From 2a01b78ad6b5d91e6e85f5afe95bc4178c08b993 Mon Sep 17 00:00:00 2001 From: Mike Jang <3287976+mjang@users.noreply.github.com> Date: Thu, 27 Feb 2025 13:35:08 -0800 Subject: [PATCH] test only --- static/nginx-one/api/one.json | 8547 +++++++++++++++++++++------------ 1 file changed, 5469 insertions(+), 3078 deletions(-) diff --git a/static/nginx-one/api/one.json b/static/nginx-one/api/one.json index 2b55cbb22..3cde2ba77 100644 --- a/static/nginx-one/api/one.json +++ b/static/nginx-one/api/one.json @@ -18,6 +18,14 @@ "default": "tenant-example" } } + }, + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + } } ], "tags": [ @@ -53,13 +61,17 @@ }, { "name": "Metrics", - "description": "Get system metrics for your NGINX data plane instances. These metrics are collected by the NGINX Agent and reported to NGINX One.\n", "x-displayName": "Metrics" }, { "name": "Settings", "description": "Configuration option for different aspect of NGINX One service.\nYou can set NGINX Instance cleanup preferences.\n", "x-displayName": "Settings" + }, + { + "name": "NGINX App Protect", + "description": "Manage and publish security policies on your NGINX data plane instances.\n", + "x-displayName": "NGINX App Protect" } ], "paths": { @@ -3137,36 +3149,32 @@ } } }, - "/monitor/metrics_query": { + "/monitor/metrics_query_topx": { "post": { "tags": [ "Metrics" ], - "summary": "Retrieve system metrics for instances", - "operationId": "queryMetricsInput", - "description": "Returns (up to 10,000) system metrics for NGINX instances based on query parameters.\n\nYou can filter metrics by name and timestamp, aggregate metrics over a configurable period of time, and group metrics by dimension.\n", + "summary": "Retrieve system metrics for instances with series limit", + "operationId": "queryMetricsInputTopX", + "description": "Returns (up to 10,000) system metrics for NGINX instances with series limit based on query parameters.\n\nYou can filter metrics by name and timestamp, aggregate metrics over a configurable period of time, and group metrics by dimension.\n", "requestBody": { "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/MetricQueryRequest" + "$ref": "#/components/schemas/MetricTopXQueryRequest" }, "example": { "start_time": "now-1h", "end_time": "now", - "resolution": "5m", + "resolution": "1m", "metrics": [ { - "name": "nginx.http.requests", - "aggregate": "sum" + "aggregate": "sum", + "name": "nginx.http.requests" } ], - "order_by": [ - { - "direction": "asc", - "dimension": "instance_object_id" - } - ] + "series_limit": 1, + "group_series_by": "instance_object_id" } } } @@ -3215,49 +3223,91 @@ } } }, - "/monitor/metrics_query_topx": { - "post": { + "/settings/instance-cleanup": { + "get": { "tags": [ - "Metrics" + "Settings" ], - "summary": "Retrieve system metrics for instances with series limit", - "operationId": "queryMetricsInputTopX", - "description": "Returns (up to 10,000) system metrics for NGINX instances with series limit based on query parameters.\n\nYou can filter metrics by name and timestamp, aggregate metrics over a configurable period of time, and group metrics by dimension.\n", + "summary": "Retrieve settings", + "description": "Retrieves settings for NGINX Instance cleanup\n", + "operationId": "getSettingInstanceCleanup", + "responses": { + "200": { + "description": "Successfully retrieved the setting for NGINX Instance cleanup.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SettingsInstanceCleanup" + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + }, + "put": { + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX Instance Cleanup Setting", + "tags": [ + "Settings" + ], + "summary": "Update settings", + "description": "Update settings for NGINX Instance cleanup\n", + "operationId": "updateSettingInstanceCleanup", "requestBody": { + "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/MetricTopXQueryRequest" - }, - "example": { - "start_time": "now-1h", - "end_time": "now", - "resolution": "1m", - "metrics": [ - { - "aggregate": "sum", - "name": "nginx.http.requests" - } - ], - "series_limit": 1, - "group_series_by": "instance_object_id" + "$ref": "#/components/schemas/SettingsInstanceCleanup" } } } }, "responses": { "200": { - "description": "Successfully retrieved system metrics.", + "description": "Successfully updated settings for NGINX Instance cleanup.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/MetricQueryResultEx" + "$ref": "#/components/schemas/SettingsInstanceCleanup" } } } }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/app-protect/attack-signature/versions": { + "get": { + "x-feature-flag": "nap-waf", + "tags": [ + "NGINX App Protect" + ], + "summary": "List Attack Signature versions.", + "description": "Returns Attack Signature versions.", + "operationId": "listAttackSignatureVersions", + "responses": { + "200": { + "description": "Successfully returned Attack Signature versions.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AttackSignatureVersionsListResponse" + } + } + } + }, + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -3266,8 +3316,41 @@ } } }, - "404": { - "description": "The requested metric resource was not found. Check that the resource name provided is correct and corresponds to an existing resource.", + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/bot-signature/versions": { + "get": { + "x-feature-flag": "nap-waf", + "tags": [ + "NGINX App Protect" + ], + "summary": "List Bot Signature versions.", + "description": "Returns Bot Signature versions.", + "operationId": "listBotSignatureVersions", + "responses": { + "200": { + "description": "Successfully returned Bot Signature versions.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/BotSignatureVersionsListResponse" + } + } + } + }, + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -3289,217 +3372,1791 @@ } } }, - "/settings/instance-cleanup": { + "/app-protect/global-settings": { "get": { + "x-feature-flag": "nap-waf", "tags": [ - "Settings" + "NGINX App Protect" + ], + "summary": "List NGINX App Protect global settings objects.", + "description": "Returns NGINX App Protect global settings objects.", + "operationId": "listNapGlobalSettings", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameNapGlobalSettings" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldNapGlobalSettings" + } ], - "summary": "Retrieve settings", - "description": "Retrieves settings for NGINX Instance cleanup\n", - "operationId": "getSettingInstanceCleanup", "responses": { "200": { - "description": "Successfully retrieved the setting for NGINX Instance cleanup.", + "description": "Successfully returned NGINX App Protect global settings.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/SettingsInstanceCleanup" + "$ref": "#/components/schemas/NapGlobalSettingsListResponse" } } } }, - "400": { - "$ref": "#/components/responses/InvalidRequest" + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } }, "500": { - "$ref": "#/components/responses/InternalServerErr" + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } } } }, - "put": { - "x-nginx-one-action": "update", - "x-nginx-one-entity": "NGINX Instance Cleanup Setting", + "post": { + "x-feature-flag": "nap-waf", "tags": [ - "Settings" + "NGINX App Protect" ], - "summary": "Update settings", - "description": "Update settings for NGINX Instance cleanup\n", - "operationId": "updateSettingInstanceCleanup", + "summary": "Create NGINX App Protect global settings object.", + "description": "Creates NGINX App Protect global settings object.", + "operationId": "createNapGlobalSettings", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/SettingsInstanceCleanup" + "$ref": "#/components/schemas/NapLogProfileCreateRequest" } } } }, "responses": { - "200": { - "description": "Successfully updated settings for NGINX Instance cleanup.", + "201": { + "description": "Successfully created NGINX App Protect global settings object." + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/SettingsInstanceCleanup" + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" } } } }, "500": { - "$ref": "#/components/responses/InternalServerErr" + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } } } } - } - }, - "components": { - "parameters": { - "Paginated": { - "name": "paginated", - "in": "query", - "schema": { - "type": "boolean", - "default": true - }, - "description": "A boolean indicating if the results should be presented as a paginated list. Defaults to `true`. \nWhen set to `false`, the results are returned as a condensed, non-paginated list.\n", - "required": false - }, - "Limit": { - "name": "limit", - "in": "query", - "schema": { - "type": "integer", - "minimum": 0 - }, - "description": "An integer that specifies the maximum number of items to be returned. \nSetting this to `0` will result in no items being returned, but a total count will still be provided. \nThis parameter is not applicable if `paginated` is `false`.\n", - "required": false - }, - "Offset": { - "name": "offset", - "in": "query", - "schema": { - "type": "integer", - "minimum": 1 - }, - "description": "An integer that specifies the starting position of the results, starting at `1`.\nThis parameter is not applicable if `paginated` is `false`.\n" - }, - "FilterFieldDataPlaneKeys": { - "name": "filter_fields", - "in": "query", - "description": "Filter options for data plane keys; used in conjunction with other filter parameters having the same array length.\n\nWhen filtering on `status`, only the following `filter_values` are supported:\n * revoked\n * expired\n * valid\n", + }, + "/app-protect/global-settings/{nap_global_settings_object_id}": { + "delete": { + "x-feature-flag": "nap-waf", + "tags": [ + "NGINX App Protect" + ], + "summary": "Delete NGINX App Protect global settings object.", + "description": "Deletes NGINX App Protect global settings object.", + "operationId": "deleteNapGlobalSettings", + "parameters": [ + { + "$ref": "#/components/parameters/NapGlobalSettingsParamObjectID" + } + ], + "responses": { + "204": { + "description": "Successfully deleted NGINX App Protect global settings object." + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect global settings object with the specified nap_global_settings_object_id was not found. Check that the nap_global_settings_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, + "get": { + "x-feature-flag": "nap-waf", + "tags": [ + "NGINX App Protect" + ], + "summary": "Get NGINX App Protect global settings details.", + "description": "Returns the NGINX App Protect global settings details.", + "operationId": "getNapGlobalSettings", + "parameters": [ + { + "$ref": "#/components/parameters/NapGlobalSettingsParamObjectID" + } + ], + "responses": { + "200": { + "description": "Successfully returned NGINX App Protect global settings details.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapGlobalSettingsResponse" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect global settings object with the specified nap_global_settings_object_id was not found. Check that the nap_global_settings_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, + "put": { + "x-feature-flag": "nap-waf", + "tags": [ + "NGINX App Protect" + ], + "summary": "Update NGINX App Protect global settings details.", + "description": "Update NGINX App Protect global settings details.", + "operationId": "updateNapGlobalSettings", + "parameters": [ + { + "$ref": "#/components/parameters/NapGlobalSettingsParamObjectID" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapGlobalSettingsPutRequest" + } + } + } + }, + "responses": { + "204": { + "description": "Successfully updated NGINX App Protect log profile." + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect global settings object with the specified nap_global_settings_object_id was not found. Check that the nap_global_settings_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/log-profiles": { + "get": { + "x-feature-flag": "nap-waf", + "tags": [ + "NGINX App Protect" + ], + "summary": "List NGINX App Protect log profiles.", + "description": "Returns NGINX App Protect log profiles.", + "operationId": "listNapLogProfiles", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameNapLogProfiles" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldNapLogProfile" + } + ], + "responses": { + "200": { + "description": "Successfully returned NGINX App Protect log profiles.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapLogProfileListResponse" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, + "post": { + "x-feature-flag": "nap-waf", + "tags": [ + "NGINX App Protect" + ], + "summary": "Create NGINX App Protect log profile.", + "description": "Creates NGINX App Protect log profile.", + "operationId": "createNapLogProfile", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapLogProfileCreateRequest" + } + } + } + }, + "responses": { + "201": { + "description": "Successfully created NGINX App Protect log profile." + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/log-profiles/{nap_log_profile_object_id}": { + "delete": { + "x-feature-flag": "nap-waf", + "tags": [ + "NGINX App Protect" + ], + "summary": "Delete NGINX App Protect log profile.", + "description": "Deletes NGINX App Protect log profile.", + "operationId": "deleteNapLogProfile", + "parameters": [ + { + "$ref": "#/components/parameters/NapLogProfileParamObjectID" + } + ], + "responses": { + "204": { + "description": "Successfully deleted NGINX App Protect log profile." + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect log profile with the specified nap_log_profile_object_id was not found. Check that the nap_log_profile_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, + "get": { + "x-feature-flag": "nap-waf", + "tags": [ + "NGINX App Protect" + ], + "summary": "Get NGINX App Protect log profile details.", + "description": "Returns NGINX App Protect log profile details.", + "operationId": "getNapLogProfile", + "parameters": [ + { + "$ref": "#/components/parameters/NapLogProfileParamObjectID" + } + ], + "responses": { + "200": { + "description": "Successfully returned NGINX App Protect log profile details.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapLogProfileResponse" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect log profile with the specified nap_log_profile_object_id was not found. Check that the nap_log_profile_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, + "put": { + "x-feature-flag": "nap-waf", + "tags": [ + "NGINX App Protect" + ], + "summary": "Update NGINX App Protect log profile details.", + "description": "Update NGINX App Protect log profile details.", + "operationId": "updateNapLogProfile", + "parameters": [ + { + "$ref": "#/components/parameters/NapLogProfileParamObjectID" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapLogProfilePutRequest" + } + } + } + }, + "responses": { + "204": { + "description": "Successfully updated NGINX App Protect log profile detai;s." + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect log profile with the specified nap_log_profile_object_id was not found. Check that the nap_log_profile_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/policies": { + "get": { + "x-feature-flag": "nap-waf", + "tags": [ + "NGINX App Protect" + ], + "summary": "List NGINX App Protect policies.", + "description": "Returns NGINX App Protect policies.", + "operationId": "listNapPolicies", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameNapPolicies" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldNapPolicy" + } + ], + "responses": { + "200": { + "description": "Successfully returned NGINX App Protect policies.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapPoliciesListResponse" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, + "post": { + "x-feature-flag": "nap-waf", + "tags": [ + "NGINX App Protect" + ], + "summary": "Create NGINX App Protect policy.", + "description": "Creates NGINX App Protect policy.", + "operationId": "createNapPolicy", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapPolicy" + } + } + } + }, + "responses": { + "201": { + "description": "Successfully created NGINX App Protect policy." + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/policies/{nap_policy_object_id}": { + "delete": { + "x-feature-flag": "nap-waf", + "tags": [ + "NGINX App Protect" + ], + "summary": "Delete NGINX App Protect policy.", + "description": "Deletes NGINX App Protect policy.", + "operationId": "deleteNapPolicy", + "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + } + ], + "responses": { + "204": { + "description": "Successfully deleted NGINX App Protect policy." + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, + "get": { + "x-feature-flag": "nap-waf", + "tags": [ + "NGINX App Protect" + ], + "summary": "Get NGINX App Protect policy details.", + "description": "Returns NGINX App Protect policy details.", + "operationId": "getNapPolicy", + "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + } + ], + "responses": { + "200": { + "description": "Successfully returned NGINX App Protect policy details.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapPolicyResponse" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, + "put": { + "x-feature-flag": "nap-waf", + "tags": [ + "NGINX App Protect" + ], + "summary": "Update NGINX App Protect policy details.", + "description": "Update NGINX App Protect policy details.", + "operationId": "updateNapPolicy", + "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapPolicy" + } + } + } + }, + "responses": { + "204": { + "description": "Successfully updated NGINX App Protect policy details." + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/policies/{nap_policy_object_id}/deployments": { + "get": { + "x-feature-flag": "nap-waf", + "tags": [ + "NGINX App Protect" + ], + "summary": "List NGINX App Protect deployments.", + "description": "Returns NGINX App Protect deployments.", + "operationId": "listNapPolicyDeployments", + "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + }, + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameNapDeployments" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldNapDeployment" + } + ], + "responses": { + "200": { + "description": "Successfully returned NGINX App Protect deployments.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapPolicyDeploymentsListResponse" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/policies/{nap_policy_object_id}/versions": { + "get": { + "x-feature-flag": "nap-waf", + "tags": [ + "NGINX App Protect" + ], + "summary": "List NGINX App Protect policy versions.", + "description": "Returns NGINX App Protect policy versions.", + "operationId": "listNapPolicyVersions", + "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + }, + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameNapPolicyVersions" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldNapPolicyVersion" + } + ], + "responses": { + "200": { + "description": "Successfully returned the NGINX App Protect policy versions.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapPolicyVersionsListResponse" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/policies/{nap_policy_object_id}/versions/{nap_policy_version_object_id}": { + "delete": { + "x-feature-flag": "nap-waf", + "tags": [ + "NGINX App Protect" + ], + "summary": "Delete NGINX App Protect policy version.", + "description": "Deletes the NGINX App Protect policy version.", + "operationId": "deleteNapPolicyVersion", + "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + }, + { + "$ref": "#/components/parameters/NapPolicyVersionParamObjectID" + } + ], + "responses": { + "204": { + "description": "Successfully deleted the NGINX App Protect policy version." + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect policy version with the specified nap_policy_version_object_id was not found. Check that the nap_policy_version_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, + "get": { + "x-feature-flag": "nap-waf", + "tags": [ + "NGINX App Protect" + ], + "summary": "Get NGINX App Protect policy version details.", + "description": "Returns the NGINX App Protect policy version details.", + "operationId": "getNapPolicyVersion", + "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + }, + { + "$ref": "#/components/parameters/NapPolicyVersionParamObjectID" + } + ], + "responses": { + "200": { + "description": "Successfully returned NGINX App Protect policy version details.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapPolicyVersionResponse" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect policy version with the specified nap_policy_version_object_id was not found. Check that the nap_policy_version_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/policies/validate": { + "put": { + "x-feature-flag": "nap-waf", + "tags": [ + "NGINX App Protect" + ], + "summary": "Validate NGINX App Protect policy.", + "description": "Returns whether NGINX App Protect policy is valid or not.", + "operationId": "validateNapPolicy", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapPolicy" + } + } + } + }, + "responses": { + "200": { + "description": "Successfully validated the NGINX App Protect policy." + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/threat-campaign/versions": { + "get": { + "x-feature-flag": "nap-waf", + "tags": [ + "NGINX App Protect" + ], + "summary": "List Threat Campaign versions.", + "description": "Returns Threat Campaign versions.", + "operationId": "listThreatCampaignVersions", + "responses": { + "200": { + "description": "Successfully returned Threat Campaign versions.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ThreatCampaignVersionsListResponse" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/versions": { + "get": { + "x-feature-flag": "nap-waf", + "tags": [ + "NGINX App Protect" + ], + "summary": "List supported NGINX App Protect versions.", + "description": "Returns supported NGINX App Protect versions.", + "operationId": "listNapVersions", + "responses": { + "200": { + "description": "Successfully returned NGINX App Protect versions.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapVersionsListResponse" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + } + }, + "components": { + "parameters": { + "Paginated": { + "name": "paginated", + "in": "query", + "schema": { + "type": "boolean", + "default": true + }, + "description": "A boolean indicating if the results should be presented as a paginated list. Defaults to `true`. \nWhen set to `false`, the results are returned as a condensed, non-paginated list.\n", + "required": false + }, + "Limit": { + "name": "limit", + "in": "query", + "schema": { + "type": "integer", + "minimum": 0 + }, + "description": "An integer that specifies the maximum number of items to be returned. \nSetting this to `0` will result in no items being returned, but a total count will still be provided. \nThis parameter is not applicable if `paginated` is `false`.\n", + "required": false + }, + "Offset": { + "name": "offset", + "in": "query", + "schema": { + "type": "integer", + "minimum": 1 + }, + "description": "An integer that specifies the starting position of the results, starting at `1`.\nThis parameter is not applicable if `paginated` is `false`.\n" + }, + "FilterFieldDataPlaneKeys": { + "name": "filter_fields", + "in": "query", + "description": "Filter options for data plane keys; used in conjunction with other filter parameters having the same array length.\n\nWhen filtering on `status`, only the following `filter_values` are supported:\n * revoked\n * expired\n * valid\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameDataPlaneKeys" + } + } + }, + "FilterOperands": { + "name": "filter_ops", + "in": "query", + "description": "An array of strings defining the operands for filtering, to be used in conjunction with `filter_fields` and `filter_values`. \nAll filter parameters must have matching array lengths. Currently, the only supported operand is `\"IN\"`.\n", + "schema": { + "$ref": "#/components/schemas/FilterOperands" + } + }, + "FilterValues": { + "name": "filter_values", + "in": "query", + "description": "An array of strings containing the keywords for filtering. \nMultiple keywords can be chained using the `|` character. \nEnsure this parameter's array length matches those of `filter_fields` and `filter_ops` for effective filtering.\nThe total length of the filter string should not exceed 1024 characters.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "example": "value1|value2|value3", + "minLength": 1, + "maxLength": 1024 + } + } + }, + "DataPlaneKeyParamObjectID": { + "name": "data_plane_key_id", + "in": "path", + "schema": { + "$ref": "#/components/schemas/DataPlaneKeyObjectID" + }, + "description": "A globally unique identifier for the data plane key.\n", + "required": true + }, + "FilterFieldCertificates": { + "name": "filter_fields", + "in": "query", + "description": "Filter options for certificates; used in conjunction with other filter parameters having the same array length.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameCertificates" + } + } + }, + "SortDirection": { + "name": "sort_dir", + "in": "query", + "description": "Sorting direction for the criteria and the resulting collection returned. Defaults to descending if not specified.\n", + "schema": { + "type": "string", + "enum": [ + "Ascending", + "Descending" + ], + "x-enum-varnames": [ + "ascending", + "descending" + ] + } + }, + "SortNameCertificates": { + "name": "sort_certificates", + "in": "query", + "description": "Sort certificates by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name", + "subject_name", + "not_before", + "not_after" + ], + "x-enum-varnames": [ + "sort_name_certificates_name", + "sort_name_certificates_subject_name", + "sort_name_certificates_not_before", + "sort_name_certificates_not_after" + ] + } + } + }, + "CertificateParamObjectID": { + "name": "certificateObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/CertificateObjectID" + }, + "description": "A globally unique identifier for the certificate.\n", + "required": true + }, + "FilterFieldCertificateDeployments": { + "name": "filter_fields", + "in": "query", + "description": "Filter options for certificate deployments; used in conjunction with other filter parameters having the same array length.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameCertificateDeployments" + } + } + }, + "SortNameCertificateDeployments": { + "name": "sort_certificate_deployments", + "in": "query", + "description": "Sort certificate deployments by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name" + ], + "x-enum-varnames": [ + "sort_name_certificate_deployments_name" + ] + } + } + }, + "FilterFieldConfigSyncGroups": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `name`, `config_status`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", "schema": { "type": "array", "items": { - "$ref": "#/components/schemas/FilterNameDataPlaneKeys" + "$ref": "#/components/schemas/FilterNameConfigSyncGroups" } } }, - "FilterOperands": { - "name": "filter_ops", + "SortNameConfigSyncGroups": { + "name": "sort_config_sync_groups", "in": "query", - "description": "An array of strings defining the operands for filtering, to be used in conjunction with `filter_fields` and `filter_values`. \nAll filter parameters must have matching array lengths. Currently, the only supported operand is `\"IN\"`.\n", + "description": "Sort config sync groups by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", "schema": { - "$ref": "#/components/schemas/FilterOperands" + "type": "array", + "items": { + "type": "string", + "enum": [ + "name" + ], + "x-enum-varnames": [ + "sort_name_config_sync_group_name" + ] + } } }, - "FilterValues": { - "name": "filter_values", + "ConfigSyncGroupParamObjectID": { + "name": "configSyncGroupObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/configSyncGroupObjectID" + }, + "description": "A globally unique identifier for the NGINX config sync group.\n", + "required": true + }, + "ConfigSyncGroupConfigurationParamObjectID": { + "name": "configSyncGroupConfigurationObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/NginxConfigObjectID" + }, + "description": "A globally unique identifier for the NGINX config sync group configuration.\n", + "required": true + }, + "PublicationParamObjectID": { + "name": "publicationObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/PublicationObjectID" + }, + "description": "A globally unique identifier for a Publication.\n", + "required": true + }, + "SortNameCVEs": { + "name": "sort_cves", "in": "query", - "description": "An array of strings containing the keywords for filtering. \nMultiple keywords can be chained using the `|` character. \nEnsure this parameter's array length matches those of `filter_fields` and `filter_ops` for effective filtering.\nThe total length of the filter string should not exceed 1024 characters.\n", + "description": "Sort CVEs by the number of instances affected by that CVE.\n", "schema": { "type": "array", "items": { "type": "string", - "example": "value1|value2|value3", - "minLength": 1, - "maxLength": 1024 + "enum": [ + "instance_count", + "severity", + "cve_id", + "published_at" + ], + "x-enum-varnames": [ + "sort_instance_count", + "sort_cve_severity", + "sort_cve_id", + "sort_published_at" + ] } } }, - "DataPlaneKeyParamObjectID": { - "name": "data_plane_key_id", + "NginxCVEParamID": { + "name": "nginxCVEID", "in": "path", "schema": { - "$ref": "#/components/schemas/DataPlaneKeyObjectID" + "type": "string", + "pattern": "^\\d{4}-\\d{4,19}$" }, - "description": "A globally unique identifier for the data plane key.\n", + "description": "A globally unique identifier for NGINX CVE.\n", "required": true }, - "FilterFieldCertificates": { + "SortNameCVEImpactedInstances": { + "name": "sort_cve_impacted_instances", + "in": "query", + "description": "Sort the Instances that are affected by a CVE\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "hostname", + "status" + ], + "x-enum-varnames": [ + "sort_name_cve_impacted_instances_hostname", + "sort_name_cve_impacted_instances_status" + ] + } + } + }, + "FilterFieldEvents": { "name": "filter_fields", "in": "query", - "description": "Filter options for certificates; used in conjunction with other filter parameters having the same array length.\n", + "description": "An array of strings indicating which fields to filter by (for example, `hostname`, `object_id`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", "schema": { "type": "array", "items": { - "$ref": "#/components/schemas/FilterNameCertificates" + "$ref": "#/components/schemas/FilterNameEvents" } } }, - "SortDirection": { - "name": "sort_dir", + "EventParamObjectID": { + "name": "eventObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/EventObjectID" + }, + "description": "A globally unique identifier for an event.\n", + "required": true + }, + "FilterFieldInstances": { + "name": "filter_fields", "in": "query", - "description": "Sorting direction for the criteria and the resulting collection returned. Defaults to descending if not specified.\n", + "description": "An array of strings indicating which fields to filter by (for example, `hostname`, `nginx_version`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", "schema": { - "type": "string", - "enum": [ - "Ascending", - "Descending" - ], - "x-enum-varnames": [ - "ascending", - "descending" - ] + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameInstances" + } } }, - "SortNameCertificates": { - "name": "sort_certificates", + "SortNameInstances": { + "name": "sort_instances", "in": "query", - "description": "Sort certificates by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "description": "Sort instances by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", "schema": { "type": "array", "items": { "type": "string", "enum": [ - "name", - "subject_name", - "not_before", - "not_after" + "hostname", + "status", + "last_reported" ], "x-enum-varnames": [ - "sort_name_certificates_name", - "sort_name_certificates_subject_name", - "sort_name_certificates_not_before", - "sort_name_certificates_not_after" + "sort_name_instance_hostname", + "sort_name_instance_status", + "sort_name_instance_last_reported" ] } } }, - "CertificateParamObjectID": { - "name": "certificateObjectID", + "InstanceParamObjectID": { + "name": "instanceObjectID", "in": "path", "schema": { - "$ref": "#/components/schemas/CertificateObjectID" + "$ref": "#/components/schemas/InstanceObjectID" }, - "description": "A globally unique identifier for the certificate.\n", + "description": "A globally unique identifier for the NGINX instance.\n", "required": true }, - "FilterFieldCertificateDeployments": { + "InstanceConfigurationParamObjectID": { + "name": "instanceConfigurationObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/NginxConfigObjectID" + }, + "description": "A globally unique identifier for the NGINX instance configuration.\n", + "required": true + }, + "SortNameNapGlobalSettings": { + "name": "sort_nap_global_settings", + "in": "query", + "description": "Sort NGINX App Protect global settings by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name" + ], + "x-enum-varnames": [ + "sort_name_nap_global_settings_name" + ] + } + } + }, + "FilterFieldNapGlobalSettings": { "name": "filter_fields", "in": "query", - "description": "Filter options for certificate deployments; used in conjunction with other filter parameters having the same array length.\n", + "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", "schema": { "type": "array", "items": { - "$ref": "#/components/schemas/FilterNameCertificateDeployments" + "$ref": "#/components/schemas/FilterNameNapGlobalSettings" } } }, - "SortNameCertificateDeployments": { - "name": "sort_certificate_deployments", + "NapGlobalSettingsParamObjectID": { + "name": "nap_global_settings_object_id", + "in": "path", + "schema": { + "$ref": "#/components/schemas/NapGlobalSettingsObjectID" + }, + "description": "A globally unique identifier for the App Protect global settings object.\n", + "required": true + }, + "SortNameNapLogProfiles": { + "name": "sort_nap_log_profiles", "in": "query", - "description": "Sort certificate deployments by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "description": "Sort NGINX App Protect log profiles by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", "schema": { "type": "array", "items": { @@ -3508,715 +5165,1292 @@ "name" ], "x-enum-varnames": [ - "sort_name_certificate_deployments_name" + "sort_name_nap_log_profiles_name" ] } } }, - "FilterFieldConfigSyncGroups": { + "FilterFieldNapLogProfile": { "name": "filter_fields", "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `name`, `config_status`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", "schema": { "type": "array", "items": { - "$ref": "#/components/schemas/FilterNameConfigSyncGroups" + "$ref": "#/components/schemas/FilterNameNapLogProfile" } } }, - "SortNameConfigSyncGroups": { - "name": "sort_config_sync_groups", + "NapLogProfileParamObjectID": { + "name": "nap_log_profile_object_id", + "in": "path", + "schema": { + "$ref": "#/components/schemas/NapLogProfileObjectID" + }, + "description": "A globally unique identifier for the App Protect log profile.\n", + "required": true + }, + "SortNameNapPolicies": { + "name": "sort_nap_policies", + "in": "query", + "description": "Sort NGINX App Protect policies by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name", + "deployment_count", + "enforcement_mode", + "last_deployed" + ], + "x-enum-varnames": [ + "sort_name_nap_policies_name", + "sort_name_nap_policies_deployment_count", + "sort_name_nap_policies_enforcement_mode", + "sort_name_nap_policies_last_deployed" + ] + } + } + }, + "FilterFieldNapPolicy": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameNapPolicy" + } + } + }, + "NapPolicyParamObjectID": { + "name": "nap_policy_object_id", + "in": "path", + "schema": { + "$ref": "#/components/schemas/NapPolicyObjectID" + }, + "description": "A globally unique identifier for the App Protect policy.\n", + "required": true + }, + "SortNameNapDeployments": { + "name": "sort_nap_deployments", + "in": "query", + "description": "Sort NGINX App Protect deployments by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name", + "type", + "policy_version", + "status", + "deployed_on", + "threat_campaign_version", + "attack_signature_version", + "bot_sigature_version" + ], + "x-enum-varnames": [ + "sort_name_nap_deployments_name", + "sort_name_nap_deployments_type", + "sort_name_nap_deployments_policy_version", + "sort_name_nap_deployments_status", + "sort_name_nap_deployments_deployed_on", + "sort_name_nap_deployments_threat_campaign_version", + "sort_name_nap_deployments_attack_signature_version", + "sort_name_nap_deployments_bot_sigature_version" + ] + } + } + }, + "FilterFieldNapDeployment": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameNapDeployment" + } + } + }, + "SortNameNapPolicyVersions": { + "name": "sort_nap_policy_versions", "in": "query", - "description": "Sort config sync groups by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "description": "Sort NGINX App Protect policy versions by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", "schema": { "type": "array", "items": { "type": "string", "enum": [ - "name" + "created_on", + "created_by", + "deployment_status", + "deployment_count", + "enforcement_mode" ], "x-enum-varnames": [ - "sort_name_config_sync_group_name" + "sort_name_nap_policy_versions_created_on", + "sort_name_nap_policy_versions_created_by", + "sort_name_nap_policy_versions_deployment_status", + "sort_name_nap_policy_versions_deployment_count", + "sort_name_nap_policy_versions_enforcement_mode" ] } } }, - "ConfigSyncGroupParamObjectID": { - "name": "configSyncGroupObjectID", - "in": "path", + "FilterFieldNapPolicyVersion": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", "schema": { - "$ref": "#/components/schemas/configSyncGroupObjectID" - }, - "description": "A globally unique identifier for the NGINX config sync group.\n", - "required": true + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameNapPolicyVersion" + } + } }, - "ConfigSyncGroupConfigurationParamObjectID": { - "name": "configSyncGroupConfigurationObjectID", + "NapPolicyVersionParamObjectID": { + "name": "nap_policy_version_object_id", "in": "path", "schema": { - "$ref": "#/components/schemas/NginxConfigObjectID" + "$ref": "#/components/schemas/NapPolicyVersionObjectID" }, - "description": "A globally unique identifier for the NGINX config sync group configuration.\n", + "description": "A globally unique identifier for the App Protect policy version.\n", "required": true + } + }, + "schemas": { + "FilterNameDataPlaneKeys": { + "type": "string", + "description": "Keywords for data plane key filters.\nWhen filtering on `status`, only the following `filter_values` are supported:\n * revoked\n * valid\n", + "enum": [ + "name", + "status", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_data_plane_key_name", + "filter_name_data_plane_key_status", + "filter_name_data_plane_key_object_id" + ] }, - "PublicationParamObjectID": { - "name": "publicationObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/PublicationObjectID" + "FilterOperand": { + "type": "string", + "enum": [ + "IN" + ], + "x-enum-varnames": [ + "filter_operands_in" + ] + }, + "FilterOperands": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterOperand" + } + }, + "PaginationResponse": { + "type": "object", + "description": "Outlines pagination details for list responses, including total results, start index, and items per page.", + "required": [ + "total", + "count" + ], + "properties": { + "total": { + "type": "integer", + "description": "The absolute total number of the resource in the NGINX One Console.\n" + }, + "count": { + "type": "integer", + "description": "The total number of results generated by the list or query operation. \nThis number might be greater than the number of displayed resources, such as when pagination is in effect.\n" + }, + "start_index": { + "type": "integer", + "description": "The first result's starting position in the list. This is disregarded when `paginated=false`.\n" + }, + "items_per_page": { + "type": "integer", + "description": "The number of items to display per page. This is disregarded when `paginated=false`.\n" + } }, - "description": "A globally unique identifier for a Publication.\n", - "required": true + "example": { + "total": 101, + "count": 1, + "start_index": 1, + "items_per_page": 100 + } }, - "SortNameCVEs": { - "name": "sort_cves", - "in": "query", - "description": "Sort CVEs by the number of instances affected by that CVE.\n", - "schema": { - "type": "array", - "items": { + "DataPlaneKeyObjectID": { + "description": "A globally unique identifier for the data plane key.", + "type": "string", + "format": "object_id", + "pattern": "^key_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "DataPlaneKey": { + "type": "object", + "description": "Represents a data plane key with details such as object_id, name, and timestamps.", + "required": [ + "object_id", + "name", + "revoked", + "expires_at", + "created_at", + "modified_at" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/DataPlaneKeyObjectID" + }, + "name": { + "description": "The name given to the data plane key.", + "type": "string" + }, + "revoked": { + "description": "Indicates whether the data plane key has been revoked or not.", + "type": "boolean" + }, + "revoked_at": { "type": "string", - "enum": [ - "instance_count", - "severity", - "cve_id", - "published_at" + "format": "date-time", + "description": "The date and time when the data plane key was revoked." + }, + "expires_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the data plane key expires." + }, + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the data plane key was created." + }, + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the data plane key was last modified." + }, + "instances_count": { + "type": "integer", + "description": "The number of registered instances using this data plane key. If field not populated, user should see the key has `unknown` key count" + } + } + }, + "DataPlaneKeyListResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" + }, + { + "type": "object", + "description": "List of data plane keys.", + "required": [ + "items" ], - "x-enum-varnames": [ - "sort_instance_count", - "sort_cve_severity", - "sort_cve_id", - "sort_published_at" - ] + "properties": { + "items": { + "description": "An array of DataPlaneKey objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/DataPlaneKey" + } + } + } + } + ] + }, + "Error": { + "description": "This object contains details about the errors that are returned when API requests fail.", + "type": "object", + "required": [ + "message", + "request_id", + "timestamp" + ], + "properties": { + "message": { + "description": "The error message describing the problem.", + "type": "string" + }, + "request_id": { + "description": "The unique identifier of the API request that failed.", + "type": "string" + }, + "timestamp": { + "description": "The date and time (in UTC) when the error happened.", + "type": "string" + }, + "detail": { + "description": "Additional information about the error, if available.", + "type": "string" } } }, - "NginxCVEParamID": { - "name": "nginxCVEID", - "in": "path", - "schema": { - "type": "string", - "pattern": "^\\d{4}-\\d{4,19}$" - }, - "description": "A globally unique identifier for NGINX CVE.\n", - "required": true + "DataPlaneKeyCreateRequest": { + "type": "object", + "description": "Request structure for creating a new data plane key.", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "Give the data plane key a name so you can tell it apart from others.", + "type": "string", + "minLength": 1, + "maxLength": 128 + }, + "expires_at": { + "type": "string", + "format": "date-time", + "description": "Set an expiration date and time for the data plane key in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. \nIf an expiration date isn't specified, the key will expire one year after it's created. \n\nYou can use the _Update a data plane key_ endpoint to extend the expiration date.\nIt's not possible to update the expiration date once the data plane key has expired.\n" + } + } }, - "SortNameCVEImpactedInstances": { - "name": "sort_cve_impacted_instances", - "in": "query", - "description": "Sort the Instances that are affected by a CVE\n", - "schema": { - "type": "array", - "items": { + "DataPlaneKeyResponse": { + "type": "object", + "description": "Response structure containing details of the created or retrieved data plane key.", + "required": [ + "key", + "object_id", + "expires_at" + ], + "properties": { + "name": { + "description": "The name to be give to the new data plane key.", + "type": "string" + }, + "object_id": { + "$ref": "#/components/schemas/DataPlaneKeyObjectID" + }, + "key": { + "description": "The data plane key value. Save this key somewhere secure as it isn't saved and is shown only once.", + "type": "string" + }, + "expires_at": { "type": "string", - "enum": [ - "hostname", - "status" - ], - "x-enum-varnames": [ - "sort_name_cve_impacted_instances_hostname", - "sort_name_cve_impacted_instances_status" - ] + "format": "date-time", + "description": "The date and time when the data plane key will expire." } } }, - "FilterFieldEvents": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `hostname`, `object_id`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameEvents" + "BulkRequestAction": { + "type": "string", + "default": "modify", + "description": "Bulk action to perform:\n * `create` creates a new object given all required elements.\n * `modify` updates one or more elements of an existing object.\n * `delete` removes the existing object.\n", + "enum": [ + "create", + "modify", + "delete" + ], + "x-enum-varnames": [ + "bulk_action_create", + "bulk_action_modify", + "bulk_action_delete" + ] + }, + "DataPlaneKeyBulkRequestData": { + "type": "object", + "description": "Part of bulk operation on a data plane key, only `delete` is supported.", + "required": [ + "action", + "object_id" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/DataPlaneKeyObjectID" + }, + "action": { + "$ref": "#/components/schemas/BulkRequestAction" } + }, + "example": { + "object_id": "key_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" } }, - "EventParamObjectID": { - "name": "eventObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/EventObjectID" + "DataPlaneKeyBulkRequest": { + "type": "array", + "items": { + "$ref": "#/components/schemas/DataPlaneKeyBulkRequestData" }, - "description": "A globally unique identifier for an event.\n", - "required": true - }, - "FilterFieldInstances": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `hostname`, `nginx_version`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameInstances" + "minItems": 1, + "maxItems": 50, + "example": [ + { + "object_id": "key_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" + }, + { + "object_id": "key_PL0c1XodRemmzVEjiXSsTg", + "action": "delete" } + ] + }, + "ObjectID": { + "description": "A globally unique identifier.", + "type": "string", + "format": "object_id", + "pattern": "^\\w+_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "SortNameInstances": { - "name": "sort_instances", - "in": "query", - "description": "Sort instances by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { + "BulkRequestObjectStatus": { + "type": "object", + "required": [ + "outcome" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/ObjectID" + }, + "name": { "type": "string", + "description": "this is the user facing name of the object." + }, + "outcome": { + "type": "string", + "description": "This is the outcome that corresponds to the action.\n* deleted - the object deletion was processed, and the object was deleted.\n* accepted - the request was accepted, and will be processed.\n* failed - the request failed, see failure_reason for more details.\n* invalid - the request was invalid, see failure_reason for more details.\n", "enum": [ - "hostname", - "status", - "last_reported" + "deleted", + "accepted", + "failed", + "invalid" ], "x-enum-varnames": [ - "sort_name_instance_hostname", - "sort_name_instance_status", - "sort_name_instance_last_reported" + "build_request_object_status_deleted", + "build_request_object_status_accepted", + "build_request_object_status_failed", + "build_request_object_status_invalid" ] + }, + "failure_reason": { + "type": "string", + "description": "this is the failure reason populated when outcome is 'failed' or 'invalid'." } } }, - "InstanceParamObjectID": { - "name": "instanceObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/InstanceObjectID" - }, - "description": "A globally unique identifier for the NGINX instance.\n", - "required": true + "DataPlaneKeyBulkResponse": { + "description": "The data plane key bulk outcome.", + "type": "array", + "items": { + "$ref": "#/components/schemas/BulkRequestObjectStatus" + } }, - "InstanceConfigurationParamObjectID": { - "name": "instanceConfigurationObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/NginxConfigObjectID" - }, - "description": "A globally unique identifier for the NGINX instance configuration.\n", - "required": true - } - }, - "schemas": { - "FilterNameDataPlaneKeys": { + "DataPlaneKeyUpdateRequest": { + "type": "object", + "description": "Request structure for updating an existing data plane key.", + "properties": { + "name": { + "description": "Give the data plane key a new name so you can tell it apart from others.", + "type": "string", + "minLength": 1, + "maxLength": 128 + }, + "expires_at": { + "type": "string", + "format": "date-time", + "description": "Adjust the expiration date and time for the data plane key in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. \n\nIt's not possible to update the expiration date once the data plane key has expired.\n" + } + } + }, + "FilterNameCertificates": { "type": "string", - "description": "Keywords for data plane key filters.\nWhen filtering on `status`, only the following `filter_values` are supported:\n * revoked\n * valid\n", + "description": "Keywords for certificates filters.\nWhen filtering on `management`, only the following `filter_values` are supported:\n * managed\n * unmanaged\nWhen filtering on `type`, only the following `filter_values` are supported:\n * cert_key\n * ca_bundle\n * unknown\nWhen filtering on `status`, only the following `filter_values` are supported:\n * valid\n * expiring\n * expired\n * not_ready\n", "enum": [ "name", + "management", + "type", + "subject_name", "status", "object_id" ], "x-enum-varnames": [ - "filter_name_data_plane_key_name", - "filter_name_data_plane_key_status", - "filter_name_data_plane_key_object_id" + "filter_name_certificates_name", + "filter_name_certificates_management", + "filter_name_certificates_type", + "filter_name_certificates_subject_name", + "filter_name_certificates_status", + "filter_name_certificates_object_id" ] }, - "FilterOperand": { + "CertificateObjectID": { + "description": "A globally unique identifier for the certificates.", + "type": "string", + "format": "object_id", + "pattern": "^cert_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "CertificateManagement": { "type": "string", + "description": "Management type:\n * `managed` - Certificate managed by NGINX One Console.\n * `unmanaged` - Certificate that only exists on a data plane instance, detected from its NGINX configuration.\n", "enum": [ - "IN" + "managed", + "unmanaged" ], "x-enum-varnames": [ - "filter_operands_in" + "certificate_management_managed", + "certificate_management_unmanaged" ] }, - "FilterOperands": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterOperand" - } + "CertificateType": { + "type": "string", + "description": "Certificate type:\n * `ca_bundle` - This certificate object is a CA bundle.\n * `cert_key` - This certificate object is consisted of public certificates and key.\n * `unmanaged` - This certificate is not managed by NGINX One console and its type is unmanaged.\n", + "enum": [ + "ca_bundle", + "cert_key", + "unmanaged" + ], + "x-enum-varnames": [ + "certificate_type_ca_bundle", + "certificate_type_pem_cert_key", + "certificate_type_unmanaged" + ] }, - "PaginationResponse": { - "type": "object", - "description": "Outlines pagination details for list responses, including total results, start index, and items per page.", + "CertificateObjectMetadata": { "required": [ - "total", - "count" + "management", + "type" ], "properties": { - "total": { - "type": "integer", - "description": "The absolute total number of the resource in the NGINX One Console.\n" + "name": { + "description": "Name of the certificate, optionally specified upon creation", + "type": "string" + }, + "object_id": { + "$ref": "#/components/schemas/CertificateObjectID" }, - "count": { - "type": "integer", - "description": "The total number of results generated by the list or query operation. \nThis number might be greater than the number of displayed resources, such as when pagination is in effect.\n" + "management": { + "$ref": "#/components/schemas/CertificateManagement" }, - "start_index": { - "type": "integer", - "description": "The first result's starting position in the list. This is disregarded when `paginated=false`.\n" + "type": { + "$ref": "#/components/schemas/CertificateType" }, - "items_per_page": { + "certs_count": { + "description": "The number of public certificates under this certificate object.", "type": "integer", - "description": "The number of items to display per page. This is disregarded when `paginated=false`.\n" + "format": "int64" } }, "example": { - "total": 101, - "count": 1, - "start_index": 1, - "items_per_page": 100 + "name": "example-ca-bundle", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", + "management": "managed", + "type": "ca_bundle", + "certs_count": 5 } }, - "DataPlaneKeyObjectID": { - "description": "A globally unique identifier for the data plane key.", + "CertificateStatus": { "type": "string", - "format": "object_id", - "pattern": "^key_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } + "description": "Status of the certificate:\n * `valid` - The certificate is currently valid and operational.\n * `expiring` - The certificate will expire within the next 30 days. Consider renewing it to maintain uninterrupted service.\n * `expired` - The certificate is no longer valid. Immediate renewal is recommended to ensure secure connections.\n * `not_ready` - The certificate is not ready to be used, based on the start date of its validity period.\n", + "enum": [ + "valid", + "expiring", + "expired", + "not_ready" + ], + "x-enum-varnames": [ + "certificate_status_valid", + "certificate_status_expiring", + "certificate_status_expired", + "certificate_status_not_ready" + ] }, - "DataPlaneKey": { + "CertificateDisplayMetadata": { + "description": "This represents the essential metadata of a public certificate.", "type": "object", - "description": "Represents a data plane key with details such as object_id, name, and timestamps.", "required": [ - "object_id", - "name", - "revoked", - "expires_at", - "created_at", - "modified_at" + "subject_name", + "status", + "not_before", + "not_after" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/DataPlaneKeyObjectID" - }, - "name": { - "description": "The name given to the data plane key.", - "type": "string" - }, - "revoked": { - "description": "Indicates whether the data plane key has been revoked or not.", - "type": "boolean" - }, - "revoked_at": { + "subject_name": { "type": "string", - "format": "date-time", - "description": "The date and time when the data plane key was revoked." + "example": "www.example.com", + "description": "DNS name that identifies the certificate. If DNS is not present in the SAN extension, this will be the common name.\n" }, - "expires_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the data plane key expires." + "status": { + "$ref": "#/components/schemas/CertificateStatus" }, - "created_at": { + "not_before": { "type": "string", "format": "date-time", - "description": "The date and time when the data plane key was created." + "example": "2023-06-12T09:12:33.001Z", + "description": "The start of the validity period for the certificate." }, - "modified_at": { + "not_after": { "type": "string", "format": "date-time", - "description": "The date and time when the data plane key was last modified." + "example": "2029-12-25T09:12:33.001Z", + "description": "The end of the validity period for the certificate." + } + }, + "example": { + "subject_name": "self_ca_signed", + "status": "valid", + "not_before": "2023-08-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z" + } + }, + "CertificateOverviewMetadata": { + "description": "Represents an overview of all the public certificates under a single cert object.\nIf multiple public certificates on the same CA chain, including the leaf certificate and key are provided, \nthis includes `status`, `subject_name`, `not_before` and `not_after` for the leaf certificate.\nIf a CA bundle is provided, the above mentioned certificate metadata is for the Certificate Authority that\nexpires the soonest in the bundle.\n", + "type": "object", + "allOf": [ + { + "$ref": "#/components/schemas/CertificateObjectMetadata" }, - "instances_count": { - "type": "integer", - "description": "The number of registered instances using this data plane key. If field not populated, user should see the key has `unknown` key count" + { + "$ref": "#/components/schemas/CertificateDisplayMetadata" } + ], + "example": { + "name": "example-ca-bundle", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", + "management": "managed", + "type": "ca_bundle", + "subject_name": "self_ca_signed", + "status": "valid", + "not_before": "2023-08-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z", + "certs_count": 5 } }, - "DataPlaneKeyListResponse": { + "CertificateListResponse": { "allOf": [ { "$ref": "#/components/schemas/PaginationResponse" }, { "type": "object", - "description": "List of data plane keys.", + "description": "List of SSL certificates.", "required": [ "items" ], "properties": { "items": { - "description": "An array of DataPlaneKey objects.", + "description": "An array of basic metadata for all the SSL certificates in NGINX One Console. \nFor a CA bundle, an overview with metadata on the first Certificate Authority in the bundle will be displayed.\nOtherwise, an overview with metadata on the leaf certificate will be displayed.\n", "type": "array", "items": { - "$ref": "#/components/schemas/DataPlaneKey" + "$ref": "#/components/schemas/CertificateOverviewMetadata" } } } } - ] + ], + "example": { + "total": 10, + "count": 2, + "start_index": 1, + "items_per_page": 100, + "items": [ + { + "name": "example-cert_key", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", + "management": "managed", + "type": "cert_key", + "status": "valid", + "subject_name": "www.example.com", + "not_before": "2023-08-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z", + "certs_count": 1 + }, + { + "name": "example-ca-bundle", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", + "management": "managed", + "type": "ca_bundle", + "subject_name": "self_ca_signed", + "status": "valid", + "not_before": "2023-08-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z", + "certs_count": 5 + } + ] + } }, - "Error": { - "description": "This object contains details about the errors that are returned when API requests fail.", + "CertificateContent": { "type": "object", + "description": "Defines the PEM-formatted certificate content which includes the certificates and corresponding private key, all encoded in base64.\n", "required": [ - "message", - "request_id", - "timestamp" + "public_certs" ], "properties": { - "message": { - "description": "The error message describing the problem.", - "type": "string" + "public_certs": { + "type": "string", + "format": "base64", + "maxLength": 3145728, + "description": "Base64-encoded PEM-formatted certificate information. \nThe `public_certs` field can include a leaf certificate along with its full chain of trust or a CA bundle. \nFor leaf certificates, the accompanying `private_key` is required to authenticate the certificate's validity. \nCA bundles contain trusted CA certificates and may consist of certificates from different CA chains. A private\nkey should not be included in a CA bundle.\n" + }, + "private_key": { + "type": "string", + "format": "base64", + "maxLength": 3145728, + "description": "Base64-encoded private key string for the leaf certificate, required only for certificate-key pairs to \nverify the certificate's authenticity.\n" + } + }, + "example": { + "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==" + } + }, + "CertificateRequest": { + "type": "object", + "description": "Request structure for parsing or upserting certificates with an optional private key.\n", + "required": [ + "content" + ], + "properties": { + "name": { + "description": "A name for the certificate, making it identifiable among others.", + "type": "string", + "minLength": 1, + "maxLength": 128 + }, + "content": { + "$ref": "#/components/schemas/CertificateContent" + } + }, + "example": { + "name": "example-ca-bundle", + "content": { + "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==", + "private_key": "" + } + } + }, + "CertificateMetadata": { + "description": "A comprehensive list of all the metadata for a public certificate.", + "type": "object", + "required": [ + "status", + "serial_number", + "signature_algorithm", + "not_before", + "not_after", + "public_key_type", + "thumbprint" + ], + "properties": { + "status": { + "$ref": "#/components/schemas/CertificateStatus" + }, + "version": { + "type": "integer", + "format": "int64", + "example": 3, + "description": "The version of the certificate, typically 3 for X.509 certificates." + }, + "serial_number": { + "type": "string", + "example": "16469416336579571270", + "description": "A unique identifier for the certificate." + }, + "signature_algorithm": { + "type": "string", + "example": "SHA-256", + "description": "Identifies the algorithm used to sign the certificate." + }, + "issuer": { + "type": "string", + "example": "CN=Example CA, O=Certificate Authority Inc., OU=CA Department, L=City, ST=State, C=Country", + "description": "Identifies the entity who signed and issued the certificate." + }, + "not_before": { + "type": "string", + "format": "date-time", + "example": "2023-06-12T09:12:33.001Z", + "description": "The start of the validity period for the certificate." }, - "request_id": { - "description": "The unique identifier of the API request that failed.", - "type": "string" + "not_after": { + "type": "string", + "format": "date-time", + "example": "2029-12-25T09:12:33.001Z", + "description": "The end of the validity period for the certificate." }, - "timestamp": { - "description": "The date and time (in UTC) when the error happened.", - "type": "string" + "subject": { + "type": "string", + "example": "CN=www.example.com, O=Example Inc., OU=IT Department, L=City, ST=State, C=Country", + "description": "Identifies the primary entity to which the certificate is issued. Typically, it contains information\nsuch as the Common Name (CN), Organization (O), Organizational Unit (OU), Country (C), etc.\n" }, - "detail": { - "description": "Additional information about the error, if available.", - "type": "string" - } - } - }, - "DataPlaneKeyCreateRequest": { - "type": "object", - "description": "Request structure for creating a new data plane key.", - "required": [ - "name" - ], - "properties": { - "name": { - "description": "Give the data plane key a name so you can tell it apart from others.", + "subject_alternative_name": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "DNS:www.example.com", + "DNS:example.com", + "email:info@example.com" + ], + "description": "Defines additional identifies bound to the subject of the certificate. \nFor example, the DNS name is used to add additional domain names to a certificate.\n" + }, + "public_key_type": { "type": "string", - "minLength": 1, - "maxLength": 128 + "example": "RSA (2048 Bits)", + "description": "Identifies the encryption algorithm used to create the public key for the certificate." }, - "expires_at": { + "common_name": { "type": "string", - "format": "date-time", - "description": "Set an expiration date and time for the data plane key in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. \nIf an expiration date isn't specified, the key will expire one year after it's created. \n\nYou can use the _Update a data plane key_ endpoint to extend the expiration date.\nIt's not possible to update the expiration date once the data plane key has expired.\n" - } - } - }, - "DataPlaneKeyResponse": { - "type": "object", - "description": "Response structure containing details of the created or retrieved data plane key.", - "required": [ - "key", - "object_id", - "expires_at" - ], - "properties": { - "name": { - "description": "The name to be give to the new data plane key.", - "type": "string" + "example": "www.example.com", + "description": "The Common Name (CN) for the certificate, used when DNS name is not present in the SAN extension.\n" }, - "object_id": { - "$ref": "#/components/schemas/DataPlaneKeyObjectID" + "authority_key_identifier": { + "type": "string", + "example": "2B D0 69 47 94 76 09 FE F4 6B 8D 2E 40 A6 F7 47 4D 7F 08 5E", + "description": "The identifier of the signing authority for the certificate." }, - "key": { - "description": "The data plane key value. Save this key somewhere secure as it isn't saved and is shown only once.", - "type": "string" + "subject_key_identifier": { + "type": "string", + "example": "31 EA 76 A9 23 74 A5 DF D4 FD EE A0 C1 A6 9E C6 11 0E 11 EC", + "description": "A hash value of the SSL certificate that can be used to identify certificates that \ncontain a particular public key.\n" }, - "expires_at": { + "thumbprint_algorithm": { "type": "string", - "format": "date-time", - "description": "The date and time when the data plane key will expire." + "example": "SHA-1", + "description": "Defines the algorithm used to hash the certificate." + }, + "thumbprint": { + "type": "string", + "example": "E6 A7 87 96 E0 C7 A3 E5 43 78 35 CA 16 78 5B 48 5A A9 DD C4 5C CD 0A 65 AA 89 33 E3 C3 D0 89 71", + "description": "A hash to ensure that the certificate has not been modified." } + }, + "example": { + "status": "valid", + "version": 3, + "serial_number": "71283929", + "signature_algorithm": "SHA256-RSA", + "issuer": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=eg3bsriq_cert_bundle_CA", + "not_before": "2023-02-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z", + "subject": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=self_ca_signed", + "subject_alternative_name": [], + "public_key_type": "RSA (2048 bit)", + "common_name": "self_ca_signed", + "authority_key_identifier": "3A:79:E0:3E:61:CD:94:29:1D:BB:45:37:0B:E9:78:E9:2F:40:67:CA", + "subject_key_identifier": "93:35:2B:75:09:B9:FF:01:1B:63:F1:0E:50:71:9C:4E:B4:E2:02:BA", + "thumbprint_algorithm": "SHA-256", + "thumbprint": "C1:EB:E8:CE:35:77:63:75:D3:C0:E7:97:5F:02:8C:D3:D8:C4:12:34:40:45:D3:98:67:39:BE:8A:33:CE:1F:B2" } }, - "BulkRequestAction": { - "type": "string", - "default": "modify", - "description": "Bulk action to perform:\n * `create` creates a new object given all required elements.\n * `modify` updates one or more elements of an existing object.\n * `delete` removes the existing object.\n", - "enum": [ - "create", - "modify", - "delete" - ], - "x-enum-varnames": [ - "bulk_action_create", - "bulk_action_modify", - "bulk_action_delete" - ] - }, - "DataPlaneKeyBulkRequestData": { + "PrivateKeyMetadata": { "type": "object", - "description": "Part of bulk operation on a data plane key, only `delete` is supported.", - "required": [ - "action", - "object_id" - ], + "description": "Metadata for a private key.", "properties": { - "object_id": { - "$ref": "#/components/schemas/DataPlaneKeyObjectID" + "key_size": { + "description": "Size of the private key in bits.", + "type": "integer", + "format": "int64" }, - "action": { - "$ref": "#/components/schemas/BulkRequestAction" + "encryption_algorithm": { + "description": "The encryption algorithm used for the private key.", + "type": "string" } }, "example": { - "object_id": "key_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" + "key_size": 512, + "encryption_algorithm": "RSA" } }, - "DataPlaneKeyBulkRequest": { - "type": "array", - "items": { - "$ref": "#/components/schemas/DataPlaneKeyBulkRequestData" - }, - "minItems": 1, - "maxItems": 50, - "example": [ + "CertificateResponse": { + "type": "object", + "description": "Response structure containing details of the created, updated or retrieved SSL certificate. In general, \nthe response should contain:\n * an overview of all the public certificates\n * `warnings` whether any issue is found after parsing the certificates and key\n * `certs`\n * `key_metadata` if key provided in the request body\n * timestamps that represent when this cert object was created or modified\n", + "allOf": [ { - "object_id": "key_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" + "$ref": "#/components/schemas/CertificateOverviewMetadata" }, { - "object_id": "key_PL0c1XodRemmzVEjiXSsTg", - "action": "delete" + "type": "object", + "properties": { + "warnings": { + "type": "string", + "description": "Warnings indicate whether there are any issues with the stored cert object. Empty when no issues were found.\n" + }, + "certs": { + "description": "An array of metadata for all the public certificates under the cert object.", + "type": "array", + "items": { + "$ref": "#/components/schemas/CertificateMetadata" + } + }, + "key": { + "$ref": "#/components/schemas/PrivateKeyMetadata" + }, + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the SSL certificate was created." + }, + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the SSL certificate was last modified." + } + } } - ] - }, - "ObjectID": { - "description": "A globally unique identifier.", - "type": "string", - "format": "object_id", - "pattern": "^\\w+_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } - }, - "BulkRequestObjectStatus": { - "type": "object", - "required": [ - "outcome" ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/ObjectID" - }, - "name": { - "type": "string", - "description": "this is the user facing name of the object." + "example": { + "name": "example-cert_key", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", + "management": "managed", + "type": "cert_key", + "status": "valid", + "subject_name": "www.example.com", + "not_before": "2023-08-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z", + "warnings": "The provided private key does not match the certificate's signing key.", + "certs_count": 1, + "certs": [ + { + "status": "valid", + "version": 3, + "serial_number": "71283929", + "signature_algorithm": "SHA256-RSA", + "issuer": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=eg3bsriq_cert_A", + "not_before": "2023-02-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z", + "subject": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=eg3bsriq_cert_B", + "subject_alternative_name": [], + "public_key_type": "RSA (2048 bit)", + "common_name": "eg3bsriq_cert_B", + "authority_key_identifier": "3A:79:E0:3E:61:CD:94:29:1D:BB:45:37:0B:E9:78:E9:2F:40:67:CA", + "subject_key_identifier": "93:35:2B:75:09:B9:FF:01:1B:63:F1:0E:50:71:9C:4E:B4:E2:02:BA", + "thumbprint_algorithm": "SHA-256", + "thumbprint": "C1:EB:E8:CE:35:77:63:75:D3:C0:E7:97:5F:02:8C:D3:D8:C4:12:34:40:45:D3:98:67:39:BE:8A:33:CE:1F:B2" + } + ], + "key": { + "key_size": 512, + "encryption_algorithm": "RSA" }, - "outcome": { + "modified_at": "2023-11-01T00:00:00Z", + "created_at": "2023-10-01T00:00:00Z" + } + }, + "CertificateUpdateContent": { + "type": "object", + "description": "Defines the PEM-formatted certificate content which includes the certificates and corresponding private key, all encoded in base64.\n", + "properties": { + "public_certs": { "type": "string", - "description": "This is the outcome that corresponds to the action.\n* deleted - the object deletion was processed, and the object was deleted.\n* accepted - the request was accepted, and will be processed.\n* failed - the request failed, see failure_reason for more details.\n* invalid - the request was invalid, see failure_reason for more details.\n", - "enum": [ - "deleted", - "accepted", - "failed", - "invalid" - ], - "x-enum-varnames": [ - "build_request_object_status_deleted", - "build_request_object_status_accepted", - "build_request_object_status_failed", - "build_request_object_status_invalid" - ] + "format": "base64", + "maxLength": 3145728, + "description": "Base64-encoded PEM-formatted certificate information. \nThis is used for updating an existing certificate object. The schema is the same as `CertificateContent`,\nthe only difference is that both `public_certs` and `private_key` fields are optional. There are three use\ncases for this schema:\n* the below update can be done on either a Cert Key Pair or a CA Bundle:\n * when only `public_certs` is populated, update the public certificates on a certificate object. \n The updated public certificates will be validated against the existing private key.\n* the below update can be done only on a Cert Key Pair:\n * when only `private_key` is populated, update only the private key on a certificate object. \n The updated private key will be validated against the existing public certificates.\n * when both `public_certs` and `private_key` fields are populated, update both of them on a certificate \n object.\n" }, - "failure_reason": { + "private_key": { "type": "string", - "description": "this is the failure reason populated when outcome is 'failed' or 'invalid'." + "format": "base64", + "maxLength": 3145728, + "description": "Base64-encoded private key string for the leaf certificate, required only for certificate-key pairs to \nverify the certificate's authenticity.\n" } + }, + "example": { + "private_key": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFM295ZHVlT0FOSkhodkwzeXZKZFRwaG9ldjVHTzdnbytCeVlPTy9sNTR1NU8yUHhNZVgrQWpBYjZBeG1xCmxpdkl1aHc9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0t" } }, - "DataPlaneKeyBulkResponse": { - "description": "The data plane key bulk outcome.", - "type": "array", - "items": { - "$ref": "#/components/schemas/BulkRequestObjectStatus" - } - }, - "DataPlaneKeyUpdateRequest": { + "CertificateUpdateRequest": { "type": "object", - "description": "Request structure for updating an existing data plane key.", + "description": "Request structure for updating a certificate object. If key provided, it will be validated against the \nexisting leaf certificate stored under the certificate object.\n* Update for an unmanaged certificate object:\n * This converts the unmanaged certificate object to managed.\n * `public_certs` should always be provided during the conversion.\n * When key is provided, this certificate object is converted to a managed Cert Key Pair. Otherwise, it is\n converted to a managed CA Bundle.\n", "properties": { "name": { - "description": "Give the data plane key a new name so you can tell it apart from others.", + "description": "A name for the certificate, making it identifiable among others.", "type": "string", "minLength": 1, "maxLength": 128 }, - "expires_at": { - "type": "string", - "format": "date-time", - "description": "Adjust the expiration date and time for the data plane key in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. \n\nIt's not possible to update the expiration date once the data plane key has expired.\n" + "content": { + "$ref": "#/components/schemas/CertificateUpdateContent" + } + }, + "example": { + "name": "example-cert-object", + "content": { + "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==" } } }, - "FilterNameCertificates": { + "FilterNameCertificateDeployments": { "type": "string", - "description": "Keywords for certificates filters.\nWhen filtering on `management`, only the following `filter_values` are supported:\n * managed\n * unmanaged\nWhen filtering on `type`, only the following `filter_values` are supported:\n * cert_key\n * ca_bundle\n * unknown\nWhen filtering on `status`, only the following `filter_values` are supported:\n * valid\n * expiring\n * expired\n * not_ready\n", + "description": "Keywords for certificate deployment filters.\nWhen filtering on `association_type`, only the following `filter_values` are supported:\n * instance\n * config_sync_group\nWhen filtering on `deployment_status`, only the following `filter_values` are supported:\n * latest\n * stale\n", "enum": [ "name", - "management", - "type", - "subject_name", - "status", - "object_id" + "association_type", + "deployment_status" ], "x-enum-varnames": [ - "filter_name_certificates_name", - "filter_name_certificates_management", - "filter_name_certificates_type", - "filter_name_certificates_subject_name", - "filter_name_certificates_status", - "filter_name_certificates_object_id" + "filter_name_certificate_deployments_name", + "filter_name_certificate_deployments_association_type", + "filter_name_certificate_deployments_deployment_status" ] }, - "CertificateObjectID": { - "description": "A globally unique identifier for the certificates.", - "type": "string", - "format": "object_id", - "pattern": "^cert_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } - }, - "CertificateManagement": { + "CertificateAssociationType": { "type": "string", - "description": "Management type:\n * `managed` - Certificate managed by NGINX One Console.\n * `unmanaged` - Certificate that only exists on a data plane instance, detected from its NGINX configuration.\n", + "description": "Certificate association type:\n * `instance` - This certificate deployment is for an instance.\n * `config_sync_group` - This certificate deployment is for a config sync group.\n", "enum": [ - "managed", - "unmanaged" + "instance", + "config_sync_group" ], "x-enum-varnames": [ - "certificate_management_managed", - "certificate_management_unmanaged" + "certificate_association_type_instance", + "certificate_association_type_config_sync_group" ] }, - "CertificateType": { + "CertificateDeploymentStatus": { "type": "string", - "description": "Certificate type:\n * `ca_bundle` - This certificate object is a CA bundle.\n * `cert_key` - This certificate object is consisted of public certificates and key.\n * `unmanaged` - This certificate is not managed by NGINX One console and its type is unmanaged.\n", + "description": "Certificate deployment status:\n * `latest` - This certificate deployment is up to date with the latest certificates and key.\n * `stale` - This certificate deployment is outdated and needs to deploy the latest certificates and key.\n * `unmanaged` - This certificate deployment is unmanaged by NGINX One Console.\n", "enum": [ - "ca_bundle", - "cert_key", + "latest", + "stale", "unmanaged" ], "x-enum-varnames": [ - "certificate_type_ca_bundle", - "certificate_type_pem_cert_key", - "certificate_type_unmanaged" + "certificate_deployment_status_latest", + "certificate_deployment_status_stale", + "certificate_deployment_status_unmanaged" ] }, - "CertificateObjectMetadata": { + "CertificateDeployment": { + "type": "object", + "description": "Response structure containing certificate deployment details for an SSL certificate, which include\n * `association_type` represents type of the object affected by this certificate deployment, which is either\n an instance or config sync group\n * `object_id` represents the object ID for the associated instance or config sync group\n * `name` for either the host name of an instance or the name of a config sync group\n * `deployment_status`:\n * `latest`: deployment is up to date with the latest updated certificate and key contents\n * `stale`: deployment for either certificates or key is outdated, requires a redeployment with the latest contents\n * `cert_paths` represents the file paths used for deploying public certificates of this certificate object\n * `key_paths` represents the file paths used for deploying the private key of this certificate object, if a\n private key is present\n", "required": [ - "management", - "type" + "association_type", + "object_id", + "name", + "deployment_status" ], "properties": { - "name": { - "description": "Name of the certificate, optionally specified upon creation", - "type": "string" + "association_type": { + "$ref": "#/components/schemas/CertificateAssociationType" }, "object_id": { - "$ref": "#/components/schemas/CertificateObjectID" + "$ref": "#/components/schemas/ObjectID" }, - "management": { - "$ref": "#/components/schemas/CertificateManagement" + "name": { + "type": "string", + "description": "The host name of an instance or the name of a config sync group." }, - "type": { - "$ref": "#/components/schemas/CertificateType" + "deployment_status": { + "$ref": "#/components/schemas/CertificateDeploymentStatus" }, - "certs_count": { - "description": "The number of public certificates under this certificate object.", - "type": "integer", - "format": "int64" + "cert_paths": { + "description": "Deployment file paths for public certificates.", + "type": "array", + "items": { + "type": "string" + } + }, + "key_paths": { + "description": "Deployment file paths for the private key.", + "type": "array", + "items": { + "type": "string" + } } }, "example": { - "name": "example-ca-bundle", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", - "management": "managed", - "type": "ca_bundle", - "certs_count": 5 + "association_type": "instance", + "name": "instance-host-name", + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "deployment_status": "latest", + "cert_paths": [ + "/etc/nginx/example.crt", + "/etc/nginx/certs/cert.crt" + ], + "key_paths": [ + "/etc/nginx/example.key" + ] } }, - "CertificateStatus": { + "CertificateDeploymentListResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" + }, + { + "type": "object", + "description": "List of certificate deployments for a SSL certificate.", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of certificate deployments for an SSL certificate. If this certificate object represents a \nCA bundle, there will be only public certificate file paths in the certificate deployment details.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/CertificateDeployment" + } + } + } + } + ], + "example": { + "total": 10, + "count": 2, + "start_index": 1, + "items_per_page": 100, + "items": [ + { + "association_type": "instance", + "name": "instance-host-name", + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "deployment_status": "latest", + "cert_paths": [ + "/etc/nginx/example.crt", + "/etc/nginx/certs/cert.crt" + ], + "key_paths": [ + "/etc/nginx/example.key" + ] + }, + { + "association_type": "config_sync_group", + "name": "group1", + "object_id": "csg_vfr5Oqv-AhxGzyqTXW-Ubw", + "deployment_status": "stale", + "cert_paths": [ + "/etc/nginx/cert.crt" + ], + "key_paths": [ + "/etc/nginx/server.key" + ] + } + ] + } + }, + "FilterNameConfigSyncGroups": { "type": "string", - "description": "Status of the certificate:\n * `valid` - The certificate is currently valid and operational.\n * `expiring` - The certificate will expire within the next 30 days. Consider renewing it to maintain uninterrupted service.\n * `expired` - The certificate is no longer valid. Immediate renewal is recommended to ensure secure connections.\n * `not_ready` - The certificate is not ready to be used, based on the start date of its validity period.\n", + "description": "Keywords for config sync groups filters.\nWhen filtering on `config_status`, only the following `filter_values` are supported:\n * in_sync\n * out_of_sync\n * sync_in_progress\n * unknown\n", + "enum": [ + "name", + "config_status", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_config_sync_group_name", + "filter_name_config_sync_group_config_status", + "filter_name_config_sync_group_object_id" + ] + }, + "configSyncGroupObjectID": { + "description": "A globally unique identifier for the NGINX config sync group.", + "type": "string", + "format": "object_id", + "pattern": "^csg_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "ConfigSyncStatus": { + "type": "string", + "description": "The current config sync status of the NGINX config sync group, with the following possible values:\n* `unknown` - The status cannot be determined at this moment.\n* `in_sync` - All Nginx instances in config sync group have same config as indicated by config_version.\n* `out_of_sync` - Some Nginx instances in config sync group have config different than indicated by config_version.\n* `sync_in_progress` - The operation of applying config_version to all Nginx instances in config sync group is in progress.\n", "enum": [ - "valid", - "expiring", - "expired", - "not_ready" + "unknown", + "in_sync", + "out_of_sync", + "sync_in_progress" ], "x-enum-varnames": [ - "certificate_status_valid", - "certificate_status_expiring", - "certificate_status_expired", - "certificate_status_not_ready" + "nginx_config_sync_group_config_status_unknown", + "nginx_config_sync_group_config_status_in_sync", + "nginx_config_sync_group_config_status_out_of_sync", + "nginx_config_sync_group_config_status_in_progress" ] }, - "CertificateDisplayMetadata": { - "description": "This represents the essential metadata of a public certificate.", + "CertificateInstanceSummary": { + "description": "A breakdown and tally of certificates, detailing the total count, number of expired certificates, certificates nearing expiration, and those that are valid.", "type": "object", "required": [ - "subject_name", - "status", - "not_before", - "not_after" + "total", + "expired", + "expiring", + "valid", + "not_ready" ], "properties": { - "subject_name": { - "type": "string", - "example": "www.example.com", - "description": "DNS name that identifies the certificate. If DNS is not present in the SAN extension, this will be the common name.\n" + "total": { + "description": "Total count of certificates across the NGINX data plane.", + "type": "integer" }, - "status": { - "$ref": "#/components/schemas/CertificateStatus" + "expired": { + "description": "The number of certificates that have expired and are no longer valid.", + "type": "integer" }, - "not_before": { - "type": "string", - "format": "date-time", - "example": "2023-06-12T09:12:33.001Z", - "description": "The start of the validity period for the certificate." + "expiring": { + "description": "The number of certificates due to expire in the next 30 days.", + "type": "integer" }, - "not_after": { - "type": "string", - "format": "date-time", - "example": "2029-12-25T09:12:33.001Z", - "description": "The end of the validity period for the certificate." + "valid": { + "description": "The number of certificates that are valid and in good standing.", + "type": "integer" + }, + "not_ready": { + "description": "The number of certificates that are not ready to be used.", + "type": "integer" } - }, - "example": { - "subject_name": "self_ca_signed", - "status": "valid", - "not_before": "2023-08-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z" } }, - "CertificateOverviewMetadata": { - "description": "Represents an overview of all the public certificates under a single cert object.\nIf multiple public certificates on the same CA chain, including the leaf certificate and key are provided, \nthis includes `status`, `subject_name`, `not_before` and `not_after` for the leaf certificate.\nIf a CA bundle is provided, the above mentioned certificate metadata is for the Certificate Authority that\nexpires the soonest in the bundle.\n", + "ListConfigSyncGroupObject": { "type": "object", - "allOf": [ - { - "$ref": "#/components/schemas/CertificateObjectMetadata" + "description": "Summary information of the NGINX config sync group.", + "required": [ + "object_id", + "name", + "instances_count", + "config_status" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/configSyncGroupObjectID" }, - { - "$ref": "#/components/schemas/CertificateDisplayMetadata" + "name": { + "description": "Name of the Nginx config sync group.", + "type": "string" + }, + "instances_count": { + "description": "Number of instances in the Nginx config sync group.", + "type": "integer" + }, + "config_status": { + "$ref": "#/components/schemas/ConfigSyncStatus" + }, + "cert_summary": { + "$ref": "#/components/schemas/CertificateInstanceSummary" } - ], - "example": { - "name": "example-ca-bundle", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", - "management": "managed", - "type": "ca_bundle", - "subject_name": "self_ca_signed", - "status": "valid", - "not_before": "2023-08-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z", - "certs_count": 5 } }, - "CertificateListResponse": { + "ConfigSyncGroupListResponse": { "allOf": [ { "$ref": "#/components/schemas/PaginationResponse" }, { "type": "object", - "description": "List of SSL certificates.", + "description": "List of Nginx config sync groups.", "required": [ "items" ], "properties": { "items": { - "description": "An array of basic metadata for all the SSL certificates in NGINX One Console. \nFor a CA bundle, an overview with metadata on the first Certificate Authority in the bundle will be displayed.\nOtherwise, an overview with metadata on the leaf certificate will be displayed.\n", + "description": "An array of Config Sync Group objects.", "type": "array", "items": { - "$ref": "#/components/schemas/CertificateOverviewMetadata" + "$ref": "#/components/schemas/ListConfigSyncGroupObject" } } } @@ -4224,3266 +6458,3417 @@ ], "example": { "total": 10, - "count": 2, + "count": 1, "start_index": 1, "items_per_page": 100, "items": [ { - "name": "example-cert_key", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", - "management": "managed", - "type": "cert_key", - "status": "valid", - "subject_name": "www.example.com", - "not_before": "2023-08-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z", - "certs_count": 1 - }, - { - "name": "example-ca-bundle", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", - "management": "managed", - "type": "ca_bundle", - "subject_name": "self_ca_signed", - "status": "valid", - "not_before": "2023-08-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z", - "certs_count": 5 + "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", + "name": "test-config-sync-group", + "config_status": "in_sync", + "instances_count": 1 } ] } }, - "CertificateContent": { + "ConfigSyncGroupCreateRequest": { + "description": "Body to create a Nginx config sync group.", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "A name to uniquely identify the Nginx config sync group in a given tenant namespace.", + "minLength": 1, + "maxLength": 256 + } + }, + "example": { + "name": "my-nginx-config-sync-group" + } + }, + "ConfigSyncGroupCreateResponse": { + "description": "Response to a create Nginx config sync group request.", + "required": [ + "object_id", + "name" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/configSyncGroupObjectID" + }, + "name": { + "description": "Name of the Nginx config sync group.", + "type": "string" + } + }, + "example": { + "name": "my-nginx-config-sync-group", + "object_id": "csg_Tet21AeYTHCj7taOwVfzyw" + } + }, + "ConfigSyncGroupBulkRequestData": { + "type": "object", + "description": "Part of bulk operation on a config sync group, only `delete` is supported.", + "required": [ + "action", + "object_id" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/configSyncGroupObjectID" + }, + "action": { + "$ref": "#/components/schemas/BulkRequestAction" + } + }, + "example": { + "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" + } + }, + "ConfigSyncGroupBulkRequest": { + "type": "array", + "items": { + "$ref": "#/components/schemas/ConfigSyncGroupBulkRequestData" + }, + "minItems": 1, + "maxItems": 50, + "example": [ + { + "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" + }, + { + "object_id": "csg_PL0c1XodRemmzVEjiXSsTg", + "action": "delete" + } + ] + }, + "ConfigSyncGroupBulkResponse": { + "description": "The config sync group bulk outcome.", + "type": "array", + "items": { + "$ref": "#/components/schemas/BulkRequestObjectStatus" + } + }, + "ConfigSyncGroupMeta": { + "type": "object", + "description": "Meta information of the NGINX config sync group including:\n* NGINX config sync group object ID\n* unique name of the config sync group in the tenant namespace\n* last publication timestamp\n", + "required": [ + "object_id", + "name" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/configSyncGroupObjectID" + }, + "name": { + "description": "Name of the Nginx config sync group.", + "type": "string" + }, + "last_publication": { + "description": "The date and time of the most recent config sync group publication.", + "type": "string", + "format": "date-time" + } + }, + "example": { + "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", + "name": "test-config-sync-group", + "last_publication": "2023-12-06T22:37:24.120114Z" + } + }, + "InstanceObjectID": { + "description": "A globally unique identifier for the NGINX instance.", + "type": "string", + "format": "object_id", + "pattern": "^inst_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "NginxBuild": { + "description": "The build details for the NGINX binary, including its configuration parameters.\n", "type": "object", - "description": "Defines the PEM-formatted certificate content which includes the certificates and corresponding private key, all encoded in base64.\n", "required": [ - "public_certs" + "version" ], "properties": { - "public_certs": { - "type": "string", - "format": "base64", - "maxLength": 3145728, - "description": "Base64-encoded PEM-formatted certificate information. \nThe `public_certs` field can include a leaf certificate along with its full chain of trust or a CA bundle. \nFor leaf certificates, the accompanying `private_key` is required to authenticate the certificate's validity. \nCA bundles contain trusted CA certificates and may consist of certificates from different CA chains. A private\nkey should not be included in a CA bundle.\n" + "version": { + "description": "The version number of the base open-source NGINX.", + "type": "string" }, - "private_key": { - "type": "string", - "format": "base64", - "maxLength": 3145728, - "description": "Base64-encoded private key string for the leaf certificate, required only for certificate-key pairs to \nverify the certificate's authenticity.\n" + "plus_release": { + "description": "The NGINX Plus release version, if applicable.", + "type": "string" + }, + "conf_path": { + "description": "The absolute path to the NGINX configuration, as set by the `--conf-path` option during build time.", + "type": "string" } - }, - "example": { - "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==" } }, - "CertificateRequest": { + "CveSeverityType": { + "type": "string", + "description": "Severity ratings:\n * `high` - High severity.\n * `medium` - Moderate severity.\n * `low` - Least severe.\n * `none` - Not severe.\n * `other` - Severity that does not fit the other categories.\n", + "enum": [ + "high", + "medium", + "low", + "none", + "other" + ], + "x-enum-varnames": [ + "cve_severity_type_high", + "cve_severity_type_medium", + "cve_severity_type_low", + "cve_severity_type_none", + "cve_severity_type_other" + ] + }, + "CveDetails": { + "description": "CVEs details, including the type and count.\n", "type": "object", - "description": "Request structure for parsing or upserting certificates with an optional private key.\n", "required": [ - "content" + "type", + "count" ], "properties": { - "name": { - "description": "A name for the certificate, making it identifiable among others.", - "type": "string", - "minLength": 1, - "maxLength": 128 + "type": { + "$ref": "#/components/schemas/CveSeverityType" }, - "content": { - "$ref": "#/components/schemas/CertificateContent" + "count": { + "description": "The total number of each CVE type.", + "type": "integer" } - }, - "example": { - "name": "example-ca-bundle", - "content": { - "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==", - "private_key": "" + } + }, + "RecommendationType": { + "type": "string", + "description": "Types of configuration recommendations:\n * `best_practice` - Suggestions based on established best practices.\n * `security` - Recommendations related to security.\n * `optimization` - Advice for optimizing performance.\n * `other` - Recommendations that do not fit the above categories.\n", + "enum": [ + "best_practice", + "security", + "optimization", + "other" + ], + "x-enum-varnames": [ + "recommendation_type_best_practice", + "recommendation_type_security", + "recommendation_type_optimization", + "recommendation_type_other" + ] + }, + "IssueDetails": { + "description": "Issue details, including the type and count.\n", + "type": "object", + "required": [ + "type", + "count" + ], + "properties": { + "type": { + "$ref": "#/components/schemas/RecommendationType" + }, + "count": { + "description": "The total number of issues identified for the specific recommendation type.", + "type": "integer" } } }, - "CertificateMetadata": { - "description": "A comprehensive list of all the metadata for a public certificate.", + "Instance": { "type": "object", + "description": "Summary information about a NGINX instance.", "required": [ - "status", - "serial_number", - "signature_algorithm", - "not_before", - "not_after", - "public_key_type", - "thumbprint" + "object_id", + "hostname", + "system_id", + "agent_version", + "registered_at", + "last_reported", + "status" ], "properties": { - "status": { - "$ref": "#/components/schemas/CertificateStatus" + "object_id": { + "$ref": "#/components/schemas/InstanceObjectID" }, - "version": { - "type": "integer", - "format": "int64", - "example": 3, - "description": "The version of the certificate, typically 3 for X.509 certificates." + "hostname": { + "description": "The name of the host system where the NGINX instance is running.", + "type": "string" }, - "serial_number": { + "system_id": { + "description": "The unique identifier assigned to the host system by the NGINX Agent.", + "type": "string" + }, + "nginx_id": { + "description": "The unique identifier for the NGINX process on the host system, assigned by the NGINX Agent.", + "type": "string" + }, + "agent_version": { + "description": "The version of the NGINX Agent.", + "type": "string" + }, + "key_object_id": { + "$ref": "#/components/schemas/DataPlaneKeyObjectID" + }, + "nginx_build": { + "$ref": "#/components/schemas/NginxBuild" + }, + "os_version": { + "description": "The operating system's name and its and version or codename.\n", "type": "string", - "example": "16469416336579571270", - "description": "A unique identifier for the certificate." + "example": "ubuntu_jammy" }, - "signature_algorithm": { + "registered_at": { + "description": "The date and time when the NGINX instance first registered with NGINX One.", "type": "string", - "example": "SHA-256", - "description": "Identifies the algorithm used to sign the certificate." + "format": "date-time" }, - "issuer": { + "last_reported": { + "description": "The date and time of the most recent report received from the NGINX Agent.", "type": "string", - "example": "CN=Example CA, O=Certificate Authority Inc., OU=CA Department, L=City, ST=State, C=Country", - "description": "Identifies the entity who signed and issued the certificate." + "format": "date-time" }, - "not_before": { + "status": { + "type": "string", + "description": "The current operational status of the NGINX instance, with the following possible values:\n* `unknown` - The status of the NGINX instance cannot be determined at this moment.\n* `unavailable` - The NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n* `offline` - The NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n* `online` - The NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n", + "enum": [ + "unknown", + "unavailable", + "offline", + "online" + ] + }, + "cert_summary": { + "$ref": "#/components/schemas/CertificateInstanceSummary" + }, + "cve_severity": { + "type": "array", + "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", + "items": { + "$ref": "#/components/schemas/CveDetails" + } + }, + "recommendations": { + "type": "array", + "description": "An array summarizing the suggestions from the configuration analysis report.", + "items": { + "$ref": "#/components/schemas/IssueDetails" + } + } + } + }, + "ConfigSyncGroupInstance": { + "allOf": [ + { + "$ref": "#/components/schemas/Instance" + }, + { + "type": "object", + "required": [ + "config_status", + "config_version" + ], + "properties": { + "config_status": { + "$ref": "#/components/schemas/ConfigSyncStatus" + }, + "config_version": { + "description": "A computed hash of current config on the config sync group.", + "type": "string" + } + } + } + ] + }, + "ConfigSyncGroupPublicationStatus": { + "type": "string", + "description": "The status on the last publication issued on this config sync group:\n* `pending` - The publication request has been accepted and is currently processing.\n* `failed` - The publication attempt failed.\n* `succeeded` - The publication was successful.\n* `partially_succeeded` - The publication attempt had one or more failures.\n", + "enum": [ + "pending", + "failed", + "succeeded", + "partially_succeeded" + ], + "x-enum-varnames": [ + "publication_config_sync_group_status_pending", + "publication_config_sync_group_status_failed", + "publication_config_sync_group_status_succeeded", + "publication_config_sync_group_status_partially_succeeded" + ] + }, + "CertAssociation": { + "type": "object", + "description": "Details for a certificate that's associated with an instance or a config sync group.", + "required": [ + "name", + "object_id", + "cert_type", + "subject_name", + "not_before", + "not_after", + "cert_status", + "deployment_status" + ], + "properties": { + "name": { "type": "string", - "format": "date-time", - "example": "2023-06-12T09:12:33.001Z", - "description": "The start of the validity period for the certificate." + "description": "A friendly name for the certificate." }, - "not_after": { - "type": "string", - "format": "date-time", - "example": "2029-12-25T09:12:33.001Z", - "description": "The end of the validity period for the certificate." + "object_id": { + "$ref": "#/components/schemas/CertificateObjectID" }, - "subject": { - "type": "string", - "example": "CN=www.example.com, O=Example Inc., OU=IT Department, L=City, ST=State, C=Country", - "description": "Identifies the primary entity to which the certificate is issued. Typically, it contains information\nsuch as the Common Name (CN), Organization (O), Organizational Unit (OU), Country (C), etc.\n" + "cert_type": { + "$ref": "#/components/schemas/CertificateType" }, - "subject_alternative_name": { + "cert_paths": { "type": "array", + "description": "The list of file system paths where the certificate file is installed. \nSince a single certificate file may be applied in multiple contexts, all relevant paths are included.\n", + "example": [ + "/etc/ssl/cert.pem", + "/etc/ssl/cert.crt" + ], "items": { "type": "string" - }, + } + }, + "key_paths": { + "type": "array", + "description": "The list of file system paths where the private key file is installed.\nSince a single key file may be applied in multiple contexts, all relevant paths are included.\n", "example": [ - "DNS:www.example.com", - "DNS:example.com", - "email:info@example.com" + "/etc/nginx/key.pem", + "/etc/ssl/server.key" ], - "description": "Defines additional identifies bound to the subject of the certificate. \nFor example, the DNS name is used to add additional domain names to a certificate.\n" - }, - "public_key_type": { - "type": "string", - "example": "RSA (2048 Bits)", - "description": "Identifies the encryption algorithm used to create the public key for the certificate." + "items": { + "type": "string" + } }, - "common_name": { - "type": "string", - "example": "www.example.com", - "description": "The Common Name (CN) for the certificate, used when DNS name is not present in the SAN extension.\n" + "deployment_status": { + "$ref": "#/components/schemas/CertificateDeploymentStatus" }, - "authority_key_identifier": { + "subject_name": { "type": "string", - "example": "2B D0 69 47 94 76 09 FE F4 6B 8D 2E 40 A6 F7 47 4D 7F 08 5E", - "description": "The identifier of the signing authority for the certificate." + "description": "Hostname or domain for the certificate. Usually the subject-alt-name (SAN) value for the certificate.\nif SAN is not present, this will be the certificate subject's common name.\n", + "example": "nginx.com" }, - "subject_key_identifier": { - "type": "string", - "example": "31 EA 76 A9 23 74 A5 DF D4 FD EE A0 C1 A6 9E C6 11 0E 11 EC", - "description": "A hash value of the SSL certificate that can be used to identify certificates that \ncontain a particular public key.\n" + "cert_status": { + "$ref": "#/components/schemas/CertificateStatus" }, - "thumbprint_algorithm": { + "not_before": { "type": "string", - "example": "SHA-1", - "description": "Defines the algorithm used to hash the certificate." + "format": "date-time", + "description": "the effective date of the certificate." }, - "thumbprint": { + "not_after": { "type": "string", - "example": "E6 A7 87 96 E0 C7 A3 E5 43 78 35 CA 16 78 5B 48 5A A9 DD C4 5C CD 0A 65 AA 89 33 E3 C3 D0 89 71", - "description": "A hash to ensure that the certificate has not been modified." - } - }, - "example": { - "status": "valid", - "version": 3, - "serial_number": "71283929", - "signature_algorithm": "SHA256-RSA", - "issuer": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=eg3bsriq_cert_bundle_CA", - "not_before": "2023-02-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z", - "subject": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=self_ca_signed", - "subject_alternative_name": [], - "public_key_type": "RSA (2048 bit)", - "common_name": "self_ca_signed", - "authority_key_identifier": "3A:79:E0:3E:61:CD:94:29:1D:BB:45:37:0B:E9:78:E9:2F:40:67:CA", - "subject_key_identifier": "93:35:2B:75:09:B9:FF:01:1B:63:F1:0E:50:71:9C:4E:B4:E2:02:BA", - "thumbprint_algorithm": "SHA-256", - "thumbprint": "C1:EB:E8:CE:35:77:63:75:D3:C0:E7:97:5F:02:8C:D3:D8:C4:12:34:40:45:D3:98:67:39:BE:8A:33:CE:1F:B2" - } - }, - "PrivateKeyMetadata": { - "type": "object", - "description": "Metadata for a private key.", - "properties": { - "key_size": { - "description": "Size of the private key in bits.", - "type": "integer", - "format": "int64" - }, - "encryption_algorithm": { - "description": "The encryption algorithm used for the private key.", - "type": "string" + "format": "date-time", + "description": "The expiration date for the certificate." } - }, - "example": { - "key_size": 512, - "encryption_algorithm": "RSA" } }, - "CertificateResponse": { - "type": "object", - "description": "Response structure containing details of the created, updated or retrieved SSL certificate. In general, \nthe response should contain:\n * an overview of all the public certificates\n * `warnings` whether any issue is found after parsing the certificates and key\n * `certs`\n * `key_metadata` if key provided in the request body\n * timestamps that represent when this cert object was created or modified\n", + "ConfigSyncGroup": { "allOf": [ { - "$ref": "#/components/schemas/CertificateOverviewMetadata" + "$ref": "#/components/schemas/ConfigSyncGroupMeta" }, { "type": "object", + "description": "Additional information of the NGINX config sync group including:\n* config sync status\n* config checksum\n* instances\n* last known publication status\n* certs associated with this config sync group\n", "properties": { - "warnings": { - "type": "string", - "description": "Warnings indicate whether there are any issues with the stored cert object. Empty when no issues were found.\n" + "config_status": { + "$ref": "#/components/schemas/ConfigSyncStatus" }, - "certs": { - "description": "An array of metadata for all the public certificates under the cert object.", + "config_version": { + "description": "A computed hash of current config on the config sync group.", + "type": "string" + }, + "instances": { + "description": "An array of Instance objects.", "type": "array", "items": { - "$ref": "#/components/schemas/CertificateMetadata" + "$ref": "#/components/schemas/ConfigSyncGroupInstance" } }, - "key": { - "$ref": "#/components/schemas/PrivateKeyMetadata" - }, - "created_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the SSL certificate was created." + "last_publication_status": { + "$ref": "#/components/schemas/ConfigSyncGroupPublicationStatus" }, - "modified_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the SSL certificate was last modified." + "certs": { + "description": "An array detailing each certificate's information, including its friendly name, unique identifier, applicable file system paths, subject name, and validity dates. \nIt provides insights into the operational status of each certificate, such as whether it's currently valid, nearing expiration, is not ready to be used, or has already expired.\nThe deployment status indicates whether the latest certs and key managed by NGINX One Console are deployed onto the data plane instances that are part of this config sync group.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/CertAssociation" + } } } } ], "example": { - "name": "example-cert_key", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", - "management": "managed", - "type": "cert_key", - "status": "valid", - "subject_name": "www.example.com", - "not_before": "2023-08-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z", - "warnings": "The provided private key does not match the certificate's signing key.", - "certs_count": 1, - "certs": [ + "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", + "name": "test-config-sync-group", + "last_reported": "2023-12-06T22:37:24.120114Z", + "config_status": "in_sync", + "config_version": "uvR3F2TQGm18jnl7bpaGw", + "instances": [ { - "status": "valid", - "version": 3, - "serial_number": "71283929", - "signature_algorithm": "SHA256-RSA", - "issuer": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=eg3bsriq_cert_A", - "not_before": "2023-02-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z", - "subject": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=eg3bsriq_cert_B", - "subject_alternative_name": [], - "public_key_type": "RSA (2048 bit)", - "common_name": "eg3bsriq_cert_B", - "authority_key_identifier": "3A:79:E0:3E:61:CD:94:29:1D:BB:45:37:0B:E9:78:E9:2F:40:67:CA", - "subject_key_identifier": "93:35:2B:75:09:B9:FF:01:1B:63:F1:0E:50:71:9C:4E:B4:E2:02:BA", - "thumbprint_algorithm": "SHA-256", - "thumbprint": "C1:EB:E8:CE:35:77:63:75:D3:C0:E7:97:5F:02:8C:D3:D8:C4:12:34:40:45:D3:98:67:39:BE:8A:33:CE:1F:B2" + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "hostname": "816e3c194d59", + "system_id": "6066aad2-211e-3718-be5d-fcc01ffc5cc8", + "agent_version": "v2.33.0", + "registered_at": "2024-05-16T18:26:40.556048Z", + "last_reported": "2023-12-06T22:37:24.120114Z", + "status": "unavailable", + "nginx_build": { + "conf_path": "/etc/nginx/nginx.conf", + "version": "1.25.3" + }, + "os_version": "Ubuntu 22.04", + "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", + "config_status": "in_sync", + "config_version": "abc123def456" } ], - "key": { - "key_size": 512, - "encryption_algorithm": "RSA" - }, - "modified_at": "2023-11-01T00:00:00Z", - "created_at": "2023-10-01T00:00:00Z" + "certs": [ + { + "subject_name": "test.com", + "name": "client", + "cert_type": "cert_key", + "not_after": "2024-01-06T00:01:30Z", + "not_before": "2023-12-07T00:01:30Z", + "cert_paths": [ + "/etc/nginx/client.pem" + ], + "cert_status": "expiring", + "deployment_status": "latest", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw" + } + ] } }, - "CertificateUpdateContent": { + "ConfigSyncGroupDetails": { "type": "object", - "description": "Defines the PEM-formatted certificate content which includes the certificates and corresponding private key, all encoded in base64.\n", + "description": "Detailed information of the NGINX config sync group.", + "allOf": [ + { + "$ref": "#/components/schemas/ConfigSyncGroup" + } + ] + }, + "FileData": { + "type": "object", + "description": "Details about a file, including its path, content, size, and last modified time.", + "required": [ + "name", + "contents", + "size", + "mtime" + ], "properties": { - "public_certs": { + "name": { "type": "string", - "format": "base64", - "maxLength": 3145728, - "description": "Base64-encoded PEM-formatted certificate information. \nThis is used for updating an existing certificate object. The schema is the same as `CertificateContent`,\nthe only difference is that both `public_certs` and `private_key` fields are optional. There are three use\ncases for this schema:\n* the below update can be done on either a Cert Key Pair or a CA Bundle:\n * when only `public_certs` is populated, update the public certificates on a certificate object. \n The updated public certificates will be validated against the existing private key.\n* the below update can be done only on a Cert Key Pair:\n * when only `private_key` is populated, update only the private key on a certificate object. \n The updated private key will be validated against the existing public certificates.\n * when both `public_certs` and `private_key` fields are populated, update both of them on a certificate \n object.\n" + "description": "The file's relative path to the parent directory.", + "minLength": 1, + "maxLength": 4096 + }, + "contents": { + "type": "string", + "format": "byte", + "description": "The base64-encoded contents of the file.", + "maxLength": 3145728 }, - "private_key": { + "size": { + "type": "integer", + "description": "The size of the file, in bytes." + }, + "mtime": { "type": "string", - "format": "base64", - "maxLength": 3145728, - "description": "Base64-encoded private key string for the leaf certificate, required only for certificate-key pairs to \nverify the certificate's authenticity.\n" + "format": "date-time", + "description": "Timestamp of the last modification made to the file." } - }, - "example": { - "private_key": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFM295ZHVlT0FOSkhodkwzeXZKZFRwaG9ldjVHTzdnbytCeVlPTy9sNTR1NU8yUHhNZVgrQWpBYjZBeG1xCmxpdkl1aHc9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0t" } }, - "CertificateUpdateRequest": { + "DirectoryWithFileContent": { "type": "object", - "description": "Request structure for updating a certificate object. If key provided, it will be validated against the \nexisting leaf certificate stored under the certificate object.\n* Update for an unmanaged certificate object:\n * This converts the unmanaged certificate object to managed.\n * `public_certs` should always be provided during the conversion.\n * When key is provided, this certificate object is converted to a managed Cert Key Pair. Otherwise, it is\n converted to a managed CA Bundle.\n", + "description": "Represents a directory and its contents, detailing the directory's full path, assigned permissions, last modified time, and the files within it.", + "required": [ + "name", + "files" + ], "properties": { "name": { - "description": "A name for the certificate, making it identifiable among others.", "type": "string", - "minLength": 1, - "maxLength": 128 + "description": "The complete path of the directory." }, - "content": { - "$ref": "#/components/schemas/CertificateUpdateContent" - } - }, - "example": { - "name": "example-cert-object", - "content": { - "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==" + "permissions": { + "type": "string", + "description": "The permissions for the directory." + }, + "mtime": { + "type": "string", + "description": "The date and time when the directory was last modified.", + "format": "date-time" + }, + "files": { + "type": "array", + "description": "The list of files in the directory.", + "items": { + "$ref": "#/components/schemas/FileData" + } } } }, - "FilterNameCertificateDeployments": { - "type": "string", - "description": "Keywords for certificate deployment filters.\nWhen filtering on `association_type`, only the following `filter_values` are supported:\n * instance\n * config_sync_group\nWhen filtering on `deployment_status`, only the following `filter_values` are supported:\n * latest\n * stale\n", - "enum": [ - "name", - "association_type", - "deployment_status" - ], - "x-enum-varnames": [ - "filter_name_certificate_deployments_name", - "filter_name_certificate_deployments_association_type", - "filter_name_certificate_deployments_deployment_status" - ] - }, - "CertificateAssociationType": { - "type": "string", - "description": "Certificate association type:\n * `instance` - This certificate deployment is for an instance.\n * `config_sync_group` - This certificate deployment is for a config sync group.\n", - "enum": [ - "instance", - "config_sync_group" - ], - "x-enum-varnames": [ - "certificate_association_type_instance", - "certificate_association_type_config_sync_group" - ] - }, - "CertificateDeploymentStatus": { - "type": "string", - "description": "Certificate deployment status:\n * `latest` - This certificate deployment is up to date with the latest certificates and key.\n * `stale` - This certificate deployment is outdated and needs to deploy the latest certificates and key.\n * `unmanaged` - This certificate deployment is unmanaged by NGINX One Console.\n", - "enum": [ - "latest", - "stale", - "unmanaged" - ], - "x-enum-varnames": [ - "certificate_deployment_status_latest", - "certificate_deployment_status_stale", - "certificate_deployment_status_unmanaged" - ] - }, - "CertificateDeployment": { + "NginxConfigObject": { "type": "object", - "description": "Response structure containing certificate deployment details for an SSL certificate, which include\n * `association_type` represents type of the object affected by this certificate deployment, which is either\n an instance or config sync group\n * `object_id` represents the object ID for the associated instance or config sync group\n * `name` for either the host name of an instance or the name of a config sync group\n * `deployment_status`:\n * `latest`: deployment is up to date with the latest updated certificate and key contents\n * `stale`: deployment for either certificates or key is outdated, requires a redeployment with the latest contents\n * `cert_paths` represents the file paths used for deploying public certificates of this certificate object\n * `key_paths` represents the file paths used for deploying the private key of this certificate object, if a\n private key is present\n", + "description": "Details of an NGINX configuration, the main configuration path, and the configuration directories.\n", "required": [ - "association_type", - "object_id", - "name", - "deployment_status" + "conf_path", + "configs" ], "properties": { - "association_type": { - "$ref": "#/components/schemas/CertificateAssociationType" - }, - "object_id": { - "$ref": "#/components/schemas/ObjectID" - }, - "name": { + "config_version": { "type": "string", - "description": "The host name of an instance or the name of a config sync group." + "description": "A hash that uniquely identifies the contents of the config object. Can be used to detect change when updating the NginxConfig.\n" }, - "deployment_status": { - "$ref": "#/components/schemas/CertificateDeploymentStatus" + "conf_path": { + "type": "string", + "minLength": 1, + "maxLength": 4096, + "description": "The full path to the main NGINX configuration file. This corresponds to the `--conf-path` parameter used in the NGINX binary.\n", + "example": "/etc/nginx/nginx.conf." }, - "cert_paths": { - "description": "Deployment file paths for public certificates.", + "configs": { "type": "array", + "description": "An array of directories containing NGINX configuration files.", "items": { - "type": "string" + "$ref": "#/components/schemas/DirectoryWithFileContent" } }, - "key_paths": { - "description": "Deployment file paths for the private key.", + "aux": { "type": "array", + "description": "An array of auxiliary directory contents related to the NGINX configuration.", "items": { - "type": "string" + "$ref": "#/components/schemas/DirectoryWithFileContent" } } }, "example": { - "association_type": "instance", - "name": "instance-host-name", - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "deployment_status": "latest", - "cert_paths": [ - "/etc/nginx/example.crt", - "/etc/nginx/certs/cert.crt" - ], - "key_paths": [ - "/etc/nginx/example.key" - ] - } - }, - "CertificateDeploymentListResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" - }, - { - "type": "object", - "description": "List of certificate deployments for a SSL certificate.", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of certificate deployments for an SSL certificate. If this certificate object represents a \nCA bundle, there will be only public certificate file paths in the certificate deployment details.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/CertificateDeployment" - } - } - } - } - ], - "example": { - "total": 10, - "count": 2, - "start_index": 1, - "items_per_page": 100, - "items": [ + "aux": [], + "conf_path": "/etc/nginx/nginx.conf", + "configs": [ { - "association_type": "instance", - "name": "instance-host-name", - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "deployment_status": "latest", - "cert_paths": [ - "/etc/nginx/example.crt", - "/etc/nginx/certs/cert.crt" + "files": [ + { + "contents": "Cm1hcCAkdXJpICRtYXBwZWRfc2VydmljZSB7CiAgICBkZWZhdWx0IFVOTUFUQ0hFRDsKICAgICJ+Xi9hcGkvdjEvbmFtZXNwYWNlcy9cdysvaW5zdGFuY2VzIiAgICAgICAgaW5zdGFuY2VzLXN2YzsKICAgICJ+Xi9hcGkvdjEvbmFtZXNwYWNlcy9cdysvZGF0YS1wbGFuZS1rZXlzIiAga2V5cy1zdmM7CiAgICAifl4vYXBpL3YxL25hbWVzcGFjZXMvXHcrL21vbml0b3IiICAgICAgICAgIG1vbml0b3Itc3ZjOwp9Cgp1cHN0cmVhbSBpbnN0YW5jZXMtc3ZjIHsKICAgIHNlcnZlciBpbnN0YW5jZXMtc3ZjOjgwODA7Cn0KCnVwc3RyZWFtIGtleXMtc3ZjIHsKICAgIHNlcnZlciBrZXlzLXN2Yzo4MDkwOwp9Cgp1cHN0cmVhbSBkYXRhcGxhbmUtY3RybCB7CiAgICBzZXJ2ZXIgZGF0YXBsYW5lLWN0cmw6ODA4MDsKfQoKdXBzdHJlYW0gbW9uaXRvci1zdmMgewogICAgc2VydmVyIG1vbml0b3Itc3ZjOjgwODA7Cn0KCnVwc3RyZWFtIG1ldHJpY3MtaW5nZXN0IHsKICAgIHNlcnZlciBtZXRyaWNzLWluZ2VzdDo4MDgwOwp9CgpzZXJ2ZXIgewogICAgbGlzdGVuIDg4ODg7CiAgICBzZXJ2ZXJfbmFtZSBfOwogICAgaHR0cDIgb247CgogICAgcHJveHlfcGFzc19yZXF1ZXN0X2hlYWRlcnMgb247CiAgICByZXdyaXRlICJeL2FwaS8obmdpbngvb25lfHYxKS8oLiopJCIgIi9hcGkvdjEvJDIiIGJyZWFrOwogICAgbG9jYXRpb24gL2FwaS92MS8gewogICAgICAgIGlmICgkbWFwcGVkX3NlcnZpY2UgPSAiVU5NQVRDSEVEIikgewogICAgICAgICAgICByZXR1cm4gNDA0ICd7ImVycm9yOiAiTm90IGZvdW5kIn0nOwogICAgICAgIH0KICAgICAgICBwcm94eV9wYXNzX2hlYWRlciBYLVZvbHRlcnJhLUFwaWd3LVRlbmFudDsKICAgICAgICBwcm94eV9wYXNzIGh0dHA6Ly8kbWFwcGVkX3NlcnZpY2U7CiAgICB9CgogICAgIyBnUlBDIHNlcnZpY2UgZm9yIGRhdGFwbGFuZS1jdHJsCiAgICBsb2NhdGlvbiAvZjUubmdpbnguYWdlbnQuc2RrLkNvbW1hbmRlciB7CiAgICAgICAgZ3JwY19zb2NrZXRfa2VlcGFsaXZlIG9uOwogICAgICAgIGdycGNfcmVhZF90aW1lb3V0IDVtOwogICAgICAgIGdycGNfc2VuZF90aW1lb3V0IDVtOwogICAgICAgIGNsaWVudF9ib2R5X3RpbWVvdXQgMTBtOwogICAgICAgIGdycGNfcGFzcyBncnBjOi8vZGF0YXBsYW5lLWN0cmw7CiAgICB9CgogICAgIyBnUlBDIHNlcnZpY2UgZm9yIG1ldHJpY3MgaW5nZXN0aW9uCiAgICBsb2NhdGlvbiAvZjUubmdpbnguYWdlbnQuc2RrLk1ldHJpY3NTZXJ2aWNlIHsKICAgICAgICBncnBjX3NvY2tldF9rZWVwYWxpdmUgb247CiAgICAgICAgZ3JwY19yZWFkX3RpbWVvdXQgNW07CiAgICAgICAgZ3JwY19zZW5kX3RpbWVvdXQgNW07CiAgICAgICAgY2xpZW50X2JvZHlfdGltZW91dCAxMG07CiAgICAgICAgY2xpZW50X21heF9ib2R5X3NpemUgMDsKICAgICAgICBncnBjX3Bhc3MgZ3JwYzovL21ldHJpY3MtaW5nZXN0OwogICAgfQp9CgojIHByb3h5IHRvIHRoZSBtYW5hZ2VtZW50IHNlcnZlcnMKc2VydmVyIHsKICAgIGxpc3RlbiAxNTAwMDsKICAgIHNlcnZlcl9uYW1lIF87CiAgICAjIHVzZSBkb2NrZXIgRE5TCiAgICByZXNvbHZlciAxMjcuMC4wLjExIHZhbGlkPTMwczsKCiAgICAjIG1hdGNoIC88c2VydmljZT4vPG1nbXQgZW5kcG9pbnQ+CiAgICBsb2NhdGlvbiB+Xi8oW14vXSspLyguKykkIHsKICAgICAgICBwcm94eV9wYXNzIGh0dHA6Ly8kMToxNTAwMC8kMjsKICAgIH0KCiAgICBsb2NhdGlvbiAvIHsKICAgICAgICBhZGRfaGVhZGVyICJDb250ZW50LVR5cGUiICJ0ZXh0L2h0bWwiOwogICAgICAgIHJldHVybiAyMDAgIjxwPkFjY2VzcyB0aGUgbWFuYWdlbWVudCBzZXJ2ZXIgb2YgYW55IHNlcnZpY2Ugd2l0aCBVUkxzIGxpa2UgPGNvZGU+aHR0cDovL2xvY2FsaG9zdDoxNTAwMC8mbHQ7U0VSVklDRV9OQU1FJmd0Oy9tZXRyaWNzPC9jb2RlPjwvcD4iOwogICAgfQp9Cg==", + "mtime": "1970-01-01T00:00:00Z", + "name": "default.conf", + "size": 1942 + } ], - "key_paths": [ - "/etc/nginx/example.key" - ] + "name": "/etc/nginx/conf.d" }, { - "association_type": "config_sync_group", - "name": "group1", - "object_id": "csg_vfr5Oqv-AhxGzyqTXW-Ubw", - "deployment_status": "stale", - "cert_paths": [ - "/etc/nginx/cert.crt" + "files": [ + { + "contents": "CnVzZXIgIG5naW54Owp3b3JrZXJfcHJvY2Vzc2VzICBhdXRvOwoKZXJyb3JfbG9nICAvdmFyL2xvZy9uZ2lueC9lcnJvci5sb2cgbm90aWNlOwpwaWQgICAgICAgIC92YXIvcnVuL25naW54LnBpZDsKCgpldmVudHMgewogICAgd29ya2VyX2Nvbm5lY3Rpb25zICAxMDI0Owp9CgoKaHR0cCB7CiAgICBpbmNsdWRlICAgICAgIC9ldGMvbmdpbngvbWltZS50eXBlczsKICAgIGRlZmF1bHRfdHlwZSAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtOwoKICAgIGxvZ19mb3JtYXQgIG1haW4gICckcmVtb3RlX2FkZHIgLSAkcmVtb3RlX3VzZXIgWyR0aW1lX2xvY2FsXSAiJHJlcXVlc3QiICcKICAgICAgICAgICAgICAgICAgICAgICckc3RhdHVzICRib2R5X2J5dGVzX3NlbnQgIiRodHRwX3JlZmVyZXIiICcKICAgICAgICAgICAgICAgICAgICAgICciJGh0dHBfdXNlcl9hZ2VudCIgIiRodHRwX3hfZm9yd2FyZGVkX2ZvciInOwoKICAgIGFjY2Vzc19sb2cgIC92YXIvbG9nL25naW54L2FjY2Vzcy5sb2cgIG1haW47CgogICAgc2VuZGZpbGUgICAgICAgIG9uOwogICAgI3RjcF9ub3B1c2ggICAgIG9uOwoKICAgIGtlZXBhbGl2ZV90aW1lb3V0ICA2NTsKCiAgICAjZ3ppcCAgb247CgogICAgaW5jbHVkZSAvZXRjL25naW54L2NvbmYuZC8qLmNvbmY7Cn0K", + "mtime": "1970-01-01T00:00:00Z", + "name": "nginx.conf", + "size": 648 + }, + { + "contents": "CnR5cGVzIHsKICAgIHRleHQvaHRtbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBodG1sIGh0bSBzaHRtbDsKICAgIHRleHQvY3NzICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjc3M7CiAgICB0ZXh0L3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeG1sOwogICAgaW1hZ2UvZ2lmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdpZjsKICAgIGltYWdlL2pwZWcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqcGVnIGpwZzsKICAgIGFwcGxpY2F0aW9uL2phdmFzY3JpcHQgICAgICAgICAgICAgICAgICAgICAgICAgICBqczsKICAgIGFwcGxpY2F0aW9uL2F0b20reG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdG9tOwogICAgYXBwbGljYXRpb24vcnNzK3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJzczsKCiAgICB0ZXh0L21hdGhtbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbW1sOwogICAgdGV4dC9wbGFpbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHR4dDsKICAgIHRleHQvdm5kLnN1bi5qMm1lLmFwcC1kZXNjcmlwdG9yICAgICAgICAgICAgICAgICBqYWQ7CiAgICB0ZXh0L3ZuZC53YXAud21sICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd21sOwogICAgdGV4dC94LWNvbXBvbmVudCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGh0YzsKCiAgICBpbWFnZS9hdmlmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXZpZjsKICAgIGltYWdlL3BuZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwbmc7CiAgICBpbWFnZS9zdmcreG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZnIHN2Z3o7CiAgICBpbWFnZS90aWZmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGlmIHRpZmY7CiAgICBpbWFnZS92bmQud2FwLndibXAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2JtcDsKICAgIGltYWdlL3dlYnAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJwOwogICAgaW1hZ2UveC1pY29uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGljbzsKICAgIGltYWdlL3gtam5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqbmc7CiAgICBpbWFnZS94LW1zLWJtcCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYm1wOwoKICAgIGZvbnQvd29mZiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3b2ZmOwogICAgZm9udC93b2ZmMiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdvZmYyOwoKICAgIGFwcGxpY2F0aW9uL2phdmEtYXJjaGl2ZSAgICAgICAgICAgICAgICAgICAgICAgICBqYXIgd2FyIGVhcjsKICAgIGFwcGxpY2F0aW9uL2pzb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqc29uOwogICAgYXBwbGljYXRpb24vbWFjLWJpbmhleDQwICAgICAgICAgICAgICAgICAgICAgICAgIGhxeDsKICAgIGFwcGxpY2F0aW9uL21zd29yZCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2M7CiAgICBhcHBsaWNhdGlvbi9wZGYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcGRmOwogICAgYXBwbGljYXRpb24vcG9zdHNjcmlwdCAgICAgICAgICAgICAgICAgICAgICAgICAgIHBzIGVwcyBhaTsKICAgIGFwcGxpY2F0aW9uL3J0ZiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBydGY7CiAgICBhcHBsaWNhdGlvbi92bmQuYXBwbGUubXBlZ3VybCAgICAgICAgICAgICAgICAgICAgbTN1ODsKICAgIGFwcGxpY2F0aW9uL3ZuZC5nb29nbGUtZWFydGgua21sK3htbCAgICAgICAgICAgICBrbWw7CiAgICBhcHBsaWNhdGlvbi92bmQuZ29vZ2xlLWVhcnRoLmtteiAgICAgICAgICAgICAgICAga216OwogICAgYXBwbGljYXRpb24vdm5kLm1zLWV4Y2VsICAgICAgICAgICAgICAgICAgICAgICAgIHhsczsKICAgIGFwcGxpY2F0aW9uL3ZuZC5tcy1mb250b2JqZWN0ICAgICAgICAgICAgICAgICAgICBlb3Q7CiAgICBhcHBsaWNhdGlvbi92bmQubXMtcG93ZXJwb2ludCAgICAgICAgICAgICAgICAgICAgcHB0OwogICAgYXBwbGljYXRpb24vdm5kLm9hc2lzLm9wZW5kb2N1bWVudC5ncmFwaGljcyAgICAgIG9kZzsKICAgIGFwcGxpY2F0aW9uL3ZuZC5vYXNpcy5vcGVuZG9jdW1lbnQucHJlc2VudGF0aW9uICBvZHA7CiAgICBhcHBsaWNhdGlvbi92bmQub2FzaXMub3BlbmRvY3VtZW50LnNwcmVhZHNoZWV0ICAgb2RzOwogICAgYXBwbGljYXRpb24vdm5kLm9hc2lzLm9wZW5kb2N1bWVudC50ZXh0ICAgICAgICAgIG9kdDsKICAgIGFwcGxpY2F0aW9uL3ZuZC5vcGVueG1sZm9ybWF0cy1vZmZpY2Vkb2N1bWVudC5wcmVzZW50YXRpb25tbC5wcmVzZW50YXRpb24KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwcHR4OwogICAgYXBwbGljYXRpb24vdm5kLm9wZW54bWxmb3JtYXRzLW9mZmljZWRvY3VtZW50LnNwcmVhZHNoZWV0bWwuc2hlZXQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB4bHN4OwogICAgYXBwbGljYXRpb24vdm5kLm9wZW54bWxmb3JtYXRzLW9mZmljZWRvY3VtZW50LndvcmRwcm9jZXNzaW5nbWwuZG9jdW1lbnQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2N4OwogICAgYXBwbGljYXRpb24vdm5kLndhcC53bWxjICAgICAgICAgICAgICAgICAgICAgICAgIHdtbGM7CiAgICBhcHBsaWNhdGlvbi93YXNtICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2FzbTsKICAgIGFwcGxpY2F0aW9uL3gtN3otY29tcHJlc3NlZCAgICAgICAgICAgICAgICAgICAgICA3ejsKICAgIGFwcGxpY2F0aW9uL3gtY29jb2EgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjY287CiAgICBhcHBsaWNhdGlvbi94LWphdmEtYXJjaGl2ZS1kaWZmICAgICAgICAgICAgICAgICAgamFyZGlmZjsKICAgIGFwcGxpY2F0aW9uL3gtamF2YS1qbmxwLWZpbGUgICAgICAgICAgICAgICAgICAgICBqbmxwOwogICAgYXBwbGljYXRpb24veC1tYWtlc2VsZiAgICAgICAgICAgICAgICAgICAgICAgICAgIHJ1bjsKICAgIGFwcGxpY2F0aW9uL3gtcGVybCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwbCBwbTsKICAgIGFwcGxpY2F0aW9uL3gtcGlsb3QgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwcmMgcGRiOwogICAgYXBwbGljYXRpb24veC1yYXItY29tcHJlc3NlZCAgICAgICAgICAgICAgICAgICAgIHJhcjsKICAgIGFwcGxpY2F0aW9uL3gtcmVkaGF0LXBhY2thZ2UtbWFuYWdlciAgICAgICAgICAgICBycG07CiAgICBhcHBsaWNhdGlvbi94LXNlYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2VhOwogICAgYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2ggICAgICAgICAgICAgICAgICAgIHN3ZjsKICAgIGFwcGxpY2F0aW9uL3gtc3R1ZmZpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBzaXQ7CiAgICBhcHBsaWNhdGlvbi94LXRjbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGNsIHRrOwogICAgYXBwbGljYXRpb24veC14NTA5LWNhLWNlcnQgICAgICAgICAgICAgICAgICAgICAgIGRlciBwZW0gY3J0OwogICAgYXBwbGljYXRpb24veC14cGluc3RhbGwgICAgICAgICAgICAgICAgICAgICAgICAgIHhwaTsKICAgIGFwcGxpY2F0aW9uL3hodG1sK3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICB4aHRtbDsKICAgIGFwcGxpY2F0aW9uL3hzcGYreG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICB4c3BmOwogICAgYXBwbGljYXRpb24vemlwICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHppcDsKCiAgICBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0gICAgICAgICAgICAgICAgICAgICAgICAgYmluIGV4ZSBkbGw7CiAgICBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0gICAgICAgICAgICAgICAgICAgICAgICAgZGViOwogICAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtICAgICAgICAgICAgICAgICAgICAgICAgIGRtZzsKICAgIGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbSAgICAgICAgICAgICAgICAgICAgICAgICBpc28gaW1nOwogICAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtICAgICAgICAgICAgICAgICAgICAgICAgIG1zaSBtc3AgbXNtOwoKICAgIGF1ZGlvL21pZGkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtaWQgbWlkaSBrYXI7CiAgICBhdWRpby9tcGVnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbXAzOwogICAgYXVkaW8vb2dnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9nZzsKICAgIGF1ZGlvL3gtbTRhICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtNGE7CiAgICBhdWRpby94LXJlYWxhdWRpbyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcmE7CgogICAgdmlkZW8vM2dwcCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDNncHAgM2dwOwogICAgdmlkZW8vbXAydCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRzOwogICAgdmlkZW8vbXA0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1wNDsKICAgIHZpZGVvL21wZWcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtcGVnIG1wZzsKICAgIHZpZGVvL3F1aWNrdGltZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtb3Y7CiAgICB2aWRlby93ZWJtICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2VibTsKICAgIHZpZGVvL3gtZmx2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBmbHY7CiAgICB2aWRlby94LW00diAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbTR2OwogICAgdmlkZW8veC1tbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1uZzsKICAgIHZpZGVvL3gtbXMtYXNmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhc3ggYXNmOwogICAgdmlkZW8veC1tcy13bXYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdtdjsKICAgIHZpZGVvL3gtbXN2aWRlbyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdmk7Cn0K", + "mtime": "1970-01-01T00:00:00Z", + "name": "mime.types", + "size": 5349 + } ], - "key_paths": [ - "/etc/nginx/server.key" - ] + "name": "/etc/nginx" } ] } }, - "FilterNameConfigSyncGroups": { - "type": "string", - "description": "Keywords for config sync groups filters.\nWhen filtering on `config_status`, only the following `filter_values` are supported:\n * in_sync\n * out_of_sync\n * sync_in_progress\n * unknown\n", - "enum": [ - "name", - "config_status", - "object_id" - ], - "x-enum-varnames": [ - "filter_name_config_sync_group_name", - "filter_name_config_sync_group_config_status", - "filter_name_config_sync_group_object_id" - ] - }, - "configSyncGroupObjectID": { - "description": "A globally unique identifier for the NGINX config sync group.", + "NginxConfigObjectID": { + "description": "A globally unique identifier for the NGINX Config object.", "type": "string", "format": "object_id", - "pattern": "^csg_.*", + "pattern": "^nc_.*", "x-go-type": "objects.ID", "x-go-type-import": { "name": "objects", "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "ConfigSyncStatus": { + "PayloadObjectID": { + "description": "A globally unique identifier for the valid payload object reference.", "type": "string", - "description": "The current config sync status of the NGINX config sync group, with the following possible values:\n* `unknown` - The status cannot be determined at this moment.\n* `in_sync` - All Nginx instances in config sync group have same config as indicated by config_version.\n* `out_of_sync` - Some Nginx instances in config sync group have config different than indicated by config_version.\n* `sync_in_progress` - The operation of applying config_version to all Nginx instances in config sync group is in progress.\n", - "enum": [ - "unknown", - "in_sync", - "out_of_sync", - "sync_in_progress" - ], - "x-enum-varnames": [ - "nginx_config_sync_group_config_status_unknown", - "nginx_config_sync_group_config_status_in_sync", - "nginx_config_sync_group_config_status_out_of_sync", - "nginx_config_sync_group_config_status_in_progress" - ] + "format": "object_id", + "pattern": "^(cert|pv)_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } }, - "CertificateInstanceSummary": { - "description": "A breakdown and tally of certificates, detailing the total count, number of expired certificates, certificates nearing expiration, and those that are valid.", + "NginxConfigPayload": { "type": "object", + "description": "Details of Aux File Payload that goes with an NGINX configuration. Provide hints for the backend system on \nadditional file contents that should be part of the NGINX Config Publication.\nCan be used to deploy files related to SSL certificates, to a data plane instance.\n", "required": [ - "total", - "expired", - "expiring", - "valid", - "not_ready" + "type", + "paths" ], "properties": { - "total": { - "description": "Total count of certificates across the NGINX data plane.", - "type": "integer" - }, - "expired": { - "description": "The number of certificates that have expired and are no longer valid.", - "type": "integer" + "type": { + "type": "string", + "description": "Types of Aux File Payload:\n - inline_secret - indicates the provided content for the payload should be stored in a secret location, and removed after the publication is done.\n - inline_content - indicates the provided content for the payload should be stored, and removed after the publication is done. Note, the contents may end up in the `aux` content if used in this NGINX configuration.\n - unmanaged_certificate - indicates certificate content for an unmanaged certificate detected from a data plane instance through NGINX configurations. Will be filtered and ignored in the payload deployment.\n - managed_certificate - indicates public certificates managed by NGINX One Console.\n - managed_key - indicates a private key managed by NGINX One Console.\n - nap_policy_version - indicates a version of NAP policy managed by NGINX One Console. A valid policy_version object\n", + "enum": [ + "inline_secret", + "inline_content", + "unmanaged_certificate", + "managed_certificate", + "managed_key", + "nap_policy_version" + ], + "x-enum-varnames": [ + "nginx_config_payload_inline_secret", + "nginx_config_payload_inline_content", + "nginx_config_payload_unmanaged_certificate", + "nginx_config_payload_managed_certificate", + "nginx_config_payload_managed_key", + "nginx_config_payload_nap_policy_version" + ] }, - "expiring": { - "description": "The number of certificates due to expire in the next 30 days.", - "type": "integer" + "contents": { + "type": "string", + "format": "base64", + "description": "The base64-encoded contents of the file.", + "maxLength": 3145728 }, - "valid": { - "description": "The number of certificates that are valid and in good standing.", - "type": "integer" + "object_id": { + "$ref": "#/components/schemas/PayloadObjectID" }, - "not_ready": { - "description": "The number of certificates that are not ready to be used.", - "type": "integer" + "paths": { + "type": "array", + "items": { + "type": "string" + } } + }, + "example": { + "type": "inline_content", + "contents": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURUVENDQWpXZ0F3SUJBZ0lVVkcycitidUwwRk83U1FVeUtoVkNTN3YyRHZZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05qRVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNUk13RVFZRFZRUUtEQXBPUjBsT1dDQkpibU11TVFzdwpDUVlEVlFRR0V3SlZVekFlRncweU5EQTBNall5TURVeE5ERmFGdzB5TkRBME1qY3lNRFV4TkRGYU1EWXhFakFRCkJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERFVE1CRUdBMVVFQ2d3S1RrZEpUbGdnU1c1akxqRUxNQWtHQTFVRUJoTUMKVlZNd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMyb0FJVU9HMkxGMFVGclpMeQp5aWhZRjBZWjdYTWFYZnZ4dWJMYVZZdUdJNjlYN1FQRUJtUXp2OXdod25aUktDUExDZHVCNG04Y0o3Q3BGenRHCldPYVFMbmNxVVA4RFU1aHlQeFBSbmZUdFFBcUdiMDJRZ1RVQXY1QkpJMFZheGhCcnNaemd0KzgyM3ZoTTZTUHcKMGdSc1NZRlFpKzVDWW9MMWZNSWdhS0N2Ri9zZGl5cHZFQ0JDZVZyTWZFZ0pGSVJBQ1kvdFBzdEsvTkxwKzlmawppZ3hFMlYxcldoSGdvRmhZRm5YYnVqM2RIMHJLai9DVlM5anZMMk9vRTlvenM5MkRVLytySGJ6eFR3QndVQjBzCmVPS2hPY2d2cENyTVlSUWxUUlhmWVJmV0NLN2Q2Mk1JR3kvajcvV1VieDFOYzl4MjJzUitydVRlZkxnRTA2NWgKMldDZkFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFmQmdOVgpIU01FR0RBV2dCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFCNC9VM3lrMFYzMTFNRFQvaEttbFJ4MWRqalRyMlhIQnVEcXZYY3BIRTQKVDJwZ0xnWURwN2tmUTQrdnlHWUt1cndEc0F1VDhEZCtUUUZLZEIraEFGRzMyazlxS1RyY1ZCZ2tNSjIwQitvWQp4T2diWW5zVnpiTDhXL0hOR3BlbDkrbThwYURtMGRXNzhMUit5UnJleDVlY2pjYWlZMDg3b0dHNlJDeWhyUVd4CkpkdkFvNlU1ejl3TnVhNmMyNlY2cy84Yit6SkJWektGZ0tQNVVGL2lIcGJVNW1QcVMwWlk4ckhRLzZPTHRGRjgKZ1J2UUlRZjZLSjRmOXlUOFBYSHBIdGJCMzEzaWh2Z09wWW9la3lIWTZaSmllTWhkd0J4MzB1N3d2Uy9POEluYwpsZWZzTkxUcWFTM2JWdldLeUFaVlZyenFtU043aGh4QWZrc0RZelBFbkF3OAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t", + "paths": [ + "/etc/nginx/ssl/server.crt" + ] } }, - "ListConfigSyncGroupObject": { - "type": "object", - "description": "Summary information of the NGINX config sync group.", - "required": [ - "object_id", - "name", - "instances_count", - "config_status" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/configSyncGroupObjectID" - }, - "name": { - "description": "Name of the Nginx config sync group.", - "type": "string" - }, - "instances_count": { - "description": "Number of instances in the Nginx config sync group.", - "type": "integer" + "NginxConfigPayloads": { + "type": "array", + "description": "An array of payloads that track the file paths of each SSL certificates and key, indicating where to deploy\nthem onto the data plane instance.\n* If the `type` is `managed_certificate` or `managed_key`, you need to specify an `object_id`.\n * The `object_id` must represent a managed certificate object, or a `400 Bad Request` is returned. \n * The `contents` field is optional and is ignored if included.\n* The NGINX One Console manages deployed file paths only for managed certificates and keys. If you don't want \nthem to be managed by NGINX One Console, `inline_content` and `inline_secret` can be used for certificates or \nkeys, respectively. When you retrieve certificate deployment details, only the file paths of managed \ncertificates and keys will be shown.\n* If you use `inline_content` and `inline_secret` in your NGINX configuration, the NGINX One Console \nwill detect them. When they are used as SSL directives of the NGINX configuration \nfor certificates and keys, the certificates will be listed as `unmanaged_certificate` in the certificate \ndeployment details.\n", + "items": { + "$ref": "#/components/schemas/NginxConfigPayload" + }, + "example": [ + { + "type": "managed_certificate", + "object_id": "cert_rto8NYiCQputrIasNx2NOA", + "paths": [ + "/etc/nginx/cert.pem" + ] }, - "config_status": { - "$ref": "#/components/schemas/ConfigSyncStatus" + { + "type": "managed_key", + "object_id": "cert_rto8NYiCQputrIasNx2NOA", + "paths": [ + "/etc/nginx/key.pem" + ] }, - "cert_summary": { - "$ref": "#/components/schemas/CertificateInstanceSummary" + { + "type": "inline_content", + "contents": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURUVENDQWpXZ0F3SUJBZ0lVVkcycitidUwwRk83U1FVeUtoVkNTN3YyRHZZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05qRVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNUk13RVFZRFZRUUtEQXBPUjBsT1dDQkpibU11TVFzdwpDUVlEVlFRR0V3SlZVekFlRncweU5EQTBNall5TURVeE5ERmFGdzB5TkRBME1qY3lNRFV4TkRGYU1EWXhFakFRCkJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERFVE1CRUdBMVVFQ2d3S1RrZEpUbGdnU1c1akxqRUxNQWtHQTFVRUJoTUMKVlZNd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMyb0FJVU9HMkxGMFVGclpMeQp5aWhZRjBZWjdYTWFYZnZ4dWJMYVZZdUdJNjlYN1FQRUJtUXp2OXdod25aUktDUExDZHVCNG04Y0o3Q3BGenRHCldPYVFMbmNxVVA4RFU1aHlQeFBSbmZUdFFBcUdiMDJRZ1RVQXY1QkpJMFZheGhCcnNaemd0KzgyM3ZoTTZTUHcKMGdSc1NZRlFpKzVDWW9MMWZNSWdhS0N2Ri9zZGl5cHZFQ0JDZVZyTWZFZ0pGSVJBQ1kvdFBzdEsvTkxwKzlmawppZ3hFMlYxcldoSGdvRmhZRm5YYnVqM2RIMHJLai9DVlM5anZMMk9vRTlvenM5MkRVLytySGJ6eFR3QndVQjBzCmVPS2hPY2d2cENyTVlSUWxUUlhmWVJmV0NLN2Q2Mk1JR3kvajcvV1VieDFOYzl4MjJzUitydVRlZkxnRTA2NWgKMldDZkFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFmQmdOVgpIU01FR0RBV2dCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFCNC9VM3lrMFYzMTFNRFQvaEttbFJ4MWRqalRyMlhIQnVEcXZYY3BIRTQKVDJwZ0xnWURwN2tmUTQrdnlHWUt1cndEc0F1VDhEZCtUUUZLZEIraEFGRzMyazlxS1RyY1ZCZ2tNSjIwQitvWQp4T2diWW5zVnpiTDhXL0hOR3BlbDkrbThwYURtMGRXNzhMUit5UnJleDVlY2pjYWlZMDg3b0dHNlJDeWhyUVd4CkpkdkFvNlU1ejl3TnVhNmMyNlY2cy84Yit6SkJWektGZ0tQNVVGL2lIcGJVNW1QcVMwWlk4ckhRLzZPTHRGRjgKZ1J2UUlRZjZLSjRmOXlUOFBYSHBIdGJCMzEzaWh2Z09wWW9la3lIWTZaSmllTWhkd0J4MzB1N3d2Uy9POEluYwpsZWZzTkxUcWFTM2JWdldLeUFaVlZyenFtU043aGh4QWZrc0RZelBFbkF3OAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t", + "paths": [ + "/etc/nginx/inline_cert.crt" + ] } - } + ] }, - "ConfigSyncGroupListResponse": { + "NginxConfig": { + "description": "Details of an NGINX configuration, including its unique identifier, the main configuration path, the \nconfiguration directories, and the NGINX configuration payloads that indicate where managed SSL certificates\nand keys were deployed to on the data plane instance.\n", "allOf": [ { - "$ref": "#/components/schemas/PaginationResponse" + "$ref": "#/components/schemas/NginxConfigObject" }, { "type": "object", - "description": "List of Nginx config sync groups.", "required": [ - "items" + "object_id" ], "properties": { - "items": { - "description": "An array of Config Sync Group objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/ListConfigSyncGroupObject" - } + "object_id": { + "$ref": "#/components/schemas/NginxConfigObjectID" + }, + "payloads": { + "$ref": "#/components/schemas/NginxConfigPayloads" } } } + ] + }, + "FileDataRequest": { + "type": "object", + "description": "Details about a file, name, and content.", + "required": [ + "name" ], - "example": { - "total": 10, - "count": 1, - "start_index": 1, - "items_per_page": 100, - "items": [ - { - "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", - "name": "test-config-sync-group", - "config_status": "in_sync", - "instances_count": 1 - } - ] + "properties": { + "name": { + "type": "string", + "description": "The file's relative path to the parent directory, absolute path also accepted.", + "minLength": 1, + "maxLength": 4096 + }, + "contents": { + "type": "string", + "format": "byte", + "description": "The base64-encoded contents of the file.", + "maxLength": 3145728 + } } }, - "ConfigSyncGroupCreateRequest": { - "description": "Body to create a Nginx config sync group.", + "DirectoryRequestWithFileContent": { + "type": "object", + "description": "Represents a directory and its contents, detailing the directory's full path, and the files within it.", "required": [ - "name" + "name", + "files" ], "properties": { "name": { "type": "string", - "description": "A name to uniquely identify the Nginx config sync group in a given tenant namespace.", "minLength": 1, - "maxLength": 256 + "description": "The complete path of the directory." + }, + "files": { + "type": "array", + "description": "The list of files in the directory.", + "items": { + "$ref": "#/components/schemas/FileDataRequest" + } } - }, - "example": { - "name": "my-nginx-config-sync-group" } }, - "ConfigSyncGroupCreateResponse": { - "description": "Response to a create Nginx config sync group request.", + "NginxConfigObjectRequest": { + "type": "object", + "description": "Details of an NGINX configuration, the main configuration path, and the configuration directories.\n", "required": [ - "object_id", - "name" + "conf_path", + "configs" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/configSyncGroupObjectID" + "config_version": { + "type": "string", + "description": "A hash that uniquely identifies the contents of the config object. Can be used to detect change when updating the NginxConfig.\n" }, - "name": { - "description": "Name of the Nginx config sync group.", - "type": "string" + "conf_path": { + "type": "string", + "minLength": 1, + "maxLength": 4096, + "description": "The full path to the main NGINX configuration file. This corresponds to the `--conf-path` parameter used in the NGINX binary.\n", + "example": "/etc/nginx/nginx.conf." + }, + "configs": { + "type": "array", + "description": "An array of directories containing NGINX configuration files.", + "items": { + "$ref": "#/components/schemas/DirectoryRequestWithFileContent" + } + }, + "aux": { + "type": "array", + "description": "An array of auxiliary directory contents related to the NGINX configuration. When auxiliary contents are\nprovided, they become the authoritative source of non-NGINX configuration content. Please ensure the\nprovided contents are complete, missing files that are referenced in the NGINX configuration can cause\nNGINX reload failure. When not provided, the previous known auxiliary contents will be used as part of\npublish.\n", + "items": { + "$ref": "#/components/schemas/DirectoryRequestWithFileContent" + } } - }, - "example": { - "name": "my-nginx-config-sync-group", - "object_id": "csg_Tet21AeYTHCj7taOwVfzyw" } }, - "ConfigSyncGroupBulkRequestData": { + "NginxConfigRequest": { + "allOf": [ + { + "$ref": "#/components/schemas/NginxConfigObjectRequest" + }, + { + "type": "object", + "properties": { + "payloads": { + "$ref": "#/components/schemas/NginxConfigPayloads" + } + } + } + ] + }, + "PublicationObjectID": { + "description": "A globally unique identifier for the publication.", + "type": "string", + "format": "object_id", + "example": "pub_72pGHoGsSICL_THZrs964g", + "pattern": "^pub_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "PublicationStatusCause": { + "description": "Cause of the failure, provided only if the status is `failed`.", "type": "object", - "description": "Part of bulk operation on a config sync group, only `delete` is supported.", - "required": [ - "action", - "object_id" - ], "properties": { - "object_id": { - "$ref": "#/components/schemas/configSyncGroupObjectID" + "cause": { + "description": "Cause of the failure, detailed as follows:\n* `unknown` - The reason for the failure is not known.\n* `timeout` - The publication request reached its time limit without receiving a response from the NGINX Agent.\n* `remote` - The NGINX Agent reported a failure when trying to apply the configuration. See the message for more details.\n", + "type": "string", + "enum": [ + "unknown", + "timeout", + "remote" + ], + "x-enum-varnames": [ + "publication_instance_status_cause_unknown", + "publication_instance_status_cause_timeout", + "publication_instance_status_cause_remote" + ] }, - "action": { - "$ref": "#/components/schemas/BulkRequestAction" + "message": { + "type": "string", + "description": "more specific failure message from the agent." } - }, - "example": { - "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" } }, - "ConfigSyncGroupBulkRequest": { - "type": "array", - "items": { - "$ref": "#/components/schemas/ConfigSyncGroupBulkRequestData" - }, - "minItems": 1, - "maxItems": 50, - "example": [ + "ConfigSyncGroupPublicationStatusReason": { + "allOf": [ { - "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" + "$ref": "#/components/schemas/PublicationStatusCause" }, { - "object_id": "csg_PL0c1XodRemmzVEjiXSsTg", - "action": "delete" + "type": "object", + "required": [ + "object_id" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/InstanceObjectID" + } + } } ] }, - "ConfigSyncGroupBulkResponse": { - "description": "The config sync group bulk outcome.", - "type": "array", - "items": { - "$ref": "#/components/schemas/BulkRequestObjectStatus" - } - }, - "ConfigSyncGroupMeta": { - "type": "object", - "description": "Meta information of the NGINX config sync group including:\n* NGINX config sync group object ID\n* unique name of the config sync group in the tenant namespace\n* last publication timestamp\n", + "ConfigSyncGroupPublication": { + "description": "Details of a publication request for the NGINX config sync group.", "required": [ - "object_id", - "name" + "status", + "created_at", + "modified_at" ], "properties": { "object_id": { - "$ref": "#/components/schemas/configSyncGroupObjectID" + "$ref": "#/components/schemas/PublicationObjectID" }, - "name": { - "description": "Name of the Nginx config sync group.", - "type": "string" + "status": { + "$ref": "#/components/schemas/ConfigSyncGroupPublicationStatus" }, - "last_publication": { - "description": "The date and time of the most recent config sync group publication.", + "created_at": { "type": "string", - "format": "date-time" + "format": "date-time", + "description": "The date and time when the publication was created for the instance." + }, + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the publication was last modified for the instance." + }, + "status_reasons": { + "description": "Detailed failure reasons on each instance's publication, when 'status' is in 'failed' or 'partially_succeeded'", + "type": "array", + "items": { + "$ref": "#/components/schemas/ConfigSyncGroupPublicationStatusReason" + } + }, + "config_version": { + "type": "string", + "description": "A hash that uniquely identifies the contents of the config object in the publication.\n" } }, "example": { - "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", - "name": "test-config-sync-group", - "last_publication": "2023-12-06T22:37:24.120114Z" - } - }, - "InstanceObjectID": { - "description": "A globally unique identifier for the NGINX instance.", - "type": "string", - "format": "object_id", - "pattern": "^inst_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + "config_version": "fc3bb4b50c145b3ca5c5d1342be5ec0718eeb9bb84f8d53c5734b6b8", + "created_at": "2024-05-23T21:57:13.048285Z", + "modified_at": "2024-05-23T21:57:13.048285Z", + "object_id": "pub_UPV8jXFwSgm1vHQJCvLD1w", + "status": "failed", + "status_reasons": [ + { + "cause": "remote", + "message": "Config apply failed (write): error running nginx -t -c /etc/nginx/nginx.conf:\n error running nginx -t -c /etc/nginx/nginx.conf:\nnginx: [emerg] invalid number of arguments in \"worker_processes\" directive in /etc/nginx/nginx.conf:7\nnginx: configuration file /etc/nginx/nginx.conf test failed\n", + "object_id": "inst_QBBobKIAQ_21grAwV83VYw" + } + ] } }, - "NginxBuild": { - "description": "The build details for the NGINX binary, including its configuration parameters.\n", - "type": "object", + "PublicationInstance": { + "description": "Details of a publication request for an NGINX instance.", "required": [ - "version" + "status", + "created_at", + "modified_at" ], "properties": { - "version": { - "description": "The version number of the base open-source NGINX.", - "type": "string" + "object_id": { + "$ref": "#/components/schemas/PublicationObjectID" }, - "plus_release": { - "description": "The NGINX Plus release version, if applicable.", - "type": "string" + "config_version": { + "type": "string", + "description": "A hash that uniquely identifies the contents of the config object in the publication.\n" }, - "conf_path": { - "description": "The absolute path to the NGINX configuration, as set by the `--conf-path` option during build time.", - "type": "string" - } - } - }, - "CveSeverityType": { - "type": "string", - "description": "Severity ratings:\n * `high` - High severity.\n * `medium` - Moderate severity.\n * `low` - Least severe.\n * `none` - Not severe.\n * `other` - Severity that does not fit the other categories.\n", - "enum": [ - "high", - "medium", - "low", - "none", - "other" - ], - "x-enum-varnames": [ - "cve_severity_type_high", - "cve_severity_type_medium", - "cve_severity_type_low", - "cve_severity_type_none", - "cve_severity_type_other" - ] - }, - "CveDetails": { - "description": "CVEs details, including the type and count.\n", - "type": "object", - "required": [ - "type", - "count" - ], - "properties": { - "type": { - "$ref": "#/components/schemas/CveSeverityType" + "status": { + "description": "Publication status for the NGINX instance:\n* `pending` - The publication request has been accepted and is currently processing.\n* `failed` - The publication attempt failed.\n* `succeeded` - The publication was successful.\n", + "type": "string", + "enum": [ + "pending", + "failed", + "succeeded" + ], + "x-enum-varnames": [ + "publication_instance_status_pending", + "publication_instance_status_failed", + "publication_instance_status_succeeded" + ] }, - "count": { - "description": "The total number of each CVE type.", - "type": "integer" + "status_cause": { + "$ref": "#/components/schemas/PublicationStatusCause" + }, + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the publication was created for the instance." + }, + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the publication was last modified for the instance." } + }, + "example": { + "config_version": "c039fbbd5d7f73d894390fb446bd3690da099ed8862b2527299bc2ba", + "created_at": "2024-05-14T20:36:06.272704Z", + "modified_at": "2024-05-14T20:36:06.272704Z", + "object_id": "pub_vfr5Oqv-AhxGzyqTXW-Ubw", + "status": "pending" } }, - "RecommendationType": { - "type": "string", - "description": "Types of configuration recommendations:\n * `best_practice` - Suggestions based on established best practices.\n * `security` - Recommendations related to security.\n * `optimization` - Advice for optimizing performance.\n * `other` - Recommendations that do not fit the above categories.\n", - "enum": [ - "best_practice", - "security", - "optimization", - "other" - ], - "x-enum-varnames": [ - "recommendation_type_best_practice", - "recommendation_type_security", - "recommendation_type_optimization", - "recommendation_type_other" - ] - }, - "IssueDetails": { - "description": "Issue details, including the type and count.\n", + "NginxConfigProblem": { "type": "object", - "required": [ - "type", - "count" - ], + "description": "Representation of a problem found during NGINX configuration analysis.", "properties": { - "type": { - "$ref": "#/components/schemas/RecommendationType" + "directive": { + "description": "Directive in the NGINX configuration where the issue is identified.", + "type": "string" }, - "count": { - "description": "The total number of issues identified for the specific recommendation type.", + "file": { + "description": "File where the issue is detected.", + "type": "string" + }, + "line": { + "description": "Line number in the configuration where the issue is found.", "type": "integer" } } }, - "Instance": { + "NginxConfigReport": { "type": "object", - "description": "Summary information about a NGINX instance.", - "required": [ - "object_id", - "hostname", - "system_id", - "agent_version", - "registered_at", - "last_reported", - "status" - ], + "description": "An analysis of the NGINX configuration, highlighting issues and their severity, and offering recommendations.", "properties": { - "object_id": { - "$ref": "#/components/schemas/InstanceObjectID" - }, - "hostname": { - "description": "The name of the host system where the NGINX instance is running.", + "rule": { + "description": "The name of the configuration rule that was violated.", "type": "string" }, - "system_id": { - "description": "The unique identifier assigned to the host system by the NGINX Agent.", + "info": { + "description": "A detailed description of the issue.", "type": "string" }, - "nginx_id": { - "description": "The unique identifier for the NGINX process on the host system, assigned by the NGINX Agent.", + "severity": { + "description": "The severity level of the issue.", "type": "string" }, - "agent_version": { - "description": "The version of the NGINX Agent.", + "category": { + "description": "Classification category of the issue.", "type": "string" }, - "key_object_id": { - "$ref": "#/components/schemas/DataPlaneKeyObjectID" + "documentation": { + "description": "Links to documentation that can assist in resolving the identified issue.", + "type": "array", + "items": { + "type": "string" + } }, - "nginx_build": { - "$ref": "#/components/schemas/NginxBuild" + "where": { + "description": "Specific locations in the configuration where issues were detected.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxConfigProblem" + } + } + } + }, + "NginxConfigReports": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxConfigReport" + } + }, + "NginxConfigMeta": { + "type": "object", + "description": "Meta data of an NGINX configuration, including its unique identifier, the config_version.\n", + "required": [ + "object_id", + "config_version", + "created_at", + "modified_at", + "config_source" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/NginxConfigObjectID" }, - "os_version": { - "description": "The operating system's name and its and version or codename.\n", + "config_version": { "type": "string", - "example": "ubuntu_jammy" + "description": "A hash that uniquely identifies the contents of the config object.\n" }, - "registered_at": { - "description": "The date and time when the NGINX instance first registered with NGINX One.", + "created_at": { "type": "string", - "format": "date-time" + "format": "date-time", + "description": "The date and time when the NGINX configuration object was created for the instance." }, - "last_reported": { - "description": "The date and time of the most recent report received from the NGINX Agent.", + "modified_at": { "type": "string", - "format": "date-time" + "format": "date-time", + "description": "The date and time when the NGINX configuration object was last modified for the instance." }, - "status": { + "config_source": { "type": "string", - "description": "The current operational status of the NGINX instance, with the following possible values:\n* `unknown` - The status of the NGINX instance cannot be determined at this moment.\n* `unavailable` - The NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n* `offline` - The NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n* `online` - The NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n", "enum": [ - "unknown", - "unavailable", - "offline", - "online" - ] + "NGINX One", + "Other", + "Unspecified" + ], + "x-enum-varnames": [ + "config_source_nginx_one", + "config_source_other", + "config_source_unspecified" + ], + "description": "The source from which the config was created:\n- `NGINX One`: The config was created from NGINX One.\n- `Other`: The config was created from data plane.\n- `Unspecified`: The source of the config is unspecified.\n" + } + }, + "example": { + "object_id": "nc_AamgWtYSSb6OWGljx3wNDA", + "config_version": "Cm1hcCAkdXJpICRtYXBwZWRfc2V", + "created_at": "2023-08-10T16:59:15Z", + "modified_at": "2023-08-10T16:59:15Z", + "config_source": "NGINX One" + } + }, + "NginxCVEObject": { + "type": "object", + "required": [ + "id", + "severity", + "info", + "published_at" + ], + "description": "Details about a specific NGINX security advisory, including the number of instances impacted by it, its severity, and a brief description.", + "properties": { + "id": { + "description": "The security advisory's unique identifier.", + "type": "string" }, - "cert_summary": { - "$ref": "#/components/schemas/CertificateInstanceSummary" + "severity": { + "$ref": "#/components/schemas/CveSeverityType" }, - "cve_severity": { - "type": "array", - "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", - "items": { - "$ref": "#/components/schemas/CveDetails" - } + "info": { + "description": "A brief description of security advisory.", + "type": "string" }, - "recommendations": { - "type": "array", - "description": "An array summarizing the suggestions from the configuration analysis report.", - "items": { - "$ref": "#/components/schemas/IssueDetails" - } + "instances_impacted": { + "description": "Number of instances impacted by the security advisory", + "type": "integer" + }, + "published_at": { + "description": "The date and time when the cve was published", + "type": "string", + "format": "date-time" } } }, - "ConfigSyncGroupInstance": { + "CVEListResponse": { "allOf": [ { - "$ref": "#/components/schemas/Instance" + "$ref": "#/components/schemas/PaginationResponse" }, { "type": "object", + "description": "List of all CVEs.", "required": [ - "config_status", - "config_version" + "items" ], "properties": { - "config_status": { - "$ref": "#/components/schemas/ConfigSyncStatus" - }, - "config_version": { - "description": "A computed hash of current config on the config sync group.", - "type": "string" + "items": { + "description": "An array of CVE objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxCVEObject" + } } } } ] }, - "ConfigSyncGroupPublicationStatus": { + "NginxProduct": { "type": "string", - "description": "The status on the last publication issued on this config sync group:\n* `pending` - The publication request has been accepted and is currently processing.\n* `failed` - The publication attempt failed.\n* `succeeded` - The publication was successful.\n* `partially_succeeded` - The publication attempt had one or more failures.\n", + "description": "NGINX product :\n * `noss` - NGINX Open Source.\n * `nplus` - NGINX PLUS.\n", "enum": [ - "pending", - "failed", - "succeeded", - "partially_succeeded" + "noss", + "nplus", + "unknown" ], "x-enum-varnames": [ - "publication_config_sync_group_status_pending", - "publication_config_sync_group_status_failed", - "publication_config_sync_group_status_succeeded", - "publication_config_sync_group_status_partially_succeeded" + "nginx_product_noss", + "nginx_product_nplus", + "nginx_product_unknown" ] }, - "CertAssociation": { + "CveImpactedNginxProduct": { "type": "object", - "description": "Details for a certificate that's associated with an instance or a config sync group.", "required": [ - "name", - "object_id", - "cert_type", - "subject_name", - "not_before", - "not_after", - "cert_status", - "deployment_status" + "versions", + "name" ], + "description": "security advisory impacted NGINX product and its version.", "properties": { - "name": { - "type": "string", - "description": "A friendly name for the certificate." - }, - "object_id": { - "$ref": "#/components/schemas/CertificateObjectID" - }, - "cert_type": { - "$ref": "#/components/schemas/CertificateType" - }, - "cert_paths": { - "type": "array", - "description": "The list of file system paths where the certificate file is installed. \nSince a single certificate file may be applied in multiple contexts, all relevant paths are included.\n", - "example": [ - "/etc/ssl/cert.pem", - "/etc/ssl/cert.crt" - ], - "items": { - "type": "string" - } - }, - "key_paths": { + "versions": { + "description": "List of impacted NGINX product versions.", "type": "array", - "description": "The list of file system paths where the private key file is installed.\nSince a single key file may be applied in multiple contexts, all relevant paths are included.\n", - "example": [ - "/etc/nginx/key.pem", - "/etc/ssl/server.key" - ], "items": { - "type": "string" - } - }, - "deployment_status": { - "$ref": "#/components/schemas/CertificateDeploymentStatus" - }, - "subject_name": { - "type": "string", - "description": "Hostname or domain for the certificate. Usually the subject-alt-name (SAN) value for the certificate.\nif SAN is not present, this will be the certificate subject's common name.\n", - "example": "nginx.com" - }, - "cert_status": { - "$ref": "#/components/schemas/CertificateStatus" - }, - "not_before": { - "type": "string", - "format": "date-time", - "description": "the effective date of the certificate." + "type": "string" + } }, - "not_after": { - "type": "string", - "format": "date-time", - "description": "The expiration date for the certificate." + "name": { + "$ref": "#/components/schemas/NginxProduct" } } }, - "ConfigSyncGroup": { + "NginxCVEDetailsResponse": { "allOf": [ { - "$ref": "#/components/schemas/ConfigSyncGroupMeta" + "$ref": "#/components/schemas/NginxCVEObject" }, { "type": "object", - "description": "Additional information of the NGINX config sync group including:\n* config sync status\n* config checksum\n* instances\n* last known publication status\n* certs associated with this config sync group\n", + "required": [ + "detail", + "impacted_products" + ], + "description": "Details about a specific NGINX security advisory, including its severity, detail,\npublished date and time, description and impacted products.\n", "properties": { - "config_status": { - "$ref": "#/components/schemas/ConfigSyncStatus" - }, - "config_version": { - "description": "A computed hash of current config on the config sync group.", - "type": "string" - }, - "instances": { - "description": "An array of Instance objects.", + "impacted_products": { "type": "array", "items": { - "$ref": "#/components/schemas/ConfigSyncGroupInstance" + "$ref": "#/components/schemas/CveImpactedNginxProduct" } }, - "last_publication_status": { - "$ref": "#/components/schemas/ConfigSyncGroupPublicationStatus" - }, - "certs": { - "description": "An array detailing each certificate's information, including its friendly name, unique identifier, applicable file system paths, subject name, and validity dates. \nIt provides insights into the operational status of each certificate, such as whether it's currently valid, nearing expiration, is not ready to be used, or has already expired.\nThe deployment status indicates whether the latest certs and key managed by NGINX One Console are deployed onto the data plane instances that are part of this config sync group.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/CertAssociation" - } + "detail": { + "description": "the details about security advisory", + "type": "string" } - } - } - ], - "example": { - "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", - "name": "test-config-sync-group", - "last_reported": "2023-12-06T22:37:24.120114Z", - "config_status": "in_sync", - "config_version": "uvR3F2TQGm18jnl7bpaGw", - "instances": [ - { - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "hostname": "816e3c194d59", - "system_id": "6066aad2-211e-3718-be5d-fcc01ffc5cc8", - "agent_version": "v2.33.0", - "registered_at": "2024-05-16T18:26:40.556048Z", - "last_reported": "2023-12-06T22:37:24.120114Z", - "status": "unavailable", - "nginx_build": { - "conf_path": "/etc/nginx/nginx.conf", - "version": "1.25.3" - }, - "os_version": "Ubuntu 22.04", - "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", - "config_status": "in_sync", - "config_version": "abc123def456" - } - ], - "certs": [ - { - "subject_name": "test.com", - "name": "client", - "cert_type": "cert_key", - "not_after": "2024-01-06T00:01:30Z", - "not_before": "2023-12-07T00:01:30Z", - "cert_paths": [ - "/etc/nginx/client.pem" + }, + "example": { + "detail": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-ID", + "id": "CVE-ID", + "impacted_products": [ + { + "name": "nplus", + "versions": [ + "r1", + "r2" + ] + }, + { + "name": "noss", + "versions": [ + "1.11.1", + "1.20.2", + "1.19.9" + ] + } ], - "cert_status": "expiring", - "deployment_status": "latest", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw" + "info": "Memory disclosure in the ngx_http_mp4_module", + "published_at": "2022-10-19T00:00:00Z", + "severity": "medium" } - ] - } - }, - "ConfigSyncGroupDetails": { - "type": "object", - "description": "Detailed information of the NGINX config sync group.", - "allOf": [ - { - "$ref": "#/components/schemas/ConfigSyncGroup" } ] }, - "FileData": { + "NginxProductInfo": { "type": "object", - "description": "Details about a file, including its path, content, size, and last modified time.", + "description": "Information about an NGINX product type and its version", "required": [ "name", - "contents", - "size", - "mtime" + "version" ], "properties": { "name": { - "type": "string", - "description": "The file's relative path to the parent directory.", - "minLength": 1, - "maxLength": 4096 - }, - "contents": { - "type": "string", - "format": "byte", - "description": "The base64-encoded contents of the file.", - "maxLength": 3145728 - }, - "size": { - "type": "integer", - "description": "The size of the file, in bytes." + "$ref": "#/components/schemas/NginxProduct" }, - "mtime": { - "type": "string", - "format": "date-time", - "description": "Timestamp of the last modification made to the file." + "version": { + "description": "version of the Nginx product installed on the instance.", + "type": "string" } } }, - "DirectoryWithFileContent": { + "CVEImpactedInstance": { "type": "object", - "description": "Represents a directory and its contents, detailing the directory's full path, assigned permissions, last modified time, and the files within it.", + "description": "Summary information about a NGINX instance.", "required": [ - "name", - "files" + "object_id", + "hostname", + "status" ], "properties": { - "name": { - "type": "string", - "description": "The complete path of the directory." - }, - "permissions": { - "type": "string", - "description": "The permissions for the directory." + "object_id": { + "$ref": "#/components/schemas/InstanceObjectID" }, - "mtime": { - "type": "string", - "description": "The date and time when the directory was last modified.", - "format": "date-time" + "hostname": { + "description": "The name of the host system where the NGINX instance is running.", + "type": "string" }, - "files": { + "products": { + "description": "List of NGINX products in the instance", "type": "array", - "description": "The list of files in the directory.", "items": { - "$ref": "#/components/schemas/FileData" + "$ref": "#/components/schemas/NginxProductInfo" } + }, + "status": { + "type": "string", + "description": "The current operational status of the NGINX instance, with the following possible values:\n* `unknown` - The status of the NGINX instance cannot be determined at this moment.\n* `unavailable` - The NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n* `offline` - The NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n* `online` - The NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n", + "enum": [ + "unknown", + "unavailable", + "offline", + "online" + ] } } }, - "NginxConfigObject": { - "type": "object", - "description": "Details of an NGINX configuration, the main configuration path, and the configuration directories.\n", - "required": [ - "conf_path", - "configs" - ], - "properties": { - "config_version": { - "type": "string", - "description": "A hash that uniquely identifies the contents of the config object. Can be used to detect change when updating the NginxConfig.\n" - }, - "conf_path": { - "type": "string", - "minLength": 1, - "maxLength": 4096, - "description": "The full path to the main NGINX configuration file. This corresponds to the `--conf-path` parameter used in the NGINX binary.\n", - "example": "/etc/nginx/nginx.conf." - }, - "configs": { - "type": "array", - "description": "An array of directories containing NGINX configuration files.", - "items": { - "$ref": "#/components/schemas/DirectoryWithFileContent" - } + "CVEImpactedInstancesListResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" }, - "aux": { - "type": "array", - "description": "An array of auxiliary directory contents related to the NGINX configuration.", - "items": { - "$ref": "#/components/schemas/DirectoryWithFileContent" - } - } - }, - "example": { - "aux": [], - "conf_path": "/etc/nginx/nginx.conf", - "configs": [ - { - "files": [ - { - "contents": "Cm1hcCAkdXJpICRtYXBwZWRfc2VydmljZSB7CiAgICBkZWZhdWx0IFVOTUFUQ0hFRDsKICAgICJ+Xi9hcGkvdjEvbmFtZXNwYWNlcy9cdysvaW5zdGFuY2VzIiAgICAgICAgaW5zdGFuY2VzLXN2YzsKICAgICJ+Xi9hcGkvdjEvbmFtZXNwYWNlcy9cdysvZGF0YS1wbGFuZS1rZXlzIiAga2V5cy1zdmM7CiAgICAifl4vYXBpL3YxL25hbWVzcGFjZXMvXHcrL21vbml0b3IiICAgICAgICAgIG1vbml0b3Itc3ZjOwp9Cgp1cHN0cmVhbSBpbnN0YW5jZXMtc3ZjIHsKICAgIHNlcnZlciBpbnN0YW5jZXMtc3ZjOjgwODA7Cn0KCnVwc3RyZWFtIGtleXMtc3ZjIHsKICAgIHNlcnZlciBrZXlzLXN2Yzo4MDkwOwp9Cgp1cHN0cmVhbSBkYXRhcGxhbmUtY3RybCB7CiAgICBzZXJ2ZXIgZGF0YXBsYW5lLWN0cmw6ODA4MDsKfQoKdXBzdHJlYW0gbW9uaXRvci1zdmMgewogICAgc2VydmVyIG1vbml0b3Itc3ZjOjgwODA7Cn0KCnVwc3RyZWFtIG1ldHJpY3MtaW5nZXN0IHsKICAgIHNlcnZlciBtZXRyaWNzLWluZ2VzdDo4MDgwOwp9CgpzZXJ2ZXIgewogICAgbGlzdGVuIDg4ODg7CiAgICBzZXJ2ZXJfbmFtZSBfOwogICAgaHR0cDIgb247CgogICAgcHJveHlfcGFzc19yZXF1ZXN0X2hlYWRlcnMgb247CiAgICByZXdyaXRlICJeL2FwaS8obmdpbngvb25lfHYxKS8oLiopJCIgIi9hcGkvdjEvJDIiIGJyZWFrOwogICAgbG9jYXRpb24gL2FwaS92MS8gewogICAgICAgIGlmICgkbWFwcGVkX3NlcnZpY2UgPSAiVU5NQVRDSEVEIikgewogICAgICAgICAgICByZXR1cm4gNDA0ICd7ImVycm9yOiAiTm90IGZvdW5kIn0nOwogICAgICAgIH0KICAgICAgICBwcm94eV9wYXNzX2hlYWRlciBYLVZvbHRlcnJhLUFwaWd3LVRlbmFudDsKICAgICAgICBwcm94eV9wYXNzIGh0dHA6Ly8kbWFwcGVkX3NlcnZpY2U7CiAgICB9CgogICAgIyBnUlBDIHNlcnZpY2UgZm9yIGRhdGFwbGFuZS1jdHJsCiAgICBsb2NhdGlvbiAvZjUubmdpbnguYWdlbnQuc2RrLkNvbW1hbmRlciB7CiAgICAgICAgZ3JwY19zb2NrZXRfa2VlcGFsaXZlIG9uOwogICAgICAgIGdycGNfcmVhZF90aW1lb3V0IDVtOwogICAgICAgIGdycGNfc2VuZF90aW1lb3V0IDVtOwogICAgICAgIGNsaWVudF9ib2R5X3RpbWVvdXQgMTBtOwogICAgICAgIGdycGNfcGFzcyBncnBjOi8vZGF0YXBsYW5lLWN0cmw7CiAgICB9CgogICAgIyBnUlBDIHNlcnZpY2UgZm9yIG1ldHJpY3MgaW5nZXN0aW9uCiAgICBsb2NhdGlvbiAvZjUubmdpbnguYWdlbnQuc2RrLk1ldHJpY3NTZXJ2aWNlIHsKICAgICAgICBncnBjX3NvY2tldF9rZWVwYWxpdmUgb247CiAgICAgICAgZ3JwY19yZWFkX3RpbWVvdXQgNW07CiAgICAgICAgZ3JwY19zZW5kX3RpbWVvdXQgNW07CiAgICAgICAgY2xpZW50X2JvZHlfdGltZW91dCAxMG07CiAgICAgICAgY2xpZW50X21heF9ib2R5X3NpemUgMDsKICAgICAgICBncnBjX3Bhc3MgZ3JwYzovL21ldHJpY3MtaW5nZXN0OwogICAgfQp9CgojIHByb3h5IHRvIHRoZSBtYW5hZ2VtZW50IHNlcnZlcnMKc2VydmVyIHsKICAgIGxpc3RlbiAxNTAwMDsKICAgIHNlcnZlcl9uYW1lIF87CiAgICAjIHVzZSBkb2NrZXIgRE5TCiAgICByZXNvbHZlciAxMjcuMC4wLjExIHZhbGlkPTMwczsKCiAgICAjIG1hdGNoIC88c2VydmljZT4vPG1nbXQgZW5kcG9pbnQ+CiAgICBsb2NhdGlvbiB+Xi8oW14vXSspLyguKykkIHsKICAgICAgICBwcm94eV9wYXNzIGh0dHA6Ly8kMToxNTAwMC8kMjsKICAgIH0KCiAgICBsb2NhdGlvbiAvIHsKICAgICAgICBhZGRfaGVhZGVyICJDb250ZW50LVR5cGUiICJ0ZXh0L2h0bWwiOwogICAgICAgIHJldHVybiAyMDAgIjxwPkFjY2VzcyB0aGUgbWFuYWdlbWVudCBzZXJ2ZXIgb2YgYW55IHNlcnZpY2Ugd2l0aCBVUkxzIGxpa2UgPGNvZGU+aHR0cDovL2xvY2FsaG9zdDoxNTAwMC8mbHQ7U0VSVklDRV9OQU1FJmd0Oy9tZXRyaWNzPC9jb2RlPjwvcD4iOwogICAgfQp9Cg==", - "mtime": "1970-01-01T00:00:00Z", - "name": "default.conf", - "size": 1942 + { + "type": "object", + "description": "List of instances affected by a CVE.", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of Instance objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/CVEImpactedInstance" } - ], - "name": "/etc/nginx/conf.d" + } }, - { - "files": [ - { - "contents": "CnVzZXIgIG5naW54Owp3b3JrZXJfcHJvY2Vzc2VzICBhdXRvOwoKZXJyb3JfbG9nICAvdmFyL2xvZy9uZ2lueC9lcnJvci5sb2cgbm90aWNlOwpwaWQgICAgICAgIC92YXIvcnVuL25naW54LnBpZDsKCgpldmVudHMgewogICAgd29ya2VyX2Nvbm5lY3Rpb25zICAxMDI0Owp9CgoKaHR0cCB7CiAgICBpbmNsdWRlICAgICAgIC9ldGMvbmdpbngvbWltZS50eXBlczsKICAgIGRlZmF1bHRfdHlwZSAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtOwoKICAgIGxvZ19mb3JtYXQgIG1haW4gICckcmVtb3RlX2FkZHIgLSAkcmVtb3RlX3VzZXIgWyR0aW1lX2xvY2FsXSAiJHJlcXVlc3QiICcKICAgICAgICAgICAgICAgICAgICAgICckc3RhdHVzICRib2R5X2J5dGVzX3NlbnQgIiRodHRwX3JlZmVyZXIiICcKICAgICAgICAgICAgICAgICAgICAgICciJGh0dHBfdXNlcl9hZ2VudCIgIiRodHRwX3hfZm9yd2FyZGVkX2ZvciInOwoKICAgIGFjY2Vzc19sb2cgIC92YXIvbG9nL25naW54L2FjY2Vzcy5sb2cgIG1haW47CgogICAgc2VuZGZpbGUgICAgICAgIG9uOwogICAgI3RjcF9ub3B1c2ggICAgIG9uOwoKICAgIGtlZXBhbGl2ZV90aW1lb3V0ICA2NTsKCiAgICAjZ3ppcCAgb247CgogICAgaW5jbHVkZSAvZXRjL25naW54L2NvbmYuZC8qLmNvbmY7Cn0K", - "mtime": "1970-01-01T00:00:00Z", - "name": "nginx.conf", - "size": 648 - }, + "example": { + "total": 10, + "count": 1, + "start_index": 1, + "items_per_page": 100, + "items": [ { - "contents": "CnR5cGVzIHsKICAgIHRleHQvaHRtbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBodG1sIGh0bSBzaHRtbDsKICAgIHRleHQvY3NzICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjc3M7CiAgICB0ZXh0L3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeG1sOwogICAgaW1hZ2UvZ2lmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdpZjsKICAgIGltYWdlL2pwZWcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqcGVnIGpwZzsKICAgIGFwcGxpY2F0aW9uL2phdmFzY3JpcHQgICAgICAgICAgICAgICAgICAgICAgICAgICBqczsKICAgIGFwcGxpY2F0aW9uL2F0b20reG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdG9tOwogICAgYXBwbGljYXRpb24vcnNzK3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJzczsKCiAgICB0ZXh0L21hdGhtbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbW1sOwogICAgdGV4dC9wbGFpbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHR4dDsKICAgIHRleHQvdm5kLnN1bi5qMm1lLmFwcC1kZXNjcmlwdG9yICAgICAgICAgICAgICAgICBqYWQ7CiAgICB0ZXh0L3ZuZC53YXAud21sICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd21sOwogICAgdGV4dC94LWNvbXBvbmVudCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGh0YzsKCiAgICBpbWFnZS9hdmlmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXZpZjsKICAgIGltYWdlL3BuZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwbmc7CiAgICBpbWFnZS9zdmcreG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZnIHN2Z3o7CiAgICBpbWFnZS90aWZmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGlmIHRpZmY7CiAgICBpbWFnZS92bmQud2FwLndibXAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2JtcDsKICAgIGltYWdlL3dlYnAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJwOwogICAgaW1hZ2UveC1pY29uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGljbzsKICAgIGltYWdlL3gtam5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqbmc7CiAgICBpbWFnZS94LW1zLWJtcCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYm1wOwoKICAgIGZvbnQvd29mZiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3b2ZmOwogICAgZm9udC93b2ZmMiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdvZmYyOwoKICAgIGFwcGxpY2F0aW9uL2phdmEtYXJjaGl2ZSAgICAgICAgICAgICAgICAgICAgICAgICBqYXIgd2FyIGVhcjsKICAgIGFwcGxpY2F0aW9uL2pzb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqc29uOwogICAgYXBwbGljYXRpb24vbWFjLWJpbmhleDQwICAgICAgICAgICAgICAgICAgICAgICAgIGhxeDsKICAgIGFwcGxpY2F0aW9uL21zd29yZCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2M7CiAgICBhcHBsaWNhdGlvbi9wZGYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcGRmOwogICAgYXBwbGljYXRpb24vcG9zdHNjcmlwdCAgICAgICAgICAgICAgICAgICAgICAgICAgIHBzIGVwcyBhaTsKICAgIGFwcGxpY2F0aW9uL3J0ZiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBydGY7CiAgICBhcHBsaWNhdGlvbi92bmQuYXBwbGUubXBlZ3VybCAgICAgICAgICAgICAgICAgICAgbTN1ODsKICAgIGFwcGxpY2F0aW9uL3ZuZC5nb29nbGUtZWFydGgua21sK3htbCAgICAgICAgICAgICBrbWw7CiAgICBhcHBsaWNhdGlvbi92bmQuZ29vZ2xlLWVhcnRoLmtteiAgICAgICAgICAgICAgICAga216OwogICAgYXBwbGljYXRpb24vdm5kLm1zLWV4Y2VsICAgICAgICAgICAgICAgICAgICAgICAgIHhsczsKICAgIGFwcGxpY2F0aW9uL3ZuZC5tcy1mb250b2JqZWN0ICAgICAgICAgICAgICAgICAgICBlb3Q7CiAgICBhcHBsaWNhdGlvbi92bmQubXMtcG93ZXJwb2ludCAgICAgICAgICAgICAgICAgICAgcHB0OwogICAgYXBwbGljYXRpb24vdm5kLm9hc2lzLm9wZW5kb2N1bWVudC5ncmFwaGljcyAgICAgIG9kZzsKICAgIGFwcGxpY2F0aW9uL3ZuZC5vYXNpcy5vcGVuZG9jdW1lbnQucHJlc2VudGF0aW9uICBvZHA7CiAgICBhcHBsaWNhdGlvbi92bmQub2FzaXMub3BlbmRvY3VtZW50LnNwcmVhZHNoZWV0ICAgb2RzOwogICAgYXBwbGljYXRpb24vdm5kLm9hc2lzLm9wZW5kb2N1bWVudC50ZXh0ICAgICAgICAgIG9kdDsKICAgIGFwcGxpY2F0aW9uL3ZuZC5vcGVueG1sZm9ybWF0cy1vZmZpY2Vkb2N1bWVudC5wcmVzZW50YXRpb25tbC5wcmVzZW50YXRpb24KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwcHR4OwogICAgYXBwbGljYXRpb24vdm5kLm9wZW54bWxmb3JtYXRzLW9mZmljZWRvY3VtZW50LnNwcmVhZHNoZWV0bWwuc2hlZXQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB4bHN4OwogICAgYXBwbGljYXRpb24vdm5kLm9wZW54bWxmb3JtYXRzLW9mZmljZWRvY3VtZW50LndvcmRwcm9jZXNzaW5nbWwuZG9jdW1lbnQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2N4OwogICAgYXBwbGljYXRpb24vdm5kLndhcC53bWxjICAgICAgICAgICAgICAgICAgICAgICAgIHdtbGM7CiAgICBhcHBsaWNhdGlvbi93YXNtICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2FzbTsKICAgIGFwcGxpY2F0aW9uL3gtN3otY29tcHJlc3NlZCAgICAgICAgICAgICAgICAgICAgICA3ejsKICAgIGFwcGxpY2F0aW9uL3gtY29jb2EgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjY287CiAgICBhcHBsaWNhdGlvbi94LWphdmEtYXJjaGl2ZS1kaWZmICAgICAgICAgICAgICAgICAgamFyZGlmZjsKICAgIGFwcGxpY2F0aW9uL3gtamF2YS1qbmxwLWZpbGUgICAgICAgICAgICAgICAgICAgICBqbmxwOwogICAgYXBwbGljYXRpb24veC1tYWtlc2VsZiAgICAgICAgICAgICAgICAgICAgICAgICAgIHJ1bjsKICAgIGFwcGxpY2F0aW9uL3gtcGVybCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwbCBwbTsKICAgIGFwcGxpY2F0aW9uL3gtcGlsb3QgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwcmMgcGRiOwogICAgYXBwbGljYXRpb24veC1yYXItY29tcHJlc3NlZCAgICAgICAgICAgICAgICAgICAgIHJhcjsKICAgIGFwcGxpY2F0aW9uL3gtcmVkaGF0LXBhY2thZ2UtbWFuYWdlciAgICAgICAgICAgICBycG07CiAgICBhcHBsaWNhdGlvbi94LXNlYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2VhOwogICAgYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2ggICAgICAgICAgICAgICAgICAgIHN3ZjsKICAgIGFwcGxpY2F0aW9uL3gtc3R1ZmZpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBzaXQ7CiAgICBhcHBsaWNhdGlvbi94LXRjbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGNsIHRrOwogICAgYXBwbGljYXRpb24veC14NTA5LWNhLWNlcnQgICAgICAgICAgICAgICAgICAgICAgIGRlciBwZW0gY3J0OwogICAgYXBwbGljYXRpb24veC14cGluc3RhbGwgICAgICAgICAgICAgICAgICAgICAgICAgIHhwaTsKICAgIGFwcGxpY2F0aW9uL3hodG1sK3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICB4aHRtbDsKICAgIGFwcGxpY2F0aW9uL3hzcGYreG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICB4c3BmOwogICAgYXBwbGljYXRpb24vemlwICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHppcDsKCiAgICBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0gICAgICAgICAgICAgICAgICAgICAgICAgYmluIGV4ZSBkbGw7CiAgICBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0gICAgICAgICAgICAgICAgICAgICAgICAgZGViOwogICAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtICAgICAgICAgICAgICAgICAgICAgICAgIGRtZzsKICAgIGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbSAgICAgICAgICAgICAgICAgICAgICAgICBpc28gaW1nOwogICAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtICAgICAgICAgICAgICAgICAgICAgICAgIG1zaSBtc3AgbXNtOwoKICAgIGF1ZGlvL21pZGkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtaWQgbWlkaSBrYXI7CiAgICBhdWRpby9tcGVnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbXAzOwogICAgYXVkaW8vb2dnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9nZzsKICAgIGF1ZGlvL3gtbTRhICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtNGE7CiAgICBhdWRpby94LXJlYWxhdWRpbyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcmE7CgogICAgdmlkZW8vM2dwcCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDNncHAgM2dwOwogICAgdmlkZW8vbXAydCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRzOwogICAgdmlkZW8vbXA0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1wNDsKICAgIHZpZGVvL21wZWcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtcGVnIG1wZzsKICAgIHZpZGVvL3F1aWNrdGltZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtb3Y7CiAgICB2aWRlby93ZWJtICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2VibTsKICAgIHZpZGVvL3gtZmx2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBmbHY7CiAgICB2aWRlby94LW00diAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbTR2OwogICAgdmlkZW8veC1tbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1uZzsKICAgIHZpZGVvL3gtbXMtYXNmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhc3ggYXNmOwogICAgdmlkZW8veC1tcy13bXYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdtdjsKICAgIHZpZGVvL3gtbXN2aWRlbyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdmk7Cn0K", - "mtime": "1970-01-01T00:00:00Z", - "name": "mime.types", - "size": 5349 + "object_id": "inst_8Iwn7dT7RF-PRLxkSt5EYQ", + "hostname": "4d116619f106", + "products": [ + { + "name": "noss", + "version": "1.18.0" + } + ], + "status": "unknown" } - ], - "name": "/etc/nginx" + ] } - ] - } + } + ] }, - "NginxConfigObjectID": { - "description": "A globally unique identifier for the NGINX Config object.", + "FilterNameEvents": { "type": "string", - "format": "object_id", - "pattern": "^nc_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } + "description": "Keywords for events filters.\n", + "enum": [ + "object_id" + ], + "x-enum-varnames": [ + "filter_name_events_object_id" + ] }, - "PayloadObjectID": { - "description": "A globally unique identifier for the valid payload object reference.", + "EventObjectID": { + "description": "A globally unique identifier for a NGINX One system event.", "type": "string", "format": "object_id", - "pattern": "^(cert|pv)_.*", + "pattern": "^event_.*", "x-go-type": "objects.ID", "x-go-type-import": { "name": "objects", "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "NginxConfigPayload": { + "Event": { "type": "object", - "description": "Details of Aux File Payload that goes with an NGINX configuration. Provide hints for the backend system on \nadditional file contents that should be part of the NGINX Config Publication.\nCan be used to deploy files related to SSL certificates, to a data plane instance.\n", + "description": "An Event is a system message.", "required": [ "type", - "paths" + "timestamp", + "object_id", + "message" ], "properties": { + "timestamp": { + "description": "time of the event", + "type": "string", + "format": "date-time", + "example": "2019-08-07T09:57:36.088757764Z" + }, "type": { "type": "string", - "description": "Types of Aux File Payload:\n - inline_secret - indicates the provided content for the payload should be stored in a secret location, and removed after the publication is done.\n - inline_content - indicates the provided content for the payload should be stored, and removed after the publication is done. Note, the contents may end up in the `aux` content if used in this NGINX configuration.\n - unmanaged_certificate - indicates certificate content for an unmanaged certificate detected from a data plane instance through NGINX configurations. Will be filtered and ignored in the payload deployment.\n - managed_certificate - indicates public certificates managed by NGINX One Console.\n - managed_key - indicates a private key managed by NGINX One Console.\n - nap_policy_version - indicates a version of NAP policy managed by NGINX One Console. A valid policy_version object\n", + "description": "type of event, indication for affected object type.", "enum": [ - "inline_secret", - "inline_content", - "unmanaged_certificate", - "managed_certificate", - "managed_key", - "nap_policy_version" + "instance_cleanup", + "certificates" ], "x-enum-varnames": [ - "nginx_config_payload_inline_secret", - "nginx_config_payload_inline_content", - "nginx_config_payload_unmanaged_certificate", - "nginx_config_payload_managed_certificate", - "nginx_config_payload_managed_key", - "nginx_config_payload_nap_policy_version" + "event_type_instance_cleanup", + "event_type_certificates" ] }, - "contents": { - "type": "string", - "format": "base64", - "description": "The base64-encoded contents of the file.", - "maxLength": 3145728 - }, "object_id": { - "$ref": "#/components/schemas/PayloadObjectID" + "$ref": "#/components/schemas/EventObjectID" }, - "paths": { - "type": "array", - "items": { - "type": "string" - } + "affected_object_id": { + "$ref": "#/components/schemas/ObjectID" + }, + "hostname": { + "type": "string", + "description": "hostname of the affected instance, if any." + }, + "message": { + "type": "string", + "description": "Details regarding the event.", + "example": "Instance \"demo-1\" deleted by instance cleanup after \"unavailable\" for 25 hours." } }, "example": { - "type": "inline_content", - "contents": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURUVENDQWpXZ0F3SUJBZ0lVVkcycitidUwwRk83U1FVeUtoVkNTN3YyRHZZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05qRVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNUk13RVFZRFZRUUtEQXBPUjBsT1dDQkpibU11TVFzdwpDUVlEVlFRR0V3SlZVekFlRncweU5EQTBNall5TURVeE5ERmFGdzB5TkRBME1qY3lNRFV4TkRGYU1EWXhFakFRCkJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERFVE1CRUdBMVVFQ2d3S1RrZEpUbGdnU1c1akxqRUxNQWtHQTFVRUJoTUMKVlZNd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMyb0FJVU9HMkxGMFVGclpMeQp5aWhZRjBZWjdYTWFYZnZ4dWJMYVZZdUdJNjlYN1FQRUJtUXp2OXdod25aUktDUExDZHVCNG04Y0o3Q3BGenRHCldPYVFMbmNxVVA4RFU1aHlQeFBSbmZUdFFBcUdiMDJRZ1RVQXY1QkpJMFZheGhCcnNaemd0KzgyM3ZoTTZTUHcKMGdSc1NZRlFpKzVDWW9MMWZNSWdhS0N2Ri9zZGl5cHZFQ0JDZVZyTWZFZ0pGSVJBQ1kvdFBzdEsvTkxwKzlmawppZ3hFMlYxcldoSGdvRmhZRm5YYnVqM2RIMHJLai9DVlM5anZMMk9vRTlvenM5MkRVLytySGJ6eFR3QndVQjBzCmVPS2hPY2d2cENyTVlSUWxUUlhmWVJmV0NLN2Q2Mk1JR3kvajcvV1VieDFOYzl4MjJzUitydVRlZkxnRTA2NWgKMldDZkFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFmQmdOVgpIU01FR0RBV2dCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFCNC9VM3lrMFYzMTFNRFQvaEttbFJ4MWRqalRyMlhIQnVEcXZYY3BIRTQKVDJwZ0xnWURwN2tmUTQrdnlHWUt1cndEc0F1VDhEZCtUUUZLZEIraEFGRzMyazlxS1RyY1ZCZ2tNSjIwQitvWQp4T2diWW5zVnpiTDhXL0hOR3BlbDkrbThwYURtMGRXNzhMUit5UnJleDVlY2pjYWlZMDg3b0dHNlJDeWhyUVd4CkpkdkFvNlU1ejl3TnVhNmMyNlY2cy84Yit6SkJWektGZ0tQNVVGL2lIcGJVNW1QcVMwWlk4ckhRLzZPTHRGRjgKZ1J2UUlRZjZLSjRmOXlUOFBYSHBIdGJCMzEzaWh2Z09wWW9la3lIWTZaSmllTWhkd0J4MzB1N3d2Uy9POEluYwpsZWZzTkxUcWFTM2JWdldLeUFaVlZyenFtU043aGh4QWZrc0RZelBFbkF3OAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t", - "paths": [ - "/etc/nginx/ssl/server.crt" - ] + "timestamp": "2024-02-04T09:57:36.088757764Z", + "type": "instance_cleanup", + "object_id": "event_-uvR3F2TQGm18jnl7bpaGw", + "affected_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "message": "ip-170.0.1 deleted after age out period of 3 hours, last seen 2023-08-07T09:57:36.088757764Z" } }, - "NginxConfigPayloads": { - "type": "array", - "description": "An array of payloads that track the file paths of each SSL certificates and key, indicating where to deploy\nthem onto the data plane instance.\n* If the `type` is `managed_certificate` or `managed_key`, you need to specify an `object_id`.\n * The `object_id` must represent a managed certificate object, or a `400 Bad Request` is returned. \n * The `contents` field is optional and is ignored if included.\n* The NGINX One Console manages deployed file paths only for managed certificates and keys. If you don't want \nthem to be managed by NGINX One Console, `inline_content` and `inline_secret` can be used for certificates or \nkeys, respectively. When you retrieve certificate deployment details, only the file paths of managed \ncertificates and keys will be shown.\n* If you use `inline_content` and `inline_secret` in your NGINX configuration, the NGINX One Console \nwill detect them. When they are used as SSL directives of the NGINX configuration \nfor certificates and keys, the certificates will be listed as `unmanaged_certificate` in the certificate \ndeployment details.\n", - "items": { - "$ref": "#/components/schemas/NginxConfigPayload" - }, - "example": [ - { - "type": "managed_certificate", - "object_id": "cert_rto8NYiCQputrIasNx2NOA", - "paths": [ - "/etc/nginx/cert.pem" - ] - }, + "EventsListResponse": { + "allOf": [ { - "type": "managed_key", - "object_id": "cert_rto8NYiCQputrIasNx2NOA", - "paths": [ - "/etc/nginx/key.pem" - ] + "$ref": "#/components/schemas/PaginationResponse" }, { - "type": "inline_content", - "contents": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURUVENDQWpXZ0F3SUJBZ0lVVkcycitidUwwRk83U1FVeUtoVkNTN3YyRHZZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05qRVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNUk13RVFZRFZRUUtEQXBPUjBsT1dDQkpibU11TVFzdwpDUVlEVlFRR0V3SlZVekFlRncweU5EQTBNall5TURVeE5ERmFGdzB5TkRBME1qY3lNRFV4TkRGYU1EWXhFakFRCkJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERFVE1CRUdBMVVFQ2d3S1RrZEpUbGdnU1c1akxqRUxNQWtHQTFVRUJoTUMKVlZNd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMyb0FJVU9HMkxGMFVGclpMeQp5aWhZRjBZWjdYTWFYZnZ4dWJMYVZZdUdJNjlYN1FQRUJtUXp2OXdod25aUktDUExDZHVCNG04Y0o3Q3BGenRHCldPYVFMbmNxVVA4RFU1aHlQeFBSbmZUdFFBcUdiMDJRZ1RVQXY1QkpJMFZheGhCcnNaemd0KzgyM3ZoTTZTUHcKMGdSc1NZRlFpKzVDWW9MMWZNSWdhS0N2Ri9zZGl5cHZFQ0JDZVZyTWZFZ0pGSVJBQ1kvdFBzdEsvTkxwKzlmawppZ3hFMlYxcldoSGdvRmhZRm5YYnVqM2RIMHJLai9DVlM5anZMMk9vRTlvenM5MkRVLytySGJ6eFR3QndVQjBzCmVPS2hPY2d2cENyTVlSUWxUUlhmWVJmV0NLN2Q2Mk1JR3kvajcvV1VieDFOYzl4MjJzUitydVRlZkxnRTA2NWgKMldDZkFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFmQmdOVgpIU01FR0RBV2dCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFCNC9VM3lrMFYzMTFNRFQvaEttbFJ4MWRqalRyMlhIQnVEcXZYY3BIRTQKVDJwZ0xnWURwN2tmUTQrdnlHWUt1cndEc0F1VDhEZCtUUUZLZEIraEFGRzMyazlxS1RyY1ZCZ2tNSjIwQitvWQp4T2diWW5zVnpiTDhXL0hOR3BlbDkrbThwYURtMGRXNzhMUit5UnJleDVlY2pjYWlZMDg3b0dHNlJDeWhyUVd4CkpkdkFvNlU1ejl3TnVhNmMyNlY2cy84Yit6SkJWektGZ0tQNVVGL2lIcGJVNW1QcVMwWlk4ckhRLzZPTHRGRjgKZ1J2UUlRZjZLSjRmOXlUOFBYSHBIdGJCMzEzaWh2Z09wWW9la3lIWTZaSmllTWhkd0J4MzB1N3d2Uy9POEluYwpsZWZzTkxUcWFTM2JWdldLeUFaVlZyenFtU043aGh4QWZrc0RZelBFbkF3OAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t", - "paths": [ - "/etc/nginx/inline_cert.crt" - ] + "type": "object", + "description": "List of Events.", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of Event objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/Event" + } + } + } } ] }, - "NginxConfig": { - "description": "Details of an NGINX configuration, including its unique identifier, the main configuration path, the \nconfiguration directories, and the NGINX configuration payloads that indicate where managed SSL certificates\nand keys were deployed to on the data plane instance.\n", + "FilterNameInstances": { + "type": "string", + "description": "Keywords for instance filters.\n\nWhen filtering on `instance_status`, only the following `filter_values` are supported:\n * online\n * offline\n * unavailable\n * unknown\nWhen filtering base on `cert_status`, only the following `filter_values` are supported:\n * valid\n * expiring\n * expired\n * not_ready\n", + "enum": [ + "hostname", + "nginx_version", + "os_version", + "instance_status", + "cert_status", + "cve_severity", + "config_recommendation", + "key_object_id", + "system_id", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_instances_hostname", + "filter_name_instances_nginx_version", + "filter_name_instances_os_version", + "filter_name_instances_instance_status", + "filter_name_instances_cert_status", + "filter_name_instances_cve_severity", + "filter_name_instances_config_recommendation", + "filter_name_instances_key_object_id", + "filter_name_instances_system_id", + "filter_name_instances_object_id" + ] + }, + "InstanceListResponse": { "allOf": [ { - "$ref": "#/components/schemas/NginxConfigObject" + "$ref": "#/components/schemas/PaginationResponse" }, { "type": "object", + "description": "List of data plane instances.", "required": [ - "object_id" + "items" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/NginxConfigObjectID" - }, - "payloads": { - "$ref": "#/components/schemas/NginxConfigPayloads" + "items": { + "description": "An array of Instance objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/Instance" + } } } } + ], + "example": { + "total": 10, + "count": 1, + "start_index": 1, + "items_per_page": 100, + "items": [ + { + "agent_version": "v2.30.3", + "hostname": "4d116619f106", + "key": "key_Tet21AeYTHCj7taOwVfzyw", + "last_reported": "2023-12-06T22:37:24.120114Z", + "nginx_build": { + "conf_path": "/etc/nginx/nginx.conf", + "version": "1.25.3" + }, + "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", + "registered_at": "2023-12-06T22:37:24.120114Z", + "status": "unknown", + "system_id": "b2c0b6a8-8b6a-3a8f-a541-17d8899c119a", + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw" + } + ] + } + }, + "InstanceBulkRequestData": { + "type": "object", + "description": "Part of bulk operation on a NGINX instance, only `delete` is supported.", + "required": [ + "action" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/InstanceObjectID" + }, + "action": { + "$ref": "#/components/schemas/BulkRequestAction" + } + }, + "example": { + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" + } + }, + "InstanceBulkRequest": { + "type": "array", + "items": { + "$ref": "#/components/schemas/InstanceBulkRequestData" + }, + "maxItems": 50, + "example": [ + { + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" + }, + { + "object_id": "inst_PL0c1XodRemmzVEjiXSsTg", + "action": "delete" + } ] }, - "FileDataRequest": { - "type": "object", - "description": "Details about a file, name, and content.", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The file's relative path to the parent directory, absolute path also accepted.", - "minLength": 1, - "maxLength": 4096 - }, - "contents": { - "type": "string", - "format": "byte", - "description": "The base64-encoded contents of the file.", - "maxLength": 3145728 - } + "InstanceBulkResponse": { + "description": "The NGINX instance bulk outcome.", + "type": "array", + "items": { + "$ref": "#/components/schemas/BulkRequestObjectStatus" } }, - "DirectoryRequestWithFileContent": { + "OperatingSystem": { + "description": "Release details for the operating system.", "type": "object", - "description": "Represents a directory and its contents, detailing the directory's full path, and the files within it.", "required": [ "name", - "files" + "id", + "codename", + "version", + "version_id" ], "properties": { "name": { - "type": "string", - "minLength": 1, - "description": "The complete path of the directory." + "description": "The official name of the operating system release.", + "type": "string" }, - "files": { - "type": "array", - "description": "The list of files in the directory.", - "items": { - "$ref": "#/components/schemas/FileDataRequest" - } - } - } - }, - "NginxConfigObjectRequest": { - "type": "object", - "description": "Details of an NGINX configuration, the main configuration path, and the configuration directories.\n", - "required": [ - "conf_path", - "configs" - ], - "properties": { - "config_version": { - "type": "string", - "description": "A hash that uniquely identifies the contents of the config object. Can be used to detect change when updating the NginxConfig.\n" + "id": { + "description": "The distinctive identifier for the operating system release.", + "type": "string" }, - "conf_path": { - "type": "string", - "minLength": 1, - "maxLength": 4096, - "description": "The full path to the main NGINX configuration file. This corresponds to the `--conf-path` parameter used in the NGINX binary.\n", - "example": "/etc/nginx/nginx.conf." + "codename": { + "description": "The codename assigned to the operating system release.", + "type": "string" }, - "configs": { - "type": "array", - "description": "An array of directories containing NGINX configuration files.", - "items": { - "$ref": "#/components/schemas/DirectoryRequestWithFileContent" - } + "version": { + "description": "The version label for the operating system, which may include the name and version number or codename.", + "type": "string" }, - "aux": { - "type": "array", - "description": "An array of auxiliary directory contents related to the NGINX configuration. When auxiliary contents are\nprovided, they become the authoritative source of non-NGINX configuration content. Please ensure the\nprovided contents are complete, missing files that are referenced in the NGINX configuration can cause\nNGINX reload failure. When not provided, the previous known auxiliary contents will be used as part of\npublish.\n", - "items": { - "$ref": "#/components/schemas/DirectoryRequestWithFileContent" - } + "version_id": { + "description": "The specific version number of the operating system release.", + "type": "string" } + }, + "example": { + "name": "Ubuntu", + "id": "ubuntu", + "codename": "bionic", + "version": "18.04.5 LTS (Bionic Beaver)", + "version_id": "18.04" } }, - "NginxConfigRequest": { + "ConfigSyncGroupInstanceMeta": { "allOf": [ { - "$ref": "#/components/schemas/NginxConfigObjectRequest" + "$ref": "#/components/schemas/ConfigSyncGroupMeta" }, { "type": "object", + "description": "Additional details on instance in the NGINX config sync group including:\n* config sync status\n", "properties": { - "payloads": { - "$ref": "#/components/schemas/NginxConfigPayloads" + "instance_config_status": { + "$ref": "#/components/schemas/ConfigSyncStatus" } } } ] }, - "PublicationObjectID": { - "description": "A globally unique identifier for the publication.", - "type": "string", - "format": "object_id", - "example": "pub_72pGHoGsSICL_THZrs964g", - "pattern": "^pub_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } - }, - "PublicationStatusCause": { - "description": "Cause of the failure, provided only if the status is `failed`.", + "InstanceDetails": { "type": "object", - "properties": { - "cause": { - "description": "Cause of the failure, detailed as follows:\n* `unknown` - The reason for the failure is not known.\n* `timeout` - The publication request reached its time limit without receiving a response from the NGINX Agent.\n* `remote` - The NGINX Agent reported a failure when trying to apply the configuration. See the message for more details.\n", - "type": "string", - "enum": [ - "unknown", - "timeout", - "remote" - ], - "x-enum-varnames": [ - "publication_instance_status_cause_unknown", - "publication_instance_status_cause_timeout", - "publication_instance_status_cause_remote" - ] - }, - "message": { - "type": "string", - "description": "more specific failure message from the agent." - } - } - }, - "ConfigSyncGroupPublicationStatusReason": { + "description": "Detailed information about an NGINX instance.", "allOf": [ { - "$ref": "#/components/schemas/PublicationStatusCause" + "$ref": "#/components/schemas/Instance" }, { "type": "object", - "required": [ - "object_id" - ], "properties": { - "object_id": { - "$ref": "#/components/schemas/InstanceObjectID" + "certs": { + "description": "An array detailing each certificate's information, including its friendly name, unique identifier, applicable file system paths, subject name, and validity dates. \nIt provides insights into the operational status of each certificate, such as whether it's currently valid, nearing expiration, is not ready to be used, or has already expired.\nThe deployment status indicates whether the latest certs and key managed by NGINX One Console are deployed onto this data plane instance.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/CertAssociation" + } + }, + "os": { + "$ref": "#/components/schemas/OperatingSystem" + }, + "config_sync_group": { + "$ref": "#/components/schemas/ConfigSyncGroupInstanceMeta" } } } - ] - }, - "ConfigSyncGroupPublication": { - "description": "Details of a publication request for the NGINX config sync group.", - "required": [ - "status", - "created_at", - "modified_at" ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/PublicationObjectID" - }, - "status": { - "$ref": "#/components/schemas/ConfigSyncGroupPublicationStatus" - }, - "created_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the publication was created for the instance." - }, - "modified_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the publication was last modified for the instance." - }, - "status_reasons": { - "description": "Detailed failure reasons on each instance's publication, when 'status' is in 'failed' or 'partially_succeeded'", - "type": "array", - "items": { - "$ref": "#/components/schemas/ConfigSyncGroupPublicationStatusReason" - } - }, - "config_version": { - "type": "string", - "description": "A hash that uniquely identifies the contents of the config object in the publication.\n" - } - }, "example": { - "config_version": "fc3bb4b50c145b3ca5c5d1342be5ec0718eeb9bb84f8d53c5734b6b8", - "created_at": "2024-05-23T21:57:13.048285Z", - "modified_at": "2024-05-23T21:57:13.048285Z", - "object_id": "pub_UPV8jXFwSgm1vHQJCvLD1w", - "status": "failed", - "status_reasons": [ + "agent_version": "v2.30.3", + "certs": [ { - "cause": "remote", - "message": "Config apply failed (write): error running nginx -t -c /etc/nginx/nginx.conf:\n error running nginx -t -c /etc/nginx/nginx.conf:\nnginx: [emerg] invalid number of arguments in \"worker_processes\" directive in /etc/nginx/nginx.conf:7\nnginx: configuration file /etc/nginx/nginx.conf test failed\n", - "object_id": "inst_QBBobKIAQ_21grAwV83VYw" + "subject_name": "test.com", + "name": "client", + "cert_type": "cert_key", + "not_after": "2024-01-06T00:01:30Z", + "not_before": "2023-12-07T00:01:30Z", + "cert_paths": [ + "/etc/nginx/client.pem" + ], + "cert_status": "expiring", + "deployment_status": "latest", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw" } - ] + ], + "hostname": "4d116619f106", + "key": "key_wN3IhLCmR3qmwybG_6ptEg", + "last_reported": "2023-12-06T22:37:24.120114Z", + "nginx_build": { + "conf_path": "/etc/nginx/nginx.conf", + "version": "1.25.3" + }, + "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", + "os": { + "codename": "jammy", + "id": "ubuntu", + "name": "Ubuntu", + "version": "22.04.3 LTS (Jammy Jellyfish)", + "version_id": "22.04" + }, + "registered_at": "2023-12-06T22:37:24.120114Z", + "status": "unknown", + "system_id": "b2c0b6a8-8b6a-3a8f-a541-17d8899c119a", + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw" } }, - "PublicationInstance": { - "description": "Details of a publication request for an NGINX instance.", - "required": [ - "status", - "created_at", - "modified_at" + "NginxSecurityAdvisory": { + "type": "object", + "description": "Details about a specific NGINX security advisory, including its severity, a link to more information, and a brief description.", + "required": [ + "id", + "severity", + "advisory", + "info" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/PublicationObjectID" - }, - "config_version": { - "type": "string", - "description": "A hash that uniquely identifies the contents of the config object in the publication.\n" - }, - "status": { - "description": "Publication status for the NGINX instance:\n* `pending` - The publication request has been accepted and is currently processing.\n* `failed` - The publication attempt failed.\n* `succeeded` - The publication was successful.\n", - "type": "string", - "enum": [ - "pending", - "failed", - "succeeded" - ], - "x-enum-varnames": [ - "publication_instance_status_pending", - "publication_instance_status_failed", - "publication_instance_status_succeeded" - ] + "id": { + "description": "The security advisory's unique identifier.", + "type": "string" }, - "status_cause": { - "$ref": "#/components/schemas/PublicationStatusCause" + "severity": { + "$ref": "#/components/schemas/CveSeverityType" }, - "created_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the publication was created for the instance." + "advisory": { + "description": "The URL to detailed information about the security advisory.", + "type": "string" }, - "modified_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the publication was last modified for the instance." + "info": { + "description": "A brief description of security advisory.", + "type": "string" } - }, - "example": { - "config_version": "c039fbbd5d7f73d894390fb446bd3690da099ed8862b2527299bc2ba", - "created_at": "2024-05-14T20:36:06.272704Z", - "modified_at": "2024-05-14T20:36:06.272704Z", - "object_id": "pub_vfr5Oqv-AhxGzyqTXW-Ubw", - "status": "pending" } }, - "NginxConfigProblem": { + "CertificateSummaryItem": { + "description": "summary information for certificate with certain status.", "type": "object", - "description": "Representation of a problem found during NGINX configuration analysis.", + "required": [ + "status", + "count", + "affected_instances" + ], "properties": { - "directive": { - "description": "Directive in the NGINX configuration where the issue is identified.", - "type": "string" + "status": { + "$ref": "#/components/schemas/CertificateStatus" }, - "file": { - "description": "File where the issue is detected.", - "type": "string" + "count": { + "description": "The total number of SSL certificates for each status category.", + "type": "integer" }, - "line": { - "description": "Line number in the configuration where the issue is found.", + "affected_instances": { + "description": "Indicates the total number of SSL/TLS certificates corresponding to the status provided.", "type": "integer" } } }, - "NginxConfigReport": { + "SummaryDisplayCount": { + "description": "The name, the total count, and an optional user-friendly display name of the resource being summarized.", "type": "object", - "description": "An analysis of the NGINX configuration, highlighting issues and their severity, and offering recommendations.", + "required": [ + "name", + "count" + ], "properties": { - "rule": { - "description": "The name of the configuration rule that was violated.", - "type": "string" - }, - "info": { - "description": "A detailed description of the issue.", + "name": { + "description": "Identifies the category of data being reported, such as an operating system, NGINX version, or another type.", "type": "string" }, - "severity": { - "description": "The severity level of the issue.", - "type": "string" + "count": { + "description": "The number of resources matching the given type.", + "type": "integer" }, - "category": { - "description": "Classification category of the issue.", + "display": { + "description": "A user-friendly label for the category count, intended for display purposes where a more descriptive or readable format is preferred.", "type": "string" - }, - "documentation": { - "description": "Links to documentation that can assist in resolving the identified issue.", - "type": "array", - "items": { - "type": "string" - } - }, - "where": { - "description": "Specific locations in the configuration where issues were detected.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NginxConfigProblem" - } } } }, - "NginxConfigReports": { + "OperatingSystemVersionSummary": { + "description": "An array summarizing the operating systems and their versions on the NGINX data plane.", "type": "array", "items": { - "$ref": "#/components/schemas/NginxConfigReport" + "$ref": "#/components/schemas/SummaryDisplayCount" } }, - "NginxConfigMeta": { + "NGINXVersionSummary": { + "description": "An array summarizing the versions of NGINX installed across the NGINX data plane.", + "type": "array", + "items": { + "$ref": "#/components/schemas/SummaryDisplayCount" + } + }, + "StatusSummary": { + "description": "An overview of the status for each NGINX instance, indicating availability.", "type": "object", - "description": "Meta data of an NGINX configuration, including its unique identifier, the config_version.\n", "required": [ - "object_id", - "config_version", - "created_at", - "modified_at", - "config_source" + "online", + "offline", + "unavailable" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/NginxConfigObjectID" - }, - "config_version": { - "type": "string", - "description": "A hash that uniquely identifies the contents of the config object.\n" - }, - "created_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the NGINX configuration object was created for the instance." + "online": { + "description": "The number of NGINX instances reporting as `online`.\nThe NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n", + "type": "integer" }, - "modified_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the NGINX configuration object was last modified for the instance." + "offline": { + "description": "The number of NGINX instances reporting as `offline`.\nThe NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n", + "type": "integer" }, - "config_source": { - "type": "string", - "enum": [ - "NGINX One", - "Other", - "Unspecified" - ], - "x-enum-varnames": [ - "config_source_nginx_one", - "config_source_other", - "config_source_unspecified" - ], - "description": "The source from which the config was created:\n- `NGINX One`: The config was created from NGINX One.\n- `Other`: The config was created from data plane.\n- `Unspecified`: The source of the config is unspecified.\n" + "unavailable": { + "description": "The number of NGINX instances reporting as `unavailable`.\nThe NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n", + "type": "integer" } - }, - "example": { - "object_id": "nc_AamgWtYSSb6OWGljx3wNDA", - "config_version": "Cm1hcCAkdXJpICRtYXBwZWRfc2V", - "created_at": "2023-08-10T16:59:15Z", - "modified_at": "2023-08-10T16:59:15Z", - "config_source": "NGINX One" } }, - "NginxCVEObject": { + "CveSummary": { + "description": "A summary of Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", "type": "object", "required": [ - "id", "severity", - "info", - "published_at" + "count", + "affected_instances" ], - "description": "Details about a specific NGINX security advisory, including the number of instances impacted by it, its severity, and a brief description.", "properties": { - "id": { - "description": "The security advisory's unique identifier.", - "type": "string" - }, "severity": { "$ref": "#/components/schemas/CveSeverityType" }, - "info": { - "description": "A brief description of security advisory.", - "type": "string" - }, - "instances_impacted": { - "description": "Number of instances impacted by the security advisory", + "count": { + "description": "The number of CVEs at each severity level.", "type": "integer" }, - "published_at": { - "description": "The date and time when the cve was published", - "type": "string", - "format": "date-time" + "affected_instances": { + "description": "The number of NGINX instances affected by each CVE.", + "type": "integer" } } }, - "CVEListResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" - }, - { - "type": "object", - "description": "List of all CVEs.", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of CVE objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NginxCVEObject" - } - } - } - } - ] - }, - "NginxProduct": { - "type": "string", - "description": "NGINX product :\n * `noss` - NGINX Open Source.\n * `nplus` - NGINX PLUS.\n", - "enum": [ - "noss", - "nplus", - "unknown" - ], - "x-enum-varnames": [ - "nginx_product_noss", - "nginx_product_nplus", - "nginx_product_unknown" - ] + "IssueSummary": { + "description": "A summary of issue details from the configuration analysis report.", + "type": "object", + "required": [ + "type", + "count", + "affected_instances" + ], + "properties": { + "type": { + "$ref": "#/components/schemas/RecommendationType" + }, + "count": { + "description": "The number of times this recommendation appears in the configuration analysis report.", + "type": "integer" + }, + "affected_instances": { + "description": "The number of instances affected by this issue.", + "type": "integer" + } + } }, - "CveImpactedNginxProduct": { + "InstanceSummary": { + "description": "A summary of NGINX instances, including certificates, OS versions, NGINX versions, and status details.", "type": "object", - "required": [ - "versions", - "name" - ], - "description": "security advisory impacted NGINX product and its version.", "properties": { - "versions": { - "description": "List of impacted NGINX product versions.", + "certs": { + "description": "An array detailing each certificate's status across all NGINX instances.", "type": "array", "items": { - "type": "string" + "$ref": "#/components/schemas/CertificateSummaryItem" } }, - "name": { - "$ref": "#/components/schemas/NginxProduct" + "os": { + "$ref": "#/components/schemas/OperatingSystemVersionSummary" + }, + "nginx_versions": { + "$ref": "#/components/schemas/NGINXVersionSummary" + }, + "statuses": { + "$ref": "#/components/schemas/StatusSummary" + }, + "cves": { + "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", + "type": "array", + "items": { + "$ref": "#/components/schemas/CveSummary" + } + }, + "recommendations": { + "description": "An array summarizing the suggestions from the configuration analysis report.", + "type": "array", + "items": { + "$ref": "#/components/schemas/IssueSummary" + } } } }, - "NginxCVEDetailsResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/NginxCVEObject" + "MetricQueryResultEx": { + "type": "object", + "required": [ + "query_metadata", + "metrics" + ], + "properties": { + "query_metadata": { + "$ref": "#/components/schemas/MetricQueryMetadata" }, - { - "type": "object", - "required": [ - "detail", - "impacted_products" - ], - "description": "Details about a specific NGINX security advisory, including its severity, detail,\npublished date and time, description and impacted products.\n", - "properties": { - "impacted_products": { - "type": "array", - "items": { - "$ref": "#/components/schemas/CveImpactedNginxProduct" - } - }, - "detail": { - "description": "the details about security advisory", - "type": "string" - } - }, - "example": { - "detail": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-ID", - "id": "CVE-ID", - "impacted_products": [ - { - "name": "nplus", - "versions": [ - "r1", - "r2" - ] - }, - { - "name": "noss", - "versions": [ - "1.11.1", - "1.20.2", - "1.19.9" - ] - } - ], - "info": "Memory disclosure in the ngx_http_mp4_module", - "published_at": "2022-10-19T00:00:00Z", - "severity": "medium" + "metrics": { + "description": "An array of Metric objects, each including the name of the metric resource, aggregate function, and series details.", + "type": "array", + "items": { + "$ref": "#/components/schemas/MetricEx" } } - ] + } }, - "NginxProductInfo": { + "MetricQueryMetadata": { + "description": "This object includes details about the time period and resolution (granularity) used in the metrics query.\n", "type": "object", - "description": "Information about an NGINX product type and its version", - "required": [ - "name", - "version" - ], "properties": { - "name": { - "$ref": "#/components/schemas/NginxProduct" + "start_time": { + "description": "The beginning of the time period for the metrics query (inclusive).", + "type": "string", + "format": "date-time", + "example": "2019-08-07T09:57:36.088757764Z" }, - "version": { - "description": "version of the Nginx product installed on the instance.", - "type": "string" + "end_time": { + "description": "The end point for the time period for the metrics query (non-inclusive).", + "type": "string", + "format": "date-time", + "example": "2019-08-07T09:57:36.088757764Z" + }, + "resolution": { + "description": "The level of granularity for the time series data.", + "type": "string", + "example": "30m" } } }, - "CVEImpactedInstance": { + "MetricEx": { "type": "object", - "description": "Summary information about a NGINX instance.", "required": [ - "object_id", - "hostname", - "status" + "metric", + "series" ], + "description": "This object represents a metric, including the name of the metric resource, aggregate function, and series details.\n", "properties": { - "object_id": { - "$ref": "#/components/schemas/InstanceObjectID" + "metric": { + "$ref": "#/components/schemas/MetricName" }, - "hostname": { - "description": "The name of the host system where the NGINX instance is running.", - "type": "string" + "aggregate": { + "$ref": "#/components/schemas/MetricAggregation" }, - "products": { - "description": "List of NGINX products in the instance", + "series": { + "description": "An array of data points aligned along one or more dimensions from the Dimensions Catalog.\n", "type": "array", "items": { - "$ref": "#/components/schemas/NginxProductInfo" - } - }, - "status": { - "type": "string", - "description": "The current operational status of the NGINX instance, with the following possible values:\n* `unknown` - The status of the NGINX instance cannot be determined at this moment.\n* `unavailable` - The NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n* `offline` - The NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n* `online` - The NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n", - "enum": [ - "unknown", - "unavailable", - "offline", - "online" + "$ref": "#/components/schemas/SeriesEx" + }, + "example": [ + { + "dimensions": { + "nginx_id": "some-instance-obj-1", + "parent_hostname": "hostname-for-instance-1" + }, + "data": [ + { + "timestamp": "2019-08-07T09:57:30Z", + "value": 10 + } + ] + }, + { + "dimensions": { + "nginx_id": "some-instance-obj-2", + "parent_hostname": "hostname-for-instance-2" + }, + "data": [ + { + "timestamp": "2019-08-07T09:58:30Z", + "value": 5 + } + ] + } ] } } }, - "CVEImpactedInstancesListResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" - }, - { + "SeriesEx": { + "description": "This object represents a set of data points aligned along one or more dimensions from the Dimensions Catalog.", + "type": "object", + "required": [ + "dimensions", + "data" + ], + "properties": { + "dimensions": { + "description": "This object represents a set of data points aligned along one or more dimensions.\n", "type": "object", - "description": "List of instances affected by a CVE.", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of Instance objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/CVEImpactedInstance" - } - } + "additionalProperties": { + "description": "The name(s) of the dimensions used in the metrics query.\n", + "type": "string" }, "example": { - "total": 10, - "count": 1, - "start_index": 1, - "items_per_page": 100, - "items": [ - { - "object_id": "inst_8Iwn7dT7RF-PRLxkSt5EYQ", - "hostname": "4d116619f106", - "products": [ - { - "name": "noss", - "version": "1.18.0" - } - ], - "status": "unknown" - } - ] + "nginx_id": "some-instance-object-id", + "parent_hostname": "hostname-for-instance" } + }, + "data": { + "description": "Array of data points for a metric.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/MetricData" + }, + "example": [ + { + "timestamp": "2019-08-07T09:57:30Z", + "value": 10 + } + ] } - ] - }, - "FilterNameEvents": { - "type": "string", - "description": "Keywords for events filters.\n", - "enum": [ - "object_id" - ], - "x-enum-varnames": [ - "filter_name_events_object_id" - ] - }, - "EventObjectID": { - "description": "A globally unique identifier for a NGINX One system event.", - "type": "string", - "format": "object_id", - "pattern": "^event_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "Event": { + "MetricData": { "type": "object", - "description": "An Event is a system message.", "required": [ - "type", "timestamp", - "object_id", - "message" + "value" ], "properties": { "timestamp": { - "description": "time of the event", - "type": "string", - "format": "date-time", - "example": "2019-08-07T09:57:36.088757764Z" - }, - "type": { - "type": "string", - "description": "type of event, indication for affected object type.", - "enum": [ - "instance_cleanup", - "certificates" - ], - "x-enum-varnames": [ - "event_type_instance_cleanup", - "event_type_certificates" - ] - }, - "object_id": { - "$ref": "#/components/schemas/EventObjectID" - }, - "affected_object_id": { - "$ref": "#/components/schemas/ObjectID" - }, - "hostname": { "type": "string", - "description": "hostname of the affected instance, if any." + "description": "A date-time string that represent when the data point in the series was recorded.\n", + "format": "date-time" }, - "message": { - "type": "string", - "description": "Details regarding the event.", - "example": "Instance \"demo-1\" deleted by instance cleanup after \"unavailable\" for 25 hours." + "value": { + "type": "number", + "format": "double", + "nullable": true, + "description": "A value for the data, where `null` indicates a gap.\n" } - }, - "example": { - "timestamp": "2024-02-04T09:57:36.088757764Z", - "type": "instance_cleanup", - "object_id": "event_-uvR3F2TQGm18jnl7bpaGw", - "affected_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "message": "ip-170.0.1 deleted after age out period of 3 hours, last seen 2023-08-07T09:57:36.088757764Z" } }, - "EventsListResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" - }, - { - "type": "object", - "description": "List of Events.", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of Event objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/Event" - } - } - } - } - ] + "StartTime": { + "description": "Sets the beginning of the time period for your metrics query (inclusive).\n\nUsage:\n* `start_time` is required if `end_time` is specified.\n* If `start_time` isn't provided, the API returns the latest metrics.\n* `start_time` is required for aggregated metrics in order to calculate the `resolution` (granularity).\n\nTime can be specified in two ways:\n* Using ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and the appropriate time unit. The time unit can can be `y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds). \nExample of an offset: \"now-3h\" (3 hours before now).\n", + "type": "string", + "example": "2019-08-07T09:57:36.088757764Z" }, - "FilterNameInstances": { + "EndTime": { + "description": "Sets the end point for the time period for your metrics query (non-inclusive).\n\nUsage:\n* Must be greater than `start_time`.\n* If `start_time` is specified and `end_time` is not, `end_time` defaults to the current time.\n\nTime can be specified in two ways:\n* Using ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and the appropriate time unit. The time unit can can be `y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds). \nExample of an offset: \"now-3h\" (3 hours before now).\n", "type": "string", - "description": "Keywords for instance filters.\n\nWhen filtering on `instance_status`, only the following `filter_values` are supported:\n * online\n * offline\n * unavailable\n * unknown\nWhen filtering base on `cert_status`, only the following `filter_values` are supported:\n * valid\n * expiring\n * expired\n * not_ready\n", + "example": "2019-08-07T09:57:36.088757764Z" + }, + "MetricAggregation": { + "type": "string", + "description": "Static list of aggregation functions that can be applied to a compatible metric.\n * min\n * max\n * sum\n * avg\n * rate\n", "enum": [ - "hostname", - "nginx_version", - "os_version", - "instance_status", - "cert_status", - "cve_severity", - "config_recommendation", - "key_object_id", - "system_id", - "object_id" + "min", + "max", + "sum", + "avg", + "rate" ], "x-enum-varnames": [ - "filter_name_instances_hostname", - "filter_name_instances_nginx_version", - "filter_name_instances_os_version", - "filter_name_instances_instance_status", - "filter_name_instances_cert_status", - "filter_name_instances_cve_severity", - "filter_name_instances_config_recommendation", - "filter_name_instances_key_object_id", - "filter_name_instances_system_id", - "filter_name_instances_object_id" + "metric_aggregation_min", + "metric_aggregation_max", + "metric_aggregation_sum", + "metric_aggregation_avg", + "metric_aggregation_rate" ] }, - "InstanceListResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" - }, - { - "type": "object", - "description": "List of data plane instances.", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of Instance objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/Instance" - } - } - } - } - ], - "example": { - "total": 10, - "count": 1, - "start_index": 1, - "items_per_page": 100, - "items": [ - { - "agent_version": "v2.30.3", - "hostname": "4d116619f106", - "key": "key_Tet21AeYTHCj7taOwVfzyw", - "last_reported": "2023-12-06T22:37:24.120114Z", - "nginx_build": { - "conf_path": "/etc/nginx/nginx.conf", - "version": "1.25.3" - }, - "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", - "registered_at": "2023-12-06T22:37:24.120114Z", - "status": "unknown", - "system_id": "b2c0b6a8-8b6a-3a8f-a541-17d8899c119a", - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw" - } - ] + "MetricDimensions": { + "type": "array", + "description": "List the dimensions to include in the response for each metric series.\n\nUsage:\n\n* Specify the list of dimensions. Dimensions not specified in this parameter will be hidden in the results.\n* If you specify dimensions in `group_by`, you don't need to list them again in `dimensions`. \nHowever, if you are using `group_by`, then any dimensions you list in `dimensions` must also be included in `group_by`.\n * To return a single series, specify the metric name with aggregation (for example, `{ \"name\": \"agent.cpu.system\", \"aggregate\": \"avg\" }`) and leave the `dimensions` parameter empty.\n", + "items": { + "$ref": "#/components/schemas/MetricDimension" } }, - "InstanceBulkRequestData": { - "type": "object", - "description": "Part of bulk operation on a NGINX instance, only `delete` is supported.", - "required": [ - "action" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/InstanceObjectID" - }, - "action": { - "$ref": "#/components/schemas/BulkRequestAction" - } - }, - "example": { - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" + "GroupByDimensions": { + "type": "array", + "description": "Group the query results by the specified dimension(s).\n\nUsage:\n* Specify the list of dimensions.\n* For `group_by` to work, all metrics in the `names` parameter must be aggregated.\n", + "items": { + "$ref": "#/components/schemas/MetricDimension" } }, - "InstanceBulkRequest": { + "TopXMetricDimensions": { "type": "array", + "description": "List additional dimensions to include in the response for each metric series. The dimension specified by `group_series_by` will be included by default.\n", "items": { - "$ref": "#/components/schemas/InstanceBulkRequestData" - }, - "maxItems": 50, - "example": [ - { - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" - }, - { - "object_id": "inst_PL0c1XodRemmzVEjiXSsTg", - "action": "delete" - } + "$ref": "#/components/schemas/MetricDimension" + } + }, + "MetricDimension": { + "type": "string", + "default": "display_name", + "description": "Static list of all metric dimensions.\n * `display_name` - The display name of the NGINX instance.\n * `file_path` - Path to a desired file.\n * `parent_hostname` - The hostname of the NGINX Plus instance.\n * `instance_object_id` - Instance Object ID is the unique identifier for an Instance registered with NGINX One Console.\n * `location_zone` - The name of an HTTP location zone.\n * `mount_point` - A filesystem mount point.\n * `namespace` - The Namespace associated with the metric data.\n * `network_interface` - A server network interface.\n * `nginx_id` - The unique identifier of an nginx instance running on the data plane.\n * `server_zone` - The name of an HTTP or Stream server zone.\n * `system_id` - The unique identifier of the the operating system where nginx-agent is running.\n * `tenant` - The Tenant associated with the metric data.\n * `csg_object_id` - Config Sync Group Object ID is the unique identifier for a Config Sync Group registered with NGINX One Console.\n * `mode` - Variant value associated with metric `system.cpu.time`.\n * `state` - Variant value associated with metrics `system.filesystem.usage`, `system.memory.usage`.\n * `io_direction` - Variant value associated with metric `system.network.io`.\n * `status_range` - Variant value associated with metric `nginx.http.response.status`.\n", + "enum": [ + "display_name", + "file_path", + "parent_hostname", + "instance_object_id", + "location_zone", + "mount_point", + "namespace", + "network_interface", + "nginx_id", + "server_zone", + "system_id", + "tenant", + "csg_object_id", + "mode", + "state", + "io_direction", + "status_range" + ], + "x-enum-varnames": [ + "metric_dimension_display_name", + "metric_dimension_file_path", + "metric_dimension_hostname", + "metric_dimension_instance_object_id", + "metric_dimension_location_zone", + "metric_dimension_mount_point", + "metric_dimension_namespace", + "metric_dimension_network_interface", + "metric_dimension_nginx_id", + "metric_dimension_server_zone", + "metric_dimension_system_id", + "metric_dimension_tenant", + "metric_dimension_csg_object_id", + "metric_dimension_mode", + "metric_dimension_state", + "metric_dimension_io_direction", + "metric_dimension_status_range" ] }, - "InstanceBulkResponse": { - "description": "The NGINX instance bulk outcome.", - "type": "array", - "items": { - "$ref": "#/components/schemas/BulkRequestObjectStatus" - } - }, - "OperatingSystem": { - "description": "Release details for the operating system.", + "BaseMetricQueryRequest": { "type": "object", "required": [ - "name", - "id", - "codename", - "version", - "version_id" + "metrics" ], "properties": { - "name": { - "description": "The official name of the operating system release.", - "type": "string" + "metrics": { + "$ref": "#/components/schemas/MetricNames" }, - "id": { - "description": "The distinctive identifier for the operating system release.", - "type": "string" + "filter": { + "$ref": "#/components/schemas/MetricFilters" }, - "codename": { - "description": "The codename assigned to the operating system release.", - "type": "string" + "start_time": { + "$ref": "#/components/schemas/StartTime" }, - "version": { - "description": "The version label for the operating system, which may include the name and version number or codename.", - "type": "string" + "end_time": { + "$ref": "#/components/schemas/EndTime" }, - "version_id": { - "description": "The specific version number of the operating system release.", - "type": "string" + "resolution": { + "type": "string", + "description": "Specifies the level of granularity for time series data in your results. Applicable only for endpoints that return time series data.\n\nUsage: \n* Specify as a string with a number followed by a unit of time, such as `y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes) or `s` (seconds).\n* Metrics in `names` must be aggregated.\n* `start_time` is required.\n* If `resolution` is not set, the API returns the maximum resolution (`end_time` - `start_time`).\n", + "example": "30s" } - }, - "example": { - "name": "Ubuntu", - "id": "ubuntu", - "codename": "bionic", - "version": "18.04.5 LTS (Bionic Beaver)", - "version_id": "18.04" } }, - "ConfigSyncGroupInstanceMeta": { + "MetricQueryRequest": { + "type": "object", "allOf": [ { - "$ref": "#/components/schemas/ConfigSyncGroupMeta" + "$ref": "#/components/schemas/BaseMetricQueryRequest" }, { "type": "object", - "description": "Additional details on instance in the NGINX config sync group including:\n* config sync status\n", "properties": { - "instance_config_status": { - "$ref": "#/components/schemas/ConfigSyncStatus" + "dimensions": { + "$ref": "#/components/schemas/MetricDimensions" + }, + "group_by": { + "$ref": "#/components/schemas/GroupByDimensions" + }, + "order_by": { + "description": "List the order by for dimension(s).\n\nUsage:\n\n* Must be a dimension included by `dimensions` or `group_by`.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/OrderBy" + } } } } ] }, - "InstanceDetails": { + "MetricTopXQueryRequest": { "type": "object", - "description": "Detailed information about an NGINX instance.", "allOf": [ { - "$ref": "#/components/schemas/Instance" + "$ref": "#/components/schemas/BaseMetricQueryRequest" }, { "type": "object", + "required": [ + "series_limit", + "group_series_by" + ], "properties": { - "certs": { - "description": "An array detailing each certificate's information, including its friendly name, unique identifier, applicable file system paths, subject name, and validity dates. \nIt provides insights into the operational status of each certificate, such as whether it's currently valid, nearing expiration, is not ready to be used, or has already expired.\nThe deployment status indicates whether the latest certs and key managed by NGINX One Console are deployed onto this data plane instance.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/CertAssociation" - } + "dimensions": { + "$ref": "#/components/schemas/TopXMetricDimensions" }, - "os": { - "$ref": "#/components/schemas/OperatingSystem" + "series_limit": { + "type": "integer", + "example": 25, + "description": "Sets the maximum number of series that can be returned. \n\nNotes:\n* Always returns an additional series with a dimension named `all`, aggregating the values of all metrics included in the results.\n* A series with a dimension named `other` may be returned, aggregating the values of metrics not included in the results.\n" }, - "config_sync_group": { - "$ref": "#/components/schemas/ConfigSyncGroupInstanceMeta" + "group_series_by": { + "$ref": "#/components/schemas/MetricDimension" + }, + "order_series_by": { + "$ref": "#/components/schemas/OrderSeriesBy" } } } - ], - "example": { - "agent_version": "v2.30.3", - "certs": [ - { - "subject_name": "test.com", - "name": "client", - "cert_type": "cert_key", - "not_after": "2024-01-06T00:01:30Z", - "not_before": "2023-12-07T00:01:30Z", - "cert_paths": [ - "/etc/nginx/client.pem" - ], - "cert_status": "expiring", - "deployment_status": "latest", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw" - } - ], - "hostname": "4d116619f106", - "key": "key_wN3IhLCmR3qmwybG_6ptEg", - "last_reported": "2023-12-06T22:37:24.120114Z", - "nginx_build": { - "conf_path": "/etc/nginx/nginx.conf", - "version": "1.25.3" - }, - "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", - "os": { - "codename": "jammy", - "id": "ubuntu", - "name": "Ubuntu", - "version": "22.04.3 LTS (Jammy Jellyfish)", - "version_id": "22.04" - }, - "registered_at": "2023-12-06T22:37:24.120114Z", - "status": "unknown", - "system_id": "b2c0b6a8-8b6a-3a8f-a541-17d8899c119a", - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw" - } + ] }, - "NginxSecurityAdvisory": { + "MetricNames": { + "type": "array", + "description": "Specify the metrics you want details for.\n\nUsage: \n* List multiple metrics as json objects.\n * You can aggregate metrics with `avg`, `sum`, `min`, `max`, `rate`.\n* Metrics with aggregates require a `start_time`.\n* If you combine aggregated and non-aggregated metrics in a single query, any `group_by` clause applies only to the aggregated metrics.\n", + "items": { + "$ref": "#/components/schemas/MetricQuery" + }, + "example": [ + { + "name": "system.cpu.time", + "aggregate": "avg", + "filter": [ + { + "filterSet": [ + { + "dimension": "mode", + "operator": "=", + "values": [ + "system" + ] + } + ] + } + ] + } + ] + }, + "MetricQuery": { "type": "object", - "description": "Details about a specific NGINX security advisory, including its severity, a link to more information, and a brief description.", "required": [ - "id", - "severity", - "advisory", - "info" + "name" ], "properties": { - "id": { - "description": "The security advisory's unique identifier.", - "type": "string" - }, - "severity": { - "$ref": "#/components/schemas/CveSeverityType" - }, - "advisory": { - "description": "The URL to detailed information about the security advisory.", - "type": "string" + "name": { + "$ref": "#/components/schemas/MetricName" }, - "info": { - "description": "A brief description of security advisory.", - "type": "string" + "aggregate": { + "$ref": "#/components/schemas/MetricAggregation" } } }, - "CertificateSummaryItem": { - "description": "summary information for certificate with certain status.", - "type": "object", - "required": [ - "status", - "count", - "affected_instances" + "MetricFilterPredicate": { + "type": "string", + "enum": [ + "AND", + "OR" ], - "properties": { - "status": { - "$ref": "#/components/schemas/CertificateStatus" - }, - "count": { - "description": "The total number of SSL certificates for each status category.", - "type": "integer" + "x-enum-varnames": [ + "metric_filter_predicate_and", + "metric_filter_predicate_or" + ] + }, + "MetricFilters": { + "type": "array", + "description": "Filter results based on dimension operations against one or more values.\n\nUsage:\n* Format as one or more predicates by providing all required elements.\n * `dimension`: The dimension name you want to filter on.\n * `operator`: The possible operators (`=`, `!=`, `<`, `<=`, `>`, `>=`, `in`, `not`) you can use for comparison or condition checking.\n * `value`: Case sensitive value of the dimension to filter against.\n\nFor more complex filtering:\n\n* Specify a `predicate` for logical expressions (`AND`,`OR`). \n* Use a wildcard `*` in the `value` for matching partial values.\n", + "items": { + "$ref": "#/components/schemas/MetricFilterSet" + }, + "example": [ + { + "filterSet": [ + { + "dimension": "server_zone", + "operator": "!=", + "values": [ + "server_zone_1" + ] + }, + { + "predicate": "OR", + "dimension": "server_zone", + "operator": "=", + "values": [ + "server_zone_2" + ] + } + ] }, - "affected_instances": { - "description": "Indicates the total number of SSL/TLS certificates corresponding to the status provided.", - "type": "integer" + { + "predicate": "AND", + "filterSet": [ + { + "dimension": "nginx_id", + "operator": "in", + "values": [ + "id1", + "id2" + ] + } + ] } - } + ] }, - "SummaryDisplayCount": { - "description": "The name, the total count, and an optional user-friendly display name of the resource being summarized.", + "MetricFilterSet": { "type": "object", + "description": "Encapsulates one or more `MetricFilter` object(s) to be grouped together.\n", "required": [ - "name", - "count" + "filterSet" ], "properties": { - "name": { - "description": "Identifies the category of data being reported, such as an operating system, NGINX version, or another type.", - "type": "string" - }, - "count": { - "description": "The number of resources matching the given type.", - "type": "integer" + "predicate": { + "$ref": "#/components/schemas/MetricFilterPredicate" }, - "display": { - "description": "A user-friendly label for the category count, intended for display purposes where a more descriptive or readable format is preferred.", - "type": "string" + "filterSet": { + "type": "array", + "items": { + "$ref": "#/components/schemas/MetricFilter" + } } } }, - "OperatingSystemVersionSummary": { - "description": "An array summarizing the operating systems and their versions on the NGINX data plane.", - "type": "array", - "items": { - "$ref": "#/components/schemas/SummaryDisplayCount" - } - }, - "NGINXVersionSummary": { - "description": "An array summarizing the versions of NGINX installed across the NGINX data plane.", - "type": "array", - "items": { - "$ref": "#/components/schemas/SummaryDisplayCount" - } - }, - "StatusSummary": { - "description": "An overview of the status for each NGINX instance, indicating availability.", + "MetricFilter": { "type": "object", "required": [ - "online", - "offline", - "unavailable" + "dimension", + "operator", + "values" ], "properties": { - "online": { - "description": "The number of NGINX instances reporting as `online`.\nThe NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n", - "type": "integer" + "dimension": { + "$ref": "#/components/schemas/MetricDimension" }, - "offline": { - "description": "The number of NGINX instances reporting as `offline`.\nThe NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n", - "type": "integer" + "operator": { + "type": "string", + "description": "Static list of all operations supported by filtering\n\n* The `=`, `!=` only use the first element of the `values` array. Wildcards for partial matching is supported.\n* The `in` and `not` both use all elements in the `values` array. Wildcards for partial matching is NOT supported.\n", + "enum": [ + "=", + "!=", + "in", + "not" + ], + "x-enum-varnames": [ + "metric_filter_equal", + "metric_filter_not_equal", + "metric_filter_in", + "metric_filter_not" + ] }, - "unavailable": { - "description": "The number of NGINX instances reporting as `unavailable`.\nThe NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n", - "type": "integer" + "values": { + "type": "array", + "description": "Single value used for all operators except `in` and `not`.", + "items": { + "type": "string" + } + }, + "predicate": { + "$ref": "#/components/schemas/MetricFilterPredicate" } } }, - "CveSummary": { - "description": "A summary of Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", + "OrderDirection": { + "type": "string", + "enum": [ + "asc", + "desc" + ], + "x-enum-varnames": [ + "order_by_asc", + "order_by_desc" + ], + "default": "desc" + }, + "OrderBy": { "type": "object", + "description": "Sort order of the metric series in your results.\n\nUsage:\n* Provide all required elements. \n * `direction`: The sorting direction either `desc` or `asc`.\n * `dimension`: The dimension for ordering.\n", "required": [ - "severity", - "count", - "affected_instances" + "direction", + "dimension" ], "properties": { - "severity": { - "$ref": "#/components/schemas/CveSeverityType" - }, - "count": { - "description": "The number of CVEs at each severity level.", - "type": "integer" + "direction": { + "$ref": "#/components/schemas/OrderDirection" }, - "affected_instances": { - "description": "The number of NGINX instances affected by each CVE.", - "type": "integer" + "dimension": { + "$ref": "#/components/schemas/MetricDimension" } } }, - "IssueSummary": { - "description": "A summary of issue details from the configuration analysis report.", + "OrderSeriesBy": { "type": "object", + "description": "Sort order of the metric series in your results.\n\nUsage:\n* Provide all required elements. \n * `direction`: The sorting direction either `desc` or `asc`.\n * `aggregate`: The aggregating function.\n", "required": [ - "type", - "count", - "affected_instances" + "direction", + "aggregate" ], "properties": { - "type": { - "$ref": "#/components/schemas/RecommendationType" - }, - "count": { - "description": "The number of times this recommendation appears in the configuration analysis report.", - "type": "integer" + "direction": { + "$ref": "#/components/schemas/OrderDirection" }, - "affected_instances": { - "description": "The number of instances affected by this issue.", - "type": "integer" + "aggregate": { + "$ref": "#/components/schemas/MetricAggregation", + "default": "sum" } } }, - "InstanceSummary": { - "description": "A summary of NGINX instances, including certificates, OS versions, NGINX versions, and status details.", - "type": "object", - "properties": { - "certs": { - "description": "An array detailing each certificate's status across all NGINX instances.", - "type": "array", - "items": { - "$ref": "#/components/schemas/CertificateSummaryItem" - } + "MetricName": { + "type": "string", + "description": "Metric names available for querying.\n", + "example": "nginx.http.requests", + "oneOf": [ + { + "$ref": "#/components/schemas/MetricSystemCpuTime" }, - "os": { - "$ref": "#/components/schemas/OperatingSystemVersionSummary" + { + "$ref": "#/components/schemas/MetricSystemFilesystemUsage" }, - "nginx_versions": { - "$ref": "#/components/schemas/NGINXVersionSummary" + { + "$ref": "#/components/schemas/MetricSystemMemoryUsage" }, - "statuses": { - "$ref": "#/components/schemas/StatusSummary" + { + "$ref": "#/components/schemas/MetricSystemCpuLogicalCount" }, - "cves": { - "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", - "type": "array", - "items": { - "$ref": "#/components/schemas/CveSummary" - } + { + "$ref": "#/components/schemas/MetricSystemNetworkIo" }, - "recommendations": { - "description": "An array summarizing the suggestions from the configuration analysis report.", - "type": "array", - "items": { - "$ref": "#/components/schemas/IssueSummary" - } + { + "$ref": "#/components/schemas/MetricNginxHttpRequests" + }, + { + "$ref": "#/components/schemas/MetricNginxHttpResponseStatus" } - } + ] + }, + "MetricSystemCpuTime": { + "type": "string", + "description": "Total system CPU utilization for 'system' or 'user', percentage. A filter differentiator is needed for specific mode(s).\n\nReplacement for depreciated variant(s):\n * system.cpu.system\n * system.cpu.user\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * mode (applicable filter values: 'system', 'user')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n", + "enum": [ + "system.cpu.time" + ] + }, + "MetricSystemFilesystemUsage": { + "type": "string", + "description": "System disk usage statistic, percentage. A filter differentiator is needed for specific state(s).\n\nReplacement for depreciated variant(s):\n * system.disk.in_use\n * system.disk.total\n * system.disk.used\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * state (applicable filter values: 'used', 'free', 'in_use')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * mount_point\n", + "enum": [ + "system.filesystem.usage" + ] + }, + "MetricSystemMemoryUsage": { + "type": "string", + "description": "Total available statistic about system memory usage, bytes. A filter differentiator is needed for specific state(s).\n\nReplacement for depreciated variant(s):\n * system.mem.pct_used\n * system.mem.total\n * system.mem.used\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate \n\nCatalog dimension filter differentiator:\n * state (applicable filter values: 'used', 'free', 'total', 'pct_used')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n", + "enum": [ + "system.memory.usage" + ] + }, + "MetricSystemCpuLogicalCount": { + "type": "string", + "description": "Number of logical (virtual) processor cores created by the operating system.\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate \n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n", + "enum": [ + "system.cpu.logical.count" + ] + }, + "MetricSystemNetworkIo": { + "type": "string", + "description": "Network I/O statistics. Number of bytes sent or received per network interface. A filter differentiator is needed for specific I/O direction(s).\n\nReplacement for depreciated variant(s):\n * system.net.bytes_rcvd\n * system.net.bytes_sent\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * io_direction (applicable filter values: 'transmit', 'receive')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * network_interface\n", + "enum": [ + "system.network.io" + ] + }, + "MetricNginxHttpRequests": { + "type": "string", + "description": "Total number of client requests received from clients.\n\nReplacement for depreciated variant(s):\n * nginx.http.request.count\n * plus.http.request.count\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * server_zone\n * location_zone\n", + "enum": [ + "nginx.http.requests" + ] + }, + "MetricNginxHttpResponseStatus": { + "type": "string", + "description": "Number of responses for by status code range. A filter differentiator is needed for specific status range(s).\n\nReplacement for depreciated variant(s):\n * nginx.http.status.4xx\n * plus.http.status.4xx\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * status_range (applicable filter values: '4xx', '5xx')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id \n * server_zone\n * location_zone\n", + "enum": [ + "nginx.http.response.status" + ] }, - "MetricQueryResultEx": { + "SettingsInstanceCleanup": { "type": "object", + "description": "Preferences for automatic cleanup of stale NGINX One Instances.", "required": [ - "query_metadata", - "metrics" + "age_out_duration" ], "properties": { - "query_metadata": { - "$ref": "#/components/schemas/MetricQueryMetadata" - }, - "metrics": { - "description": "An array of Metric objects, each including the name of the metric resource, aggregate function, and series details.", - "type": "array", - "items": { - "$ref": "#/components/schemas/MetricEx" - } - } - } - }, - "MetricQueryMetadata": { - "description": "This object includes details about the time period and resolution (granularity) used in the metrics query.\n", - "type": "object", - "properties": { - "start_time": { - "description": "The beginning of the time period for the metrics query (inclusive).", - "type": "string", - "format": "date-time", - "example": "2019-08-07T09:57:36.088757764Z" - }, - "end_time": { - "description": "The end point for the time period for the metrics query (non-inclusive).", - "type": "string", - "format": "date-time", - "example": "2019-08-07T09:57:36.088757764Z" - }, - "resolution": { - "description": "The level of granularity for the time series data.", - "type": "string", - "example": "30m" + "age_out_duration": { + "type": "integer", + "format": "int32", + "description": "Specify the age of `unavailable` NGINX instances for clean up. NGINX instances older than this value in hours will be deleted automatically. Events related to automatically deleted NGINX instances will show up in `/events` API. '0' value disables the automatic clean up of `unavailable` NGINX instances.", + "default": 3, + "minimum": 0, + "maximum": 720 } + }, + "example": { + "age_out_duration": 3 } }, - "MetricEx": { + "HttpUsage": { "type": "object", - "required": [ - "metric", - "series" - ], - "description": "This object represents a metric, including the name of the metric resource, aggregate function, and series details.\n", "properties": { - "metric": { - "$ref": "#/components/schemas/MetricName" - }, - "aggregate": { - "$ref": "#/components/schemas/MetricAggregation" - }, - "series": { - "description": "An array of data points aligned along one or more dimensions from the Dimensions Catalog.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/SeriesEx" - }, - "example": [ + "client": { + "allOf": [ { - "dimensions": { - "nginx_id": "some-instance-obj-1", - "parent_hostname": "hostname-for-instance-1" - }, - "data": [ - { - "timestamp": "2019-08-07T09:57:30Z", - "value": 10 - } - ] + "$ref": "#/components/schemas/UsageMetrics" }, { - "dimensions": { - "nginx_id": "some-instance-obj-2", - "parent_hostname": "hostname-for-instance-2" - }, - "data": [ - { - "timestamp": "2019-08-07T09:58:30Z", - "value": 5 + "type": "object", + "properties": { + "requests": { + "type": "integer", + "description": "Total requests handled by an NGINX Instance", + "minimum": 0 } - ] + } } ] + }, + "upstream": { + "$ref": "#/components/schemas/UsageMetrics" } } }, - "SeriesEx": { - "description": "This object represents a set of data points aligned along one or more dimensions from the Dimensions Catalog.", + "StreamUsage": { "type": "object", - "required": [ - "dimensions", - "data" - ], "properties": { - "dimensions": { - "description": "This object represents a set of data points aligned along one or more dimensions.\n", - "type": "object", - "additionalProperties": { - "description": "The name(s) of the dimensions used in the metrics query.\n", - "type": "string" - }, - "example": { - "nginx_id": "some-instance-object-id", - "parent_hostname": "hostname-for-instance" - } + "client": { + "$ref": "#/components/schemas/UsageMetrics" }, - "data": { - "description": "Array of data points for a metric.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/MetricData" - }, - "example": [ - { - "timestamp": "2019-08-07T09:57:30Z", - "value": 10 - } - ] + "upstream": { + "$ref": "#/components/schemas/UsageMetrics" } } }, - "MetricData": { + "UsageMetrics": { "type": "object", - "required": [ - "timestamp", - "value" - ], "properties": { - "timestamp": { - "type": "string", - "description": "A date-time string that represent when the data point in the series was recorded.\n", - "format": "date-time" + "received": { + "type": "integer", + "description": "Total bytes received by an NGINX Instance from clients/upstreams", + "minimum": 0 }, - "value": { - "type": "number", - "format": "double", - "nullable": true, - "description": "A value for the data, where `null` indicates a gap.\n" + "sent": { + "type": "integer", + "description": "Total bytes sent by the NGINX Instance to clients/upstreams", + "minimum": 0 + }, + "connections": { + "type": "integer", + "description": "Total connections of the NGINX Instance with clients/upstreams", + "minimum": 0 } } }, - "StartTime": { - "description": "Sets the beginning of the time period for your metrics query (inclusive).\n\nUsage:\n* `start_time` is required if `end_time` is specified.\n* If `start_time` isn't provided, the API returns the latest metrics.\n* `start_time` is required for aggregated metrics in order to calculate the `resolution` (granularity).\n\nTime can be specified in two ways:\n* Using ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and the appropriate time unit. The time unit can can be `y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds). \nExample of an offset: \"now-3h\" (3 hours before now).\n", + "NginxUsageHttp": { + "$ref": "#/components/schemas/HttpUsage" + }, + "NginxUsageStream": { + "$ref": "#/components/schemas/StreamUsage" + }, + "MetricStartTime": { + "description": "The start time of your metrics query.\n\nUsage:\n* `start_time` is required if `end_time` is specified.\n* If `start_time` and `end_time` isn't provided, the API returns metrics from the current time to the month before the current time.\n* The `start_time` cannot be older than 120 days before the current time.\n\nYou can set the `start_time` in these ways:\n* In ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and unit [`y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds)]. \n* Example of an offset: \"now-3h\" (3 hours before now).\n", "type": "string", "example": "2019-08-07T09:57:36.088757764Z" }, - "EndTime": { - "description": "Sets the end point for the time period for your metrics query (non-inclusive).\n\nUsage:\n* Must be greater than `start_time`.\n* If `start_time` is specified and `end_time` is not, `end_time` defaults to the current time.\n\nTime can be specified in two ways:\n* Using ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and the appropriate time unit. The time unit can can be `y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds). \nExample of an offset: \"now-3h\" (3 hours before now).\n", + "MetricEndTime": { + "description": "The end time of your metrics query.\n\nUsage:\n* Must be greater than `start_time`.\n* The time difference between `start_time` and `end_time` should be greater than an hour.\n* The default `end_time` is the current time.\n* The `end_time` cannot be older than 120 days before the current time.\n\nYou can set the `end_time` in these ways:\n* In ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and unit [`y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds)]. \n* Example of an offset: \"now-3h\" (3 hours before now).\n", "type": "string", "example": "2019-08-07T09:57:36.088757764Z" }, - "MetricAggregation": { + "InventoryMetricAggregation": { "type": "string", - "description": "Static list of aggregation functions that can be applied to a compatible metric.\n * min\n * max\n * sum\n * avg\n * rate\n", + "description": "Static list of aggregation functions that can be applied to a compatible metric.\n * count\n * sum\n * avg\n * min\n * max\n", "enum": [ - "min", - "max", + "count", "sum", "avg", - "rate" - ], - "x-enum-varnames": [ - "metric_aggregation_min", - "metric_aggregation_max", - "metric_aggregation_sum", - "metric_aggregation_avg", - "metric_aggregation_rate" - ] - }, - "MetricDimensions": { - "type": "array", - "description": "List the dimensions to include in the response for each metric series.\n\nUsage:\n\n* Specify the list of dimensions. Dimensions not specified in this parameter will be hidden in the results.\n* If you specify dimensions in `group_by`, you don't need to list them again in `dimensions`. \nHowever, if you are using `group_by`, then any dimensions you list in `dimensions` must also be included in `group_by`.\n * To return a single series, specify the metric name with aggregation (for example, `{ \"name\": \"agent.cpu.system\", \"aggregate\": \"avg\" }`) and leave the `dimensions` parameter empty.\n", - "items": { - "$ref": "#/components/schemas/MetricDimension" - } - }, - "GroupByDimensions": { - "type": "array", - "description": "Group the query results by the specified dimension(s).\n\nUsage:\n* Specify the list of dimensions.\n* For `group_by` to work, all metrics in the `names` parameter must be aggregated.\n", - "items": { - "$ref": "#/components/schemas/MetricDimension" - } - }, - "TopXMetricDimensions": { - "type": "array", - "description": "List additional dimensions to include in the response for each metric series. The dimension specified by `group_series_by` will be included by default.\n", - "items": { - "$ref": "#/components/schemas/MetricDimension" - } - }, - "MetricDimension": { - "type": "string", - "default": "display_name", - "description": "Static list of all metric dimensions.\n * `display_name` - The display name of the NGINX instance.\n * `file_path` - Path to a desired file.\n * `parent_hostname` - The hostname of the NGINX Plus instance.\n * `instance_object_id` - Instance Object ID is the unique identifier for an Instance registered with NGINX One Console.\n * `location_zone` - The name of an HTTP location zone.\n * `mount_point` - A filesystem mount point.\n * `namespace` - The Namespace associated with the metric data.\n * `network_interface` - A server network interface.\n * `nginx_id` - The unique identifier of an nginx instance running on the data plane.\n * `server_zone` - The name of an HTTP or Stream server zone.\n * `system_id` - The unique identifier of the the operating system where nginx-agent is running.\n * `tenant` - The Tenant associated with the metric data.\n * `csg_object_id` - Config Sync Group Object ID is the unique identifier for a Config Sync Group registered with NGINX One Console.\n * `mode` - Variant value associated with metric `system.cpu.time`.\n * `state` - Variant value associated with metrics `system.filesystem.usage`, `system.memory.usage`.\n * `io_direction` - Variant value associated with metric `system.network.io`.\n * `status_range` - Variant value associated with metric `nginx.http.response.status`.\n", - "enum": [ - "display_name", - "file_path", - "parent_hostname", - "instance_object_id", - "location_zone", - "mount_point", - "namespace", - "network_interface", - "nginx_id", - "server_zone", - "system_id", - "tenant", - "csg_object_id", - "mode", - "state", - "io_direction", - "status_range" + "min", + "max" ], - "x-enum-varnames": [ - "metric_dimension_display_name", - "metric_dimension_file_path", - "metric_dimension_hostname", - "metric_dimension_instance_object_id", - "metric_dimension_location_zone", - "metric_dimension_mount_point", - "metric_dimension_namespace", - "metric_dimension_network_interface", - "metric_dimension_nginx_id", - "metric_dimension_server_zone", - "metric_dimension_system_id", - "metric_dimension_tenant", - "metric_dimension_csg_object_id", - "metric_dimension_mode", - "metric_dimension_state", - "metric_dimension_io_direction", - "metric_dimension_status_range" + "x-enum-varnames": [ + "metric_aggregation_count", + "metric_aggregation_sum", + "metric_aggregation_avg", + "metric_aggregation_min", + "metric_aggregation_max" ] }, - "BaseMetricQueryRequest": { + "BaseInventoryQueryRequest": { "type": "object", "required": [ "metrics" ], "properties": { "metrics": { - "$ref": "#/components/schemas/MetricNames" - }, - "filter": { - "$ref": "#/components/schemas/MetricFilters" + "$ref": "#/components/schemas/InventoryMetricNames" }, "start_time": { - "$ref": "#/components/schemas/StartTime" + "$ref": "#/components/schemas/MetricStartTime" }, "end_time": { - "$ref": "#/components/schemas/EndTime" - }, - "resolution": { - "type": "string", - "description": "Specifies the level of granularity for time series data in your results. Applicable only for endpoints that return time series data.\n\nUsage: \n* Specify as a string with a number followed by a unit of time, such as `y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes) or `s` (seconds).\n* Metrics in `names` must be aggregated.\n* `start_time` is required.\n* If `resolution` is not set, the API returns the maximum resolution (`end_time` - `start_time`).\n", - "example": "30s" + "$ref": "#/components/schemas/MetricEndTime" } } }, - "MetricQueryRequest": { - "type": "object", - "allOf": [ - { - "$ref": "#/components/schemas/BaseMetricQueryRequest" - }, - { - "type": "object", - "properties": { - "dimensions": { - "$ref": "#/components/schemas/MetricDimensions" - }, - "group_by": { - "$ref": "#/components/schemas/GroupByDimensions" - }, - "order_by": { - "description": "List the order by for dimension(s).\n\nUsage:\n\n* Must be a dimension included by `dimensions` or `group_by`.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/OrderBy" - } - } - } - } - ] - }, - "MetricTopXQueryRequest": { + "InventoryMetricQueryRequest": { "type": "object", "allOf": [ { - "$ref": "#/components/schemas/BaseMetricQueryRequest" - }, - { - "type": "object", - "required": [ - "series_limit", - "group_series_by" - ], - "properties": { - "dimensions": { - "$ref": "#/components/schemas/TopXMetricDimensions" - }, - "series_limit": { - "type": "integer", - "example": 25, - "description": "Sets the maximum number of series that can be returned. \n\nNotes:\n* Always returns an additional series with a dimension named `all`, aggregating the values of all metrics included in the results.\n* A series with a dimension named `other` may be returned, aggregating the values of metrics not included in the results.\n" - }, - "group_series_by": { - "$ref": "#/components/schemas/MetricDimension" - }, - "order_series_by": { - "$ref": "#/components/schemas/OrderSeriesBy" - } - } + "$ref": "#/components/schemas/BaseInventoryQueryRequest" } ] }, - "MetricNames": { + "InventoryMetricNames": { "type": "array", - "description": "Specify the metrics you want details for.\n\nUsage: \n* List multiple metrics as json objects.\n * You can aggregate metrics with `avg`, `sum`, `min`, `max`, `rate`.\n* Metrics with aggregates require a `start_time`.\n* If you combine aggregated and non-aggregated metrics in a single query, any `group_by` clause applies only to the aggregated metrics.\n", + "description": "Specify the metrics to collect.\n\nUsage: \n* List multiple metrics as JSON objects.\n* You can aggregate metrics with `count`, `sum`, `avg`, `min`, `max`.\n", "items": { - "$ref": "#/components/schemas/MetricQuery" + "$ref": "#/components/schemas/InventoryMetricQuery" }, "example": [ { - "name": "system.cpu.time", - "aggregate": "avg", - "filter": [ - { - "filterSet": [ - { - "dimension": "mode", - "operator": "=", - "values": [ - "system" - ] - } - ] - } + "name": "nginx.plus.instances", + "aggregate": [ + "count" ] } ] }, - "MetricQuery": { + "InventoryMetricQuery": { "type": "object", "required": [ "name" ], "properties": { "name": { - "$ref": "#/components/schemas/MetricName" + "$ref": "#/components/schemas/InventoryMetricName" }, "aggregate": { - "$ref": "#/components/schemas/MetricAggregation" + "type": "array", + "items": { + "$ref": "#/components/schemas/InventoryMetricAggregation" + } } } }, - "MetricFilterPredicate": { + "InventoryMetricName": { + "type": "string", + "description": "Metric names available for querying.\n", + "example": "nginx.plus.instances", + "oneOf": [ + { + "$ref": "#/components/schemas/MetricNginxInstancesPlus" + }, + { + "$ref": "#/components/schemas/MetricK8sClusterNodes" + } + ] + }, + "MetricNginxInstancesPlus": { "type": "string", + "description": "Total number of nginx plus instances.\n\nAggregation(s) supported:\n * count\n * sum\n * avg\n * min\n * max\n", "enum": [ - "AND", - "OR" + "nginx.plus.instances" + ] + }, + "MetricK8sClusterNodes": { + "type": "string", + "description": "Sum of the Kubernetes worker nodes where nginx plus instances are deployed in a Kubernetes cluster.\n\nAggregation(s) supported:\n * count\n * sum\n * avg\n * min\n * max\n", + "enum": [ + "k8s.cluster.nodes" + ] + }, + "NapPolicyEnforcementMode": { + "description": "The current enforcement mode of the NGINX App Protect policy, with the following possible values:\n* `blocking` - Any illegal or suspicious requests are logged and blocked.\n* `monitoring` - Any illegal or suspicious requests are logged but not blocked.\n", + "type": "string", + "enum": [ + "blocking", + "monitoring" ], "x-enum-varnames": [ - "metric_filter_predicate_and", - "metric_filter_predicate_or" + "nap_enforcement_mode_blocking", + "nap_enforcement_mode_monitoring" ] }, - "MetricFilters": { - "type": "array", - "description": "Filter results based on dimension operations against one or more values.\n\nUsage:\n* Format as one or more predicates by providing all required elements.\n * `dimension`: The dimension name you want to filter on.\n * `operator`: The possible operators (`=`, `!=`, `<`, `<=`, `>`, `>=`, `in`, `not`) you can use for comparison or condition checking.\n * `value`: Case sensitive value of the dimension to filter against.\n\nFor more complex filtering:\n\n* Specify a `predicate` for logical expressions (`AND`,`OR`). \n* Use a wildcard `*` in the `value` for matching partial values.\n", - "items": { - "$ref": "#/components/schemas/MetricFilterSet" - }, - "example": [ - { - "filterSet": [ - { - "dimension": "server_zone", - "operator": "!=", - "values": [ - "server_zone_1" - ] - }, - { - "predicate": "OR", - "dimension": "server_zone", - "operator": "=", - "values": [ - "server_zone_2" - ] - } - ] - }, - { - "predicate": "AND", - "filterSet": [ - { - "dimension": "nginx_id", - "operator": "in", - "values": [ - "id1", - "id2" - ] - } - ] - } + "NapDeploymentStatus": { + "description": "The current enforcement mode of the NGINX App Protect policy, with the following possible values:\n* `deployed` - The NGINX App Protect policy has been deployed.\n* `not_deployed` - The NGINX App Protect policy has not been deployed.\n* `deploying` - The NGINX App Protect policy is currently being deployed.\n* `failed` - The NGINX App Protect policy failed deploying.\n", + "type": "string", + "enum": [ + "deployed", + "not_deployed", + "deploying", + "failed" + ], + "x-enum-varnames": [ + "nap_deployment_status_deployed", + "nap_deployment_status_not_deployed", + "nap_deployment_status_deploying", + "nap_deployment_status_failed" ] }, - "MetricFilterSet": { + "NapDeploymentType": { + "description": "The type of the deployment, with the following possible values:\n * `instance` - The deployment is of type instance.\n * `config_sync_group` - The deployment is of type config sync group.\n", + "type": "string", + "enum": [ + "instance", + "config_sync_group" + ], + "x-enum-varnames": [ + "nap_policy_deployment_type_instance", + "nap_policy_deployment_type_csg" + ] + }, + "Version": { + "description": "The version of the NGINX App Protect resource.", + "type": "string", + "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", + "example": "2023.12.06" + }, + "VersionsList": { "type": "object", - "description": "Encapsulates one or more `MetricFilter` object(s) to be grouped together.\n", "required": [ - "filterSet" + "items" ], "properties": { - "predicate": { - "$ref": "#/components/schemas/MetricFilterPredicate" - }, - "filterSet": { + "items": { + "description": "An array of versions.", "type": "array", "items": { - "$ref": "#/components/schemas/MetricFilter" + "$ref": "#/components/schemas/Version" } } + }, + "example": { + "items": [ + "2023.12.06" + ] } }, - "MetricFilter": { + "ThreatCampaignVersionsListResponse": { + "description": "List of Threat Campaign versions.", + "$ref": "#/components/schemas/VersionsList" + }, + "AttackSignatureVersionsListResponse": { + "description": "List of Attack Signature versions.", + "$ref": "#/components/schemas/VersionsList" + }, + "BotSignatureVersionsListResponse": { + "description": "List of Bot Signature versions.", + "$ref": "#/components/schemas/VersionsList" + }, + "NapVersionsListResponse": { + "description": "List of NGINX App Protect versions.", "type": "object", "required": [ - "dimension", - "operator", - "values" + "nap_versions", + "signature_versions" ], "properties": { - "dimension": { - "$ref": "#/components/schemas/MetricDimension" - }, - "operator": { - "type": "string", - "description": "Static list of all operations supported by filtering\n\n* The `=`, `!=` only use the first element of the `values` array. Wildcards for partial matching is supported.\n* The `in` and `not` both use all elements in the `values` array. Wildcards for partial matching is NOT supported.\n", - "enum": [ - "=", - "!=", - "in", - "not" - ], - "x-enum-varnames": [ - "metric_filter_equal", - "metric_filter_not_equal", - "metric_filter_in", - "metric_filter_not" - ] - }, - "values": { + "nap_versions": { + "description": "An array of NGINX App Protect versions.", "type": "array", - "description": "Single value used for all operators except `in` and `not`.", "items": { - "type": "string" + "description": "A collection of NGINX App Protect release and associated engine versions.", + "type": "object", + "required": [ + "release", + "engine" + ], + "properties": { + "release": { + "$ref": "#/components/schemas/Version" + }, + "engine": { + "$ref": "#/components/schemas/Version" + } + } } }, - "predicate": { - "$ref": "#/components/schemas/MetricFilterPredicate" - } - } - }, - "OrderDirection": { - "type": "string", - "enum": [ - "asc", - "desc" - ], - "x-enum-varnames": [ - "order_by_asc", - "order_by_desc" - ], - "default": "desc" + "signature_versions": { + "description": "An array of signature versions.", + "type": "array", + "items": { + "type": "string" + } + } + } }, - "OrderBy": { + "NapPolicy": { + "description": "The JSON contents of the NGINX App Protect policy.", "type": "object", - "description": "Sort order of the metric series in your results.\n\nUsage:\n* Provide all required elements. \n * `direction`: The sorting direction either `desc` or `asc`.\n * `dimension`: The dimension for ordering.\n", "required": [ - "direction", - "dimension" + "policy" ], "properties": { - "direction": { - "$ref": "#/components/schemas/OrderDirection" - }, - "dimension": { - "$ref": "#/components/schemas/MetricDimension" + "policy": { + "description": "The NGINX App Protect policy configuration.", + "type": "object", + "minProperties": 1 } } }, - "OrderSeriesBy": { + "NapPolicyMetadata": { + "description": "Summary information about NGINX App Protect policy.", "type": "object", - "description": "Sort order of the metric series in your results.\n\nUsage:\n* Provide all required elements. \n * `direction`: The sorting direction either `desc` or `asc`.\n * `aggregate`: The aggregating function.\n", "required": [ - "direction", - "aggregate" + "object_id", + "name", + "deployment_count", + "last_updated_by", + "latest" ], "properties": { - "direction": { - "$ref": "#/components/schemas/OrderDirection" + "object_id": { + "$ref": "#/components/schemas/NapPolicyObjectID" }, - "aggregate": { - "$ref": "#/components/schemas/MetricAggregation", - "default": "sum" + "name": { + "description": "The name of the NGINX App Protect policy.", + "type": "string" + }, + "deployment_count": { + "description": "The number of NGINX One instances or config sync groups associated with the NGINX App Protect policy.", + "type": "integer" + }, + "last_updated_by": { + "description": "The NGINX One user who last modified the NGINX App Protect policy.", + "type": "string" + }, + "latest": { + "type": "object", + "required": [ + "enforcement_mode", + "deployed_on", + "version", + "created_on", + "last_updated_by" + ], + "properties": { + "enforcement_mode": { + "$ref": "#/components/schemas/NapPolicyEnforcementMode" + }, + "deployed_on": { + "description": "The date and time when the NGINX App Protect policy was last deployed.", + "type": "string", + "format": "date-time" + }, + "version": { + "description": "The latest version of the NGINX App Protect policy.", + "$ref": "#/components/schemas/Version" + }, + "created_on": { + "description": "The date and time when the NGINX App Protect policy was created.", + "type": "string", + "format": "date-time" + } + } + }, + "description": { + "type": "string", + "description": "Some detail on the NGINX App Protect policy." + } + }, + "example": { + "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", + "name": "test-policy", + "last_updated_by": "john.doe@example.com", + "deployment_count": 5, + "decription": "test policy", + "latest": { + "enforcement_mode": "blocking", + "deployed_on": "2023-12-06T22:37:24.120114Z", + "version": "2023.12.06", + "created_on": "2023-12-06T22:37:24.120114Z" } } }, - "MetricName": { - "type": "string", - "description": "Metric names available for querying.\n", - "example": "nginx.http.requests", - "oneOf": [ + "NapPolicyResponse": { + "description": "Summary information about NGINX App Protect policy.", + "allOf": [ { - "$ref": "#/components/schemas/MetricSystemCpuTime" + "$ref": "#/components/schemas/NapPolicyMetadata" }, { - "$ref": "#/components/schemas/MetricSystemFilesystemUsage" - }, + "$ref": "#/components/schemas/NapPolicy" + } + ] + }, + "NapPoliciesListResponse": { + "description": "List of all NGINX App Protect policies.", + "allOf": [ { - "$ref": "#/components/schemas/MetricSystemMemoryUsage" + "$ref": "#/components/schemas/PaginationResponse" }, { - "$ref": "#/components/schemas/MetricSystemCpuLogicalCount" + "description": "List of NGINX App Protect policies.", + "type": "object", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of NGINX App Protect policy objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapPolicyMetadata" + } + } + }, + "example": { + "items": [ + { + "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", + "name": "test-policy", + "decription": "test policy", + "created_on": "2023-12-06T22:37:24.120114Z", + "latest_version": "2023.12.06", + "last_updated_by": "john.doe@example.com", + "enforcement_mode": "blocking", + "last_deployed": "2023-12-06T22:37:24.120114Z" + } + ] + } + } + ] + }, + "NapPolicyDeploymentMetadata": { + "type": "object", + "required": [ + "object_id", + "enforcement_mode", + "name", + "type", + "status", + "policy_version", + "deployed_on", + "threat_campaign_version", + "attack_signature_version", + "bot_signature_version" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/PublicationObjectID" }, - { - "$ref": "#/components/schemas/MetricSystemNetworkIo" + "enforcement_mode": { + "$ref": "#/components/schemas/NapPolicyEnforcementMode" + }, + "name": { + "description": "The name of the NGINX One instance or config sync group.", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/NapDeploymentType" + }, + "status": { + "$ref": "#/components/schemas/NapDeploymentStatus" }, + "policy_version": { + "description": "The version associated with the NGINX App Protect policy.", + "$ref": "#/components/schemas/Version" + }, + "deployed_on": { + "description": "The date and time when the NGINX App Protect policy was deployed.", + "type": "string", + "format": "date-time" + }, + "threat_campaign_version": { + "$ref": "#/components/schemas/Version" + }, + "attack_signature_version": { + "$ref": "#/components/schemas/Version" + }, + "bot_sigature_version": { + "$ref": "#/components/schemas/Version" + } + }, + "example": { + "object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "name": "test-instance", + "type": "instance", + "status": "deployed", + "policy_version": "2023.12.06", + "deployed_on": "2023-12-06T22:37:24.120114Z", + "enforcement_mode": "blocking", + "threat_campaign_version": "2023.12.06", + "attack_signature_version": "2023.12.06", + "bot_sigature_version": "2023.12.06" + } + }, + "NapPolicyDeploymentsListResponse": { + "description": "List of all NGINX App Protect deployments.", + "allOf": [ { - "$ref": "#/components/schemas/MetricNginxHttpRequests" + "$ref": "#/components/schemas/PaginationResponse" }, { - "$ref": "#/components/schemas/MetricNginxHttpResponseStatus" + "type": "object", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of NGINX App Protect deployments.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapPolicyDeploymentMetadata" + } + } + }, + "example": { + "items": [ + { + "object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "name": "test-instance", + "type": "instance", + "status": "deployed", + "policy_version": "2023.12.06", + "deployed_on": "2023-12-06T22:37:24.120114Z", + "enforcement_mode": "blocking", + "threat_campaign_version": "2023.12.06", + "attack_signature_version": "2023.12.06", + "bot_sigature_version": "2023.12.06" + } + ] + } } ] }, - "MetricSystemCpuTime": { - "type": "string", - "description": "Total system CPU utilization for 'system' or 'user', percentage. A filter differentiator is needed for specific mode(s).\n\nReplacement for depreciated variant(s):\n * system.cpu.system\n * system.cpu.user\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * mode (applicable filter values: 'system', 'user')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n", - "enum": [ - "system.cpu.time" - ] - }, - "MetricSystemFilesystemUsage": { - "type": "string", - "description": "System disk usage statistic, percentage. A filter differentiator is needed for specific state(s).\n\nReplacement for depreciated variant(s):\n * system.disk.in_use\n * system.disk.total\n * system.disk.used\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * state (applicable filter values: 'used', 'free', 'in_use')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * mount_point\n", - "enum": [ - "system.filesystem.usage" + "NapPolicyVersionMetadata": { + "type": "object", + "required": [ + "object_id", + "enforcement_mode", + "deployment_status", + "instance_count", + "config_sync_group_count", + "created_on", + "created_by", + "latest" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/NapPolicyVersionObjectID" + }, + "enforcement_mode": { + "$ref": "#/components/schemas/NapPolicyEnforcementMode" + }, + "deployment_status": { + "$ref": "#/components/schemas/NapDeploymentStatus" + }, + "instance_count": { + "description": "The number of NGINX One instances associated with the NGINX App Protect policy version", + "type": "integer" + }, + "config_sync_group_count": { + "description": "The number of NGINX One config sync groups associated with the NGINX App Protect policy version", + "type": "integer" + }, + "created_on": { + "description": "The date and time when the NGINX App Protect policy version was created.", + "type": "string", + "format": "date-time" + }, + "created_by": { + "description": "The NGINX One user who created the NGINX App Protect policy.", + "type": "string" + }, + "latest": { + "description": "Indicates whether the NGINX App Protect policy version is latest. Default (`false`) returns the current policy. \nWhen set to `true`, returns the latest policy.\n", + "type": "boolean", + "default": false + } + }, + "example": { + "object_id": "pv_-uvR3F2TQGm18jnl7bpaGw", + "created_on": "2023-12-06T22:37:24.120114Z", + "created_by": "john.doe@example.com", + "deployment_status": "deployed", + "enforcement_mode": "blocking", + "instance_count": 10, + "config_sync_group_count": 15, + "latest": false + } + }, + "NapPolicyVersionResponse": { + "description": "Summary information about NGINX App Protect policy version.", + "allOf": [ + { + "$ref": "#/components/schemas/NapPolicyVersionMetadata" + }, + { + "$ref": "#/components/schemas/NapPolicy" + } ] }, - "MetricSystemMemoryUsage": { - "type": "string", - "description": "Total available statistic about system memory usage, bytes. A filter differentiator is needed for specific state(s).\n\nReplacement for depreciated variant(s):\n * system.mem.pct_used\n * system.mem.total\n * system.mem.used\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate \n\nCatalog dimension filter differentiator:\n * state (applicable filter values: 'used', 'free', 'total', 'pct_used')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n", - "enum": [ - "system.memory.usage" + "NapPolicyVersionsListResponse": { + "description": "List of all NGINX App Protect versions.", + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" + }, + { + "type": "object", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of NGINX App Protect version objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapPolicyVersionMetadata" + } + } + }, + "example": { + "items": [ + { + "object_id": "appv_-uvR3F2TQGm18jnl7bpaGw", + "created_on": "2023-12-06T22:37:24.120114Z", + "created_by": "john.doe@example.com", + "deployment_status": "deployed", + "enforcement_mode": "blocking", + "instance_count": 10, + "config_sync_group_count": 15, + "latest": false + } + ] + } + } ] }, - "MetricSystemCpuLogicalCount": { - "type": "string", - "description": "Number of logical (virtual) processor cores created by the operating system.\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate \n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n", - "enum": [ - "system.cpu.logical.count" + "NapLogProfileListResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" + }, + { + "type": "object", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of NGINX App Protect log profiles.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapLogProfileMetadata" + } + } + }, + "example": { + "items": [ + { + "name": "test-log-profile" + }, + { + "object_id": "lp_-uvR3F2TQGm18jnl7bpaGw" + } + ] + } + } ] }, - "MetricSystemNetworkIo": { - "type": "string", - "description": "Network I/O statistics. Number of bytes sent or received per network interface. A filter differentiator is needed for specific I/O direction(s).\n\nReplacement for depreciated variant(s):\n * system.net.bytes_rcvd\n * system.net.bytes_sent\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * io_direction (applicable filter values: 'transmit', 'receive')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * network_interface\n", - "enum": [ - "system.network.io" - ] + "NapLogProfileResponse": { + "$ref": "#/components/schemas/NapLogProfileMetadata" }, - "MetricNginxHttpRequests": { - "type": "string", - "description": "Total number of client requests received from clients.\n\nReplacement for depreciated variant(s):\n * nginx.http.request.count\n * plus.http.request.count\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n", - "enum": [ - "nginx.http.requests" - ] + "NapLogProfileMetadata": { + "type": "object", + "required": [ + "name", + "object_id" + ], + "properties": { + "name": { + "type": "string", + "description": "The name of the NGINX App Protect log profile." + }, + "object_id": { + "$ref": "#/components/schemas/NapLogProfileObjectID" + }, + "description": { + "description": "Optional field to describe the NGINX App Protect log profile.", + "type": "string", + "minLength": 5, + "maxLength": 256 + } + } }, - "MetricNginxHttpResponseStatus": { - "type": "string", - "description": "Number of responses for by status code range. A filter differentiator is needed for specific status range(s).\n\nReplacement for depreciated variant(s):\n * nginx.http.status.4xx\n * plus.http.status.4xx\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * status_range (applicable filter values: '4xx', '5xx')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id \n * server_zone\n * location_zone\n", - "enum": [ - "nginx.http.response.status" + "NapGlobalSettingsListResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" + }, + { + "type": "object", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of NGINX App Protect global settings.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapGlobalSettingsMetadata" + } + } + }, + "example": { + "items": [ + { + "name": "test-global-settings" + }, + { + "object_id": "gs_-uvR3F2TQGm18jnl7bpaGw" + } + ] + } + } ] }, - "SettingsInstanceCleanup": { + "NapGlobalSettingsResponse": { + "$ref": "#/components/schemas/NapGlobalSettingsMetadata" + }, + "NapGlobalSettingsMetadata": { "type": "object", - "description": "Preferences for automatic cleanup of stale NGINX One Instances.", "required": [ - "age_out_duration" + "name", + "object_id" ], "properties": { - "age_out_duration": { - "type": "integer", - "format": "int32", - "description": "Specify the age of `unavailable` NGINX instances for clean up. NGINX instances older than this value in hours will be deleted automatically. Events related to automatically deleted NGINX instances will show up in `/events` API. '0' value disables the automatic clean up of `unavailable` NGINX instances.", - "default": 3, - "minimum": 0, - "maximum": 720 + "name": { + "type": "string", + "description": "The name of the NGINX App Protect global settings object." + }, + "description": { + "description": "Optional field to describe the NGINX App Protect global setting object.", + "type": "string", + "minLength": 5, + "maxLength": 256 + }, + "object_id": { + "$ref": "#/components/schemas/NapGlobalSettingsObjectID" } - }, - "example": { - "age_out_duration": 3 } }, - "HttpUsage": { + "NapGlobalSettingsPutRequest": { + "description": "Update NGINX App Protect global settings object.", "type": "object", + "required": [ + "config" + ], "properties": { - "client": { - "allOf": [ - { - "$ref": "#/components/schemas/UsageMetrics" - }, - { - "type": "object", - "properties": { - "requests": { - "type": "integer", - "description": "Total requests handled by an NGINX Instance", - "minimum": 0 - } - } - } - ] + "description": { + "description": "Optional field to describe the NGINX App Protect global setting object.", + "type": "string", + "minLength": 5, + "maxLength": 256 }, - "upstream": { - "$ref": "#/components/schemas/UsageMetrics" + "config": { + "description": "The NGINX App Protect global settings configuration.", + "type": "object", + "minProperties": 1 } } }, - "StreamUsage": { + "NapLogProfileCreateRequest": { + "description": "Create NGINX App Protect log profile.", "type": "object", + "required": [ + "name", + "config" + ], "properties": { - "client": { - "$ref": "#/components/schemas/UsageMetrics" + "name": { + "description": "The name of the NGINX App Protect log profile.", + "type": "string", + "minLength": 5, + "maxLength": 32 }, - "upstream": { - "$ref": "#/components/schemas/UsageMetrics" + "description": { + "description": "Optional field to describe the NGINX App Protect log profile.", + "type": "string", + "minLength": 5, + "maxLength": 256 + }, + "config": { + "description": "The NGINX App Protect log profile configuration.", + "type": "object", + "minProperties": 1 } } }, - "UsageMetrics": { + "NapLogProfilePutRequest": { + "description": "Update NGINX App Protect log profile.", "type": "object", + "required": [ + "config" + ], "properties": { - "received": { - "type": "integer", - "description": "Total bytes received by an NGINX Instance from clients/upstreams", - "minimum": 0 - }, - "sent": { - "type": "integer", - "description": "Total bytes sent by the NGINX Instance to clients/upstreams", - "minimum": 0 + "description": { + "description": "Optional field to describe describing the NGINX App Protect log profile.", + "type": "string", + "minLength": 5, + "maxLength": 256 }, - "connections": { - "type": "integer", - "description": "Total connections of the NGINX Instance with clients/upstreams", - "minimum": 0 + "config": { + "description": "The NGINX App Protect log profile configuration.", + "type": "object", + "minProperties": 1 } } }, - "NginxUsageHttp": { - "$ref": "#/components/schemas/HttpUsage" - }, - "NginxUsageStream": { - "$ref": "#/components/schemas/StreamUsage" - }, - "MetricStartTime": { - "description": "The start time of your metrics query.\n\nUsage:\n* `start_time` is required if `end_time` is specified.\n* If `start_time` and `end_time` isn't provided, the API returns metrics from the current time to the month before the current time.\n* The `start_time` cannot be older than 120 days before the current time.\n\nYou can set the `start_time` in these ways:\n* In ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and unit [`y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds)]. \n* Example of an offset: \"now-3h\" (3 hours before now).\n", + "FilterNameNapGlobalSettings": { "type": "string", - "example": "2019-08-07T09:57:36.088757764Z" + "description": "Keywords for NGINX App Protect global settings filters.\n", + "enum": [ + "name", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_nap_global_settings_name", + "filter_name_nap_global_settings_object_id" + ] }, - "MetricEndTime": { - "description": "The end time of your metrics query.\n\nUsage:\n* Must be greater than `start_time`.\n* The time difference between `start_time` and `end_time` should be greater than an hour.\n* The default `end_time` is the current time.\n* The `end_time` cannot be older than 120 days before the current time.\n\nYou can set the `end_time` in these ways:\n* In ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and unit [`y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds)]. \n* Example of an offset: \"now-3h\" (3 hours before now).\n", + "NapGlobalSettingsObjectID": { + "description": "A globally unique identifier for the App Protect global settings object.", "type": "string", - "example": "2019-08-07T09:57:36.088757764Z" + "format": "object_id", + "pattern": "^gs_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } }, - "InventoryMetricAggregation": { + "FilterNameNapLogProfile": { "type": "string", - "description": "Static list of aggregation functions that can be applied to a compatible metric.\n * count\n * sum\n * avg\n * min\n * max\n", + "description": "Keywords for NGINX App Protect log profile filters.\n", "enum": [ - "count", - "sum", - "avg", - "min", - "max" + "name", + "object_id" ], "x-enum-varnames": [ - "metric_aggregation_count", - "metric_aggregation_sum", - "metric_aggregation_avg", - "metric_aggregation_min", - "metric_aggregation_max" + "filter_name_nap_log_profile_name", + "filter_name_nap_log_profile_object_id" ] }, - "BaseInventoryQueryRequest": { - "type": "object", - "required": [ - "metrics" - ], - "properties": { - "metrics": { - "$ref": "#/components/schemas/InventoryMetricNames" - }, - "start_time": { - "$ref": "#/components/schemas/MetricStartTime" - }, - "end_time": { - "$ref": "#/components/schemas/MetricEndTime" - } + "NapLogProfileObjectID": { + "description": "A globally unique identifier for the App Protect log profile.", + "type": "string", + "format": "object_id", + "pattern": "^lp_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "InventoryMetricQueryRequest": { - "type": "object", - "allOf": [ - { - "$ref": "#/components/schemas/BaseInventoryQueryRequest" - } - ] - }, - "InventoryMetricNames": { - "type": "array", - "description": "Specify the metrics to collect.\n\nUsage: \n* List multiple metrics as JSON objects.\n* You can aggregate metrics with `count`, `sum`, `avg`, `min`, `max`.\n", - "items": { - "$ref": "#/components/schemas/InventoryMetricQuery" - }, - "example": [ - { - "name": "nginx.plus.instances", - "aggregate": [ - "count" - ] - } + "FilterNameNapPolicy": { + "type": "string", + "description": "Keywords for NGINX App Protect policy filters.\nWhen filtering on `enforcement_mode`, only the following `filter_values` are supported:\n * blocking\n * monitoring\n", + "enum": [ + "name", + "enforcement_mode", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_nap_policy_name", + "filter_name_nap_policy_enforcement_mode", + "filter_name_nap_policy_object_id" ] }, - "InventoryMetricQuery": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/components/schemas/InventoryMetricName" - }, - "aggregate": { - "type": "array", - "items": { - "$ref": "#/components/schemas/InventoryMetricAggregation" - } - } + "NapPolicyObjectID": { + "description": "A globally unique identifier for the App Protect policy.", + "type": "string", + "format": "object_id", + "pattern": "^pol_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "InventoryMetricName": { + "FilterNameNapDeployment": { "type": "string", - "description": "Metric names available for querying.\n", - "example": "nginx.plus.instances", - "oneOf": [ - { - "$ref": "#/components/schemas/MetricNginxInstancesPlus" - }, - { - "$ref": "#/components/schemas/MetricK8sClusterNodes" - } + "description": "Keywords for NGINX App Protect deployment filters.\nWhen filtering on `type`, only the following `filter_values` are supported:\n * instance\n * config_sync_group\nWhen filtering on `status`, only the following `filter_values` are supported:\n * deployed\n * not_deployed\n * deploying\n * failed\n", + "enum": [ + "name", + "type", + "policy_version", + "status", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_nap_deployment_name", + "filter_name_nap_deployment_type", + "filter_name_nap_deployment_policy_version", + "filter_name_nap_deployment_status", + "filter_name_nap_deployment_object_id" ] }, - "MetricNginxInstancesPlus": { + "FilterNameNapPolicyVersion": { "type": "string", - "description": "Total number of nginx plus instances.\n\nAggregation(s) supported:\n * count\n * sum\n * avg\n * min\n * max\n", + "description": "Keywords for NGINX App Protect policy version filters.\nWhen filtering on `deployment_status`, only the following `filter_values` are supported:\n * deployed\n * not_deployed\n * deploying\n * failed\nWhen filtering on `enforcement_mode`, only the following `filter_values` are supported:\n * blocking\n * monitoring\n", "enum": [ - "nginx.plus.instances" + "created_by", + "deployment_status", + "enforcement_mode", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_nap_policy_version_created_by", + "filter_name_nap_policy_version_deployment_status", + "filter_name_nap_policy_version_enforcement_mode", + "filter_name_nap_policy_version_object_id" ] }, - "MetricK8sClusterNodes": { + "NapPolicyVersionObjectID": { + "description": "A globally unique identifier for the App Protect policy version.", "type": "string", - "description": "Sum of the Kubernetes worker nodes where nginx plus instances are deployed in a Kubernetes cluster.\n\nAggregation(s) supported:\n * count\n * sum\n * avg\n * min\n * max\n", - "enum": [ - "k8s.cluster.nodes" - ] + "format": "object_id", + "pattern": "^pv_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } } }, "examples": { @@ -7599,6 +9984,12 @@ "tags": [ "Settings" ] + }, + { + "name": "NGINX One App Protect", + "tags": [ + "NGINX App Protect" + ] } ] } \ No newline at end of file