5.4.0 (#92)

* Branch 5.4 - initial commit
access and error log improvements

* Branch 5.4 - initial commit
access and error log improvements
HTTP access log formats support

* Branch 5.4 - initial commit
access and error log improvements
HTTP access log formats support
README.md updated
FEATURES.md updated
Initial OIDC support

* 5.4.0 OIDC support - dev

* Branch 5.4 - 20250819
access and error log improvements
HTTP access log formats support
Initial OIDC support
FEATURE.md and USAGEv5.3.md to be updated
ACME support pending

* 5.4.0 OIDC support fix

* 5.4.0 OIDC support fix
FEATURES.md updated

* 5.4.0 OIDC support fix
FEATURES.md updated
Initial ACME support

* 5.4.0 OIDC support fix
FEATURES.md updated
Initial ACME support

* README updated

* Fixes

* v5.4 final
OIDC support
ACME support
Bugfixes

* USAGE-v5.4.md updated

* FEATURES.md updated

---------

Signed-off-by: 65397 <[email protected]>

Author: fabriziofiorucci

.gitignore

@@ -20,8 +20,7 @@ Thumbs.db
 =======
 /.idea/
 /src/__pycache__/
-/src/v5_1/__pycache__/
-/src/v5_2/__pycache__/
 /src/v5_3/__pycache__/
+/src/v5_4/__pycache__/
 /contrib/devportal/redocly/src/__pycache__/
 /venv/

FEATURES.md

@@ -30,10 +30,10 @@ A **blog article** to automate NGINX API Gateway management from OpenAPI schemas
 
 - [NGINX Instance Manager 2.14+](https://docs.nginx.com/nginx-management-suite/nim/)
 - [NGINX One Console](https://docs.nginx.com/nginx-one/)
-- [NGINX Plus R30+](https://docs.nginx.com/nginx/)
+- [NGINX Plus R33+](https://docs.nginx.com/nginx/)
 - NGINX App Protect WAF [4](https://docs.nginx.com/nginx-app-protect-waf/v4/) and [5](https://docs.nginx.com/nginx-app-protect-waf/v5/)
 
-**Note**: NGINX Plus R33 and above [require a valid license](https://docs.nginx.com/solutions/about-subscription-licenses/) and the `.output.license` section in the declarative JSON is required. See the [usage notes](/USAGE-v5.3.md) for further details. [Postman collection](/contrib/postman) examples are provided for R33.
+**Note**: NGINX Plus R33 and above [require a valid license](https://docs.nginx.com/solutions/about-subscription-licenses/) and the `.output.license` section in the declarative JSON is required. See the [usage notes](/USAGE-v5.4.md) for further details. [Postman collection](/contrib/postman) examples are provided for NGINX Plus R33+.
 
 ## Architecture
 
@@ -189,7 +189,7 @@ end
 
 - [X] Output to NGINX Instance Manager 2.14+ imperative REST API (instance group)
 - [X] Output to NGINX One Console REST API (config sync group)
-  
+
 ## Supported features
 
 See the [features list](/FEATURES.md)
@@ -198,8 +198,8 @@ See the [features list](/FEATURES.md)
 
 Usage details and JSON schema are available here:
 
+- [API v5.4](/USAGE-v5.4.md) - latest
 - [API v5.3](/USAGE-v5.3.md) - stable
-- [API v5.2](/USAGE-v5.2.md) - deprecated
 
 A sample Postman collection and usage instructions can be found [here](/contrib/postman)
 

README.md

@@ -1,11 +1,11 @@
-# Usage for NGINX Declarative API v5.2
+# Usage for NGINX Declarative API v5.4
 
-Version 5.2 supports:
+Version 5.4 supports:
 
 - [NGINX Instance Manager](https://docs.nginx.com/nginx-management-suite/nim/) 2.14+. Version 2.18+ is required for NGINX R33 and above
 - [NGINX One Console](https://docs.nginx.com/nginx-one/)
-- [NGINX Plus](https://docs.nginx.com/nginx/) R31, R32, R33+
-- [NGINX App Protect WAF](https://docs.nginx.com/nginx-app-protect-waf/) 4 with precompiled [policy bundles](https://docs.nginx.com/nginx-app-protect-waf/v5/admin-guide/compiler/)
+- [NGINX Plus](https://docs.nginx.com/nginx/) R31+
+- [NGINX App Protect WAF](https://docs.nginx.com/nginx-app-protect-waf/) v4 or v5 with precompiled [policy bundles](https://docs.nginx.com/nginx-app-protect-waf/v5/admin-guide/compiler/)
 
 The JSON schema is self explanatory. See also the [sample Postman collection](/contrib/postman) for usage examples
 
@@ -21,6 +21,7 @@ The JSON schema is self explanatory. See also the [sample Postman collection](/c
     - `.output.nms.password` the NGINX Instance Manager authentication password
     - `.output.nms.instancegroup` the NGINX Instance Manager instance group to publish the configuration to
     - `.output.nms.synctime` **optional**, used for GitOps autosync. When specified and the declaration includes HTTP(S) references to NGINX App Protect policies, TLS certificates/keys/chains, the HTTP(S) endpoints will be checked every `synctime` seconds and if external contents have changed, the updated configuration will automatically be published to NGINX Instance Manager
+    - `.output.nms.synchronous` **optional**, when set to `True` (default) the NGINX Declarative API waits for NGINX Instance Manager successful reply after publishing the NGINX configuration. Setting this to `False` enqueues the request, supporting multiple JSON declarations to be submitted at the same time/from multiple clients. Currently supported for `PATCH` operations only.
     - `.output.nms.modules` an optional array of NGINX module names (ie. 'ngx_http_app_protect_module', 'ngx_http_js_module','ngx_stream_js_module')
     - `.output.nms.certificates` an optional array of TLS certificates/keys/chains to be published
       - `.output.nms.certificates[].type` the item type ('certificate', 'key', 'chain')
@@ -41,6 +42,7 @@ The JSON schema is self explanatory. See also the [sample Postman collection](/c
     - `.output.nginxone.token` the authentication token
     - `.output.nginxone.configsyncgroup` the NGINX One Console config sync group name
     - `.output.nginxone.synctime` **optional**, used for GitOps autosync. When specified and the declaration includes HTTP(S) references to NGINX App Protect policies, TLS certificates/keys/chains, the HTTP(S) endpoints will be checked every `synctime` seconds and if external contents have changed, the updated configuration will automatically be published to NGINX One Cloud Console
+    - `.output.nms.synchronous` **optional**, when set to `True` (default) the NGINX Declarative API waits for NGINX One Console successful reply after publishing the NGINX configuration. Setting this to `False` enqueues the request, supporting multiple JSON declarations to be submitted at the same time/from multiple clients. Currently supported for `PATCH` operations only.
     - `.output.nginxone.modules` an optional array of NGINX module names (ie. 'ngx_http_app_protect_module', 'ngx_http_js_module','ngx_stream_js_module')
     - `.output.nginxone.certificates` an optional array of TLS certificates/keys/chains to be published
       - `.output.nginxone.certificates[].type` the item type ('certificate', 'key', 'chain')
@@ -53,12 +55,13 @@ The JSON schema is self explanatory. See also the [sample Postman collection](/c
 
 ### API endpoints
 
-- `POST /v5.2/config/` - Publish a new declaration
-- `PATCH /v5.2/config/{config_uid}` - Update an existing declaration
+- `POST /v5.4/config/` - Publish a new declaration
+- `PATCH /v5.4/config/{config_uid}` - Update an existing declaration
   - Per-HTTP server CRUD
   - Per-HTTP upstream CRUD
   - Per-Stream server CRUD
   - Per-Stream upstream CRUD
   - Per-NGINX App Protect WAF policy CRUD
-- `GET /v5.2/config/{config_uid}` - Retrieve an existing declaration
-- `DELETE /v5.2/config/{config_uid}` - Delete an existing declaration
+- `GET /v5.4/config/{configUid}/submission/{submissionUid}` - Retrieve a submission (asynchronous `PATCH` request) status
+- `GET /v5.4/config/{config_uid}` - Retrieve an existing declaration
+- `DELETE /v5.4/config/{config_uid}` - Delete an existing declaration

USAGE-v5.2.md renamed to USAGE-v5.4.md

@@ -45,9 +45,3 @@ services:
 
 networks:
   dapi-network:
-
-secrets:
-  nginx-crt:
-    file: ${NGINX_CERT}
-  nginx-key:
-    file: ${NGINX_KEY}

contrib/docker-compose/docker-compose.yaml

@@ -70,10 +70,6 @@ COMPOSE_HTTP_TIMEOUT=240 docker-compose -p $PROJECT_NAME -f $DOCKER_COMPOSE_YAML
 
 DOCKER_COMPOSE_YAML="docker-compose.yaml"
 PROJECT_NAME="nginx-dapi"
-export NGINX_CERT="unused"
-export NGINX_KEY="unused"
-export PROFILE="basic"
-export NAP_COMPILER_TAG="unused"
 
 while getopts 'hc:' OPTION
 do