POST. ( `StagedConfigCreateRequest`)\n", + "required": false + }, + "NapSignatureID": { + "name": "signatureID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/NapSignatureID" + }, + "description": "An unique identifier for the NGINX App Protect signature.\n", + "required": true + }, + "NapSignatureSetObjectID": { + "name": "signatureSetObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/NapSignatureSetObjectID" + }, + "description": "A globally unique identifier for the NGINX App Protect signature set.\n", + "required": true + }, + "SortNameNapSignatures": { + "name": "sort_fields", + "in": "query", + "description": "Sort NGINX App Protect signatures by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name", + "signature_id" + ], + "x-enum-varnames": [ + "sort_name_nap_signatures_name", + "sort_name_nap_signatures_signature_id" + ] + } + } + }, + "SortNameNapSignatureSets": { + "name": "sort_fields", + "in": "query", + "description": "Sort NGINX App Protect signature sets by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name", + "signature_count" + ], + "x-enum-varnames": [ + "sort_name_nap_signature_sets_name", + "sort_name_nap_signature_sets_signature_count" + ] + } + } + }, + "FilterFieldNapSignatures": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `accuracy`, `risk`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameNapSignatures" + } + } + }, + "FilterFieldNapSignatureSets": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `type`, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameNapSignatureSets" + } + } + }, "SortNameNapPolicies": { "name": "sort_nap_policies", "in": "query", @@ -5302,25 +6169,63 @@ } } }, - "FilterFieldNapPolicyVersion": { - "name": "filter_fields", + "FilterFieldNapPolicyVersion": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameNapPolicyVersion" + } + } + }, + "NapPolicyVersionParamObjectID": { + "name": "nap_policy_version_object_id", + "in": "path", + "schema": { + "$ref": "#/components/schemas/NapPolicyVersionObjectID" + }, + "description": "A globally unique identifier for the App Protect policy version.\n", + "required": true + }, + "TemplateParamObjectID": { + "name": "templateObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/TemplateObjectID" + }, + "description": "A globally unique identifier for the template.\n", + "required": true + }, + "SortNameTemplates": { + "name": "sort_fields", "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "description": "Sort the list of templates by the specified fields.\nThe default sort order is ascending. To sort in descending order, use the `sort_dir` parameter.\n", "schema": { "type": "array", "items": { - "$ref": "#/components/schemas/FilterNameNapPolicyVersion" + "type": "string", + "enum": [ + "name", + "type" + ], + "x-enum-varnames": [ + "sort_name_templates_name", + "sort_name_templates_type" + ] } } }, - "NapPolicyVersionParamObjectID": { - "name": "nap_policy_version_object_id", - "in": "path", + "TemplateSubmissionPreviewOnly": { + "name": "preview_only", + "in": "query", "schema": { - "$ref": "#/components/schemas/NapPolicyVersionObjectID" + "type": "boolean", + "default": false }, - "description": "A globally unique identifier for the App Protect policy version.\n", - "required": true + "description": "Optional flag to control how a template submission request is processed.\n - When `true`, the request renders the full NGINX configuration for preview **without creating a template submission object** (this is currently the only supported mode).\n - When `false` or omitted (the default), the request is intended to render the configuration **and create a submission object**, but this feature is **not supported yet** and will return an error.\nNote: Currently, only preview (stateless render) mode is supported. Submission creation is not yet implemented.\n", + "required": false } }, "schemas": { @@ -6147,6 +7052,51 @@ "created_at": "2023-10-01T00:00:00Z" } }, + "CertificateBulkRequestData": { + "type": "object", + "description": "Part of bulk operation on a certificate, only `delete` is supported.", + "required": [ + "action", + "object_id" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/CertificateObjectID" + }, + "action": { + "$ref": "#/components/schemas/BulkRequestAction" + } + }, + "example": { + "object_id": "cert_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" + } + }, + "CertificateBulkRequest": { + "type": "array", + "items": { + "$ref": "#/components/schemas/CertificateBulkRequestData" + }, + "minItems": 1, + "maxItems": 50, + "example": [ + { + "object_id": "cert_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" + }, + { + "object_id": "cert_PL0c1XodRemmzVEjiXSsTg", + "action": "delete" + } + ] + }, + "CertificateBulkResponse": { + "description": "The certificate bulk operation outcome.", + "type": "array", + "items": { + "$ref": "#/components/schemas/BulkRequestObjectStatus" + } + }, "PublicationBulkResponse": { "description": "The publication bulk operation outcome.\n", "type": "array", @@ -6347,1166 +7297,1158 @@ ] } }, - "FilterNameConfigSyncGroups": { - "type": "string", - "description": "Keywords for config sync groups filters.\nWhen filtering on `config_status`, only the following `filter_values` are supported:\n * in_sync\n * out_of_sync\n * sync_in_progress\n * unknown\n", - "enum": [ - "name", - "config_status", - "object_id" - ], - "x-enum-varnames": [ - "filter_name_config_sync_group_name", - "filter_name_config_sync_group_config_status", - "filter_name_config_sync_group_object_id" - ] - }, - "ConfigSyncGroupObjectID": { - "description": "A globally unique identifier for the NGINX config sync group.", - "type": "string", - "format": "object_id", - "pattern": "^csg_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } - }, - "ConfigSyncStatus": { + "ConfigPath": { "type": "string", - "description": "The current config sync status of the NGINX config sync group, with the following possible values:\n* `unknown` - The status cannot be determined at this moment.\n* `in_sync` - All NGINX instances in config sync group have same config as indicated by config_version.\n* `out_of_sync` - Some NGINX instances in config sync group have config different than indicated by config_version.\n* `sync_in_progress` - The operation of applying config_version to all NGINX instances in config sync group is in progress.\n", - "enum": [ - "unknown", - "in_sync", - "out_of_sync", - "sync_in_progress" - ], - "x-enum-varnames": [ - "nginx_config_sync_group_config_status_unknown", - "nginx_config_sync_group_config_status_in_sync", - "nginx_config_sync_group_config_status_out_of_sync", - "nginx_config_sync_group_config_status_in_progress" - ] - }, - "CertificateInstanceSummary": { - "description": "A breakdown and tally of certificates, detailing the total count, number of expired certificates, certificates nearing expiration, and those that are valid.", - "type": "object", - "required": [ - "total", - "expired", - "expiring", - "valid", - "not_ready" - ], - "properties": { - "total": { - "description": "Total count of certificates across the NGINX data plane.", - "type": "integer" - }, - "expired": { - "description": "The number of certificates that have expired and are no longer valid.", - "type": "integer" - }, - "expiring": { - "description": "The number of certificates due to expire in the next 30 days.", - "type": "integer" - }, - "valid": { - "description": "The number of certificates that are valid and in good standing.", - "type": "integer" - }, - "not_ready": { - "description": "The number of certificates that are not ready to be used.", - "type": "integer" - } - } + "minLength": 1, + "maxLength": 4096, + "description": "The full path to the main NGINX configuration file. This corresponds to the `--conf-path` parameter used in the NGINX binary.\n", + "example": "/etc/nginx/nginx.conf." }, - "ListConfigSyncGroupObject": { + "FileDataRequest": { "type": "object", - "description": "Summary information of the NGINX config sync group.", - "required": [ - "object_id", - "name", - "created_at", - "instances_count", - "config_status" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/ConfigSyncGroupObjectID" - }, - "name": { - "description": "Name of the NGINX config sync group.", - "type": "string" - }, - "created_at": { - "description": "The date and time when the config sync group was created.", - "type": "string", - "format": "date-time" - }, - "instances_count": { - "description": "Number of instances in the NGINX config sync group.", - "type": "integer" - }, - "config_status": { - "$ref": "#/components/schemas/ConfigSyncStatus" - }, - "cert_summary": { - "$ref": "#/components/schemas/CertificateInstanceSummary" - } - } - }, - "ConfigSyncGroupListResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" - }, - { - "type": "object", - "description": "List of NGINX config sync groups.", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of Config Sync Group objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/ListConfigSyncGroupObject" - } - } - } - } - ], - "example": { - "total": 10, - "count": 1, - "start_index": 1, - "items_per_page": 100, - "items": [ - { - "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", - "name": "test-config-sync-group", - "created_at": "2023-12-05T22:30:20.220114Z", - "config_status": "in_sync", - "instances_count": 1 - } - ] - } - }, - "ConfigSyncGroupCreateRequest": { - "description": "Body to create a NGINX config sync group.", + "description": "Details about a file, name, and content.", "required": [ "name" ], "properties": { "name": { "type": "string", - "description": "A name to uniquely identify the NGINX config sync group in a given tenant namespace.", + "description": "The file's relative path to the parent directory, absolute path also accepted.", "minLength": 1, - "maxLength": 256 - } - }, - "example": { - "name": "my-nginx-config-sync-group" - } - }, - "ConfigSyncGroupCreateResponse": { - "description": "Response to a create NGINX config sync group request.", - "required": [ - "object_id", - "name" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/ConfigSyncGroupObjectID" - }, - "name": { - "description": "Name of the NGINX config sync group.", - "type": "string" - } - }, - "example": { - "name": "my-nginx-config-sync-group", - "object_id": "csg_Tet21AeYTHCj7taOwVfzyw" - } - }, - "ConfigSyncGroupBulkRequestData": { - "type": "object", - "description": "Part of bulk operation on a config sync group, only `delete` is supported.", - "required": [ - "action", - "object_id" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/ConfigSyncGroupObjectID" + "maxLength": 4096 }, - "action": { - "$ref": "#/components/schemas/BulkRequestAction" + "contents": { + "type": "string", + "format": "byte", + "description": "The base64-encoded contents of the file.", + "maxLength": 3145728 } - }, - "example": { - "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" } }, - "ConfigSyncGroupBulkRequest": { - "type": "array", - "items": { - "$ref": "#/components/schemas/ConfigSyncGroupBulkRequestData" - }, - "minItems": 1, - "maxItems": 50, - "example": [ - { - "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" + "DirectoryRequestWithFileContent": { + "type": "object", + "description": "Represents a directory and its contents, detailing the directory's full path, and the files within it.", + "required": [ + "name", + "files" + ], + "properties": { + "name": { + "type": "string", + "minLength": 1, + "description": "The complete path of the directory." }, - { - "object_id": "csg_PL0c1XodRemmzVEjiXSsTg", - "action": "delete" + "files": { + "type": "array", + "description": "The list of files in the directory.", + "items": { + "$ref": "#/components/schemas/FileDataRequest" + } } - ] - }, - "ConfigSyncGroupBulkResponse": { - "description": "The config sync group bulk outcome.", - "type": "array", - "items": { - "$ref": "#/components/schemas/BulkRequestObjectStatus" } }, - "ConfigSyncGroupMeta": { + "NginxConfigObjectRequest": { "type": "object", - "description": "Meta information of the NGINX config sync group including:\n* NGINX config sync group object ID\n* unique name of the config sync group in the tenant namespace\n* last publication timestamp\n", + "description": "Details of an NGINX configuration, the main configuration path, and the configuration directories.\n", "required": [ - "object_id", - "name", - "created_at" + "conf_path", + "configs" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/ConfigSyncGroupObjectID" + "config_version": { + "type": "string", + "description": "A hash that uniquely identifies the contents of the config object. Can be used to detect change when updating the NginxConfig.\n" }, - "name": { - "description": "Name of the NGINX config sync group.", - "type": "string" + "conf_path": { + "$ref": "#/components/schemas/ConfigPath" }, - "last_publication": { - "description": "The date and time of the most recent config sync group publication.", - "type": "string", - "format": "date-time" + "configs": { + "type": "array", + "description": "An array of directories containing NGINX configuration files.", + "items": { + "$ref": "#/components/schemas/DirectoryRequestWithFileContent" + } }, - "created_at": { - "description": "The date and time when the config sync group was created.", - "type": "string", - "format": "date-time" + "aux": { + "type": "array", + "description": "An array of auxiliary directory contents related to the NGINX configuration. When auxiliary contents are\nprovided, they become the authoritative source of non-NGINX configuration content. Please ensure the\nprovided contents are complete, missing files that are referenced in the NGINX configuration can cause\nNGINX reload failure. When not provided, the previous known auxiliary contents will be used as part of\npublish.\n", + "items": { + "$ref": "#/components/schemas/DirectoryRequestWithFileContent" + } } - }, - "example": { - "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", - "name": "test-config-sync-group", - "last_publication": "2023-12-06T22:37:24.120114Z", - "created_at": "2023-12-05T22:30:20.220114Z" } }, - "InstanceObjectID": { - "description": "A globally unique identifier for the NGINX instance.", + "PayloadObjectID": { + "description": "A globally unique identifier for the valid payload object reference.", "type": "string", "format": "object_id", - "pattern": "^inst_.*", + "pattern": "^(cert|pv)_.*", "x-go-type": "objects.ID", "x-go-type-import": { "name": "objects", "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "NginxBuild": { - "description": "The build details for the NGINX binary, including its configuration parameters.\n", + "NginxConfigPayload": { "type": "object", + "description": "Details of Aux File Payload that goes with an NGINX configuration. Provide hints for the backend system on \nadditional file contents that should be part of the NGINX Config Publication.\nCan be used to deploy files related to SSL certificates, to a data plane instance.\n", "required": [ - "version" + "type", + "paths" ], "properties": { - "version": { - "description": "The version number of the base open-source NGINX.", - "type": "string" + "type": { + "type": "string", + "description": "Types of Aux File Payload:\n - inline_secret - indicates the provided content for the payload should be stored in a secret location, and removed after the publication is done.\n - inline_content - indicates the provided content for the payload should be stored, and removed after the publication is done. Note, the contents may end up in the `aux` content if used in this NGINX configuration.\n - unmanaged_certificate - indicates certificate content for an unmanaged certificate detected from a data plane instance through NGINX configurations. Will be filtered and ignored in the payload deployment.\n - managed_certificate - indicates public certificates managed by NGINX One Console.\n - managed_key - indicates a private key managed by NGINX One Console.\n - nap_policy_version - indicates a version of NAP policy managed by NGINX One Console. A valid policy_version object\n", + "enum": [ + "inline_secret", + "inline_content", + "unmanaged_certificate", + "managed_certificate", + "managed_key", + "nap_policy_version" + ], + "x-enum-varnames": [ + "nginx_config_payload_inline_secret", + "nginx_config_payload_inline_content", + "nginx_config_payload_unmanaged_certificate", + "nginx_config_payload_managed_certificate", + "nginx_config_payload_managed_key", + "nginx_config_payload_nap_policy_version" + ] }, - "plus_release": { - "description": "The NGINX Plus release version, if applicable.", - "type": "string" + "contents": { + "type": "string", + "format": "base64", + "description": "The base64-encoded contents of the file.", + "maxLength": 3145728 }, - "conf_path": { - "description": "The absolute path to the NGINX configuration, as set by the `--conf-path` option during build time.", - "type": "string" + "object_id": { + "$ref": "#/components/schemas/PayloadObjectID" + }, + "paths": { + "type": "array", + "items": { + "type": "string" + } } + }, + "example": { + "type": "inline_content", + "contents": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURUVENDQWpXZ0F3SUJBZ0lVVkcycitidUwwRk83U1FVeUtoVkNTN3YyRHZZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05qRVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNUk13RVFZRFZRUUtEQXBPUjBsT1dDQkpibU11TVFzdwpDUVlEVlFRR0V3SlZVekFlRncweU5EQTBNall5TURVeE5ERmFGdzB5TkRBME1qY3lNRFV4TkRGYU1EWXhFakFRCkJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERFVE1CRUdBMVVFQ2d3S1RrZEpUbGdnU1c1akxqRUxNQWtHQTFVRUJoTUMKVlZNd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMyb0FJVU9HMkxGMFVGclpMeQp5aWhZRjBZWjdYTWFYZnZ4dWJMYVZZdUdJNjlYN1FQRUJtUXp2OXdod25aUktDUExDZHVCNG04Y0o3Q3BGenRHCldPYVFMbmNxVVA4RFU1aHlQeFBSbmZUdFFBcUdiMDJRZ1RVQXY1QkpJMFZheGhCcnNaemd0KzgyM3ZoTTZTUHcKMGdSc1NZRlFpKzVDWW9MMWZNSWdhS0N2Ri9zZGl5cHZFQ0JDZVZyTWZFZ0pGSVJBQ1kvdFBzdEsvTkxwKzlmawppZ3hFMlYxcldoSGdvRmhZRm5YYnVqM2RIMHJLai9DVlM5anZMMk9vRTlvenM5MkRVLytySGJ6eFR3QndVQjBzCmVPS2hPY2d2cENyTVlSUWxUUlhmWVJmV0NLN2Q2Mk1JR3kvajcvV1VieDFOYzl4MjJzUitydVRlZkxnRTA2NWgKMldDZkFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFmQmdOVgpIU01FR0RBV2dCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFCNC9VM3lrMFYzMTFNRFQvaEttbFJ4MWRqalRyMlhIQnVEcXZYY3BIRTQKVDJwZ0xnWURwN2tmUTQrdnlHWUt1cndEc0F1VDhEZCtUUUZLZEIraEFGRzMyazlxS1RyY1ZCZ2tNSjIwQitvWQp4T2diWW5zVnpiTDhXL0hOR3BlbDkrbThwYURtMGRXNzhMUit5UnJleDVlY2pjYWlZMDg3b0dHNlJDeWhyUVd4CkpkdkFvNlU1ejl3TnVhNmMyNlY2cy84Yit6SkJWektGZ0tQNVVGL2lIcGJVNW1QcVMwWlk4ckhRLzZPTHRGRjgKZ1J2UUlRZjZLSjRmOXlUOFBYSHBIdGJCMzEzaWh2Z09wWW9la3lIWTZaSmllTWhkd0J4MzB1N3d2Uy9POEluYwpsZWZzTkxUcWFTM2JWdldLeUFaVlZyenFtU043aGh4QWZrc0RZelBFbkF3OAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t", + "paths": [ + "/etc/nginx/ssl/server.crt" + ] } }, - "NginxAppProtectVersions": { - "description": "Version information regarding NGINX App Protect.\n", + "NginxConfigPayloads": { + "type": "array", + "description": "An array of payloads that track the file paths of each SSL certificates and key, indicating where to deploy\nthem onto the data plane instance.\n* If the `type` is `managed_certificate` or `managed_key`, you need to specify an `object_id`.\n * The `object_id` must represent a managed certificate object, or a `400 Bad Request` is returned. \n * The `contents` field is optional and is ignored if included.\n* The NGINX One Console manages deployed file paths only for managed certificates and keys. If you don't want \nthem to be managed by NGINX One Console, `inline_content` and `inline_secret` can be used for certificates or \nkeys, respectively. When you retrieve certificate deployment details, only the file paths of managed \ncertificates and keys will be shown.\n* If you use `inline_content` and `inline_secret` in your NGINX configuration, the NGINX One Console \nwill detect them. When they are used as SSL directives of the NGINX configuration \nfor certificates and keys, the certificates will be listed as `unmanaged_certificate` in the certificate \ndeployment details.\n", + "items": { + "$ref": "#/components/schemas/NginxConfigPayload" + }, + "example": [ + { + "type": "managed_certificate", + "object_id": "cert_rto8NYiCQputrIasNx2NOA", + "paths": [ + "/etc/nginx/cert.pem" + ] + }, + { + "type": "managed_key", + "object_id": "cert_rto8NYiCQputrIasNx2NOA", + "paths": [ + "/etc/nginx/key.pem" + ] + }, + { + "type": "inline_content", + "contents": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURUVENDQWpXZ0F3SUJBZ0lVVkcycitidUwwRk83U1FVeUtoVkNTN3YyRHZZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05qRVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNUk13RVFZRFZRUUtEQXBPUjBsT1dDQkpibU11TVFzdwpDUVlEVlFRR0V3SlZVekFlRncweU5EQTBNall5TURVeE5ERmFGdzB5TkRBME1qY3lNRFV4TkRGYU1EWXhFakFRCkJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERFVE1CRUdBMVVFQ2d3S1RrZEpUbGdnU1c1akxqRUxNQWtHQTFVRUJoTUMKVlZNd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMyb0FJVU9HMkxGMFVGclpMeQp5aWhZRjBZWjdYTWFYZnZ4dWJMYVZZdUdJNjlYN1FQRUJtUXp2OXdod25aUktDUExDZHVCNG04Y0o3Q3BGenRHCldPYVFMbmNxVVA4RFU1aHlQeFBSbmZUdFFBcUdiMDJRZ1RVQXY1QkpJMFZheGhCcnNaemd0KzgyM3ZoTTZTUHcKMGdSc1NZRlFpKzVDWW9MMWZNSWdhS0N2Ri9zZGl5cHZFQ0JDZVZyTWZFZ0pGSVJBQ1kvdFBzdEsvTkxwKzlmawppZ3hFMlYxcldoSGdvRmhZRm5YYnVqM2RIMHJLai9DVlM5anZMMk9vRTlvenM5MkRVLytySGJ6eFR3QndVQjBzCmVPS2hPY2d2cENyTVlSUWxUUlhmWVJmV0NLN2Q2Mk1JR3kvajcvV1VieDFOYzl4MjJzUitydVRlZkxnRTA2NWgKMldDZkFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFmQmdOVgpIU01FR0RBV2dCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFCNC9VM3lrMFYzMTFNRFQvaEttbFJ4MWRqalRyMlhIQnVEcXZYY3BIRTQKVDJwZ0xnWURwN2tmUTQrdnlHWUt1cndEc0F1VDhEZCtUUUZLZEIraEFGRzMyazlxS1RyY1ZCZ2tNSjIwQitvWQp4T2diWW5zVnpiTDhXL0hOR3BlbDkrbThwYURtMGRXNzhMUit5UnJleDVlY2pjYWlZMDg3b0dHNlJDeWhyUVd4CkpkdkFvNlU1ejl3TnVhNmMyNlY2cy84Yit6SkJWektGZ0tQNVVGL2lIcGJVNW1QcVMwWlk4ckhRLzZPTHRGRjgKZ1J2UUlRZjZLSjRmOXlUOFBYSHBIdGJCMzEzaWh2Z09wWW9la3lIWTZaSmllTWhkd0J4MzB1N3d2Uy9POEluYwpsZWZzTkxUcWFTM2JWdldLeUFaVlZyenFtU043aGh4QWZrc0RZelBFbkF3OAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t", + "paths": [ + "/etc/nginx/inline_cert.crt" + ] + } + ] + }, + "NginxConfigRequest": { + "allOf": [ + { + "$ref": "#/components/schemas/NginxConfigObjectRequest" + }, + { + "type": "object", + "properties": { + "payloads": { + "$ref": "#/components/schemas/NginxConfigPayloads" + } + } + } + ] + }, + "NginxConfigProblem": { "type": "object", - "required": [ - "engine_version" - ], + "description": "Representation of a problem found during NGINX configuration analysis.", "properties": { - "release_version": { - "description": "The release version of NGINX App Protect.", + "directive": { + "description": "Directive in the NGINX configuration where the issue is identified.", "type": "string" }, - "engine_version": { - "description": "The version of the App Protect enforcement engine.", + "file": { + "description": "File where the issue is detected.", "type": "string" + }, + "line": { + "description": "Line number in the configuration where the issue is found.", + "type": "integer" } } }, - "NginxAppProtectDeploymentCounts": { + "NginxConfigReport": { "type": "object", - "description": "Summary count of NAP policy version deployment statues.", - "required": [ - "total", - "deployed", - "deploying", - "failed" - ], + "description": "An analysis of the NGINX configuration, highlighting issues and their severity, and offering recommendations.", "properties": { - "total": { - "description": "Total count of NAP policy versions across the NGINX data plane.", - "type": "integer" + "rule": { + "description": "The name of the configuration rule that was violated.", + "type": "string" }, - "deployed": { - "description": "The number of NAP policy versions that have deployed.", - "type": "integer" + "info": { + "description": "A detailed description of the issue.", + "type": "string" }, - "deploying": { - "description": "The number of NAP policy versions that are deploying.", - "type": "integer" + "severity": { + "description": "The severity level of the issue.", + "type": "string" }, - "failed": { - "description": "The number of NAP policy versions that have failed deployment.", - "type": "integer" - } - } - }, - "NginxAppProtectSummary": { - "description": "Summary information regarding NGINX App Protect.\n", - "type": "object", - "allOf": [ - { - "$ref": "#/components/schemas/NginxAppProtectVersions" + "category": { + "description": "Classification category of the issue.", + "type": "string" }, - { - "type": "object", - "required": [ - "deployments" - ], - "properties": { - "deployments": { - "$ref": "#/components/schemas/NginxAppProtectDeploymentCounts" - } + "documentation": { + "description": "Links to documentation that can assist in resolving the identified issue.", + "type": "array", + "items": { + "type": "string" + } + }, + "where": { + "description": "Specific locations in the configuration where issues were detected.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxConfigProblem" } } - ] + } }, - "CveSeverityType": { + "NginxConfigReports": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxConfigReport" + } + }, + "FilterNameConfigSyncGroups": { "type": "string", - "description": "Severity ratings:\n * `high` - High severity.\n * `medium` - Moderate severity.\n * `low` - Least severe.\n * `none` - Not severe.\n * `other` - Severity that does not fit the other categories.\n", + "description": "Keywords for config sync groups filters.\nWhen filtering on `config_status`, only the following `filter_values` are supported:\n * in_sync\n * out_of_sync\n * sync_in_progress\n * unknown\n", "enum": [ - "high", - "medium", - "low", - "none", - "other" + "name", + "config_status", + "object_id" ], "x-enum-varnames": [ - "cve_severity_type_high", - "cve_severity_type_medium", - "cve_severity_type_low", - "cve_severity_type_none", - "cve_severity_type_other" + "filter_name_config_sync_group_name", + "filter_name_config_sync_group_config_status", + "filter_name_config_sync_group_object_id" ] }, - "CveDetails": { - "description": "CVEs details, including the type and count.\n", - "type": "object", - "required": [ - "type", - "count" - ], - "properties": { - "type": { - "$ref": "#/components/schemas/CveSeverityType" - }, - "count": { - "description": "The total number of each CVE type.", - "type": "integer" - } + "ConfigSyncGroupObjectID": { + "description": "A globally unique identifier for the NGINX config sync group.", + "type": "string", + "format": "object_id", + "pattern": "^csg_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "RecommendationType": { + "ConfigSyncStatus": { "type": "string", - "description": "Types of configuration recommendations:\n * `best_practice` - Suggestions based on established best practices.\n * `security` - Recommendations related to security.\n * `optimization` - Advice for optimizing performance.\n * `other` - Recommendations that do not fit the above categories.\n", + "description": "The current config sync status of the NGINX config sync group, with the following possible values:\n* `unknown` - The status cannot be determined at this moment.\n* `in_sync` - All NGINX instances in config sync group have same config as indicated by config_version.\n* `out_of_sync` - Some NGINX instances in config sync group have config different than indicated by config_version.\n* `sync_in_progress` - The operation of applying config_version to all NGINX instances in config sync group is in progress.\n", "enum": [ - "best_practice", - "security", - "optimization", - "other" + "unknown", + "in_sync", + "out_of_sync", + "sync_in_progress" ], "x-enum-varnames": [ - "recommendation_type_best_practice", - "recommendation_type_security", - "recommendation_type_optimization", - "recommendation_type_other" + "nginx_config_sync_group_config_status_unknown", + "nginx_config_sync_group_config_status_in_sync", + "nginx_config_sync_group_config_status_out_of_sync", + "nginx_config_sync_group_config_status_in_progress" ] }, - "IssueDetails": { - "description": "Issue details, including the type and count.\n", + "CertificateInstanceSummary": { + "description": "A breakdown and tally of certificates, detailing the total count, number of expired certificates, certificates nearing expiration, and those that are valid.", "type": "object", "required": [ - "type", - "count" + "total", + "expired", + "expiring", + "valid", + "not_ready" ], "properties": { - "type": { - "$ref": "#/components/schemas/RecommendationType" + "total": { + "description": "Total count of certificates across the NGINX data plane.", + "type": "integer" }, - "count": { - "description": "The total number of issues identified for the specific recommendation type.", + "expired": { + "description": "The number of certificates that have expired and are no longer valid.", "type": "integer" - } - } - }, - "ControlPlaneObjectID": { - "description": "A globally unique identifier for the control plane.", - "type": "string", - "format": "object_id", - "pattern": "^ecp_.*", - "x-go-type": "objects.ID" - }, - "ControlPlaneBaseInfo": { - "type": "object", - "description": "Base information of a control plane, which includes name, product version and optionally an object ID.", - "required": [ - "name", - "product_version", - "created_at" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/ControlPlaneObjectID" }, - "name": { - "description": "Control plane name.", - "type": "string" + "expiring": { + "description": "The number of certificates due to expire in the next 30 days.", + "type": "integer" }, - "product_version": { - "description": "Control plane product name and version.", - "type": "string" + "valid": { + "description": "The number of certificates that are valid and in good standing.", + "type": "integer" }, - "created_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the control plane was created." + "not_ready": { + "description": "The number of certificates that are not ready to be used.", + "type": "integer" } } }, - "Instance": { + "ListConfigSyncGroupObject": { "type": "object", - "description": "Summary information about a NGINX instance.", + "description": "Summary information of the NGINX config sync group.", "required": [ "object_id", - "hostname", - "system_id", - "agent_version", - "registered_at", - "last_reported", - "status" + "name", + "created_at", + "instances_count", + "config_status" ], "properties": { "object_id": { - "$ref": "#/components/schemas/InstanceObjectID" - }, - "hostname": { - "description": "The name of the host system where the NGINX instance is running.", - "type": "string" - }, - "system_id": { - "description": "The unique identifier assigned to the host system by the NGINX Agent.", - "type": "string" - }, - "nginx_id": { - "description": "The unique identifier for the NGINX process on the host system, assigned by the NGINX Agent.", - "type": "string" + "$ref": "#/components/schemas/ConfigSyncGroupObjectID" }, - "agent_version": { - "description": "The version of the NGINX Agent.", + "name": { + "description": "Name of the NGINX config sync group.", "type": "string" }, - "key_object_id": { - "$ref": "#/components/schemas/DataPlaneKeyObjectID" - }, - "nginx_build": { - "$ref": "#/components/schemas/NginxBuild" - }, - "os_version": { - "description": "The operating system's name and its and version or codename.\n", - "type": "string", - "example": "ubuntu_jammy" - }, - "nginx_app_protect": { - "$ref": "#/components/schemas/NginxAppProtectSummary" - }, - "registered_at": { - "description": "The date and time when the NGINX instance first registered with NGINX One.", + "created_at": { + "description": "The date and time when the config sync group was created.", "type": "string", "format": "date-time" }, - "last_reported": { - "description": "The date and time of the most recent report received from the NGINX Agent.", - "type": "string", - "format": "date-time" + "instances_count": { + "description": "Number of instances in the NGINX config sync group.", + "type": "integer" }, - "status": { - "type": "string", - "description": "The current operational status of the NGINX instance, with the following possible values:\n* `unknown` - The status of the NGINX instance cannot be determined at this moment.\n* `unavailable` - The NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n* `offline` - The NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n* `online` - The NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n", - "enum": [ - "unknown", - "unavailable", - "offline", - "online" - ] + "config_status": { + "$ref": "#/components/schemas/ConfigSyncStatus" }, "cert_summary": { "$ref": "#/components/schemas/CertificateInstanceSummary" + } + } + }, + "ConfigSyncGroupListResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" }, - "cve_severity": { - "type": "array", - "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", - "items": { - "$ref": "#/components/schemas/CveDetails" + { + "type": "object", + "description": "List of NGINX config sync groups.", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of Config Sync Group objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/ListConfigSyncGroupObject" + } + } + } + } + ], + "example": { + "total": 10, + "count": 1, + "start_index": 1, + "items_per_page": 100, + "items": [ + { + "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", + "name": "test-config-sync-group", + "created_at": "2023-12-05T22:30:20.220114Z", + "config_status": "in_sync", + "instances_count": 1 } + ] + } + }, + "ConfigSyncGroupCreateRequest": { + "description": "Body to create a NGINX config sync group.", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "A name to uniquely identify the NGINX config sync group in a given tenant namespace.", + "minLength": 1, + "maxLength": 256, + "pattern": "^[a-zA-Z0-9]([a-zA-Z0-9-_]{0,254}[a-zA-Z0-9])?$" + } + }, + "example": { + "name": "my-nginx-config-sync-group" + } + }, + "ConfigSyncGroupCreateResponse": { + "description": "Response to a create NGINX config sync group request.", + "required": [ + "object_id", + "name" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/ConfigSyncGroupObjectID" }, - "recommendations": { - "type": "array", - "description": "An array summarizing the suggestions from the configuration analysis report.", - "items": { - "$ref": "#/components/schemas/IssueDetails" - } + "name": { + "description": "Name of the NGINX config sync group.", + "type": "string" + } + }, + "example": { + "name": "my-nginx-config-sync-group", + "object_id": "csg_Tet21AeYTHCj7taOwVfzyw" + } + }, + "ConfigSyncGroupBulkRequestData": { + "type": "object", + "description": "Part of bulk operation on a config sync group, only `delete` is supported.", + "required": [ + "action", + "object_id" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/ConfigSyncGroupObjectID" }, - "control_plane": { - "$ref": "#/components/schemas/ControlPlaneBaseInfo" + "action": { + "$ref": "#/components/schemas/BulkRequestAction" } + }, + "example": { + "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" } }, - "ConfigSyncGroupInstance": { - "allOf": [ + "ConfigSyncGroupBulkRequest": { + "type": "array", + "items": { + "$ref": "#/components/schemas/ConfigSyncGroupBulkRequestData" + }, + "minItems": 1, + "maxItems": 50, + "example": [ { - "$ref": "#/components/schemas/Instance" + "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" }, { - "type": "object", - "required": [ - "config_status", - "config_version" - ], - "properties": { - "config_status": { - "$ref": "#/components/schemas/ConfigSyncStatus" - }, - "config_version": { - "description": "A computed hash of current config on the config sync group.", - "type": "string" - } - } + "object_id": "csg_PL0c1XodRemmzVEjiXSsTg", + "action": "delete" } ] }, - "ConfigSyncGroupPublicationStatus": { - "type": "string", - "description": "The status on the last publication issued on this config sync group:\n* `pending` - The publication request has been accepted and is currently processing.\n* `failed` - The publication attempt failed.\n* `succeeded` - The publication was successful.\n* `partially_succeeded` - The publication attempt had one or more failures.\n", - "enum": [ - "pending", - "failed", - "succeeded", - "partially_succeeded" - ], - "x-enum-varnames": [ - "publication_config_sync_group_status_pending", - "publication_config_sync_group_status_failed", - "publication_config_sync_group_status_succeeded", - "publication_config_sync_group_status_partially_succeeded" - ] + "ConfigSyncGroupBulkResponse": { + "description": "The config sync group bulk outcome.", + "type": "array", + "items": { + "$ref": "#/components/schemas/BulkRequestObjectStatus" + } }, - "CertAssociation": { + "ConfigSyncGroupMeta": { "type": "object", - "description": "Details for a certificate that's associated with an instance or a config sync group.", + "description": "Meta information of the NGINX config sync group including:\n* NGINX config sync group object ID\n* unique name of the config sync group in the tenant namespace\n* last publication timestamp\n", "required": [ - "name", "object_id", - "cert_type", - "subject_name", - "not_before", - "not_after", - "cert_status", - "deployment_status" + "name", + "created_at" ], "properties": { - "name": { - "type": "string", - "description": "A friendly name for the certificate." - }, "object_id": { - "$ref": "#/components/schemas/CertificateObjectID" - }, - "cert_type": { - "$ref": "#/components/schemas/CertificateType" - }, - "cert_paths": { - "type": "array", - "description": "The list of file system paths where the certificate file is installed. \nSince a single certificate file may be applied in multiple contexts, all relevant paths are included.\n", - "example": [ - "/etc/ssl/cert.pem", - "/etc/ssl/cert.crt" - ], - "items": { - "type": "string" - } - }, - "key_paths": { - "type": "array", - "description": "The list of file system paths where the private key file is installed.\nSince a single key file may be applied in multiple contexts, all relevant paths are included.\n", - "example": [ - "/etc/nginx/key.pem", - "/etc/ssl/server.key" - ], - "items": { - "type": "string" - } - }, - "deployment_status": { - "$ref": "#/components/schemas/CertificateDeploymentStatus" - }, - "subject_name": { - "type": "string", - "description": "Hostname or domain for the certificate. Usually the subject-alt-name (SAN) value for the certificate.\nif SAN is not present, this will be the certificate subject's common name.\n", - "example": "nginx.com" + "$ref": "#/components/schemas/ConfigSyncGroupObjectID" }, - "cert_status": { - "$ref": "#/components/schemas/CertificateStatus" + "name": { + "description": "Name of the NGINX config sync group.", + "type": "string" }, - "not_before": { + "last_publication": { + "description": "The date and time of the most recent config sync group publication.", "type": "string", - "format": "date-time", - "description": "the effective date of the certificate." + "format": "date-time" }, - "not_after": { + "created_at": { + "description": "The date and time when the config sync group was created.", "type": "string", - "format": "date-time", - "description": "The expiration date for the certificate." + "format": "date-time" } + }, + "example": { + "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", + "name": "test-config-sync-group", + "last_publication": "2023-12-06T22:37:24.120114Z", + "created_at": "2023-12-05T22:30:20.220114Z" } }, - "NapPolicyObjectID": { - "description": "A globally unique identifier for the App Protect policy.", - "type": "string", - "format": "object_id", - "pattern": "^pol_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } - }, - "NapPolicyVersionObjectID": { - "description": "A globally unique identifier for the App Protect policy version.", - "type": "string", - "format": "object_id", - "pattern": "^pv_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } - }, - "PublicationObjectID": { - "description": "A globally unique identifier for the publication.", + "InstanceObjectID": { + "description": "A globally unique identifier for the NGINX instance.", "type": "string", "format": "object_id", - "example": "pub_72pGHoGsSICL_THZrs964g", - "pattern": "^pub_.*", + "pattern": "^inst_.*", "x-go-type": "objects.ID", "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } - }, - "NapPolicyEnforcementMode": { - "description": "The current enforcement mode of the NGINX App Protect policy, with the following possible values:\n* `blocking` - Any illegal or suspicious requests are logged and blocked.\n* `transparent` - Any illegal or suspicious requests are logged but not blocked.\n", - "type": "string", - "enum": [ - "blocking", - "transparent" - ], - "x-enum-varnames": [ - "nap_enforcement_mode_blocking", - "nap_enforcement_mode_transparent" - ] - }, - "NapDeploymentStatus": { - "description": "The current enforcement mode of the NGINX App Protect policy, with the following possible values:\n* `deployed` - The NGINX App Protect policy has been deployed.\n* `not_deployed` - The NGINX App Protect policy has not been deployed.\n* `deploying` - The NGINX App Protect policy is currently being deployed.\n* `failed` - The NGINX App Protect policy failed deploying.\n", - "type": "string", - "enum": [ - "deployed", - "not_deployed", - "deploying", - "failed" - ], - "x-enum-varnames": [ - "nap_deployment_status_deployed", - "nap_deployment_status_not_deployed", - "nap_deployment_status_deploying", - "nap_deployment_status_failed" - ] + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } }, - "NapAssociation": { - "description": "Details for a NGINX App Protect policy version that's associated with an instance or a config sync group.", + "NginxBuild": { + "description": "The build details for the NGINX binary, including its configuration parameters.\n", + "type": "object", "required": [ - "name", - "version", - "policy_object_id", - "policy_version_object_id", - "paths", - "deployment_status", - "publication_object_id", - "deployed_on", - "enforcement_mode" + "version" ], "properties": { - "name": { - "type": "string", - "description": "Name of the policy at the time of the deployment." - }, "version": { - "type": "string", - "description": "Version of the policy at the time of the deployment." - }, - "policy_object_id": { - "$ref": "#/components/schemas/NapPolicyObjectID" + "description": "The version number of the base open-source NGINX.", + "type": "string" }, - "policy_version_object_id": { - "$ref": "#/components/schemas/NapPolicyVersionObjectID" + "plus_release": { + "description": "The NGINX Plus release version, if applicable.", + "type": "string" }, - "publication_object_id": { - "$ref": "#/components/schemas/PublicationObjectID" + "conf_path": { + "description": "The absolute path to the NGINX configuration, as set by the `--conf-path` option during build time.", + "type": "string" + } + } + }, + "NginxAppProtectVersions": { + "description": "Version information regarding NGINX App Protect.\n", + "type": "object", + "required": [ + "engine_version" + ], + "properties": { + "release_version": { + "description": "The release version of NGINX App Protect.", + "type": "string" }, - "enforcement_mode": { - "$ref": "#/components/schemas/NapPolicyEnforcementMode" + "engine_version": { + "description": "The version of the App Protect enforcement engine.", + "type": "string" + } + } + }, + "NginxAppProtectDeploymentCounts": { + "type": "object", + "description": "Summary count of NAP policy version deployment statues.", + "required": [ + "total", + "deployed", + "deploying", + "failed" + ], + "properties": { + "total": { + "description": "Total count of NAP policy versions across the NGINX data plane.", + "type": "integer" }, - "paths": { - "type": "array", - "description": "The list of file system paths where the compiled NAP policy version bundle file is installed. \nSince a single compiled NAP policy version bundle file may be applied in multiple contexts, all relevant paths are included.\n", - "example": [ - "/etc/nginx/default_policy.tgz", - "/etc/nginx/default_policy_server_2.tgz" - ], - "items": { - "type": "string" - } + "deployed": { + "description": "The number of NAP policy versions that have deployed.", + "type": "integer" }, - "deployment_status": { - "$ref": "#/components/schemas/NapDeploymentStatus" + "deploying": { + "description": "The number of NAP policy versions that are deploying.", + "type": "integer" }, - "deployed_on": { - "description": "Date and time of the deployment.", - "type": "string", - "format": "date-time" + "failed": { + "description": "The number of NAP policy versions that have failed deployment.", + "type": "integer" } - }, - "example": { - "name": "default_policy", - "version": "2025.05.01", - "policy_object_id": "pol_panEdeY-Sh2rWm365y7wsw", - "policy_version_object_id": "pv_kem7SCosTTOL9mMlNyY2GQ", - "publication_object_id": "pub_72pGHoGsSICL_THZrs964g", - "paths": [ - "/etc/nginx/default_policy.tgz" - ], - "deployment_status": "deployed", - "enforcement_mode": "transparent", - "deployed_on": "2023-12-06T22:37:24.120114Z" } }, - "ConfigSyncGroup": { + "NginxAppProtectSummary": { + "description": "Summary information regarding NGINX App Protect.\n", + "type": "object", "allOf": [ { - "$ref": "#/components/schemas/ConfigSyncGroupMeta" + "$ref": "#/components/schemas/NginxAppProtectVersions" }, { "type": "object", - "description": "Additional information of the NGINX config sync group including:\n* config sync status\n* config checksum\n* instances\n* last known publication status\n* certs associated with this config sync group\n", + "required": [ + "deployments" + ], "properties": { - "config_status": { - "$ref": "#/components/schemas/ConfigSyncStatus" - }, - "config_version": { - "description": "A computed hash of current config on the config sync group.", - "type": "string" - }, - "instances": { - "description": "An array of Instance objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/ConfigSyncGroupInstance" - } - }, - "last_publication_status": { - "$ref": "#/components/schemas/ConfigSyncGroupPublicationStatus" - }, - "certs": { - "description": "An array detailing each certificate's information, including its friendly name, unique identifier, applicable file system paths, subject name, and validity dates. \nIt provides insights into the operational status of each certificate, such as whether it's currently valid, nearing expiration, is not ready to be used, or has already expired.\nThe deployment status indicates whether the latest certs and key managed by NGINX One Console are deployed onto the data plane instances that are part of this config sync group.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/CertAssociation" - } - }, - "nginx_app_protect": { - "type": "object", - "required": [ - "deployments" - ], - "properties": { - "deployments": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NapAssociation" - } - } - } + "deployments": { + "$ref": "#/components/schemas/NginxAppProtectDeploymentCounts" } } } + ] + }, + "CveSeverityType": { + "type": "string", + "description": "Severity ratings:\n * `high` - High severity.\n * `medium` - Moderate severity.\n * `low` - Least severe.\n * `none` - Not severe.\n * `other` - Severity that does not fit the other categories.\n", + "enum": [ + "high", + "medium", + "low", + "none", + "other" ], - "example": { - "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", - "name": "test-config-sync-group", - "created_at": "2023-12-06T22:37:24.120114Z", - "config_status": "in_sync", - "config_version": "uvR3F2TQGm18jnl7bpaGw", - "instances": [ - { - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "hostname": "816e3c194d59", - "system_id": "6066aad2-211e-3718-be5d-fcc01ffc5cc8", - "agent_version": "v2.33.0", - "registered_at": "2024-05-16T18:26:40.556048Z", - "last_reported": "2023-12-06T22:37:24.120114Z", - "status": "unavailable", - "nginx_build": { - "conf_path": "/etc/nginx/nginx.conf", - "version": "1.25.3" - }, - "os_version": "Ubuntu 22.04", - "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", - "config_status": "in_sync", - "config_version": "abc123def456" - } - ], - "certs": [ - { - "subject_name": "test.com", - "name": "client", - "cert_type": "cert_key", - "not_after": "2024-01-06T00:01:30Z", - "not_before": "2023-12-07T00:01:30Z", - "cert_paths": [ - "/etc/nginx/client.pem" - ], - "cert_status": "expiring", - "deployment_status": "latest", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw" - } - ] - } + "x-enum-varnames": [ + "cve_severity_type_high", + "cve_severity_type_medium", + "cve_severity_type_low", + "cve_severity_type_none", + "cve_severity_type_other" + ] }, - "ConfigSyncGroupDetails": { + "CveDetails": { + "description": "CVEs details, including the type and count.\n", "type": "object", - "description": "Detailed information of the NGINX config sync group.", - "allOf": [ - { - "$ref": "#/components/schemas/ConfigSyncGroup" + "required": [ + "type", + "count" + ], + "properties": { + "type": { + "$ref": "#/components/schemas/CveSeverityType" + }, + "count": { + "description": "The total number of each CVE type.", + "type": "integer" + } + } + }, + "RecommendationType": { + "type": "string", + "description": "Types of configuration recommendations:\n * `best_practice` - Suggestions based on established best practices.\n * `security` - Recommendations related to security.\n * `optimization` - Advice for optimizing performance.\n * `other` - Recommendations that do not fit the above categories.\n", + "enum": [ + "best_practice", + "security", + "optimization", + "other" + ], + "x-enum-varnames": [ + "recommendation_type_best_practice", + "recommendation_type_security", + "recommendation_type_optimization", + "recommendation_type_other" + ] + }, + "IssueDetails": { + "description": "Issue details, including the type and count.\n", + "type": "object", + "required": [ + "type", + "count" + ], + "properties": { + "type": { + "$ref": "#/components/schemas/RecommendationType" + }, + "count": { + "description": "The total number of issues identified for the specific recommendation type.", + "type": "integer" } - ] + } }, - "ConfigPath": { + "ControlPlaneObjectID": { + "description": "A globally unique identifier for the control plane.", "type": "string", - "minLength": 1, - "maxLength": 4096, - "description": "The full path to the main NGINX configuration file. This corresponds to the `--conf-path` parameter used in the NGINX binary.\n", - "example": "/etc/nginx/nginx.conf." + "format": "object_id", + "pattern": "^ecp_.*", + "x-go-type": "objects.ID" }, - "FileData": { + "ControlPlaneBaseInfo": { "type": "object", - "description": "Details about a file, including its path, content, size, and last modified time.", + "description": "Base information of a control plane, which includes name, product version and optionally an object ID.", "required": [ "name", - "contents", - "size", - "mtime" + "product_version", + "created_at" ], "properties": { - "name": { - "type": "string", - "description": "The file's relative path to the parent directory.", - "minLength": 1, - "maxLength": 4096 + "object_id": { + "$ref": "#/components/schemas/ControlPlaneObjectID" }, - "contents": { - "type": "string", - "format": "byte", - "description": "The base64-encoded contents of the file.", - "maxLength": 3145728 + "name": { + "description": "Control plane name.", + "type": "string" }, - "size": { - "type": "integer", - "description": "The size of the file, in bytes." + "product_version": { + "description": "Control plane product name and version.", + "type": "string" }, - "mtime": { + "created_at": { "type": "string", "format": "date-time", - "description": "Timestamp of the last modification made to the file." + "description": "The date and time when the control plane was created." } } }, - "DirectoryWithFileContent": { + "Instance": { "type": "object", - "description": "Represents a directory and its contents, detailing the directory's full path, assigned permissions, last modified time, and the files within it.", + "description": "Summary information about a NGINX instance.", "required": [ - "name", - "files" + "object_id", + "hostname", + "system_id", + "agent_version", + "registered_at", + "last_reported", + "status" ], "properties": { - "name": { + "object_id": { + "$ref": "#/components/schemas/InstanceObjectID" + }, + "hostname": { + "description": "The name of the host system where the NGINX instance is running.", + "type": "string" + }, + "system_id": { + "description": "The unique identifier assigned to the host system by the NGINX Agent.", + "type": "string" + }, + "nginx_id": { + "description": "The unique identifier for the NGINX process on the host system, assigned by the NGINX Agent.", + "type": "string" + }, + "agent_version": { + "description": "The version of the NGINX Agent.", + "type": "string" + }, + "key_object_id": { + "$ref": "#/components/schemas/DataPlaneKeyObjectID" + }, + "nginx_build": { + "$ref": "#/components/schemas/NginxBuild" + }, + "os_version": { + "description": "The operating system's name and its and version or codename.\n", "type": "string", - "description": "The complete path of the directory." + "example": "ubuntu_jammy" }, - "permissions": { + "nginx_app_protect": { + "$ref": "#/components/schemas/NginxAppProtectSummary" + }, + "registered_at": { + "description": "The date and time when the NGINX instance first registered with NGINX One.", "type": "string", - "description": "The permissions for the directory." + "format": "date-time" }, - "mtime": { + "last_reported": { + "description": "The date and time of the most recent report received from the NGINX Agent.", "type": "string", - "description": "The date and time when the directory was last modified.", "format": "date-time" }, - "files": { + "status": { + "type": "string", + "description": "The current operational status of the NGINX instance, with the following possible values:\n* `unknown` - The status of the NGINX instance cannot be determined at this moment.\n* `unavailable` - The NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n* `offline` - The NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n* `online` - The NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n", + "enum": [ + "unknown", + "unavailable", + "offline", + "online" + ] + }, + "cert_summary": { + "$ref": "#/components/schemas/CertificateInstanceSummary" + }, + "cve_severity": { "type": "array", - "description": "The list of files in the directory.", + "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", "items": { - "$ref": "#/components/schemas/FileData" + "$ref": "#/components/schemas/CveDetails" + } + }, + "recommendations": { + "type": "array", + "description": "An array summarizing the suggestions from the configuration analysis report.", + "items": { + "$ref": "#/components/schemas/IssueDetails" } + }, + "control_plane": { + "$ref": "#/components/schemas/ControlPlaneBaseInfo" } } }, - "NginxConfigObject": { + "ConfigSyncGroupInstance": { + "allOf": [ + { + "$ref": "#/components/schemas/Instance" + }, + { + "type": "object", + "required": [ + "config_status", + "config_version" + ], + "properties": { + "config_status": { + "$ref": "#/components/schemas/ConfigSyncStatus" + }, + "config_version": { + "description": "A computed hash of current config on the config sync group.", + "type": "string" + } + } + } + ] + }, + "ConfigSyncGroupPublicationStatus": { + "type": "string", + "description": "The status on the last publication issued on this config sync group:\n* `pending` - The publication request has been accepted and is currently processing.\n* `failed` - The publication attempt failed.\n* `succeeded` - The publication was successful.\n* `partially_succeeded` - The publication attempt had one or more failures.\n", + "enum": [ + "pending", + "failed", + "succeeded", + "partially_succeeded" + ], + "x-enum-varnames": [ + "publication_config_sync_group_status_pending", + "publication_config_sync_group_status_failed", + "publication_config_sync_group_status_succeeded", + "publication_config_sync_group_status_partially_succeeded" + ] + }, + "CertAssociation": { "type": "object", - "description": "Details of an NGINX configuration, the main configuration path, and the configuration directories.\n", + "description": "Details for a certificate that's associated with an instance or a config sync group.", "required": [ - "conf_path", - "configs" + "name", + "object_id", + "cert_type", + "subject_name", + "not_before", + "not_after", + "cert_status", + "deployment_status" ], "properties": { - "config_version": { + "name": { "type": "string", - "description": "A hash that uniquely identifies the contents of the config object. Can be used to detect change when updating the NginxConfig.\n" + "description": "A friendly name for the certificate." }, - "conf_path": { - "$ref": "#/components/schemas/ConfigPath" + "object_id": { + "$ref": "#/components/schemas/CertificateObjectID" }, - "configs": { - "type": "array", - "description": "An array of directories containing NGINX configuration files.", - "items": { - "$ref": "#/components/schemas/DirectoryWithFileContent" - } + "cert_type": { + "$ref": "#/components/schemas/CertificateType" }, - "aux": { + "cert_paths": { "type": "array", - "description": "An array of auxiliary directory contents related to the NGINX configuration.", + "description": "The list of file system paths where the certificate file is installed. \nSince a single certificate file may be applied in multiple contexts, all relevant paths are included.\n", + "example": [ + "/etc/ssl/cert.pem", + "/etc/ssl/cert.crt" + ], "items": { - "$ref": "#/components/schemas/DirectoryWithFileContent" + "type": "string" } - } - }, - "example": { - "aux": [], - "conf_path": "/etc/nginx/nginx.conf", - "configs": [ - { - "files": [ - { - "contents": "Cm1hcCAkdXJpICRtYXBwZWRfc2VydmljZSB7CiAgICBkZWZhdWx0IFVOTUFUQ0hFRDsKICAgICJ+Xi9hcGkvdjEvbmFtZXNwYWNlcy9cdysvaW5zdGFuY2VzIiAgICAgICAgaW5zdGFuY2VzLXN2YzsKICAgICJ+Xi9hcGkvdjEvbmFtZXNwYWNlcy9cdysvZGF0YS1wbGFuZS1rZXlzIiAga2V5cy1zdmM7CiAgICAifl4vYXBpL3YxL25hbWVzcGFjZXMvXHcrL21vbml0b3IiICAgICAgICAgIG1vbml0b3Itc3ZjOwp9Cgp1cHN0cmVhbSBpbnN0YW5jZXMtc3ZjIHsKICAgIHNlcnZlciBpbnN0YW5jZXMtc3ZjOjgwODA7Cn0KCnVwc3RyZWFtIGtleXMtc3ZjIHsKICAgIHNlcnZlciBrZXlzLXN2Yzo4MDkwOwp9Cgp1cHN0cmVhbSBkYXRhcGxhbmUtY3RybCB7CiAgICBzZXJ2ZXIgZGF0YXBsYW5lLWN0cmw6ODA4MDsKfQoKdXBzdHJlYW0gbW9uaXRvci1zdmMgewogICAgc2VydmVyIG1vbml0b3Itc3ZjOjgwODA7Cn0KCnVwc3RyZWFtIG1ldHJpY3MtaW5nZXN0IHsKICAgIHNlcnZlciBtZXRyaWNzLWluZ2VzdDo4MDgwOwp9CgpzZXJ2ZXIgewogICAgbGlzdGVuIDg4ODg7CiAgICBzZXJ2ZXJfbmFtZSBfOwogICAgaHR0cDIgb247CgogICAgcHJveHlfcGFzc19yZXF1ZXN0X2hlYWRlcnMgb247CiAgICByZXdyaXRlICJeL2FwaS8obmdpbngvb25lfHYxKS8oLiopJCIgIi9hcGkvdjEvJDIiIGJyZWFrOwogICAgbG9jYXRpb24gL2FwaS92MS8gewogICAgICAgIGlmICgkbWFwcGVkX3NlcnZpY2UgPSAiVU5NQVRDSEVEIikgewogICAgICAgICAgICByZXR1cm4gNDA0ICd7ImVycm9yOiAiTm90IGZvdW5kIn0nOwogICAgICAgIH0KICAgICAgICBwcm94eV9wYXNzX2hlYWRlciBYLVZvbHRlcnJhLUFwaWd3LVRlbmFudDsKICAgICAgICBwcm94eV9wYXNzIGh0dHA6Ly8kbWFwcGVkX3NlcnZpY2U7CiAgICB9CgogICAgIyBnUlBDIHNlcnZpY2UgZm9yIGRhdGFwbGFuZS1jdHJsCiAgICBsb2NhdGlvbiAvZjUubmdpbnguYWdlbnQuc2RrLkNvbW1hbmRlciB7CiAgICAgICAgZ3JwY19zb2NrZXRfa2VlcGFsaXZlIG9uOwogICAgICAgIGdycGNfcmVhZF90aW1lb3V0IDVtOwogICAgICAgIGdycGNfc2VuZF90aW1lb3V0IDVtOwogICAgICAgIGNsaWVudF9ib2R5X3RpbWVvdXQgMTBtOwogICAgICAgIGdycGNfcGFzcyBncnBjOi8vZGF0YXBsYW5lLWN0cmw7CiAgICB9CgogICAgIyBnUlBDIHNlcnZpY2UgZm9yIG1ldHJpY3MgaW5nZXN0aW9uCiAgICBsb2NhdGlvbiAvZjUubmdpbnguYWdlbnQuc2RrLk1ldHJpY3NTZXJ2aWNlIHsKICAgICAgICBncnBjX3NvY2tldF9rZWVwYWxpdmUgb247CiAgICAgICAgZ3JwY19yZWFkX3RpbWVvdXQgNW07CiAgICAgICAgZ3JwY19zZW5kX3RpbWVvdXQgNW07CiAgICAgICAgY2xpZW50X2JvZHlfdGltZW91dCAxMG07CiAgICAgICAgY2xpZW50X21heF9ib2R5X3NpemUgMDsKICAgICAgICBncnBjX3Bhc3MgZ3JwYzovL21ldHJpY3MtaW5nZXN0OwogICAgfQp9CgojIHByb3h5IHRvIHRoZSBtYW5hZ2VtZW50IHNlcnZlcnMKc2VydmVyIHsKICAgIGxpc3RlbiAxNTAwMDsKICAgIHNlcnZlcl9uYW1lIF87CiAgICAjIHVzZSBkb2NrZXIgRE5TCiAgICByZXNvbHZlciAxMjcuMC4wLjExIHZhbGlkPTMwczsKCiAgICAjIG1hdGNoIC88c2VydmljZT4vPG1nbXQgZW5kcG9pbnQ+CiAgICBsb2NhdGlvbiB+Xi8oW14vXSspLyguKykkIHsKICAgICAgICBwcm94eV9wYXNzIGh0dHA6Ly8kMToxNTAwMC8kMjsKICAgIH0KCiAgICBsb2NhdGlvbiAvIHsKICAgICAgICBhZGRfaGVhZGVyICJDb250ZW50LVR5cGUiICJ0ZXh0L2h0bWwiOwogICAgICAgIHJldHVybiAyMDAgIjxwPkFjY2VzcyB0aGUgbWFuYWdlbWVudCBzZXJ2ZXIgb2YgYW55IHNlcnZpY2Ugd2l0aCBVUkxzIGxpa2UgPGNvZGU+aHR0cDovL2xvY2FsaG9zdDoxNTAwMC8mbHQ7U0VSVklDRV9OQU1FJmd0Oy9tZXRyaWNzPC9jb2RlPjwvcD4iOwogICAgfQp9Cg==", - "mtime": "1970-01-01T00:00:00Z", - "name": "default.conf", - "size": 1942 - } - ], - "name": "/etc/nginx/conf.d" - }, - { - "files": [ - { - "contents": "CnVzZXIgIG5naW54Owp3b3JrZXJfcHJvY2Vzc2VzICBhdXRvOwoKZXJyb3JfbG9nICAvdmFyL2xvZy9uZ2lueC9lcnJvci5sb2cgbm90aWNlOwpwaWQgICAgICAgIC92YXIvcnVuL25naW54LnBpZDsKCgpldmVudHMgewogICAgd29ya2VyX2Nvbm5lY3Rpb25zICAxMDI0Owp9CgoKaHR0cCB7CiAgICBpbmNsdWRlICAgICAgIC9ldGMvbmdpbngvbWltZS50eXBlczsKICAgIGRlZmF1bHRfdHlwZSAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtOwoKICAgIGxvZ19mb3JtYXQgIG1haW4gICckcmVtb3RlX2FkZHIgLSAkcmVtb3RlX3VzZXIgWyR0aW1lX2xvY2FsXSAiJHJlcXVlc3QiICcKICAgICAgICAgICAgICAgICAgICAgICckc3RhdHVzICRib2R5X2J5dGVzX3NlbnQgIiRodHRwX3JlZmVyZXIiICcKICAgICAgICAgICAgICAgICAgICAgICciJGh0dHBfdXNlcl9hZ2VudCIgIiRodHRwX3hfZm9yd2FyZGVkX2ZvciInOwoKICAgIGFjY2Vzc19sb2cgIC92YXIvbG9nL25naW54L2FjY2Vzcy5sb2cgIG1haW47CgogICAgc2VuZGZpbGUgICAgICAgIG9uOwogICAgI3RjcF9ub3B1c2ggICAgIG9uOwoKICAgIGtlZXBhbGl2ZV90aW1lb3V0ICA2NTsKCiAgICAjZ3ppcCAgb247CgogICAgaW5jbHVkZSAvZXRjL25naW54L2NvbmYuZC8qLmNvbmY7Cn0K", - "mtime": "1970-01-01T00:00:00Z", - "name": "nginx.conf", - "size": 648 - }, - { - "contents": "CnR5cGVzIHsKICAgIHRleHQvaHRtbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBodG1sIGh0bSBzaHRtbDsKICAgIHRleHQvY3NzICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjc3M7CiAgICB0ZXh0L3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeG1sOwogICAgaW1hZ2UvZ2lmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdpZjsKICAgIGltYWdlL2pwZWcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqcGVnIGpwZzsKICAgIGFwcGxpY2F0aW9uL2phdmFzY3JpcHQgICAgICAgICAgICAgICAgICAgICAgICAgICBqczsKICAgIGFwcGxpY2F0aW9uL2F0b20reG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdG9tOwogICAgYXBwbGljYXRpb24vcnNzK3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJzczsKCiAgICB0ZXh0L21hdGhtbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbW1sOwogICAgdGV4dC9wbGFpbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHR4dDsKICAgIHRleHQvdm5kLnN1bi5qMm1lLmFwcC1kZXNjcmlwdG9yICAgICAgICAgICAgICAgICBqYWQ7CiAgICB0ZXh0L3ZuZC53YXAud21sICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd21sOwogICAgdGV4dC94LWNvbXBvbmVudCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGh0YzsKCiAgICBpbWFnZS9hdmlmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXZpZjsKICAgIGltYWdlL3BuZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwbmc7CiAgICBpbWFnZS9zdmcreG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZnIHN2Z3o7CiAgICBpbWFnZS90aWZmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGlmIHRpZmY7CiAgICBpbWFnZS92bmQud2FwLndibXAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2JtcDsKICAgIGltYWdlL3dlYnAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJwOwogICAgaW1hZ2UveC1pY29uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGljbzsKICAgIGltYWdlL3gtam5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqbmc7CiAgICBpbWFnZS94LW1zLWJtcCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYm1wOwoKICAgIGZvbnQvd29mZiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3b2ZmOwogICAgZm9udC93b2ZmMiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdvZmYyOwoKICAgIGFwcGxpY2F0aW9uL2phdmEtYXJjaGl2ZSAgICAgICAgICAgICAgICAgICAgICAgICBqYXIgd2FyIGVhcjsKICAgIGFwcGxpY2F0aW9uL2pzb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqc29uOwogICAgYXBwbGljYXRpb24vbWFjLWJpbmhleDQwICAgICAgICAgICAgICAgICAgICAgICAgIGhxeDsKICAgIGFwcGxpY2F0aW9uL21zd29yZCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2M7CiAgICBhcHBsaWNhdGlvbi9wZGYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcGRmOwogICAgYXBwbGljYXRpb24vcG9zdHNjcmlwdCAgICAgICAgICAgICAgICAgICAgICAgICAgIHBzIGVwcyBhaTsKICAgIGFwcGxpY2F0aW9uL3J0ZiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBydGY7CiAgICBhcHBsaWNhdGlvbi92bmQuYXBwbGUubXBlZ3VybCAgICAgICAgICAgICAgICAgICAgbTN1ODsKICAgIGFwcGxpY2F0aW9uL3ZuZC5nb29nbGUtZWFydGgua21sK3htbCAgICAgICAgICAgICBrbWw7CiAgICBhcHBsaWNhdGlvbi92bmQuZ29vZ2xlLWVhcnRoLmtteiAgICAgICAgICAgICAgICAga216OwogICAgYXBwbGljYXRpb24vdm5kLm1zLWV4Y2VsICAgICAgICAgICAgICAgICAgICAgICAgIHhsczsKICAgIGFwcGxpY2F0aW9uL3ZuZC5tcy1mb250b2JqZWN0ICAgICAgICAgICAgICAgICAgICBlb3Q7CiAgICBhcHBsaWNhdGlvbi92bmQubXMtcG93ZXJwb2ludCAgICAgICAgICAgICAgICAgICAgcHB0OwogICAgYXBwbGljYXRpb24vdm5kLm9hc2lzLm9wZW5kb2N1bWVudC5ncmFwaGljcyAgICAgIG9kZzsKICAgIGFwcGxpY2F0aW9uL3ZuZC5vYXNpcy5vcGVuZG9jdW1lbnQucHJlc2VudGF0aW9uICBvZHA7CiAgICBhcHBsaWNhdGlvbi92bmQub2FzaXMub3BlbmRvY3VtZW50LnNwcmVhZHNoZWV0ICAgb2RzOwogICAgYXBwbGljYXRpb24vdm5kLm9hc2lzLm9wZW5kb2N1bWVudC50ZXh0ICAgICAgICAgIG9kdDsKICAgIGFwcGxpY2F0aW9uL3ZuZC5vcGVueG1sZm9ybWF0cy1vZmZpY2Vkb2N1bWVudC5wcmVzZW50YXRpb25tbC5wcmVzZW50YXRpb24KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwcHR4OwogICAgYXBwbGljYXRpb24vdm5kLm9wZW54bWxmb3JtYXRzLW9mZmljZWRvY3VtZW50LnNwcmVhZHNoZWV0bWwuc2hlZXQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB4bHN4OwogICAgYXBwbGljYXRpb24vdm5kLm9wZW54bWxmb3JtYXRzLW9mZmljZWRvY3VtZW50LndvcmRwcm9jZXNzaW5nbWwuZG9jdW1lbnQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2N4OwogICAgYXBwbGljYXRpb24vdm5kLndhcC53bWxjICAgICAgICAgICAgICAgICAgICAgICAgIHdtbGM7CiAgICBhcHBsaWNhdGlvbi93YXNtICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2FzbTsKICAgIGFwcGxpY2F0aW9uL3gtN3otY29tcHJlc3NlZCAgICAgICAgICAgICAgICAgICAgICA3ejsKICAgIGFwcGxpY2F0aW9uL3gtY29jb2EgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjY287CiAgICBhcHBsaWNhdGlvbi94LWphdmEtYXJjaGl2ZS1kaWZmICAgICAgICAgICAgICAgICAgamFyZGlmZjsKICAgIGFwcGxpY2F0aW9uL3gtamF2YS1qbmxwLWZpbGUgICAgICAgICAgICAgICAgICAgICBqbmxwOwogICAgYXBwbGljYXRpb24veC1tYWtlc2VsZiAgICAgICAgICAgICAgICAgICAgICAgICAgIHJ1bjsKICAgIGFwcGxpY2F0aW9uL3gtcGVybCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwbCBwbTsKICAgIGFwcGxpY2F0aW9uL3gtcGlsb3QgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwcmMgcGRiOwogICAgYXBwbGljYXRpb24veC1yYXItY29tcHJlc3NlZCAgICAgICAgICAgICAgICAgICAgIHJhcjsKICAgIGFwcGxpY2F0aW9uL3gtcmVkaGF0LXBhY2thZ2UtbWFuYWdlciAgICAgICAgICAgICBycG07CiAgICBhcHBsaWNhdGlvbi94LXNlYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2VhOwogICAgYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2ggICAgICAgICAgICAgICAgICAgIHN3ZjsKICAgIGFwcGxpY2F0aW9uL3gtc3R1ZmZpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBzaXQ7CiAgICBhcHBsaWNhdGlvbi94LXRjbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGNsIHRrOwogICAgYXBwbGljYXRpb24veC14NTA5LWNhLWNlcnQgICAgICAgICAgICAgICAgICAgICAgIGRlciBwZW0gY3J0OwogICAgYXBwbGljYXRpb24veC14cGluc3RhbGwgICAgICAgICAgICAgICAgICAgICAgICAgIHhwaTsKICAgIGFwcGxpY2F0aW9uL3hodG1sK3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICB4aHRtbDsKICAgIGFwcGxpY2F0aW9uL3hzcGYreG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICB4c3BmOwogICAgYXBwbGljYXRpb24vemlwICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHppcDsKCiAgICBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0gICAgICAgICAgICAgICAgICAgICAgICAgYmluIGV4ZSBkbGw7CiAgICBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0gICAgICAgICAgICAgICAgICAgICAgICAgZGViOwogICAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtICAgICAgICAgICAgICAgICAgICAgICAgIGRtZzsKICAgIGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbSAgICAgICAgICAgICAgICAgICAgICAgICBpc28gaW1nOwogICAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtICAgICAgICAgICAgICAgICAgICAgICAgIG1zaSBtc3AgbXNtOwoKICAgIGF1ZGlvL21pZGkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtaWQgbWlkaSBrYXI7CiAgICBhdWRpby9tcGVnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbXAzOwogICAgYXVkaW8vb2dnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9nZzsKICAgIGF1ZGlvL3gtbTRhICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtNGE7CiAgICBhdWRpby94LXJlYWxhdWRpbyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcmE7CgogICAgdmlkZW8vM2dwcCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDNncHAgM2dwOwogICAgdmlkZW8vbXAydCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRzOwogICAgdmlkZW8vbXA0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1wNDsKICAgIHZpZGVvL21wZWcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtcGVnIG1wZzsKICAgIHZpZGVvL3F1aWNrdGltZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtb3Y7CiAgICB2aWRlby93ZWJtICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2VibTsKICAgIHZpZGVvL3gtZmx2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBmbHY7CiAgICB2aWRlby94LW00diAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbTR2OwogICAgdmlkZW8veC1tbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1uZzsKICAgIHZpZGVvL3gtbXMtYXNmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhc3ggYXNmOwogICAgdmlkZW8veC1tcy13bXYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdtdjsKICAgIHZpZGVvL3gtbXN2aWRlbyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdmk7Cn0K", - "mtime": "1970-01-01T00:00:00Z", - "name": "mime.types", - "size": 5349 - } - ], - "name": "/etc/nginx" + }, + "key_paths": { + "type": "array", + "description": "The list of file system paths where the private key file is installed.\nSince a single key file may be applied in multiple contexts, all relevant paths are included.\n", + "example": [ + "/etc/nginx/key.pem", + "/etc/ssl/server.key" + ], + "items": { + "type": "string" } - ] + }, + "deployment_status": { + "$ref": "#/components/schemas/CertificateDeploymentStatus" + }, + "subject_name": { + "type": "string", + "description": "Hostname or domain for the certificate. Usually the subject-alt-name (SAN) value for the certificate.\nif SAN is not present, this will be the certificate subject's common name.\n", + "example": "nginx.com" + }, + "cert_status": { + "$ref": "#/components/schemas/CertificateStatus" + }, + "not_before": { + "type": "string", + "format": "date-time", + "description": "the effective date of the certificate." + }, + "not_after": { + "type": "string", + "format": "date-time", + "description": "The expiration date for the certificate." + } } }, - "NginxConfigObjectID": { - "description": "A globally unique identifier for the NGINX Config object.", + "NapPolicyObjectID": { + "description": "A globally unique identifier for the App Protect policy.", "type": "string", "format": "object_id", - "pattern": "^nc_.*", + "pattern": "^pol_.*", "x-go-type": "objects.ID", "x-go-type-import": { "name": "objects", "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "PayloadObjectID": { - "description": "A globally unique identifier for the valid payload object reference.", + "NapPolicyVersionObjectID": { + "description": "A globally unique identifier for the App Protect policy version.", "type": "string", "format": "object_id", - "pattern": "^(cert|pv)_.*", + "pattern": "^pv_.*", "x-go-type": "objects.ID", "x-go-type-import": { "name": "objects", "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "NginxConfigPayload": { - "type": "object", - "description": "Details of Aux File Payload that goes with an NGINX configuration. Provide hints for the backend system on \nadditional file contents that should be part of the NGINX Config Publication.\nCan be used to deploy files related to SSL certificates, to a data plane instance.\n", + "PublicationObjectID": { + "description": "A globally unique identifier for the publication.", + "type": "string", + "format": "object_id", + "example": "pub_72pGHoGsSICL_THZrs964g", + "pattern": "^pub_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "NapPolicyEnforcementMode": { + "description": "The current enforcement mode of the NGINX App Protect policy, with the following possible values:\n* `blocking` - Any illegal or suspicious requests are logged and blocked.\n* `transparent` - Any illegal or suspicious requests are logged but not blocked.\n", + "type": "string", + "enum": [ + "blocking", + "transparent" + ], + "x-enum-varnames": [ + "nap_enforcement_mode_blocking", + "nap_enforcement_mode_transparent" + ] + }, + "NapDeploymentStatus": { + "description": "The current enforcement mode of the NGINX App Protect policy, with the following possible values:\n* `deployed` - The NGINX App Protect policy has been deployed.\n* `not_deployed` - The NGINX App Protect policy has not been deployed.\n* `deploying` - The NGINX App Protect policy is currently being deployed.\n* `failed` - The NGINX App Protect policy failed deploying.\n", + "type": "string", + "enum": [ + "deployed", + "not_deployed", + "deploying", + "failed" + ], + "x-enum-varnames": [ + "nap_deployment_status_deployed", + "nap_deployment_status_not_deployed", + "nap_deployment_status_deploying", + "nap_deployment_status_failed" + ] + }, + "NapAssociation": { + "description": "Details for a NGINX App Protect policy version that's associated with an instance or a config sync group.", "required": [ - "type", - "paths" + "name", + "version", + "policy_object_id", + "policy_version_object_id", + "paths", + "deployment_status", + "publication_object_id", + "deployed_on", + "enforcement_mode" ], "properties": { - "type": { + "name": { "type": "string", - "description": "Types of Aux File Payload:\n - inline_secret - indicates the provided content for the payload should be stored in a secret location, and removed after the publication is done.\n - inline_content - indicates the provided content for the payload should be stored, and removed after the publication is done. Note, the contents may end up in the `aux` content if used in this NGINX configuration.\n - unmanaged_certificate - indicates certificate content for an unmanaged certificate detected from a data plane instance through NGINX configurations. Will be filtered and ignored in the payload deployment.\n - managed_certificate - indicates public certificates managed by NGINX One Console.\n - managed_key - indicates a private key managed by NGINX One Console.\n - nap_policy_version - indicates a version of NAP policy managed by NGINX One Console. A valid policy_version object\n", - "enum": [ - "inline_secret", - "inline_content", - "unmanaged_certificate", - "managed_certificate", - "managed_key", - "nap_policy_version" - ], - "x-enum-varnames": [ - "nginx_config_payload_inline_secret", - "nginx_config_payload_inline_content", - "nginx_config_payload_unmanaged_certificate", - "nginx_config_payload_managed_certificate", - "nginx_config_payload_managed_key", - "nginx_config_payload_nap_policy_version" - ] + "description": "Name of the policy at the time of the deployment." }, - "contents": { + "version": { "type": "string", - "format": "base64", - "description": "The base64-encoded contents of the file.", - "maxLength": 3145728 + "description": "Version of the policy at the time of the deployment." }, - "object_id": { - "$ref": "#/components/schemas/PayloadObjectID" + "policy_object_id": { + "$ref": "#/components/schemas/NapPolicyObjectID" + }, + "policy_version_object_id": { + "$ref": "#/components/schemas/NapPolicyVersionObjectID" + }, + "publication_object_id": { + "$ref": "#/components/schemas/PublicationObjectID" + }, + "enforcement_mode": { + "$ref": "#/components/schemas/NapPolicyEnforcementMode" }, "paths": { "type": "array", + "description": "The list of file system paths where the compiled NAP policy version bundle file is installed. \nSince a single compiled NAP policy version bundle file may be applied in multiple contexts, all relevant paths are included.\n", + "example": [ + "/etc/nginx/default_policy.tgz", + "/etc/nginx/default_policy_server_2.tgz" + ], "items": { "type": "string" } + }, + "deployment_status": { + "$ref": "#/components/schemas/NapDeploymentStatus" + }, + "deployed_on": { + "description": "Date and time of the deployment.", + "type": "string", + "format": "date-time" } }, "example": { - "type": "inline_content", - "contents": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURUVENDQWpXZ0F3SUJBZ0lVVkcycitidUwwRk83U1FVeUtoVkNTN3YyRHZZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05qRVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNUk13RVFZRFZRUUtEQXBPUjBsT1dDQkpibU11TVFzdwpDUVlEVlFRR0V3SlZVekFlRncweU5EQTBNall5TURVeE5ERmFGdzB5TkRBME1qY3lNRFV4TkRGYU1EWXhFakFRCkJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERFVE1CRUdBMVVFQ2d3S1RrZEpUbGdnU1c1akxqRUxNQWtHQTFVRUJoTUMKVlZNd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMyb0FJVU9HMkxGMFVGclpMeQp5aWhZRjBZWjdYTWFYZnZ4dWJMYVZZdUdJNjlYN1FQRUJtUXp2OXdod25aUktDUExDZHVCNG04Y0o3Q3BGenRHCldPYVFMbmNxVVA4RFU1aHlQeFBSbmZUdFFBcUdiMDJRZ1RVQXY1QkpJMFZheGhCcnNaemd0KzgyM3ZoTTZTUHcKMGdSc1NZRlFpKzVDWW9MMWZNSWdhS0N2Ri9zZGl5cHZFQ0JDZVZyTWZFZ0pGSVJBQ1kvdFBzdEsvTkxwKzlmawppZ3hFMlYxcldoSGdvRmhZRm5YYnVqM2RIMHJLai9DVlM5anZMMk9vRTlvenM5MkRVLytySGJ6eFR3QndVQjBzCmVPS2hPY2d2cENyTVlSUWxUUlhmWVJmV0NLN2Q2Mk1JR3kvajcvV1VieDFOYzl4MjJzUitydVRlZkxnRTA2NWgKMldDZkFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFmQmdOVgpIU01FR0RBV2dCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFCNC9VM3lrMFYzMTFNRFQvaEttbFJ4MWRqalRyMlhIQnVEcXZYY3BIRTQKVDJwZ0xnWURwN2tmUTQrdnlHWUt1cndEc0F1VDhEZCtUUUZLZEIraEFGRzMyazlxS1RyY1ZCZ2tNSjIwQitvWQp4T2diWW5zVnpiTDhXL0hOR3BlbDkrbThwYURtMGRXNzhMUit5UnJleDVlY2pjYWlZMDg3b0dHNlJDeWhyUVd4CkpkdkFvNlU1ejl3TnVhNmMyNlY2cy84Yit6SkJWektGZ0tQNVVGL2lIcGJVNW1QcVMwWlk4ckhRLzZPTHRGRjgKZ1J2UUlRZjZLSjRmOXlUOFBYSHBIdGJCMzEzaWh2Z09wWW9la3lIWTZaSmllTWhkd0J4MzB1N3d2Uy9POEluYwpsZWZzTkxUcWFTM2JWdldLeUFaVlZyenFtU043aGh4QWZrc0RZelBFbkF3OAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t", + "name": "default_policy", + "version": "2025.05.01", + "policy_object_id": "pol_panEdeY-Sh2rWm365y7wsw", + "policy_version_object_id": "pv_kem7SCosTTOL9mMlNyY2GQ", + "publication_object_id": "pub_72pGHoGsSICL_THZrs964g", "paths": [ - "/etc/nginx/ssl/server.crt" - ] + "/etc/nginx/default_policy.tgz" + ], + "deployment_status": "deployed", + "enforcement_mode": "transparent", + "deployed_on": "2023-12-06T22:37:24.120114Z" } }, - "NginxConfigPayloads": { - "type": "array", - "description": "An array of payloads that track the file paths of each SSL certificates and key, indicating where to deploy\nthem onto the data plane instance.\n* If the `type` is `managed_certificate` or `managed_key`, you need to specify an `object_id`.\n * The `object_id` must represent a managed certificate object, or a `400 Bad Request` is returned. \n * The `contents` field is optional and is ignored if included.\n* The NGINX One Console manages deployed file paths only for managed certificates and keys. If you don't want \nthem to be managed by NGINX One Console, `inline_content` and `inline_secret` can be used for certificates or \nkeys, respectively. When you retrieve certificate deployment details, only the file paths of managed \ncertificates and keys will be shown.\n* If you use `inline_content` and `inline_secret` in your NGINX configuration, the NGINX One Console \nwill detect them. When they are used as SSL directives of the NGINX configuration \nfor certificates and keys, the certificates will be listed as `unmanaged_certificate` in the certificate \ndeployment details.\n", - "items": { - "$ref": "#/components/schemas/NginxConfigPayload" - }, - "example": [ - { - "type": "managed_certificate", - "object_id": "cert_rto8NYiCQputrIasNx2NOA", - "paths": [ - "/etc/nginx/cert.pem" - ] - }, + "ConfigSyncGroup": { + "allOf": [ { - "type": "managed_key", - "object_id": "cert_rto8NYiCQputrIasNx2NOA", - "paths": [ - "/etc/nginx/key.pem" - ] + "$ref": "#/components/schemas/ConfigSyncGroupMeta" }, { - "type": "inline_content", - "contents": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURUVENDQWpXZ0F3SUJBZ0lVVkcycitidUwwRk83U1FVeUtoVkNTN3YyRHZZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05qRVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNUk13RVFZRFZRUUtEQXBPUjBsT1dDQkpibU11TVFzdwpDUVlEVlFRR0V3SlZVekFlRncweU5EQTBNall5TURVeE5ERmFGdzB5TkRBME1qY3lNRFV4TkRGYU1EWXhFakFRCkJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERFVE1CRUdBMVVFQ2d3S1RrZEpUbGdnU1c1akxqRUxNQWtHQTFVRUJoTUMKVlZNd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMyb0FJVU9HMkxGMFVGclpMeQp5aWhZRjBZWjdYTWFYZnZ4dWJMYVZZdUdJNjlYN1FQRUJtUXp2OXdod25aUktDUExDZHVCNG04Y0o3Q3BGenRHCldPYVFMbmNxVVA4RFU1aHlQeFBSbmZUdFFBcUdiMDJRZ1RVQXY1QkpJMFZheGhCcnNaemd0KzgyM3ZoTTZTUHcKMGdSc1NZRlFpKzVDWW9MMWZNSWdhS0N2Ri9zZGl5cHZFQ0JDZVZyTWZFZ0pGSVJBQ1kvdFBzdEsvTkxwKzlmawppZ3hFMlYxcldoSGdvRmhZRm5YYnVqM2RIMHJLai9DVlM5anZMMk9vRTlvenM5MkRVLytySGJ6eFR3QndVQjBzCmVPS2hPY2d2cENyTVlSUWxUUlhmWVJmV0NLN2Q2Mk1JR3kvajcvV1VieDFOYzl4MjJzUitydVRlZkxnRTA2NWgKMldDZkFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFmQmdOVgpIU01FR0RBV2dCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFCNC9VM3lrMFYzMTFNRFQvaEttbFJ4MWRqalRyMlhIQnVEcXZYY3BIRTQKVDJwZ0xnWURwN2tmUTQrdnlHWUt1cndEc0F1VDhEZCtUUUZLZEIraEFGRzMyazlxS1RyY1ZCZ2tNSjIwQitvWQp4T2diWW5zVnpiTDhXL0hOR3BlbDkrbThwYURtMGRXNzhMUit5UnJleDVlY2pjYWlZMDg3b0dHNlJDeWhyUVd4CkpkdkFvNlU1ejl3TnVhNmMyNlY2cy84Yit6SkJWektGZ0tQNVVGL2lIcGJVNW1QcVMwWlk4ckhRLzZPTHRGRjgKZ1J2UUlRZjZLSjRmOXlUOFBYSHBIdGJCMzEzaWh2Z09wWW9la3lIWTZaSmllTWhkd0J4MzB1N3d2Uy9POEluYwpsZWZzTkxUcWFTM2JWdldLeUFaVlZyenFtU043aGh4QWZrc0RZelBFbkF3OAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t", - "paths": [ - "/etc/nginx/inline_cert.crt" - ] + "type": "object", + "description": "Additional information of the NGINX config sync group including:\n* config sync status\n* config checksum\n* instances\n* last known publication status\n* certs associated with this config sync group\n", + "properties": { + "config_status": { + "$ref": "#/components/schemas/ConfigSyncStatus" + }, + "config_version": { + "description": "A computed hash of current config on the config sync group.", + "type": "string" + }, + "instances": { + "description": "An array of Instance objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/ConfigSyncGroupInstance" + } + }, + "last_publication_status": { + "$ref": "#/components/schemas/ConfigSyncGroupPublicationStatus" + }, + "certs": { + "description": "An array detailing each certificate's information, including its friendly name, unique identifier, applicable file system paths, subject name, and validity dates. \nIt provides insights into the operational status of each certificate, such as whether it's currently valid, nearing expiration, is not ready to be used, or has already expired.\nThe deployment status indicates whether the latest certs and key managed by NGINX One Console are deployed onto the data plane instances that are part of this config sync group.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/CertAssociation" + } + }, + "nginx_app_protect": { + "type": "object", + "required": [ + "deployments" + ], + "properties": { + "deployments": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NapAssociation" + } + } + } + } + } } - ] + ], + "example": { + "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", + "name": "test-config-sync-group", + "created_at": "2023-12-06T22:37:24.120114Z", + "config_status": "in_sync", + "config_version": "uvR3F2TQGm18jnl7bpaGw", + "instances": [ + { + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "hostname": "816e3c194d59", + "system_id": "6066aad2-211e-3718-be5d-fcc01ffc5cc8", + "agent_version": "v2.33.0", + "registered_at": "2024-05-16T18:26:40.556048Z", + "last_reported": "2023-12-06T22:37:24.120114Z", + "status": "unavailable", + "nginx_build": { + "conf_path": "/etc/nginx/nginx.conf", + "version": "1.25.3" + }, + "os_version": "Ubuntu 22.04", + "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", + "config_status": "in_sync", + "config_version": "abc123def456" + } + ], + "certs": [ + { + "subject_name": "test.com", + "name": "client", + "cert_type": "cert_key", + "not_after": "2024-01-06T00:01:30Z", + "not_before": "2023-12-07T00:01:30Z", + "cert_paths": [ + "/etc/nginx/client.pem" + ], + "cert_status": "expiring", + "deployment_status": "latest", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw" + } + ] + } }, - "NginxConfig": { - "description": "Details of an NGINX configuration, including its unique identifier, the main configuration path, the \nconfiguration directories, and the NGINX configuration payloads that indicate where managed SSL certificates\nand keys were deployed to on the data plane instance.\n", + "ConfigSyncGroupDetails": { + "type": "object", + "description": "Detailed information of the NGINX config sync group.", "allOf": [ { - "$ref": "#/components/schemas/NginxConfigObject" - }, - { - "type": "object", - "required": [ - "object_id" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/NginxConfigObjectID" - }, - "payloads": { - "$ref": "#/components/schemas/NginxConfigPayloads" - } - } + "$ref": "#/components/schemas/ConfigSyncGroup" } ] }, - "FileDataRequest": { + "FileData": { "type": "object", - "description": "Details about a file, name, and content.", + "description": "Details about a file, including its path, content, size, and last modified time.", "required": [ - "name" + "name", + "contents", + "size", + "mtime" ], "properties": { "name": { "type": "string", - "description": "The file's relative path to the parent directory, absolute path also accepted.", + "description": "The file's relative path to the parent directory.", "minLength": 1, "maxLength": 4096 }, @@ -7515,12 +8457,21 @@ "format": "byte", "description": "The base64-encoded contents of the file.", "maxLength": 3145728 + }, + "size": { + "type": "integer", + "description": "The size of the file, in bytes." + }, + "mtime": { + "type": "string", + "format": "date-time", + "description": "Timestamp of the last modification made to the file." } } }, - "DirectoryRequestWithFileContent": { + "DirectoryWithFileContent": { "type": "object", - "description": "Represents a directory and its contents, detailing the directory's full path, and the files within it.", + "description": "Represents a directory and its contents, detailing the directory's full path, assigned permissions, last modified time, and the files within it.", "required": [ "name", "files" @@ -7528,19 +8479,27 @@ "properties": { "name": { "type": "string", - "minLength": 1, "description": "The complete path of the directory." }, + "permissions": { + "type": "string", + "description": "The permissions for the directory." + }, + "mtime": { + "type": "string", + "description": "The date and time when the directory was last modified.", + "format": "date-time" + }, "files": { "type": "array", "description": "The list of files in the directory.", "items": { - "$ref": "#/components/schemas/FileDataRequest" + "$ref": "#/components/schemas/FileData" } } } }, - "NginxConfigObjectRequest": { + "NginxConfigObject": { "type": "object", "description": "Details of an NGINX configuration, the main configuration path, and the configuration directories.\n", "required": [ @@ -7559,26 +8518,78 @@ "type": "array", "description": "An array of directories containing NGINX configuration files.", "items": { - "$ref": "#/components/schemas/DirectoryRequestWithFileContent" + "$ref": "#/components/schemas/DirectoryWithFileContent" } }, "aux": { "type": "array", - "description": "An array of auxiliary directory contents related to the NGINX configuration. When auxiliary contents are\nprovided, they become the authoritative source of non-NGINX configuration content. Please ensure the\nprovided contents are complete, missing files that are referenced in the NGINX configuration can cause\nNGINX reload failure. When not provided, the previous known auxiliary contents will be used as part of\npublish.\n", + "description": "An array of auxiliary directory contents related to the NGINX configuration.", "items": { - "$ref": "#/components/schemas/DirectoryRequestWithFileContent" + "$ref": "#/components/schemas/DirectoryWithFileContent" } } + }, + "example": { + "aux": [], + "conf_path": "/etc/nginx/nginx.conf", + "configs": [ + { + "files": [ + { + "contents": "Cm1hcCAkdXJpICRtYXBwZWRfc2VydmljZSB7CiAgICBkZWZhdWx0IFVOTUFUQ0hFRDsKICAgICJ+Xi9hcGkvdjEvbmFtZXNwYWNlcy9cdysvaW5zdGFuY2VzIiAgICAgICAgaW5zdGFuY2VzLXN2YzsKICAgICJ+Xi9hcGkvdjEvbmFtZXNwYWNlcy9cdysvZGF0YS1wbGFuZS1rZXlzIiAga2V5cy1zdmM7CiAgICAifl4vYXBpL3YxL25hbWVzcGFjZXMvXHcrL21vbml0b3IiICAgICAgICAgIG1vbml0b3Itc3ZjOwp9Cgp1cHN0cmVhbSBpbnN0YW5jZXMtc3ZjIHsKICAgIHNlcnZlciBpbnN0YW5jZXMtc3ZjOjgwODA7Cn0KCnVwc3RyZWFtIGtleXMtc3ZjIHsKICAgIHNlcnZlciBrZXlzLXN2Yzo4MDkwOwp9Cgp1cHN0cmVhbSBkYXRhcGxhbmUtY3RybCB7CiAgICBzZXJ2ZXIgZGF0YXBsYW5lLWN0cmw6ODA4MDsKfQoKdXBzdHJlYW0gbW9uaXRvci1zdmMgewogICAgc2VydmVyIG1vbml0b3Itc3ZjOjgwODA7Cn0KCnVwc3RyZWFtIG1ldHJpY3MtaW5nZXN0IHsKICAgIHNlcnZlciBtZXRyaWNzLWluZ2VzdDo4MDgwOwp9CgpzZXJ2ZXIgewogICAgbGlzdGVuIDg4ODg7CiAgICBzZXJ2ZXJfbmFtZSBfOwogICAgaHR0cDIgb247CgogICAgcHJveHlfcGFzc19yZXF1ZXN0X2hlYWRlcnMgb247CiAgICByZXdyaXRlICJeL2FwaS8obmdpbngvb25lfHYxKS8oLiopJCIgIi9hcGkvdjEvJDIiIGJyZWFrOwogICAgbG9jYXRpb24gL2FwaS92MS8gewogICAgICAgIGlmICgkbWFwcGVkX3NlcnZpY2UgPSAiVU5NQVRDSEVEIikgewogICAgICAgICAgICByZXR1cm4gNDA0ICd7ImVycm9yOiAiTm90IGZvdW5kIn0nOwogICAgICAgIH0KICAgICAgICBwcm94eV9wYXNzX2hlYWRlciBYLVZvbHRlcnJhLUFwaWd3LVRlbmFudDsKICAgICAgICBwcm94eV9wYXNzIGh0dHA6Ly8kbWFwcGVkX3NlcnZpY2U7CiAgICB9CgogICAgIyBnUlBDIHNlcnZpY2UgZm9yIGRhdGFwbGFuZS1jdHJsCiAgICBsb2NhdGlvbiAvZjUubmdpbnguYWdlbnQuc2RrLkNvbW1hbmRlciB7CiAgICAgICAgZ3JwY19zb2NrZXRfa2VlcGFsaXZlIG9uOwogICAgICAgIGdycGNfcmVhZF90aW1lb3V0IDVtOwogICAgICAgIGdycGNfc2VuZF90aW1lb3V0IDVtOwogICAgICAgIGNsaWVudF9ib2R5X3RpbWVvdXQgMTBtOwogICAgICAgIGdycGNfcGFzcyBncnBjOi8vZGF0YXBsYW5lLWN0cmw7CiAgICB9CgogICAgIyBnUlBDIHNlcnZpY2UgZm9yIG1ldHJpY3MgaW5nZXN0aW9uCiAgICBsb2NhdGlvbiAvZjUubmdpbnguYWdlbnQuc2RrLk1ldHJpY3NTZXJ2aWNlIHsKICAgICAgICBncnBjX3NvY2tldF9rZWVwYWxpdmUgb247CiAgICAgICAgZ3JwY19yZWFkX3RpbWVvdXQgNW07CiAgICAgICAgZ3JwY19zZW5kX3RpbWVvdXQgNW07CiAgICAgICAgY2xpZW50X2JvZHlfdGltZW91dCAxMG07CiAgICAgICAgY2xpZW50X21heF9ib2R5X3NpemUgMDsKICAgICAgICBncnBjX3Bhc3MgZ3JwYzovL21ldHJpY3MtaW5nZXN0OwogICAgfQp9CgojIHByb3h5IHRvIHRoZSBtYW5hZ2VtZW50IHNlcnZlcnMKc2VydmVyIHsKICAgIGxpc3RlbiAxNTAwMDsKICAgIHNlcnZlcl9uYW1lIF87CiAgICAjIHVzZSBkb2NrZXIgRE5TCiAgICByZXNvbHZlciAxMjcuMC4wLjExIHZhbGlkPTMwczsKCiAgICAjIG1hdGNoIC88c2VydmljZT4vPG1nbXQgZW5kcG9pbnQ+CiAgICBsb2NhdGlvbiB+Xi8oW14vXSspLyguKykkIHsKICAgICAgICBwcm94eV9wYXNzIGh0dHA6Ly8kMToxNTAwMC8kMjsKICAgIH0KCiAgICBsb2NhdGlvbiAvIHsKICAgICAgICBhZGRfaGVhZGVyICJDb250ZW50LVR5cGUiICJ0ZXh0L2h0bWwiOwogICAgICAgIHJldHVybiAyMDAgIjxwPkFjY2VzcyB0aGUgbWFuYWdlbWVudCBzZXJ2ZXIgb2YgYW55IHNlcnZpY2Ugd2l0aCBVUkxzIGxpa2UgPGNvZGU+aHR0cDovL2xvY2FsaG9zdDoxNTAwMC8mbHQ7U0VSVklDRV9OQU1FJmd0Oy9tZXRyaWNzPC9jb2RlPjwvcD4iOwogICAgfQp9Cg==", + "mtime": "1970-01-01T00:00:00Z", + "name": "default.conf", + "size": 1942 + } + ], + "name": "/etc/nginx/conf.d" + }, + { + "files": [ + { + "contents": "CnVzZXIgIG5naW54Owp3b3JrZXJfcHJvY2Vzc2VzICBhdXRvOwoKZXJyb3JfbG9nICAvdmFyL2xvZy9uZ2lueC9lcnJvci5sb2cgbm90aWNlOwpwaWQgICAgICAgIC92YXIvcnVuL25naW54LnBpZDsKCgpldmVudHMgewogICAgd29ya2VyX2Nvbm5lY3Rpb25zICAxMDI0Owp9CgoKaHR0cCB7CiAgICBpbmNsdWRlICAgICAgIC9ldGMvbmdpbngvbWltZS50eXBlczsKICAgIGRlZmF1bHRfdHlwZSAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtOwoKICAgIGxvZ19mb3JtYXQgIG1haW4gICckcmVtb3RlX2FkZHIgLSAkcmVtb3RlX3VzZXIgWyR0aW1lX2xvY2FsXSAiJHJlcXVlc3QiICcKICAgICAgICAgICAgICAgICAgICAgICckc3RhdHVzICRib2R5X2J5dGVzX3NlbnQgIiRodHRwX3JlZmVyZXIiICcKICAgICAgICAgICAgICAgICAgICAgICciJGh0dHBfdXNlcl9hZ2VudCIgIiRodHRwX3hfZm9yd2FyZGVkX2ZvciInOwoKICAgIGFjY2Vzc19sb2cgIC92YXIvbG9nL25naW54L2FjY2Vzcy5sb2cgIG1haW47CgogICAgc2VuZGZpbGUgICAgICAgIG9uOwogICAgI3RjcF9ub3B1c2ggICAgIG9uOwoKICAgIGtlZXBhbGl2ZV90aW1lb3V0ICA2NTsKCiAgICAjZ3ppcCAgb247CgogICAgaW5jbHVkZSAvZXRjL25naW54L2NvbmYuZC8qLmNvbmY7Cn0K", + "mtime": "1970-01-01T00:00:00Z", + "name": "nginx.conf", + "size": 648 + }, + { + "contents": "CnR5cGVzIHsKICAgIHRleHQvaHRtbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBodG1sIGh0bSBzaHRtbDsKICAgIHRleHQvY3NzICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjc3M7CiAgICB0ZXh0L3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeG1sOwogICAgaW1hZ2UvZ2lmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdpZjsKICAgIGltYWdlL2pwZWcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqcGVnIGpwZzsKICAgIGFwcGxpY2F0aW9uL2phdmFzY3JpcHQgICAgICAgICAgICAgICAgICAgICAgICAgICBqczsKICAgIGFwcGxpY2F0aW9uL2F0b20reG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdG9tOwogICAgYXBwbGljYXRpb24vcnNzK3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJzczsKCiAgICB0ZXh0L21hdGhtbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbW1sOwogICAgdGV4dC9wbGFpbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHR4dDsKICAgIHRleHQvdm5kLnN1bi5qMm1lLmFwcC1kZXNjcmlwdG9yICAgICAgICAgICAgICAgICBqYWQ7CiAgICB0ZXh0L3ZuZC53YXAud21sICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd21sOwogICAgdGV4dC94LWNvbXBvbmVudCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGh0YzsKCiAgICBpbWFnZS9hdmlmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXZpZjsKICAgIGltYWdlL3BuZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwbmc7CiAgICBpbWFnZS9zdmcreG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZnIHN2Z3o7CiAgICBpbWFnZS90aWZmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGlmIHRpZmY7CiAgICBpbWFnZS92bmQud2FwLndibXAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2JtcDsKICAgIGltYWdlL3dlYnAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJwOwogICAgaW1hZ2UveC1pY29uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGljbzsKICAgIGltYWdlL3gtam5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqbmc7CiAgICBpbWFnZS94LW1zLWJtcCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYm1wOwoKICAgIGZvbnQvd29mZiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3b2ZmOwogICAgZm9udC93b2ZmMiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdvZmYyOwoKICAgIGFwcGxpY2F0aW9uL2phdmEtYXJjaGl2ZSAgICAgICAgICAgICAgICAgICAgICAgICBqYXIgd2FyIGVhcjsKICAgIGFwcGxpY2F0aW9uL2pzb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqc29uOwogICAgYXBwbGljYXRpb24vbWFjLWJpbmhleDQwICAgICAgICAgICAgICAgICAgICAgICAgIGhxeDsKICAgIGFwcGxpY2F0aW9uL21zd29yZCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2M7CiAgICBhcHBsaWNhdGlvbi9wZGYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcGRmOwogICAgYXBwbGljYXRpb24vcG9zdHNjcmlwdCAgICAgICAgICAgICAgICAgICAgICAgICAgIHBzIGVwcyBhaTsKICAgIGFwcGxpY2F0aW9uL3J0ZiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBydGY7CiAgICBhcHBsaWNhdGlvbi92bmQuYXBwbGUubXBlZ3VybCAgICAgICAgICAgICAgICAgICAgbTN1ODsKICAgIGFwcGxpY2F0aW9uL3ZuZC5nb29nbGUtZWFydGgua21sK3htbCAgICAgICAgICAgICBrbWw7CiAgICBhcHBsaWNhdGlvbi92bmQuZ29vZ2xlLWVhcnRoLmtteiAgICAgICAgICAgICAgICAga216OwogICAgYXBwbGljYXRpb24vdm5kLm1zLWV4Y2VsICAgICAgICAgICAgICAgICAgICAgICAgIHhsczsKICAgIGFwcGxpY2F0aW9uL3ZuZC5tcy1mb250b2JqZWN0ICAgICAgICAgICAgICAgICAgICBlb3Q7CiAgICBhcHBsaWNhdGlvbi92bmQubXMtcG93ZXJwb2ludCAgICAgICAgICAgICAgICAgICAgcHB0OwogICAgYXBwbGljYXRpb24vdm5kLm9hc2lzLm9wZW5kb2N1bWVudC5ncmFwaGljcyAgICAgIG9kZzsKICAgIGFwcGxpY2F0aW9uL3ZuZC5vYXNpcy5vcGVuZG9jdW1lbnQucHJlc2VudGF0aW9uICBvZHA7CiAgICBhcHBsaWNhdGlvbi92bmQub2FzaXMub3BlbmRvY3VtZW50LnNwcmVhZHNoZWV0ICAgb2RzOwogICAgYXBwbGljYXRpb24vdm5kLm9hc2lzLm9wZW5kb2N1bWVudC50ZXh0ICAgICAgICAgIG9kdDsKICAgIGFwcGxpY2F0aW9uL3ZuZC5vcGVueG1sZm9ybWF0cy1vZmZpY2Vkb2N1bWVudC5wcmVzZW50YXRpb25tbC5wcmVzZW50YXRpb24KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwcHR4OwogICAgYXBwbGljYXRpb24vdm5kLm9wZW54bWxmb3JtYXRzLW9mZmljZWRvY3VtZW50LnNwcmVhZHNoZWV0bWwuc2hlZXQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB4bHN4OwogICAgYXBwbGljYXRpb24vdm5kLm9wZW54bWxmb3JtYXRzLW9mZmljZWRvY3VtZW50LndvcmRwcm9jZXNzaW5nbWwuZG9jdW1lbnQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2N4OwogICAgYXBwbGljYXRpb24vdm5kLndhcC53bWxjICAgICAgICAgICAgICAgICAgICAgICAgIHdtbGM7CiAgICBhcHBsaWNhdGlvbi93YXNtICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2FzbTsKICAgIGFwcGxpY2F0aW9uL3gtN3otY29tcHJlc3NlZCAgICAgICAgICAgICAgICAgICAgICA3ejsKICAgIGFwcGxpY2F0aW9uL3gtY29jb2EgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjY287CiAgICBhcHBsaWNhdGlvbi94LWphdmEtYXJjaGl2ZS1kaWZmICAgICAgICAgICAgICAgICAgamFyZGlmZjsKICAgIGFwcGxpY2F0aW9uL3gtamF2YS1qbmxwLWZpbGUgICAgICAgICAgICAgICAgICAgICBqbmxwOwogICAgYXBwbGljYXRpb24veC1tYWtlc2VsZiAgICAgICAgICAgICAgICAgICAgICAgICAgIHJ1bjsKICAgIGFwcGxpY2F0aW9uL3gtcGVybCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwbCBwbTsKICAgIGFwcGxpY2F0aW9uL3gtcGlsb3QgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwcmMgcGRiOwogICAgYXBwbGljYXRpb24veC1yYXItY29tcHJlc3NlZCAgICAgICAgICAgICAgICAgICAgIHJhcjsKICAgIGFwcGxpY2F0aW9uL3gtcmVkaGF0LXBhY2thZ2UtbWFuYWdlciAgICAgICAgICAgICBycG07CiAgICBhcHBsaWNhdGlvbi94LXNlYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2VhOwogICAgYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2ggICAgICAgICAgICAgICAgICAgIHN3ZjsKICAgIGFwcGxpY2F0aW9uL3gtc3R1ZmZpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBzaXQ7CiAgICBhcHBsaWNhdGlvbi94LXRjbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGNsIHRrOwogICAgYXBwbGljYXRpb24veC14NTA5LWNhLWNlcnQgICAgICAgICAgICAgICAgICAgICAgIGRlciBwZW0gY3J0OwogICAgYXBwbGljYXRpb24veC14cGluc3RhbGwgICAgICAgICAgICAgICAgICAgICAgICAgIHhwaTsKICAgIGFwcGxpY2F0aW9uL3hodG1sK3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICB4aHRtbDsKICAgIGFwcGxpY2F0aW9uL3hzcGYreG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICB4c3BmOwogICAgYXBwbGljYXRpb24vemlwICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHppcDsKCiAgICBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0gICAgICAgICAgICAgICAgICAgICAgICAgYmluIGV4ZSBkbGw7CiAgICBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0gICAgICAgICAgICAgICAgICAgICAgICAgZGViOwogICAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtICAgICAgICAgICAgICAgICAgICAgICAgIGRtZzsKICAgIGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbSAgICAgICAgICAgICAgICAgICAgICAgICBpc28gaW1nOwogICAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtICAgICAgICAgICAgICAgICAgICAgICAgIG1zaSBtc3AgbXNtOwoKICAgIGF1ZGlvL21pZGkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtaWQgbWlkaSBrYXI7CiAgICBhdWRpby9tcGVnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbXAzOwogICAgYXVkaW8vb2dnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9nZzsKICAgIGF1ZGlvL3gtbTRhICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtNGE7CiAgICBhdWRpby94LXJlYWxhdWRpbyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcmE7CgogICAgdmlkZW8vM2dwcCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDNncHAgM2dwOwogICAgdmlkZW8vbXAydCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRzOwogICAgdmlkZW8vbXA0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1wNDsKICAgIHZpZGVvL21wZWcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtcGVnIG1wZzsKICAgIHZpZGVvL3F1aWNrdGltZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtb3Y7CiAgICB2aWRlby93ZWJtICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2VibTsKICAgIHZpZGVvL3gtZmx2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBmbHY7CiAgICB2aWRlby94LW00diAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbTR2OwogICAgdmlkZW8veC1tbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1uZzsKICAgIHZpZGVvL3gtbXMtYXNmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhc3ggYXNmOwogICAgdmlkZW8veC1tcy13bXYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdtdjsKICAgIHZpZGVvL3gtbXN2aWRlbyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdmk7Cn0K", + "mtime": "1970-01-01T00:00:00Z", + "name": "mime.types", + "size": 5349 + } + ], + "name": "/etc/nginx" + } + ] } }, - "NginxConfigRequest": { + "NginxConfigObjectID": { + "description": "A globally unique identifier for the NGINX Config object.", + "type": "string", + "format": "object_id", + "pattern": "^nc_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "NginxConfig": { + "description": "Details of an NGINX configuration, including its unique identifier, the main configuration path, the \nconfiguration directories, and the NGINX configuration payloads that indicate where managed SSL certificates\nand keys were deployed to on the data plane instance.\n", "allOf": [ { - "$ref": "#/components/schemas/NginxConfigObjectRequest" + "$ref": "#/components/schemas/NginxConfigObject" }, { "type": "object", + "required": [ + "object_id" + ], "properties": { + "object_id": { + "$ref": "#/components/schemas/NginxConfigObjectID" + }, "payloads": { "$ref": "#/components/schemas/NginxConfigPayloads" } @@ -7734,66 +8745,6 @@ "status": "pending" } }, - "NginxConfigProblem": { - "type": "object", - "description": "Representation of a problem found during NGINX configuration analysis.", - "properties": { - "directive": { - "description": "Directive in the NGINX configuration where the issue is identified.", - "type": "string" - }, - "file": { - "description": "File where the issue is detected.", - "type": "string" - }, - "line": { - "description": "Line number in the configuration where the issue is found.", - "type": "integer" - } - } - }, - "NginxConfigReport": { - "type": "object", - "description": "An analysis of the NGINX configuration, highlighting issues and their severity, and offering recommendations.", - "properties": { - "rule": { - "description": "The name of the configuration rule that was violated.", - "type": "string" - }, - "info": { - "description": "A detailed description of the issue.", - "type": "string" - }, - "severity": { - "description": "The severity level of the issue.", - "type": "string" - }, - "category": { - "description": "Classification category of the issue.", - "type": "string" - }, - "documentation": { - "description": "Links to documentation that can assist in resolving the identified issue.", - "type": "array", - "items": { - "type": "string" - } - }, - "where": { - "description": "Specific locations in the configuration where issues were detected.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NginxConfigProblem" - } - } - } - }, - "NginxConfigReports": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NginxConfigReport" - } - }, "NginxConfigMeta": { "type": "object", "description": "Meta data of an NGINX configuration, including its unique identifier, the config_version.\n", @@ -9152,6 +10103,51 @@ "object_id": "sc_Tet21AeYTHCj7taOwVfzyw" } }, + "StagedConfigBulkRequestData": { + "type": "object", + "description": "Part of bulk operation on a staged config, only `delete` is supported.", + "required": [ + "action", + "object_id" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/StagedConfigObjectID" + }, + "action": { + "$ref": "#/components/schemas/BulkRequestAction" + } + }, + "example": { + "object_id": "sc_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" + } + }, + "StagedConfigBulkRequest": { + "type": "array", + "items": { + "$ref": "#/components/schemas/StagedConfigBulkRequestData" + }, + "minItems": 1, + "maxItems": 50, + "example": [ + { + "object_id": "sc_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" + }, + { + "object_id": "sc_PL0c1XodRemmzVEjiXSsTg", + "action": "delete" + } + ] + }, + "StagedConfigBulkResponse": { + "description": "The staged config bulk outcome.", + "type": "array", + "items": { + "$ref": "#/components/schemas/BulkRequestObjectStatus" + } + }, "StagedConfigResponse": { "description": "Get an NGINX staged config.", "required": [ @@ -9230,6 +10226,35 @@ } } }, + "StagedConfigImportRequest": { + "type": "object", + "description": "Body to import a NGINX staged config", + "required": [ + "name", + "file", + "conf_path" + ], + "properties": { + "name": { + "$ref": "#/components/schemas/StagedConfigName" + }, + "file": { + "type": "string", + "format": "binary", + "example": "my-staged-config.tar.gz", + "maxLength": 5242880 + }, + "conf_path": { + "$ref": "#/components/schemas/ConfigPath" + } + }, + "example": { + "name": "my-nginx-config", + "file": "my-staged-config.tar.gz", + "conf_path": "/etc/nginx/nginx.conf", + "parse_only": true + } + }, "MetricQueryResultEx": { "type": "object", "required": [ @@ -9428,7 +10453,7 @@ "MetricDimension": { "type": "string", "default": "display_name", - "description": "Static list of all metric dimensions:\n * `display_name` - Display name of the NGINX instance.\n * `file_path` - Path to the file.\n * `parent_hostname` - Hostname of the NGINX Plus instance.\n * `instance_object_id` - Unique ID of the instance registered with NGINX One Console.\n * `location_zone` - Name of an HTTP location zone.\n * `mount_point` - Filesystem mount point.\n * `namespace` - Namespace for the metric data.\n * `network_interface` - Server network interface.\n * `nginx_id` - Unique ID of the NGINX instance running on the data plane.\n * `server_zone` - Name of an HTTP or Stream server zone.\n * `system_id` - Unique ID of the operating system running nginx-agent.\n * `tenant` - Tenant for the metric data.\n * `csg_object_id` - Unique ID of the Config Sync Group registered with NGINX One Console.\n * `mode` - Variant value for metric `system.cpu.utilization`.\n * `state` - Variant value for metrics `system.filesystem.usage`, `system.memory.usage`.\n * `io_direction` - Variant value for metric `system.network.io`.\n * `status_range` - Variant value for metric `nginx.http.response.count`.\n * `logical_number` - Variant value for metrics that return a processor number.\n * `outcome` - Variant value for metrics that return an outcome.\n", + "description": "Static list of all metric dimensions:\n * `display_name` - Display name of the NGINX instance.\n * `file_path` - Path to the file.\n * `parent_hostname` - Hostname of the NGINX Plus instance.\n * `instance_object_id` - Unique ID of the instance registered with NGINX One Console.\n * `location_zone` - Name of an HTTP location zone.\n * `mount_point` - Filesystem mount point.\n * `namespace` - Namespace for the metric data.\n * `network_interface` - Server network interface.\n * `nginx_id` - Unique ID of the NGINX instance running on the data plane.\n * `server_zone` - Name of an HTTP or Stream server zone.\n * `system_id` - Unique ID of the operating system running nginx-agent.\n * `tenant` - Tenant for the metric data.\n * `csg_object_id` - Unique ID of the Config Sync Group registered with NGINX One Console.\n * `mode` - Variant value for metric `system.cpu.utilization`.\n * `state` - Variant value for metrics `system.filesystem.usage`, `system.memory.usage`.\n * `io_direction` - Variant value for metric `system.network.io`.\n * `status_range` - Variant value for metric `nginx.http.response.count`.\n * `logical_number` - Variant value for metrics that return a processor number.\n * `outcome` - Variant value for metrics that return an outcome.\n * `upstream_zone` - upstream zone for the metric data.\n * `upstream_name` - upstream name for the metric data.\n * `peer_state` - Variant value for metric peer state for the metric `nginx.http.upstream.peer.count`.\n * `peer_health_check` - Variant value for metric peer health check for the metric `nginx.http.upstream.peer.health_checks`.\n * `peer_address` - peer address for metric data.\n * `peer_name` - peer name for metric data.\n", "enum": [ "display_name", "file_path", @@ -9448,7 +10473,13 @@ "io_direction", "status_range", "logical_number", - "outcome" + "outcome", + "upstream_zone", + "upstream_name", + "peer_state", + "peer_health_check", + "peer_address", + "peer_name" ], "x-enum-varnames": [ "metric_dimension_display_name", @@ -9469,7 +10500,13 @@ "metric_dimension_io_direction", "metric_dimension_status_range", "metric_dimension_logical_number", - "metric_dimension_outcome" + "metric_dimension_outcome", + "metric_dimension_upstream_zone", + "metric_dimension_upstream_name", + "metric_dimension_peer_state", + "metric_dimension_peer_health_check", + "metric_dimension_peer_address", + "metric_dimension_peer_name" ] }, "BaseMetricQueryRequest": { @@ -9721,772 +10758,1428 @@ "type": "object", "description": "Sort order of the metric series in your results.\n\nUsage:\n* Provide all required elements. \n * `direction`: The sorting direction either `desc` or `asc`.\n * `dimension`: The dimension for ordering.\n", "required": [ - "direction", - "dimension" + "direction", + "dimension" + ], + "properties": { + "direction": { + "$ref": "#/components/schemas/OrderDirection" + }, + "dimension": { + "$ref": "#/components/schemas/MetricDimension" + } + } + }, + "OrderSeriesBy": { + "type": "object", + "description": "Sort order of the metric series in your results.\n\nUsage:\n* Provide all required elements. \n * `direction`: The sorting direction either `desc` or `asc`.\n * `aggregate`: The aggregating function.\n", + "required": [ + "direction", + "aggregate" + ], + "properties": { + "direction": { + "$ref": "#/components/schemas/OrderDirection" + }, + "aggregate": { + "$ref": "#/components/schemas/MetricAggregation", + "default": "sum" + } + } + }, + "MetricName": { + "type": "string", + "description": "Metric names available for querying.\n", + "example": "nginx.http.request.count", + "oneOf": [ + { + "$ref": "#/components/schemas/MetricSystemCpuUtilization" + }, + { + "$ref": "#/components/schemas/MetricSystemFilesystemUsage" + }, + { + "$ref": "#/components/schemas/MetricSystemMemoryUsage" + }, + { + "$ref": "#/components/schemas/MetricSystemCpuLogicalCount" + }, + { + "$ref": "#/components/schemas/MetricSystemNetworkIo" + }, + { + "$ref": "#/components/schemas/MetricNginxHttpRequestCount" + }, + { + "$ref": "#/components/schemas/MetricNginxHttpResponseCount" + }, + { + "$ref": "#/components/schemas/MetricNginxHttpConnectionCount" + }, + { + "$ref": "#/components/schemas/MetricNginxHttpConnections" + }, + { + "$ref": "#/components/schemas/MetricNginxHttpUpstreamPeerCount" + }, + { + "$ref": "#/components/schemas/MetricNginxHttpUpstreamPeerHealthChecks" + }, + { + "$ref": "#/components/schemas/MetricNginxStreamUpstreamPeerHealthChecks" + } + ] + }, + "MetricSystemCpuUtilization": { + "type": "string", + "description": "Total system CPU use for 'system' or 'user' (percent). A filter is required to specify the mode.\n\nReplaces deprecated variants:\n * system.cpu.system\n * system.cpu.user\n\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter:\n * mode (valid values:: 'system', 'user')\n\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * logical_number\n", + "enum": [ + "system.cpu.utilization" + ] + }, + "MetricSystemFilesystemUsage": { + "type": "string", + "description": "System disk usage statistic, percentage. A filter differentiator is needed for specific state(s).\n\nReplacement for depreciated variant(s):\n * system.disk.in_use\n * system.disk.total\n * system.disk.used\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * state (applicable filter values: 'used', 'free', 'in_use')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * mount_point\n", + "enum": [ + "system.filesystem.usage" + ] + }, + "MetricSystemMemoryUsage": { + "type": "string", + "description": "Total available statistic about system memory usage, bytes. A filter differentiator is needed for specific state(s).\n\nReplacement for depreciated variant(s):\n * system.mem.pct_used\n * system.mem.total\n * system.mem.used\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate \n\nCatalog dimension filter differentiator:\n * state (applicable filter values: 'used', 'free', 'total', 'pct_used')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n", + "enum": [ + "system.memory.usage" + ] + }, + "MetricSystemCpuLogicalCount": { + "type": "string", + "description": "Number of logical (virtual) processor cores created by the operating system.\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate \n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n", + "enum": [ + "system.cpu.logical.count" + ] + }, + "MetricNginxHttpConnectionCount": { + "type": "string", + "description": "Number of connections grouped by outcome ('ACTIVE', 'IDLE', 'READING', 'WRITING', 'WAITING').\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\n\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * outcome\n", + "enum": [ + "nginx.http.connection.count" + ] + }, + "MetricNginxHttpConnections": { + "type": "string", + "description": "Total connections grouped by outcome ('ACCEPTED', 'HANDLED', 'DROPPED').\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\n\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * outcome\n", + "enum": [ + "nginx.http.connections" + ] + }, + "MetricNginxHttpUpstreamPeerCount": { + "type": "string", + "description": "Number of upstream peers grouped by state ('CHECKING', 'DOWN', 'DRAINING', 'UNAVAILABLE', 'UNHEALTHY', 'UP').\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * upstream_zone\n * upstream_name\n * peer_state\n", + "enum": [ + "nginx.http.upstream.peer.count" + ] + }, + "MetricNginxHttpUpstreamPeerHealthChecks": { + "type": "string", + "description": "The total number of health check requests made to a HTTP upstream peer.\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * upstream_zone\n * upstream_name\n * peer_health_check\n * peer_address\n * peer_name\n", + "enum": [ + "nginx.http.upstream.peer.health_checks" + ] + }, + "MetricNginxStreamUpstreamPeerHealthChecks": { + "type": "string", + "description": "The total number of health check requests made to a stream upstream peer.\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * upstream_zone\n * upstream_name\n * peer_health_check\n * peer_address\n * peer_name\n", + "enum": [ + "nginx.stream.upstream.peer.health_checks" + ] + }, + "MetricSystemNetworkIo": { + "type": "string", + "description": "Network I/O statistics. Number of bytes sent or received per network interface. A filter differentiator is needed for specific I/O direction(s).\n\nReplacement for depreciated variant(s):\n * system.net.bytes_rcvd\n * system.net.bytes_sent\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * io_direction (applicable filter values: 'transmit', 'receive')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * network_interface\n", + "enum": [ + "system.network.io" + ] + }, + "MetricNginxHttpRequestCount": { + "type": "string", + "description": "The current number of client requests received from clients.\n\nReplacement for depreciated variant(s):\n * nginx.http.request.count\n * plus.http.request.count\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * server_zone\n * location_zone\n", + "enum": [ + "nginx.http.request.count" + ] + }, + "MetricNginxHttpResponseCount": { + "type": "string", + "description": "The current number of responses, grouped by status code range. A filter differentiator is needed for specific status range(s).\n\nReplacement for depreciated variant(s):\n * nginx.http.status.4xx\n * plus.http.status.4xx\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * status_range (applicable filter values: '4xx', '5xx')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id \n * server_zone\n * location_zone\n", + "enum": [ + "nginx.http.response.count" + ] + }, + "SettingsInstanceCleanup": { + "type": "object", + "description": "Preferences for automatic cleanup of stale NGINX One Instances.", + "required": [ + "age_out_duration" + ], + "properties": { + "age_out_duration": { + "type": "integer", + "format": "int32", + "description": "Specify the age of `unavailable` NGINX instances for clean up. NGINX instances older than this value in hours will be deleted automatically. Events related to automatically deleted NGINX instances will show up in `/events` API. '0' value disables the automatic clean up of `unavailable` NGINX instances.", + "default": 3, + "minimum": 0, + "maximum": 720 + } + }, + "example": { + "age_out_duration": 3 + } + }, + "HttpUsage": { + "type": "object", + "properties": { + "client": { + "allOf": [ + { + "$ref": "#/components/schemas/UsageMetrics" + }, + { + "type": "object", + "properties": { + "requests": { + "type": "integer", + "description": "Total requests handled by an NGINX Instance", + "minimum": 0 + } + } + } + ] + }, + "upstream": { + "$ref": "#/components/schemas/UsageMetrics" + } + } + }, + "StreamUsage": { + "type": "object", + "properties": { + "client": { + "$ref": "#/components/schemas/UsageMetrics" + }, + "upstream": { + "$ref": "#/components/schemas/UsageMetrics" + } + } + }, + "UsageMetrics": { + "type": "object", + "properties": { + "received": { + "type": "integer", + "description": "Total bytes received by an NGINX Instance from clients/upstreams", + "minimum": 0 + }, + "sent": { + "type": "integer", + "description": "Total bytes sent by the NGINX Instance to clients/upstreams", + "minimum": 0 + }, + "connections": { + "type": "integer", + "description": "Total connections of the NGINX Instance with clients/upstreams", + "minimum": 0 + } + } + }, + "NginxUsageHttp": { + "$ref": "#/components/schemas/HttpUsage" + }, + "NginxUsageStream": { + "$ref": "#/components/schemas/StreamUsage" + }, + "MetricStartTime": { + "description": "The start time of your metrics query.\n\nUsage:\n* `start_time` is required if `end_time` is specified.\n* If `start_time` and `end_time` isn't provided, the API returns metrics from the current time to the month before the current time.\n* The `start_time` cannot be older than 120 days before the current time.\n\nYou can set the `start_time` in these ways:\n* In ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and unit [`y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds)]. \n* Example of an offset: \"now-3h\" (3 hours before now).\n", + "type": "string", + "example": "2019-08-07T09:57:36.088757764Z" + }, + "MetricEndTime": { + "description": "The end time of your metrics query.\n\nUsage:\n* Must be greater than `start_time`.\n* The time difference between `start_time` and `end_time` should be greater than an hour.\n* The default `end_time` is the current time.\n* The `end_time` cannot be older than 120 days before the current time.\n\nYou can set the `end_time` in these ways:\n* In ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and unit [`y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds)]. \n* Example of an offset: \"now-3h\" (3 hours before now).\n", + "type": "string", + "example": "2019-08-07T09:57:36.088757764Z" + }, + "InventoryMetricAggregation": { + "type": "string", + "description": "Static list of aggregation functions that can be applied to a compatible metric.\n * count\n * sum\n * avg\n * min\n * max\n", + "enum": [ + "count", + "sum", + "avg", + "min", + "max" + ], + "x-enum-varnames": [ + "metric_aggregation_count", + "metric_aggregation_sum", + "metric_aggregation_avg", + "metric_aggregation_min", + "metric_aggregation_max" + ] + }, + "BaseInventoryQueryRequest": { + "type": "object", + "required": [ + "metrics" ], "properties": { - "direction": { - "$ref": "#/components/schemas/OrderDirection" + "metrics": { + "$ref": "#/components/schemas/InventoryMetricNames" }, - "dimension": { - "$ref": "#/components/schemas/MetricDimension" + "start_time": { + "$ref": "#/components/schemas/MetricStartTime" + }, + "end_time": { + "$ref": "#/components/schemas/MetricEndTime" } } }, - "OrderSeriesBy": { + "InventoryMetricQueryRequest": { + "type": "object", + "allOf": [ + { + "$ref": "#/components/schemas/BaseInventoryQueryRequest" + } + ] + }, + "InventoryMetricNames": { + "type": "array", + "description": "Specify the metrics to collect.\n\nUsage: \n* List multiple metrics as JSON objects.\n* You can aggregate metrics with `count`, `sum`, `avg`, `min`, `max`.\n", + "items": { + "$ref": "#/components/schemas/InventoryMetricQuery" + }, + "example": [ + { + "name": "nginx.plus.instances", + "aggregate": [ + "count" + ] + } + ] + }, + "InventoryMetricQuery": { "type": "object", - "description": "Sort order of the metric series in your results.\n\nUsage:\n* Provide all required elements. \n * `direction`: The sorting direction either `desc` or `asc`.\n * `aggregate`: The aggregating function.\n", "required": [ - "direction", - "aggregate" + "name" ], "properties": { - "direction": { - "$ref": "#/components/schemas/OrderDirection" + "name": { + "$ref": "#/components/schemas/InventoryMetricName" }, "aggregate": { - "$ref": "#/components/schemas/MetricAggregation", - "default": "sum" + "type": "array", + "items": { + "$ref": "#/components/schemas/InventoryMetricAggregation" + } } } }, - "MetricName": { + "InventoryMetricName": { "type": "string", "description": "Metric names available for querying.\n", - "example": "nginx.http.request.count", + "example": "nginx.plus.instances", "oneOf": [ { - "$ref": "#/components/schemas/MetricSystemCpuUtilization" - }, - { - "$ref": "#/components/schemas/MetricSystemFilesystemUsage" - }, - { - "$ref": "#/components/schemas/MetricSystemMemoryUsage" - }, - { - "$ref": "#/components/schemas/MetricSystemCpuLogicalCount" - }, - { - "$ref": "#/components/schemas/MetricSystemNetworkIo" - }, - { - "$ref": "#/components/schemas/MetricNginxHttpRequestCount" - }, - { - "$ref": "#/components/schemas/MetricNginxHttpResponseCount" + "$ref": "#/components/schemas/MetricNginxInstancesPlus" }, { - "$ref": "#/components/schemas/MetricNginxHttpConnectionCount" + "$ref": "#/components/schemas/MetricK8sClusterNodes" } ] }, - "MetricSystemCpuUtilization": { + "MetricNginxInstancesPlus": { "type": "string", - "description": "Total system CPU use for 'system' or 'user' (percent). A filter is required to specify the mode.\n\nReplaces deprecated variants:\n * system.cpu.system\n * system.cpu.user\n\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter:\n * mode (valid values:: 'system', 'user')\n\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * logical_number\n", + "description": "Total number of nginx plus instances.\n\nAggregation(s) supported:\n * count\n * sum\n * avg\n * min\n * max\n", "enum": [ - "system.cpu.utilization" + "nginx.plus.instances" ] }, - "MetricSystemFilesystemUsage": { + "MetricK8sClusterNodes": { "type": "string", - "description": "System disk usage statistic, percentage. A filter differentiator is needed for specific state(s).\n\nReplacement for depreciated variant(s):\n * system.disk.in_use\n * system.disk.total\n * system.disk.used\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * state (applicable filter values: 'used', 'free', 'in_use')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * mount_point\n", + "description": "Sum of the Kubernetes worker nodes where nginx plus instances are deployed in a Kubernetes cluster.\n\nAggregation(s) supported:\n * count\n * sum\n * avg\n * min\n * max\n", "enum": [ - "system.filesystem.usage" + "k8s.cluster.nodes" ] }, - "MetricSystemMemoryUsage": { + "FilterNameNapSignatures": { "type": "string", - "description": "Total available statistic about system memory usage, bytes. A filter differentiator is needed for specific state(s).\n\nReplacement for depreciated variant(s):\n * system.mem.pct_used\n * system.mem.total\n * system.mem.used\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate \n\nCatalog dimension filter differentiator:\n * state (applicable filter values: 'used', 'free', 'total', 'pct_used')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n", + "description": "Keywords for NGINX App Protect signature filters.\nWhen filtering on `accuracy`, only the following `filter_values` are supported:\n * high\n * medium\n * low\nWhen filtering on `risk`, only the following `filter_values` are supported:\n * high\n * medium\n * low\nWhen filtering on `signature_type`, only the following `filter_values` are supported:\n * request\n * response\n", "enum": [ - "system.memory.usage" + "accuracy", + "risk", + "signature_type" + ], + "x-enum-varnames": [ + "filter_name_nap_signature_accuracy", + "filter_name_nap_signature_risk", + "filter_name_nap_signature_signature_type" ] }, - "MetricSystemCpuLogicalCount": { + "FilterNameNapSignatureSets": { "type": "string", - "description": "Number of logical (virtual) processor cores created by the operating system.\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate \n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n", + "description": "Keywords for NGINX App Protect signature set filters.\nWhen filtering on `type`, only the following `filter_values` are supported:\n * filter-based\n * manual\n", "enum": [ - "system.cpu.logical.count" + "type", + "name" + ], + "x-enum-varnames": [ + "filter_name_nap_signature_set_type", + "filter_name_nap_signature_set_name" ] }, - "MetricNginxHttpConnectionCount": { - "type": "string", - "description": "Number of connections grouped by outcome ('ACCEPTED', 'DROPPED', 'ACTIVE', 'IDLE').\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\n\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * outcome\n", - "enum": [ - "nginx.http.connection.count" - ] + "NapSignatureID": { + "description": "An unique identifier for the NGINX App Protect signature.", + "type": "integer", + "pattern": "^\\d{9}" }, - "MetricSystemNetworkIo": { + "NapSignatureSetObjectID": { + "description": "A globally unique identifier for the NGINX App Protect signature set.", "type": "string", - "description": "Network I/O statistics. Number of bytes sent or received per network interface. A filter differentiator is needed for specific I/O direction(s).\n\nReplacement for depreciated variant(s):\n * system.net.bytes_rcvd\n * system.net.bytes_sent\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * io_direction (applicable filter values: 'transmit', 'receive')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * network_interface\n", - "enum": [ - "system.network.io" - ] + "format": "object_id", + "pattern": "^sigset_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } }, - "MetricNginxHttpRequestCount": { - "type": "string", - "description": "The current number of client requests received from clients.\n\nReplacement for depreciated variant(s):\n * nginx.http.request.count\n * plus.http.request.count\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * server_zone\n * location_zone\n", - "enum": [ - "nginx.http.request.count" + "VersionsList": { + "type": "object", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of versions.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapSignatureVersion" + } + } + } + }, + "ThreatCampaignVersionsListResponse": { + "$ref": "#/components/schemas/VersionsList" + }, + "AttackSignatureVersionsListResponse": { + "$ref": "#/components/schemas/VersionsList" + }, + "BotSignatureVersionsListResponse": { + "$ref": "#/components/schemas/VersionsList" + }, + "NapPolicy": { + "description": "The base64-encoded contents of the NGINX App Protect policy.", + "type": "object", + "required": [ + "policy" + ], + "properties": { + "policy": { + "type": "string", + "format": "base64", + "maxLength": 3145728 + } + } + }, + "NapPolicyObject": { + "allOf": [ + { + "$ref": "#/components/schemas/NapPolicyMetadata" + }, + { + "$ref": "#/components/schemas/NapPolicyDeployments" + } ] }, - "MetricNginxHttpResponseCount": { - "type": "string", - "description": "The current number of responses, grouped by status code range. A filter differentiator is needed for specific status range(s).\n\nReplacement for depreciated variant(s):\n * nginx.http.status.4xx\n * plus.http.status.4xx\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * status_range (applicable filter values: '4xx', '5xx')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id \n * server_zone\n * location_zone\n", - "enum": [ - "nginx.http.response.count" + "NapPolicyMetadata": { + "description": "Summary information about NGINX App Protect policy.", + "type": "object", + "required": [ + "object_id", + "name", + "latest" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/NapPolicyObjectID" + }, + "name": { + "description": "The name of the NGINX App Protect policy.", + "type": "string" + }, + "description": { + "type": "string", + "description": "Some detail on the NGINX App Protect policy." + }, + "latest": { + "$ref": "#/components/schemas/NapPolicyVersionMetadata" + } + } + }, + "NapPolicyListResponse": { + "description": "List of all NGINX App Protect policies.", + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" + }, + { + "description": "List of NGINX App Protect policies.", + "type": "object", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of NGINX App Protect policy objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapPolicyObject" + } + } + }, + "example": { + "items": [ + { + "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", + "name": "test-policy", + "description": "test policy", + "deployments": [ + { + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "enforcement_mode": "blocking", + "policy_version": "2023-12-06 22:37:24", + "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw", + "deployed_on": "2023-12-06T22:37:24.120114Z" + } + ], + "latest": { + "object_id": "pv_-uvR3F2TQGm18jnl7bpaGw", + "version": "2023-12-06 22:37:24", + "created_at": "2023-12-06T22:37:24.120114Z", + "deployment_status": "deployed", + "enforcement_mode": "blocking" + } + } + ] + } + } ] }, - "SettingsInstanceCleanup": { + "NapPolicyVersionDeployments": { + "type": "object", + "properties": { + "deployments": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NapPolicyVersionDeployment" + } + } + } + }, + "NapDeploymentAssociation": { "type": "object", - "description": "Preferences for automatic cleanup of stale NGINX One Instances.", "required": [ - "age_out_duration" + "associated_type", + "associated_object_id", + "associated_name" ], "properties": { - "age_out_duration": { - "type": "integer", - "format": "int32", - "description": "Specify the age of `unavailable` NGINX instances for clean up. NGINX instances older than this value in hours will be deleted automatically. Events related to automatically deleted NGINX instances will show up in `/events` API. '0' value disables the automatic clean up of `unavailable` NGINX instances.", - "default": 3, - "minimum": 0, - "maximum": 720 + "associated_type": { + "$ref": "#/components/schemas/DeploymentAssociatedType" + }, + "associated_object_id": { + "$ref": "#/components/schemas/ObjectID" + }, + "associated_name": { + "$ref": "#/components/schemas/DeploymentAssociatedName" } - }, - "example": { - "age_out_duration": 3 } }, - "HttpUsage": { - "type": "object", - "properties": { - "client": { - "allOf": [ - { - "$ref": "#/components/schemas/UsageMetrics" + "NapPolicyVersionDeployment": { + "allOf": [ + { + "$ref": "#/components/schemas/NapDeploymentAssociation" + }, + { + "type": "object", + "description": "Information about a NGINX App Protect policy deployment.\n", + "required": [ + "publication_object_id", + "status", + "deployed_on" + ], + "properties": { + "publication_object_id": { + "$ref": "#/components/schemas/PublicationObjectID" }, - { - "type": "object", - "properties": { - "requests": { - "type": "integer", - "description": "Total requests handled by an NGINX Instance", - "minimum": 0 - } - } + "status": { + "$ref": "#/components/schemas/NapDeploymentStatus" + }, + "deployed_on": { + "description": "Date and time of the deployment.", + "type": "string", + "format": "date-time" } - ] - }, - "upstream": { - "$ref": "#/components/schemas/UsageMetrics" + }, + "example": { + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "deployed_on": "2023-12-06T22:37:24.120114Z" + } } - } + ] }, - "StreamUsage": { + "NapPolicyDeployments": { "type": "object", + "required": [ + "deployments" + ], "properties": { - "client": { - "$ref": "#/components/schemas/UsageMetrics" - }, - "upstream": { - "$ref": "#/components/schemas/UsageMetrics" + "deployments": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NapPolicyDeployment" + } } } }, - "UsageMetrics": { + "NapPolicyDeployment": { + "description": "detailed information about a NGINX App Protect policy deployment.", "type": "object", - "properties": { - "received": { - "type": "integer", - "description": "Total bytes received by an NGINX Instance from clients/upstreams", - "minimum": 0 - }, - "sent": { - "type": "integer", - "description": "Total bytes sent by the NGINX Instance to clients/upstreams", - "minimum": 0 + "required": [ + "publication_object_id", + "associated_object_id", + "associated_name", + "associated_type", + "enforcement_mode", + "status", + "policy_version", + "policy_version_object_id", + "deployed_on" + ], + "allOf": [ + { + "$ref": "#/components/schemas/NapPolicyVersionDeployment" }, - "connections": { - "type": "integer", - "description": "Total connections of the NGINX Instance with clients/upstreams", - "minimum": 0 + { + "type": "object", + "required": [ + "enforcement_mode", + "policy_version", + "policy_version_object_id" + ], + "properties": { + "enforcement_mode": { + "$ref": "#/components/schemas/NapPolicyEnforcementMode" + }, + "policy_version": { + "description": "The version associated with the NGINX App Protect policy.", + "type": "string" + }, + "policy_version_object_id": { + "$ref": "#/components/schemas/NapPolicyVersionObjectID" + } + } } + ], + "example": { + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "deployed_on": "2023-12-06T22:37:24.120114Z", + "enforcement_mode": "blocking", + "policy_version": "2023-12-06 22:37:24", + "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw" } }, - "NginxUsageHttp": { - "$ref": "#/components/schemas/HttpUsage" - }, - "NginxUsageStream": { - "$ref": "#/components/schemas/StreamUsage" - }, - "MetricStartTime": { - "description": "The start time of your metrics query.\n\nUsage:\n* `start_time` is required if `end_time` is specified.\n* If `start_time` and `end_time` isn't provided, the API returns metrics from the current time to the month before the current time.\n* The `start_time` cannot be older than 120 days before the current time.\n\nYou can set the `start_time` in these ways:\n* In ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and unit [`y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds)]. \n* Example of an offset: \"now-3h\" (3 hours before now).\n", - "type": "string", - "example": "2019-08-07T09:57:36.088757764Z" - }, - "MetricEndTime": { - "description": "The end time of your metrics query.\n\nUsage:\n* Must be greater than `start_time`.\n* The time difference between `start_time` and `end_time` should be greater than an hour.\n* The default `end_time` is the current time.\n* The `end_time` cannot be older than 120 days before the current time.\n\nYou can set the `end_time` in these ways:\n* In ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and unit [`y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds)]. \n* Example of an offset: \"now-3h\" (3 hours before now).\n", - "type": "string", - "example": "2019-08-07T09:57:36.088757764Z" - }, - "InventoryMetricAggregation": { - "type": "string", - "description": "Static list of aggregation functions that can be applied to a compatible metric.\n * count\n * sum\n * avg\n * min\n * max\n", - "enum": [ - "count", - "sum", - "avg", - "min", - "max" + "NapPolicyDeploymentDetails": { + "type": "object", + "required": [ + "publication_object_id", + "associated_object_id", + "associated_name", + "associated_type", + "enforcement_mode", + "status", + "policy_version", + "policy_version_object_id", + "deployed_on", + "threat_campaign_version", + "attack_signature_version", + "bot_signature_version" ], - "x-enum-varnames": [ - "metric_aggregation_count", - "metric_aggregation_sum", - "metric_aggregation_avg", - "metric_aggregation_min", - "metric_aggregation_max" + "allOf": [ + { + "$ref": "#/components/schemas/NapPolicyDeployment" + }, + { + "type": "object", + "properties": { + "threat_campaign_version": { + "$ref": "#/components/schemas/NapSignatureVersion" + }, + "attack_signature_version": { + "$ref": "#/components/schemas/NapSignatureVersion" + }, + "bot_signature_version": { + "$ref": "#/components/schemas/NapSignatureVersion" + } + } + } + ], + "example": { + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "policy_version": "2023-12-06 22:37:24", + "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw", + "deployed_on": "2023-12-06T22:37:24.120114Z", + "enforcement_mode": "blocking", + "threat_campaign_version": "2023.12.06", + "attack_signature_version": "2023.12.06", + "bot_signature_version": "2023.12.06" + } + }, + "NapPolicyDeploymentsListResponse": { + "description": "List of all NGINX App Protect deployments.", + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" + }, + { + "type": "object", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of NGINX App Protect deployments.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapPolicyDeploymentDetails" + } + } + }, + "example": { + "items": [ + { + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "policy_version": "2023-12-06 22:37:24", + "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw", + "deployed_on": "2023-12-06T22:37:24.120114Z", + "enforcement_mode": "blocking", + "threat_campaign_version": "2023.12.06", + "attack_signature_version": "2023.12.06", + "bot_signature_version": "2023.12.06" + } + ] + } + } ] }, - "BaseInventoryQueryRequest": { + "NapPolicyVersionMetadata": { "type": "object", + "description": "Summary information about the specific NGINX App Protect policy version.", "required": [ - "metrics" + "object_id", + "version", + "enforcement_mode", + "created_at" ], "properties": { - "metrics": { - "$ref": "#/components/schemas/InventoryMetricNames" + "object_id": { + "$ref": "#/components/schemas/NapPolicyVersionObjectID" }, - "start_time": { - "$ref": "#/components/schemas/MetricStartTime" + "version": { + "$ref": "#/components/schemas/NapSignatureVersion" }, - "end_time": { - "$ref": "#/components/schemas/MetricEndTime" + "enforcement_mode": { + "$ref": "#/components/schemas/NapPolicyEnforcementMode" + }, + "created_at": { + "description": "The date and time when the NGINX App Protect policy version was created.", + "type": "string", + "format": "date-time" } } }, - "InventoryMetricQueryRequest": { + "NapPolicyVersionDetails": { + "description": "Detailed information about NGINX App Protect policy version.", "type": "object", + "required": [ + "policy", + "object_id", + "version", + "enforcement_mode", + "created_at" + ], "allOf": [ { - "$ref": "#/components/schemas/BaseInventoryQueryRequest" - } - ] - }, - "InventoryMetricNames": { - "type": "array", - "description": "Specify the metrics to collect.\n\nUsage: \n* List multiple metrics as JSON objects.\n* You can aggregate metrics with `count`, `sum`, `avg`, `min`, `max`.\n", - "items": { - "$ref": "#/components/schemas/InventoryMetricQuery" - }, - "example": [ + "$ref": "#/components/schemas/NapPolicyVersionMetadata" + }, { - "name": "nginx.plus.instances", - "aggregate": [ - "count" - ] + "$ref": "#/components/schemas/NapPolicy" + }, + { + "$ref": "#/components/schemas/NapPolicyVersionDeployments" } ] }, - "InventoryMetricQuery": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/components/schemas/InventoryMetricName" + "NapPolicyVersionObject": { + "description": "Summary information about NGINX App Protect policy version.", + "allOf": [ + { + "$ref": "#/components/schemas/NapPolicyVersionMetadata" }, - "aggregate": { - "type": "array", - "items": { - "$ref": "#/components/schemas/InventoryMetricAggregation" + { + "$ref": "#/components/schemas/NapPolicyVersionDeployments" + }, + { + "type": "object", + "required": [ + "latest" + ], + "properties": { + "latest": { + "description": "Indicates whether the NGINX App Protect policy version is latest. Default (`false`) returns the current policy. \nWhen set to `true`, returns the latest policy.\n", + "type": "boolean", + "default": false + } } } - } + ] }, - "InventoryMetricName": { - "type": "string", - "description": "Metric names available for querying.\n", - "example": "nginx.plus.instances", - "oneOf": [ + "NapPolicyVersionsListResponse": { + "description": "List of all NGINX App Protect versions.", + "allOf": [ { - "$ref": "#/components/schemas/MetricNginxInstancesPlus" + "$ref": "#/components/schemas/PaginationResponse" }, { - "$ref": "#/components/schemas/MetricK8sClusterNodes" + "type": "object", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of NGINX App Protect version objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapPolicyVersionObject" + } + } + }, + "example": { + "items": [ + { + "version": "2023-12-06 22:37:24", + "object_id": "pv_-uvR3F2TQGm18jnl7bpaGw", + "created_at": "2023-12-06T22:37:24.120114Z", + "enforcement_mode": "blocking", + "latest": false + } + ] + } } ] }, - "MetricNginxInstancesPlus": { - "type": "string", - "description": "Total number of nginx plus instances.\n\nAggregation(s) supported:\n * count\n * sum\n * avg\n * min\n * max\n", - "enum": [ - "nginx.plus.instances" - ] - }, - "MetricK8sClusterNodes": { - "type": "string", - "description": "Sum of the Kubernetes worker nodes where nginx plus instances are deployed in a Kubernetes cluster.\n\nAggregation(s) supported:\n * count\n * sum\n * avg\n * min\n * max\n", - "enum": [ - "k8s.cluster.nodes" - ] - }, - "VersionsList": { - "type": "object", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of versions.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NapSignatureVersion" + "NapLogProfileListResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" + }, + { + "type": "object", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of NGINX App Protect log profiles.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapLogProfileMetadata" + } + } } } - } - }, - "ThreatCampaignVersionsListResponse": { - "$ref": "#/components/schemas/VersionsList" - }, - "AttackSignatureVersionsListResponse": { - "$ref": "#/components/schemas/VersionsList" - }, - "BotSignatureVersionsListResponse": { - "$ref": "#/components/schemas/VersionsList" - }, - "NapPolicy": { - "description": "The base64-encoded contents of the NGINX App Protect policy.", - "type": "object", - "required": [ - "policy" - ], - "properties": { - "policy": { - "type": "string", - "format": "base64", - "maxLength": 3145728 - } - } + ] }, - "NapPolicyObject": { + "NapLogProfileGetResponse": { "allOf": [ { - "$ref": "#/components/schemas/NapPolicyMetadata" + "$ref": "#/components/schemas/NapLogProfileMetadata" }, { - "$ref": "#/components/schemas/NapPolicyDeployments" + "type": "object", + "required": [ + "config" + ], + "properties": { + "config": { + "description": "The NGINX App Protect log profile configuration.", + "type": "string" + } + } } ] }, - "NapPolicyMetadata": { - "description": "Summary information about NGINX App Protect policy.", + "NapLogProfileMetadata": { "type": "object", "required": [ - "object_id", "name", - "latest" + "object_id" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/NapPolicyObjectID" - }, "name": { - "description": "The name of the NGINX App Protect policy.", - "type": "string" + "type": "string", + "description": "The name of the NGINX App Protect log profile." + }, + "object_id": { + "$ref": "#/components/schemas/NapLogProfileObjectID" }, "description": { + "description": "Optional field to describe the NGINX App Protect log profile.", "type": "string", - "description": "Some detail on the NGINX App Protect policy." - }, - "latest": { - "$ref": "#/components/schemas/NapPolicyVersionMetadata" + "minLength": 5, + "maxLength": 256 } } }, - "NapPolicyListResponse": { - "description": "List of all NGINX App Protect policies.", + "NapGlobalSettingsListResponse": { "allOf": [ { "$ref": "#/components/schemas/PaginationResponse" }, { - "description": "List of NGINX App Protect policies.", "type": "object", "required": [ "items" ], "properties": { "items": { - "description": "An array of NGINX App Protect policy objects.", + "description": "An array of NGINX App Protect global settings.", "type": "array", "items": { - "$ref": "#/components/schemas/NapPolicyObject" + "$ref": "#/components/schemas/NapGlobalSettingMetadata" } } - }, - "example": { - "items": [ - { - "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", - "name": "test-policy", - "description": "test policy", - "deployments": [ - { - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "enforcement_mode": "blocking", - "policy_version": "2023-12-06 22:37:24", - "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw", - "deployed_on": "2023-12-06T22:37:24.120114Z" - } - ], - "latest": { - "object_id": "pv_-uvR3F2TQGm18jnl7bpaGw", - "version": "2023-12-06 22:37:24", - "created_at": "2023-12-06T22:37:24.120114Z", - "deployment_status": "deployed", - "enforcement_mode": "blocking" - } - } - ] } } ] }, - "NapPolicyVersionDeployments": { - "type": "object", - "properties": { - "deployments": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NapPolicyVersionDeployment" + "NapGlobalSettingGetResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/NapGlobalSettingMetadata" + }, + { + "type": "object", + "required": [ + "config" + ], + "properties": { + "config": { + "description": "The NGINX App Protect global setting configuration.", + "type": "string" + } } } - } + ] }, - "NapDeploymentAssociation": { + "NapGlobalSettingMetadata": { "type": "object", "required": [ - "associated_type", - "associated_object_id", - "associated_name" + "name", + "object_id" ], "properties": { - "associated_type": { - "$ref": "#/components/schemas/DeploymentAssociatedType" + "name": { + "type": "string", + "description": "The name of the NGINX App Protect global setting object." }, - "associated_object_id": { - "$ref": "#/components/schemas/ObjectID" + "description": { + "description": "Optional field to describe the NGINX App Protect global setting object.", + "type": "string", + "minLength": 5, + "maxLength": 256 }, - "associated_name": { - "$ref": "#/components/schemas/DeploymentAssociatedName" + "object_id": { + "$ref": "#/components/schemas/NapGlobalSettingObjectID" } } }, - "NapPolicyVersionDeployment": { - "allOf": [ + "NapPolicyBulkRequest": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NapPolicyBulkRequestData" + }, + "minItems": 1, + "maxItems": 50, + "example": [ { - "$ref": "#/components/schemas/NapDeploymentAssociation" + "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" }, { - "type": "object", - "description": "Information about a NGINX App Protect policy deployment.\n", - "required": [ - "publication_object_id", - "status", - "deployed_on" - ], - "properties": { - "publication_object_id": { - "$ref": "#/components/schemas/PublicationObjectID" - }, - "status": { - "$ref": "#/components/schemas/NapDeploymentStatus" - }, - "deployed_on": { - "description": "Date and time of the deployment.", - "type": "string", - "format": "date-time" - } - }, - "example": { - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "deployed_on": "2023-12-06T22:37:24.120114Z" - } + "object_id": "pol_PL0c1XodRemmzVEjiXSsTg", + "action": "delete" } ] }, - "NapPolicyDeployments": { + "NapPolicyBulkRequestData": { "type": "object", + "description": "Part of bulk operation on a Nap policy, only `delete` is supported.", "required": [ - "deployments" + "action", + "object_id" ], "properties": { - "deployments": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NapPolicyDeployment" - } + "object_id": { + "$ref": "#/components/schemas/NapPolicyObjectID" + }, + "action": { + "$ref": "#/components/schemas/BulkRequestAction" } + }, + "example": { + "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" } }, - "NapPolicyDeployment": { - "description": "detailed information about a NGINX App Protect policy deployment.", - "type": "object", + "NapBulkResponse": { + "description": "The Nap policy bulk outcome.", + "type": "array", + "items": { + "$ref": "#/components/schemas/BulkRequestObjectStatus" + } + }, + "NapSignatureMeta": { "required": [ - "publication_object_id", - "associated_object_id", - "associated_name", - "associated_type", - "enforcement_mode", - "status", - "policy_version", - "policy_version_object_id", - "deployed_on" + "signature_id", + "name", + "attack_type" ], + "properties": { + "name": { + "type": "string" + }, + "signature_id": { + "type": "integer" + }, + "attack_type": { + "type": "string" + } + } + }, + "NapSignature": { + "description": "Detail information for NGINX App Protect signatures. Note: `description` is omitted for list operation.\n", "allOf": [ { - "$ref": "#/components/schemas/NapPolicyVersionDeployment" + "$ref": "#/components/schemas/NapSignatureMeta" }, { "type": "object", "required": [ - "enforcement_mode", - "policy_version", - "policy_version_object_id" + "signature_type", + "risk", + "accuracy", + "has_cve", + "modified_at", + "systems" ], "properties": { - "enforcement_mode": { - "$ref": "#/components/schemas/NapPolicyEnforcementMode" + "accuracy": { + "default": "low", + "enum": [ + "high", + "low", + "medium" + ], + "x-enum-varnames": [ + "nap_signature_accuracy_high", + "nap_signature_accuracy_low", + "nap_signature_accuracy_medium" + ], + "type": "string" }, - "policy_version": { - "description": "The version associated with the NGINX App Protect policy.", + "description": { + "type": "string" + }, + "has_cve": { + "default": false, + "type": "boolean" + }, + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the signature was last modified." + }, + "references": { + "items": { + "required": [ + "type", + "value" + ], + "properties": { + "type": { + "default": "nessus", + "enum": [ + "bugtraq", + "cve", + "nessus", + "url" + ], + "x-enum-varnames": [ + "nap_signature_references_type_bugtrag", + "nap_signature_references_type_cve", + "nap_signature_references_type_nessus", + "nap_signature_references_type_url" + ], + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "risk": { + "default": "low", + "enum": [ + "high", + "low", + "medium" + ], + "x-enum-varnames": [ + "nap_signature_risk_high", + "nap_signature_risk_low", + "nap_signature_risk_medium" + ], "type": "string" }, - "policy_version_object_id": { - "$ref": "#/components/schemas/NapPolicyVersionObjectID" + "signature_type": { + "default": "request", + "enum": [ + "request", + "response" + ], + "type": "string", + "x-enum-varnames": [ + "nap_signature_signature_type_request", + "nap_signature_signature_type_response" + ] + }, + "systems": { + "items": { + "type": "string" + }, + "type": "array" } } } ], "example": { - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "deployed_on": "2023-12-06T22:37:24.120114Z", - "enforcement_mode": "blocking", - "policy_version": "2023-12-06 22:37:24", - "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw" + "signature_id": 123456789, + "name": "Example Signature", + "description": "This is an example signature.", + "signature_type": "request", + "attack_type": "SQL Injection", + "risk": "high", + "accuracy": "medium", + "has_cve": true, + "modified_at": "2023-10-01T12:00:00Z", + "references": [ + { + "type": "cve", + "value": "CVE-2023-12345" + } + ], + "systems": [ + "System A" + ] } }, - "NapPolicyDeploymentDetails": { + "NapSignatureSet": { "type": "object", "required": [ - "publication_object_id", - "associated_object_id", - "associated_name", - "associated_type", - "enforcement_mode", - "status", - "policy_version", - "policy_version_object_id", - "deployed_on", - "threat_campaign_version", - "attack_signature_version", - "bot_signature_version" + "object_id", + "name", + "type", + "category", + "signature_count", + "accuracy", + "default_alarm", + "default_block", + "default_learn", + "systems", + "modified_at" ], - "allOf": [ - { - "$ref": "#/components/schemas/NapPolicyDeployment" + "properties": { + "object_id": { + "$ref": "#/components/schemas/NapSignatureSetObjectID" }, - { - "type": "object", - "properties": { - "threat_campaign_version": { - "$ref": "#/components/schemas/NapSignatureVersion" - }, - "attack_signature_version": { - "$ref": "#/components/schemas/NapSignatureVersion" - }, - "bot_signature_version": { - "$ref": "#/components/schemas/NapSignatureVersion" - } + "name": { + "type": "string" + }, + "accuracy": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "low", + "medium", + "high" + ], + "x-enum-varnames": [ + "nap_signature_set_accuracy_low", + "nap_signature_set_accuracy_medium", + "nap_signature_set_accuracy_high" + ] } - } - ], - "example": { - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "policy_version": "2023-12-06 22:37:24", - "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw", - "deployed_on": "2023-12-06T22:37:24.120114Z", - "enforcement_mode": "blocking", - "threat_campaign_version": "2023.12.06", - "attack_signature_version": "2023.12.06", - "bot_signature_version": "2023.12.06" - } - }, - "NapPolicyDeploymentsListResponse": { - "description": "List of all NGINX App Protect deployments.", - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" }, - { - "type": "object", - "required": [ - "items" + "signature_count": { + "type": "integer" + }, + "category": { + "enum": [ + "User-defined", + "Basic", + "Attack Type Specific" + ], + "x-enum-varnames": [ + "nap_signature_set_category_user_defined", + "nap_signature_set_category_basic", + "nap_signature_set_category_attack_type_specific" ], + "type": "string" + }, + "default_alarm": { + "default": true, + "type": "boolean" + }, + "default_block": { + "default": true, + "type": "boolean" + }, + "default_learn": { + "default": true, + "type": "boolean" + }, + "filter": { "properties": { - "items": { - "description": "An array of NGINX App Protect deployments.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NapPolicyDeploymentDetails" - } + "accuracy_filter": { + "default": "ge", + "enum": [ + "all", + "eq", + "ge", + "le" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_accuracy_filter_all", + "nap_signature_set_filter_accuracy_filter_eq", + "nap_signature_set_filter_accuracy_filter_ge", + "nap_signature_set_filter_accuracy_filter_le" + ], + "type": "string" + }, + "accuracy_value": { + "default": "all", + "enum": [ + "all", + "high", + "low", + "medium" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_accuracy_value_all", + "nap_signature_set_filter_accuracy_value_high", + "nap_signature_set_filter_accuracy_value_low", + "nap_signature_set_filter_accuracy_value_medium" + ], + "type": "string" + }, + "attack_type": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "has_cve": { + "default": "all", + "enum": [ + "all", + "no", + "yes" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_have_cve_all", + "nap_signature_set_filter_have_cve_no", + "nap_signature_set_filter_have_cve_yes" + ], + "type": "string" + }, + "modified_at_filter": { + "default": "all", + "enum": [ + "after", + "all", + "before" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_modified_at_filter_after", + "nap_signature_set_filter_modified_at_filter_all", + "nap_signature_set_filter_modified_at_filter_before" + ], + "type": "string" + }, + "modified_at_value": { + "default": "1970-01-01", + "type": "string" + }, + "risk_filter": { + "default": "eq", + "enum": [ + "all", + "eq", + "ge", + "le" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_risk_filter_all", + "nap_signature_set_filter_risk_filter_eq", + "nap_signature_set_filter_risk_filter_ge", + "nap_signature_set_filter_risk_filter_le" + ], + "type": "string" + }, + "risk_value": { + "default": "low", + "enum": [ + "all", + "high", + "low", + "medium" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_risk_value_all", + "nap_signature_set_filter_risk_value_high", + "nap_signature_set_filter_risk_value_low", + "nap_signature_set_filter_risk_value_medium" + ], + "type": "string" + }, + "signature_type": { + "default": "request", + "enum": [ + "all", + "request", + "response" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_signature_type_all", + "nap_signature_set_filter_signature_type_request", + "nap_signature_set_filter_signature_type_response" + ], + "type": "string" + }, + "user_defined_filter": { + "default": "all", + "enum": [ + "all", + "no", + "yes" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_user_defined_filter_all", + "nap_signature_set_filter_user_defined_filter_no", + "nap_signature_set_filter_user_defined_filter_yes" + ], + "type": "string" } }, - "example": { - "items": [ - { - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "policy_version": "2023-12-06 22:37:24", - "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw", - "deployed_on": "2023-12-06T22:37:24.120114Z", - "enforcement_mode": "blocking", - "threat_campaign_version": "2023.12.06", - "attack_signature_version": "2023.12.06", - "bot_signature_version": "2023.12.06" - } - ] - } - } - ] - }, - "NapPolicyVersionMetadata": { - "type": "object", - "description": "Summary information about the specific NGINX App Protect policy version.", - "required": [ - "object_id", - "version", - "enforcement_mode", - "created_at" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/NapPolicyVersionObjectID" - }, - "version": { - "$ref": "#/components/schemas/NapSignatureVersion" - }, - "enforcement_mode": { - "$ref": "#/components/schemas/NapPolicyEnforcementMode" + "type": "object" }, - "created_at": { - "description": "The date and time when the NGINX App Protect policy version was created.", + "modified_at": { "type": "string", - "format": "date-time" - } - } - }, - "NapPolicyVersionDetails": { - "description": "Detailed information about NGINX App Protect policy version.", - "type": "object", - "required": [ - "policy", - "object_id", - "version", - "enforcement_mode", - "created_at" - ], - "allOf": [ - { - "$ref": "#/components/schemas/NapPolicyVersionMetadata" - }, - { - "$ref": "#/components/schemas/NapPolicy" - }, - { - "$ref": "#/components/schemas/NapPolicyVersionDeployments" - } - ] - }, - "NapPolicyVersionObject": { - "description": "Summary information about NGINX App Protect policy version.", - "allOf": [ - { - "$ref": "#/components/schemas/NapPolicyVersionMetadata" + "format": "date-time", + "description": "The date and time when the signature-set was last modified." }, - { - "$ref": "#/components/schemas/NapPolicyVersionDeployments" + "systems": { + "items": { + "type": "string" + }, + "type": "array" }, - { - "type": "object", - "required": [ - "latest" + "type": { + "default": "filter-based", + "enum": [ + "filter-based", + "manual" ], - "properties": { - "latest": { - "description": "Indicates whether the NGINX App Protect policy version is latest. Default (`false`) returns the current policy. \nWhen set to `true`, returns the latest policy.\n", - "type": "boolean", - "default": false - } - } - } - ] - }, - "NapPolicyVersionsListResponse": { - "description": "List of all NGINX App Protect versions.", - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" - }, - { - "type": "object", - "required": [ - "items" + "x-enum-varnames": [ + "nap_signature_set_type_filter_based", + "nap_signature_set_type_manual" ], - "properties": { - "items": { - "description": "An array of NGINX App Protect version objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NapPolicyVersionObject" - } - } - }, - "example": { - "items": [ - { - "version": "2023-12-06 22:37:24", - "object_id": "pv_-uvR3F2TQGm18jnl7bpaGw", - "created_at": "2023-12-06T22:37:24.120114Z", - "enforcement_mode": "blocking", - "latest": false - } - ] - } + "type": "string" } - ] + }, + "example": { + "default_block": true, + "default_learn": true, + "signature_count": 0, + "filter": { + "accuracy_value": "all", + "accuracy_filter": "all", + "attack_type": { + "name": "XML External Entities (XXE)" + }, + "risk_filter": "all", + "has_cve": "all", + "user_defined_filter": "all", + "risk_value": "all", + "modified_at_filter": "all", + "signature_type": "request" + }, + "assign_to_policy_by_default": false, + "default_alarm": true, + "accuracy": [], + "type": "filter-based", + "name": "XML External Entities (XXE) Signatures", + "object_id": "sigset_-ZMshmi83MBL97dr5d0a9w", + "category": "User-defined", + "modified_at": "2023-08-10T16:59:15Z", + "systems": [] + } }, - "NapLogProfileListResponse": { + "NapSignatureListResponse": { "allOf": [ { "$ref": "#/components/schemas/PaginationResponse" @@ -10498,58 +12191,17 @@ ], "properties": { "items": { - "description": "An array of NGINX App Protect log profiles.", + "description": "An array of NGINX App Protect signatures.", "type": "array", "items": { - "$ref": "#/components/schemas/NapLogProfileMetadata" + "$ref": "#/components/schemas/NapSignature" } } } } ] }, - "NapLogProfileGetResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/NapLogProfileMetadata" - }, - { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "description": "The NGINX App Protect log profile configuration.", - "type": "string" - } - } - } - ] - }, - "NapLogProfileMetadata": { - "type": "object", - "required": [ - "name", - "object_id" - ], - "properties": { - "name": { - "type": "string", - "description": "The name of the NGINX App Protect log profile." - }, - "object_id": { - "$ref": "#/components/schemas/NapLogProfileObjectID" - }, - "description": { - "description": "Optional field to describe the NGINX App Protect log profile.", - "type": "string", - "minLength": 5, - "maxLength": 256 - } - } - }, - "NapGlobalSettingsListResponse": { + "NapSignatureSetListResponse": { "allOf": [ { "$ref": "#/components/schemas/PaginationResponse" @@ -10561,491 +12213,419 @@ ], "properties": { "items": { - "description": "An array of NGINX App Protect global settings.", + "description": "An array of NGINX App Protect signature sets.", "type": "array", "items": { - "$ref": "#/components/schemas/NapGlobalSettingMetadata" + "$ref": "#/components/schemas/NapSignatureSet" } } } } ] }, - "NapGlobalSettingGetResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/NapGlobalSettingMetadata" - }, - { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "description": "The NGINX App Protect global setting configuration.", - "type": "string" - } - } - } - ] - }, - "NapGlobalSettingMetadata": { - "type": "object", - "required": [ + "FilterNameNapPolicy": { + "type": "string", + "description": "Keywords for NGINX App Protect policy filters.\nWhen filtering on `enforcement_mode`, only the following `filter_values` are supported:\n * blocking\n * transparent\nWhen filtering on `object_id`, both NAP Policy and NAP Policy version object id prefixes are supported.\n", + "enum": [ "name", - "object_id" + "enforcement_mode", + "object_id", + "deployment_enforcement_mode", + "deployment_status" ], - "properties": { - "name": { - "type": "string", - "description": "The name of the NGINX App Protect global setting object." - }, - "description": { - "description": "Optional field to describe the NGINX App Protect global setting object.", - "type": "string", - "minLength": 5, - "maxLength": 256 - }, - "object_id": { - "$ref": "#/components/schemas/NapGlobalSettingObjectID" - } - } + "x-enum-varnames": [ + "filter_name_nap_policy_name", + "filter_name_nap_policy_enforcement_mode", + "filter_name_nap_policy_object_id", + "filter_name_nap_policy_deployment_enforcement_mode", + "filter_name_nap_policy_deployment_status" + ] }, - "NapPolicyBulkRequest": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NapPolicyBulkRequestData" - }, - "minItems": 1, - "maxItems": 50, - "example": [ - { - "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" - }, - { - "object_id": "pol_PL0c1XodRemmzVEjiXSsTg", - "action": "delete" - } + "FilterNameNapPolicyDeployment": { + "type": "string", + "description": "Keywords for NGINX App Protect deployment filters.\nWhen filtering on `type`, only the following `filter_values` are supported:\n * instance\n * config_sync_group\nWhen filtering on `status`, only the following `filter_values` are supported:\n * deployed\n * deploying\n * failed\n", + "enum": [ + "name", + "type", + "policy_version", + "status", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_nap_deployment_name", + "filter_name_nap_deployment_type", + "filter_name_nap_deployment_policy_version", + "filter_name_nap_deployment_status", + "filter_name_nap_deployment_object_id" ] }, - "NapPolicyBulkRequestData": { - "type": "object", - "description": "Part of bulk operation on a Nap policy, only `delete` is supported.", - "required": [ - "action", + "FilterNameNapPolicyVersion": { + "type": "string", + "description": "Keywords for NGINX App Protect policy version filters.\nWhen filtering on `deployment_status`, only the following `filter_values` are supported:\n * deployed\n * not_deployed\n * deploying\n * failed\nWhen filtering on `enforcement_mode`, only the following `filter_values` are supported:\n * blocking\n * transparent\n", + "enum": [ + "deployment_status", + "enforcement_mode", "object_id" ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/NapPolicyObjectID" - }, - "action": { - "$ref": "#/components/schemas/BulkRequestAction" - } - }, - "example": { - "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" + "x-enum-varnames": [ + "filter_name_nap_policy_version_deployment_status", + "filter_name_nap_policy_version_enforcement_mode", + "filter_name_nap_policy_version_object_id" + ] + }, + "NapLogProfileObjectID": { + "description": "A globally unique identifier for the App Protect log profile.", + "type": "string", + "format": "object_id", + "pattern": "^lp_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "NapBulkResponse": { - "description": "The Nap policy bulk outcome.", - "type": "array", - "items": { - "$ref": "#/components/schemas/BulkRequestObjectStatus" + "NapGlobalSettingObjectID": { + "description": "A globally unique identifier for the App Protect global settings object.", + "type": "string", + "format": "object_id", + "pattern": "^gs_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "NapSignatureMeta": { + "TemplateName": { + "type": "string", + "description": "The name of the template.\nMust be suitable for use as a file name and as an NGINX configuration include.\nOnly alphanumeric characters, underscores, dashes, and dots are allowed.\nNo spaces, slashes, or special characters.\n", + "minLength": 1, + "maxLength": 255, + "pattern": "^[a-zA-Z0-9][a-zA-Z0-9_.-]*$", + "example": "reverse-proxy" + }, + "TemplateObjectID": { + "description": "A globally unique identifier for template.", + "type": "string", + "format": "object_id", + "pattern": "^tmpl_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + }, + "example": "tmpl_-uvR3F2TQGm18jnl7bpaGw" + }, + "TemplateType": { + "type": "string", + "description": "The type of the template.\n- `base`: A base template that defines the structure of an NGINX configuration.\n- `augment`: An augment template that extends or modifies an existing NGINX configuration defined by a base template.\n", + "enum": [ + "base", + "augment" + ], + "x-enum-varnames": [ + "template_type_base", + "template_type_augment" + ], + "example": "base" + }, + "TemplateContextPath": { + "type": "string", + "description": "Specifies the full hierarchical context path within the NGINX configuration, using '/' as a separator.\n* \"main\": Refers to the top-level context of the NGINX configuration.\n* \"http\": Indicates the `http` block within the main context.\n* \"http/server\": Indicates the `server` block within the `http` context.\n* \"http/server/location\": Indicates the `location` block within the `server` context of the `http` block.\n* \"http/upstream\": Indicates the `upstream` block within the `http` context.\n* \"stream\": Indicates the `stream` block within the main context.\n* \"stream/server\": Indicates the `server` block within the `stream` context.\n* \"stream/upstream\": Indicates the `upstream` block within the `stream` context.\n", + "enum": [ + "main", + "http", + "http/server", + "http/server/location", + "http/upstream", + "stream", + "stream/server", + "stream/upstream" + ], + "x-enum-varnames": [ + "template_context_path_main", + "template_context_path_http", + "template_context_path_http_server", + "template_context_path_http_server_location", + "template_context_path_http_upstream", + "template_context_path_stream", + "template_context_path_stream_server", + "template_context_path_stream_upstream" + ], + "example": "http/server/location" + }, + "TemplateImportRequest": { + "type": "object", + "description": "A request to import a template into the system. This can be either a *base template* or an *augment template*,\nas determined by the `type` field in the request body.\n\nBase templates define the structure of an NGINX configuration and may include hook points\nfor augment templates using custom Go template functions.\n\nAugment templates are reusable configuration snippets that can be applied to specific NGINX contexts\nwithin a base template, such as `http`, `http/server`, `stream` or `stream/server`.\n\nNginx One supports custom Go template functions for advanced configuration generation.\nSee [Template Functions](https://yourdocs.com/templates/functions) for a complete list of supported functions.\n", "required": [ - "signature_id", "name", - "attack_type" + "file", + "type" ], "properties": { "name": { - "type": "string" + "$ref": "#/components/schemas/TemplateName" }, - "signature_id": { - "type": "integer" + "file": { + "type": "string", + "description": "A .tar.gz archive containing a template and any necessary supporting files for generating an NGINX configuration.\n\nThe archive must include the following at its root:\n- A template file (e.g., reverse_proxy_base.tmpl) written in valid Go template syntax for NGINX.\n- If the template uses input variables, a schema file is also required. This file defines and validates the expected input data.\n- The schema file could be a JSON schema or YAML (e.g., schema.json, schema.yaml).\n\nFile structure:\n├── reverse_proxy_base.tmpl # Required Go template file\n├── schema.json or schema.yaml # Required only if input variables are used\n", + "format": "binary", + "maxLength": 1000000, + "example": "template.tar.gz" }, - "attack_type": { - "type": "string" + "type": { + "$ref": "#/components/schemas/TemplateType" + }, + "description": { + "type": "string", + "description": "Optional human-readable description of the template." + }, + "allowed_in_contexts": { + "type": "array", + "description": "Required when type is `augment`. Specifies the full hierarchical context path(s) within the NGINX configuration where the augment template output can be placed.\n", + "items": { + "$ref": "#/components/schemas/TemplateContextPath" + } } } }, - "NapSignature": { + "TemplatesListResponse": { + "description": "List of all templates.", "allOf": [ { - "$ref": "#/components/schemas/NapSignatureMeta" + "$ref": "#/components/schemas/PaginationResponse" }, - { - "type": "object", - "required": [ - "description", - "signature_type", - "risk", - "accuracy", - "has_cve", - "modified_at", - "systems" - ], - "properties": { - "accuracy": { - "default": "low", - "enum": [ - "high", - "low", - "medium" - ], - "x-enum-varnames": [ - "nap_signature_accuracy_high", - "nap_signature_accuracy_low", - "nap_signature_accuracy_medium" - ], - "type": "string" - }, - "description": { - "type": "string" - }, - "has_cve": { - "default": false, - "type": "boolean" - }, - "modified_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the signature was last modified." - }, - "references": { - "items": { - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "default": "nessus", - "enum": [ - "bugtraq", - "cve", - "nessus", - "url" - ], - "x-enum-varnames": [ - "nap_signature_references_type_bugtrag", - "nap_signature_references_type_cve", - "nap_signature_references_type_nessus", - "nap_signature_references_type_url" - ], - "type": "string" - }, - "value": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "risk": { - "default": "low", - "enum": [ - "high", - "low", - "medium" - ], - "x-enum-varnames": [ - "nap_signature_risk_high", - "nap_signature_risk_low", - "nap_signature_risk_medium" - ], - "type": "string" - }, - "signature_type": { - "default": "request", - "enum": [ - "request", - "response" - ], - "type": "string", - "x-enum-varnames": [ - "nap_signature_signature_type_request", - "nap_signature_signature_type_response" - ] - }, - "systems": { + { + "description": "List of config templates.", + "type": "object", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of templates.", + "type": "array", "items": { - "type": "string" - }, - "type": "array" + "$ref": "#/components/schemas/TemplateSummary" + } } + }, + "example": { + "total": 101, + "count": 4, + "start_index": 1, + "items_per_page": 100, + "items": [ + { + "object_id": "tmpl_-uvR3F2TQGm18jnl7bpaGw", + "name": "reverse-proxy", + "description": "A base template for setting up a reverse proxy", + "type": "base", + "allowed_in_contexts": [], + "augment_includes": [ + "http", + "http/server", + "http/upstream", + "http/server/location", + "stream", + "stream/upstream", + "stream/server" + ], + "created_at": "2023-09-01T12:00:00Z" + }, + { + "object_id": "tmpl_-xeR3F2TQGm18jnl7bpaAw", + "name": "gzip", + "description": "Augment template for enabling gzip compression", + "type": "augment", + "allowed_in_contexts": [ + "http", + "http/server" + ], + "augment_includes": [], + "created_at": "2023-09-01T12:00:00Z" + }, + { + "object_id": "tmpl_-abR3F2TQGm18jnl7bpaXw", + "name": "rate-limiting-http", + "description": "Add rate limiting to HTTP requests", + "type": "augment", + "allowed_in_contexts": [ + "http", + "http/server" + ], + "augment_includes": [], + "created_at": "2023-09-01T12:00:00Z" + }, + { + "object_id": "tmpl_-cdR3F2TQGm18jnl7bpaZw", + "name": "limit-request", + "description": "Limit requests per second for a location", + "type": "augment", + "allowed_in_contexts": [ + "http/server/location" + ], + "augment_includes": [], + "created_at": "2023-09-01T12:00:00Z" + } + ] } } - ], - "example": { - "signature_id": 123456789, - "name": "Example Signature", - "description": "This is an example signature.", - "signature_type": "request", - "attack_type": "SQL Injection", - "risk": "high", - "accuracy": "medium", - "has_cve": true, - "modified_at": "2023-10-01T12:00:00Z", - "references": [ - { - "type": "cve", - "value": "CVE-2023-12345" - } - ], - "systems": [ - "System A" - ] - } + ] }, - "NapSignatureSet": { + "TemplateSummary": { + "description": "A summary of a template object, including its metadata, allowed contexts and augment includes.\n", "type": "object", "required": [ - "id", + "object_id", "name", - "signature_count", - "default_alarm", - "default_block", - "default_learn", - "modified_at" + "type", + "augment_includes", + "created_at" ], "properties": { - "id": { - "type": "string" + "object_id": { + "$ref": "#/components/schemas/TemplateObjectID" }, "name": { - "type": "string" - }, - "signature_count": { - "type": "integer" - }, - "assign_to_policy_by_default": { - "default": false, - "type": "boolean" - }, - "category": { - "default": "User-defined", - "type": "string" + "type": "string", + "description": "The name of the template." }, - "default_alarm": { - "default": true, - "type": "boolean" + "type": { + "$ref": "#/components/schemas/TemplateType" }, - "default_block": { - "default": true, - "type": "boolean" + "description": { + "type": "string", + "description": "A brief description of the template." }, - "default_learn": { - "default": true, - "type": "boolean" + "allowed_in_contexts": { + "type": "array", + "description": "Specifies the full hierarchical context path(s) within the NGINX configuration where this template output can be placed.\n\nFor base templates, this list is empty. Instead, refer to `augment_includes` to see where augment output can be injected within the base template.\n", + "items": { + "$ref": "#/components/schemas/TemplateContextPath" + } }, - "filter": { - "properties": { - "accuracy_filter": { - "default": "ge", - "enum": [ - "all", - "eq", - "ge", - "le" - ], - "x-enum-varnames": [ - "nap_signature_set_accuracy_filter_all", - "nap_signature_set_accuracy_filter_eq", - "nap_signature_set_accuracy_filter_ge", - "nap_signature_set_accuracy_filter_le" - ], - "type": "string" - }, - "accuracy_value": { - "default": "all", - "enum": [ - "all", - "high", - "low", - "medium" - ], - "x-enum-varnames": [ - "nap_signature_set_accuracy_value_all", - "nap_signature_set_accuracy_value_high", - "nap_signature_set_accuracy_value_low", - "nap_signature_set_accuracy_value_medium" - ], - "type": "string" - }, - "attack_type": { - "properties": { - "name": { - "type": "string" - } - }, - "type": "object" - }, - "has_cve": { - "default": "all", - "enum": [ - "all", - "no", - "yes" - ], - "x-enum-varnames": [ - "nap_signature_set_filter_have_cve_all", - "nap_signature_set_filter_have_cve_no", - "nap_signature_set_filter_have_cve_yes" - ], - "type": "string" - }, - "modified_at_filter": { - "default": "all", - "enum": [ - "after", - "all", - "before" - ], - "x-enum-varnames": [ - "nap_signature_set_filter_modified_at_filter_after", - "nap_signature_set_filter_modified_at_filter_all", - "nap_signature_set_filter_modified_at_filter_before" - ], - "type": "string" - }, - "modified_at_value": { - "default": "1970-01-01", - "type": "string" - }, - "risk_filter": { - "default": "eq", - "enum": [ - "all", - "eq", - "ge", - "le" - ], - "x-enum-varnames": [ - "nap_signature_set_filter_risk_filter_all", - "nap_signature_set_filter_risk_filter_eq", - "nap_signature_set_filter_risk_filter_ge", - "nap_signature_set_filter_risk_filter_le" - ], - "type": "string" - }, - "risk_value": { - "default": "low", - "enum": [ - "all", - "high", - "low", - "medium" - ], - "x-enum-varnames": [ - "nap_signature_set_filter_risk_value_all", - "nap_signature_set_filter_risk_value_high", - "nap_signature_set_filter_risk_value_low", - "nap_signature_set_filter_risk_value_medium" - ], - "type": "string" - }, - "signature_type": { - "default": "request", - "enum": [ - "all", - "request", - "response" - ], - "x-enum-varnames": [ - "nap_signature_set_filter_signature_type_all", - "nap_signature_set_filter_signature_type_request", - "nap_signature_set_filter_signature_type_response" - ], - "type": "string" - }, - "user_defined_filter": { - "default": "all", - "enum": [ - "all", - "no", - "yes" - ], - "x-enum-varnames": [ - "nap_signature_set_filter_user_defined_filter_all", - "nap_signature_set_filter_user_defined_filter_no", - "nap_signature_set_filter_user_defined_filter_yes" - ], - "type": "string" - } - }, - "type": "object" + "augment_includes": { + "type": "array", + "description": "Lists the explicit hierarchical context paths within the NGINX configuration where augment template output can be injected.\n\nEach entry corresponds to a location in the template where an `augment_includes` function is used, indicating a supported point for augment insertion (e.g., \"http/server\", \"stream/server\").\n", + "items": { + "$ref": "#/components/schemas/TemplateContextPath" + } }, - "modified_at": { + "created_at": { "type": "string", "format": "date-time", - "description": "The date and time when the signature-set was last modified." + "description": "The creation timestamp of the template." + } + }, + "example": { + "object_id": "tmpl_-uvR3F2TQGm18jnl7bpaGw", + "name": "reverse-proxy", + "description": "A base template for setting up a reverse proxy", + "type": "base", + "allowed_in_contexts": [], + "augment_includes": [ + "http", + "http/server", + "http/upstream", + "http/server/location" + ], + "created_at": "2023-09-01T12:00:00Z" + } + }, + "TemplateFileData": { + "type": "object", + "description": "Details about the file in the template.\n", + "required": [ + "name", + "contents", + "file_type", + "file_format", + "mime_type", + "size", + "ctime" + ], + "properties": { + "name": { + "type": "string", + "description": "The name of a file inside a template archive (.tar.gz). File names must not be absolute paths or contain directory traversal components. For safety, leading slashes or \"..\" are not allowed.\n", + "minLength": 1, + "maxLength": 255, + "pattern": "^[a-zA-Z0-9_.\\-\\/]+$", + "example": "gzip-http.tmpl" }, - "systems": { - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - } - }, - "type": "array" + "contents": { + "type": "string", + "description": "The contents of the file.\n- If `file_format` is \"plain\", this is a UTF-8 encoded string.\n- If `file_format` is \"bytes\", this is a Base64-encoded string.\n", + "maxLength": 1000000 + }, + "file_type": { + "type": "string", + "description": "The contents type of the file.\n* template: The file contains a Go template.\n* schema: The file contains a JSON or YAML schema for validating input data for the template. Optional if the template does not require input variables.\n", + "enum": [ + "template", + "schema" + ], + "x-enum-varnames": [ + "template_file_type_template", + "template_file_type_schema" + ] }, - "type": { - "default": "filter-based", + "file_format": { + "type": "string", + "description": "The encoding format of the contents in the file for transport.\n\n- `plain`: Human-readable content (plain UTF-8 string).\n- `bytes`: Base64-encoded binary content.\n", "enum": [ - "filter-based", - "manual" + "plain", + "bytes" ], "x-enum-varnames": [ - "nap_signature_set_type_filter_based", - "nap_signature_set_type_manual" - ], - "type": "string" + "template_file_format_plain", + "template_file_format_bytes" + ] + }, + "mime_type": { + "type": "string", + "description": "The MIME type of the file, indicating its content type.\nFor example, `text/plain`, `application/json`, `application/gzip`.\n", + "enum": [ + "text/plain", + "application/json", + "application/yaml" + ] + }, + "size": { + "type": "integer", + "description": "The size of the file, in bytes." + }, + "ctime": { + "type": "string", + "format": "date-time", + "description": "Timestamp when the file was created." } }, "example": { - "default_block": true, - "default_learn": true, - "signature_count": 0, - "filter": { - "accuracy_value": "all", - "accuracy_filter": "all", - "attack_type": { - "name": "XML External Entities (XXE)" - }, - "risk_filter": "all", - "has_cve": "all", - "user_defined_filter": "all", - "risk_value": "all", - "modified_at_filter": "all", - "signature_type": "request" - }, - "assign_to_policy_by_default": false, - "default_alarm": true, - "type": "filter-based", - "name": "XML External Entities (XXE) Signatures", - "id": "sigset_-ZMshmi83MBL97dr5d0a9w", - "category": "User-defined", - "modified_at": "2023-08-10T16:59:15Z", - "systems": [] + "name": "nginx.tmpl", + "file_type": "template", + "file_format": "plain", + "mime_type": "text/plain", + "contents": "http {\n {{ augment_includes \"http\" . }}\n\n upstream backend {\n {{- range .upstream_servers }}\n server {{ . }};\n {{- end }}\n }\n\n server {\n listen 80;\n server_name {{ .server_name }};\n\n location / {\n proxy_pass {{ default \"http://backend\" .proxy_pass }};\n }\n }\n}", + "size": 345, + "ctime": "2023-09-01T12:00:00Z" } }, - "NapSignatureListResponse": { + "TemplateDetails": { + "description": "Detailed information about a template object including summary and file contents.", + "type": "object", + "required": [ + "object_id", + "name", + "type", + "allowed_in_contexts", + "augment_includes", + "created_at", + "items" + ], "allOf": [ { - "$ref": "#/components/schemas/PaginationResponse" + "$ref": "#/components/schemas/TemplateSummary" }, { "type": "object", @@ -11054,108 +12634,249 @@ ], "properties": { "items": { - "description": "An array of NGINX App Protect signatures.", + "description": "A list of files in the template.", "type": "array", "items": { - "$ref": "#/components/schemas/NapSignature" + "$ref": "#/components/schemas/TemplateFileData" } } } } - ] + ], + "example": { + "object_id": "tmpl_-uvR3F2TQGm18jnl7bpaGw", + "name": "reverse-proxy", + "type": "base", + "allowed_in_contexts": [], + "augment_includes": [ + "http" + ], + "created_at": "2023-09-01T12:00:00Z", + "items": [ + { + "name": "nginx.tmpl", + "file_type": "template", + "file_format": "bytes", + "mime_type": "text/plain", + "contents": "aHR0cCB7XG4gIHt7IGF1Z21lbnRfaW5jbHVkZXMgXCJodHRwXCIgLiB9fVxuXG4gdXBzdHJlYW0gYmFja2VuZCB7XG4gIC17LSByYW5nZSAudXBzdHJlYW1fc2VydmVycyB9XG4gICAgc2VydmVyIHsgLiB9O1xuICB7LSBlbmQgfVxuIH1cblxuIHNlcnZlciB7XG4gIGxpc3RlbiA4MDtcbiAgc2VydmVyX25hbWUge3sgLnNlcnZlcl9uYW1lIH19O1xuXG4gIGxvY2F0aW9uIC8ge1xuICAgIHByb3h5X3Bhc3Mge3sgZGVmYXVsdCBcImh0dHA6Ly9iYWNrZW5kXCIgLnByb3h5X3Bhc3MgfX07XG4gIH1cbn1cbiIs", + "size": 1234, + "ctime": "2023-09-01T12:00:00Z" + }, + { + "name": "schema.json", + "file_type": "schema", + "file_format": "bytes", + "mime_type": "application/json", + "contents": "ewogICIkc2NoZW1hIjogImh0dHA6Ly9qc29uLXNjaGVtYS5vcmcvZHJhZnQtMDcvc2NoZW1hIyIsCiAgInR5cGUiOiAib2JqZWN0IiwKICAicHJvcGVydGllcyI6IHsKICAgICJ1cHN0cmVhbV9zZXJ2ZXJzIjogewogICAgICAidHlwZSI6ICJhcnJheSIsCiAgICAgICJpdGVtcyI6IHsKICAgICAgICAidHlwZSI6ICJzdHJpbmciLAogICAgICAgICJmb3JtYXQiOiAiaG9zdG5hbWUiLAogICAgICAgICJwYXR0ZXJuIjogIl5bYS1aQS1aMC05Li1dKyg6WzAtOV0rKT8kIgogICAgICB9LAogICAgICAibWluSXRlbXMiOiAxCiAgICB9LAogICAgInNlcnZlcl9uYW1lIjogewogICAgICAidHlwZSI6ICJzdHJpbmciLAogICAgICAicGF0dGVybiI6ICJeW2EtWkEtWjAtOS4tXSskIgogICAgfSwKICAgICJwcm94eV9wYXNzIjogewogICAgICAidHlwZSI6ICJzdHJpbmciLAogICAgICAiZm9ybWF0IjogInVyaSIKICAgIH0KICB9LAogICJyZXF1aXJlZCI6IFsidXBzdHJlYW1fc2VydmVycyIsICJzZXJ2ZXJfbmFtZSJdLAogICJhZGRpdGlvbmFsUHJvcGVydGllcyI6IGZhbHNlCn0=", + "size": 456, + "ctime": "2023-09-01T12:00:00Z" + } + ] + } }, - "NapSignatureSetListResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" + "TemplateValuesRequest": { + "type": "object", + "description": "Key-value pairs for template rendering.", + "additionalProperties": true + }, + "TemplateSubmissionRequest": { + "type": "object", + "description": "Defines a request to render an NGINX configuration by combining a single base template \nwith zero or more augment templates.\n\n### Validations and Constraints:\n- All templates referenced by Object ID must be available in the system before submission.\n- Only one base template can be submitted.\n- The base template must explicitly use custom Go function `augment_includes (\"\", .)` to apply `augments`.\n- Its not required to include all augments in the request that base template supports.\n- The order of augments in the list determines the order in which they are rendered and applied.\n- Each augment must specify its `target_context`, indicating where it should be applied in \n the base template.\n- Input values for each template are passed independently via the `values` \n object, and validated against each template’s Schema.\n\n### Processing:\n- The `base_template` defines the starting point of the NGINX configuration rendering.\n- `conf_path` determines where the rendered configuration from base and augments should be placed within the NGINX directory structure.\n- Each `augment` template is applied in the order provided, inserted at the appropriate target context\n using the `augment_includes (\"\", .)` function declared in the base template.\n- The system validates that each augment is compatible with the specified target context.\n- The final composed configuration is validated to ensure correctness and prevent conflicts or misconfigurations.\n\n### External Template Documentation:\nFor more information on template functions and best practices, refer to:\n - [Template Function Reference](https://yourdocs.com/templates/functions)\n - [Template Authoring Guide](https://yourdocs.com/templates/guide)\n", + "required": [ + "conf_path", + "base_template", + "augments" + ], + "properties": { + "conf_path": { + "$ref": "#/components/schemas/ConfigPath" }, - { - "type": "object", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of NGINX App Protect signature sets.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NapSignatureSet" - } - } + "base_template": { + "$ref": "#/components/schemas/BaseTemplateSubmissionRequest" + }, + "augments": { + "type": "array", + "description": "Ordered list of augment templates to apply to the base template.\nAugments are rendered in the order provided.\n", + "items": { + "$ref": "#/components/schemas/AugmentTemplateSubmissionRequest" } } - ] + }, + "example": { + "conf_path": "/etc/nginx/nginx.conf", + "base_template": { + "object_id": "tmpl_-uvR3F2TQGm18jnl7bpaGw", + "values": { + "upstream_servers": [ + "10.0.0.1:8080", + "10.0.0.2:8080" + ], + "server_name": "example.com" + } + }, + "augments": [ + { + "object_id": "tmpl_-uvR3F2TQGm18jnl7bpaGw", + "target_context": "http/upstream", + "values": { + "upstream_servers": [ + "10.0.0.1:8080", + "10.0.0.2:8080" + ], + "server_name": "example.com" + } + }, + { + "object_id": "tmpl_-xeR3F2TQGm18jnl7bpaAw", + "target_context": "http", + "values": { + "enabled": "on", + "types": "text/plain application/json" + } + }, + { + "object_id": "tmpl_-abR3F2TQGm18jnl7bpaXw", + "target_context": "http", + "values": { + "zone_name": "req_limit", + "memory": "10m", + "rate": "10r/s" + } + }, + { + "object_id": "tmpl_-cdR3F2TQGm18jnl7bpaZw", + "target_context": "http/server", + "values": { + "zone_name": "req_limit", + "burst": 5 + }, + "child_augments": [ + { + "object_id": "tmpl_-cdR3F2TQGm18jnl7bpaZw", + "target_context": "http/server/location", + "values": { + "zone_name": "req_limit", + "burst": 5 + } + } + ] + } + ] + } }, - "FilterNameNapPolicy": { - "type": "string", - "description": "Keywords for NGINX App Protect policy filters.\nWhen filtering on `enforcement_mode`, only the following `filter_values` are supported:\n * blocking\n * transparent\nWhen filtering on `object_id`, both NAP Policy and NAP Policy version object id prefixes are supported.\n", - "enum": [ - "name", - "enforcement_mode", + "BaseTemplateSubmissionRequest": { + "type": "object", + "required": [ "object_id", - "deployment_enforcement_mode", - "deployment_status" + "values" ], - "x-enum-varnames": [ - "filter_name_nap_policy_name", - "filter_name_nap_policy_enforcement_mode", - "filter_name_nap_policy_object_id", - "filter_name_nap_policy_deployment_enforcement_mode", - "filter_name_nap_policy_deployment_status" - ] + "properties": { + "object_id": { + "$ref": "#/components/schemas/TemplateObjectID" + }, + "values": { + "$ref": "#/components/schemas/TemplateValuesRequest" + } + }, + "example": { + "object_id": "tmpl_-uvR3F2TQGm18jnl7bpaGw", + "values": { + "upstream_servers": [ + "10.0.0.1:8080", + "10.0.0.2:8080" + ], + "server_name": "example.com" + } + } }, - "FilterNameNapPolicyDeployment": { - "type": "string", - "description": "Keywords for NGINX App Protect deployment filters.\nWhen filtering on `type`, only the following `filter_values` are supported:\n * instance\n * config_sync_group\nWhen filtering on `status`, only the following `filter_values` are supported:\n * deployed\n * deploying\n * failed\n", - "enum": [ - "name", - "type", - "policy_version", - "status", - "object_id" + "AugmentTemplateSubmissionRequest": { + "type": "object", + "description": "Defines a request to apply an augment template to a specific target context within the base template.\n\nThis extends the `BaseTemplateSubmissionRequest`. Additionally adding,\n- `target_context`: Specifies the context within the base template where this augment should be applied.\n- `child_augments`: Optionally, an ordered list of nested augment templates to apply as children of this template.\n", + "required": [ + "object_id", + "target_context" ], - "x-enum-varnames": [ - "filter_name_nap_deployment_name", - "filter_name_nap_deployment_type", - "filter_name_nap_deployment_policy_version", - "filter_name_nap_deployment_status", - "filter_name_nap_deployment_object_id" - ] + "properties": { + "object_id": { + "$ref": "#/components/schemas/TemplateObjectID" + }, + "values": { + "$ref": "#/components/schemas/TemplateValuesRequest" + }, + "target_context": { + "$ref": "#/components/schemas/TemplateContextPath" + }, + "child_augments": { + "type": "array", + "description": "Ordered list of nested augment templates to apply as children of this template.\n", + "items": { + "$ref": "#/components/schemas/AugmentTemplateSubmissionRequest" + } + } + }, + "example": { + "object_id": "tmpl_-xeR3F2TQGm18jnl7bpaAw", + "target_context": "http/server", + "values": { + "enabled": "on", + "types": "text/plain application/json" + }, + "child_augments": [ + { + "object_id": "tmpl_-cdR3F2TQGm18jnl7bpaZw", + "target_context": "http/server/location", + "values": { + "zone_name": "req_limit", + "burst": 5 + } + } + ] + } }, - "FilterNameNapPolicyVersion": { - "type": "string", - "description": "Keywords for NGINX App Protect policy version filters.\nWhen filtering on `deployment_status`, only the following `filter_values` are supported:\n * deployed\n * not_deployed\n * deploying\n * failed\nWhen filtering on `enforcement_mode`, only the following `filter_values` are supported:\n * blocking\n * transparent\n", - "enum": [ - "deployment_status", - "enforcement_mode", - "object_id" + "PreviewNginxConfig": { + "type": "object", + "description": "The rendered NGINX configuration preview, along with any errors encountered during rendering.\n", + "required": [ + "config" ], - "x-enum-varnames": [ - "filter_name_nap_policy_version_deployment_status", - "filter_name_nap_policy_version_enforcement_mode", - "filter_name_nap_policy_version_object_id" - ] - }, - "NapLogProfileObjectID": { - "description": "A globally unique identifier for the App Protect log profile.", - "type": "string", - "format": "object_id", - "pattern": "^lp_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + "properties": { + "config": { + "$ref": "#/components/schemas/NginxConfigObject" + }, + "errors": { + "type": "array", + "description": "List of NGINX config parse errors encountered during rendering.", + "items": { + "$ref": "#/components/schemas/NginxConfigParseError" + } + } } }, - "NapGlobalSettingObjectID": { - "description": "A globally unique identifier for the App Protect global settings object.", - "type": "string", - "format": "object_id", - "pattern": "^gs_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + "NginxConfigParseError": { + "type": "object", + "description": "Details about an error encountered during NGINX configuration rendering.", + "required": [ + "file", + "error" + ], + "properties": { + "file": { + "type": "string", + "description": "The name of the file where the error occurred." + }, + "line": { + "type": "integer", + "description": "The line number in the file where the error occurred." + }, + "error": { + "type": "string", + "description": "A human-readable error message describing the issue." + } + }, + "example": { + "file": "nginx.conf", + "line": 1, + "error": "\"upstream\" directive is not allowed here in /etc/nginx/nginx.conf:1" } } }, @@ -11258,6 +12979,25 @@ } ] } + }, + "TemplateBaseSummary": { + "value": { + "name": "reverse_proxy", + "file": "reverse-proxy.tar.gz", + "type": "base", + "description": "A base template for setting up a reverse proxy" + } + }, + "TemplateAugmentSummary": { + "value": { + "name": "http_rate_limit", + "file": "http-rate-limit.tar.gz", + "type": "augment", + "description": "Augment template for defining rate limit settings in HTTP context", + "allowed_in_contexts": [ + "http" + ] + } } }, "responses": { @@ -11346,6 +13086,12 @@ "tags": [ "NGINX App Protect" ] + }, + { + "name": "NGINX One Templates", + "tags": [ + "Templates" + ] } ] } \ No newline at end of file