From 479357f68d85bbe015b26a0a62dfc0c4c24e82d6 Mon Sep 17 00:00:00 2001 From: Mike Jang <3287976+mjang@users.noreply.github.com> Date: Tue, 19 Aug 2025 07:22:58 -0700 Subject: [PATCH 1/3] feat: Update N1 Console API for NGF integration --- static/nginx-one/api/one.json | 17812 +++++++++++++++++++++----------- 1 file changed, 11838 insertions(+), 5974 deletions(-) diff --git a/static/nginx-one/api/one.json b/static/nginx-one/api/one.json index 5fb962c77..d983c8513 100644 --- a/static/nginx-one/api/one.json +++ b/static/nginx-one/api/one.json @@ -5,21 +5,6 @@ "description": "The API Reference documentation for NGINX One Console", "version": "v1" }, - "servers": [ - { - "url": "https://{tenant_cname}.console.ves.volterra.io/api/nginx/one/namespaces/{namespace}", - "variables": { - "namespace": { - "description": "The application namespace used to organize and scope API resources.", - "default": "default" - }, - "tenant_cname": { - "description": "The specific DNS name used to access your tenant.", - "default": "tenant-example" - } - } - } - ], "tags": [ { "name": "Data Plane Key", @@ -31,6 +16,12 @@ "description": "The `Instance` object represents an active NGINX installation. \nYou can access detailed information about each NGINX instance, including its configuration analysis, security advisories, and operational status.\n", "x-displayName": "Instances" }, + { + "name": "Feature Flags", + "x-nodoc": true, + "description": "Get details about which feature flags are enabled in the NGINX One console. \nFeature flags are used to toggle the availability of application features or modules without changing code.\n", + "x-displayName": "Feature Flags" + }, { "name": "Config Sync Groups", "description": "The `ConfigSyncGroups` object represents a NGINX config sync group where `Instances` are grouped to have same configuration. \nYou can access detailed information about each NGINX config sync group, including its configuration analysis and operational status.\n", @@ -58,11 +49,13 @@ }, { "name": "Control Planes", - "description": "The `Control Planes` object represents an external control plane such as NGINX Ingress Controller.\nFrom this endpoint, you can get detailed information about each control plane, including its NGINX instances, configurations, security advisories, and operational status.\n", + "description": "The `Control Planes` object represents an external control plane such as NGINX Ingress Controller or NGINX Gateway Fabric.\nFrom this endpoint, you can get detailed information about each control plane, including its NGINX instances, configurations, security advisories, and operational status.\n", "x-displayName": "Control Planes" }, { "name": "Metrics", + "x-nodoc": true, + "description": "Get system metrics for your NGINX data plane instances. These metrics are collected by the NGINX Agent and reported to NGINX One.\n", "x-displayName": "Metrics" }, { @@ -70,14 +63,54 @@ "description": "Configuration option for different aspect of NGINX One service.\nYou can set NGINX Instance cleanup preferences.\n", "x-displayName": "Settings" }, + { + "name": "Usage", + "x-nodoc": true, + "description": "Usage information", + "x-displayName": "Usage" + }, + { + "name": "Chatbot", + "x-nodoc": true, + "description": "This API allows you to interact with the chatbot assistant", + "x-displayName": "Chatbot" + }, + { + "name": "Inventory", + "x-nodoc": true, + "description": "Get tenant usage information for NGINX Plus data plane instances. These metrics are collected by the NGINX data plane instances and reported to NGINX One Console.\n", + "x-displayName": "Inventory" + }, { "name": "NGINX App Protect", "description": "Manage and publish security policies on your NGINX data plane instances.\n", "x-displayName": "NGINX App Protect" + }, + { + "name": "Deployments", + "description": "Manage NAAS deployments.", + "x-displayName": "Deployments" + }, + { + "name": "Load Test", + "x-nodoc": true, + "description": "Load Test actions", + "x-displayName": "Load Test" } ], "paths": { "/data-plane-keys": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], "get": { "tags": [ "Data Plane Key" @@ -143,38 +176,48 @@ } } }, - "patch": { - "x-nginx-one-action": "bulk", - "x-nginx-one-entity": "data plane key", + "post": { "tags": [ "Data Plane Key" ], - "summary": "Bulk operation on multiple data plane keys", - "operationId": "BulkDataPlaneKeys", - "description": "Performs bulk operation on one or more data plane keys, only delete is supported.", + "x-nginx-one-action": "create", + "x-nginx-one-entity": "data plane key", + "summary": "Create a data plane key", + "description": "Creates a unique data plane key that you can use to register NGINX instances with NGINX One.\n\n**IMPORTANT**: Save the data plane key somewhere secure for reference. The key is displayed only once and cannot be retrieved again.\n", + "operationId": "createDataPlaneKey", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DataPlaneKeyBulkRequest" + "$ref": "#/components/schemas/DataPlaneKeyCreateRequest" + }, + "examples": { + "DataPlaneKeyCreateRequest": { + "$ref": "#/components/examples/DataPlaneKeyRequest" + } } } } }, "responses": { "200": { - "description": "Batch request completed.", + "description": "Successfully created the data plane key.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DataPlaneKeyBulkResponse" + "$ref": "#/components/schemas/DataPlaneKeyResponse" + }, + "examples": { + "DataPlaneKeyResponse": { + "$ref": "#/components/examples/DataPlaneKeyResponse" + } } } } }, - "401": { - "description": "Access denied.", + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { "application/json": { "schema": { @@ -195,48 +238,38 @@ } } }, - "post": { + "patch": { + "x-nginx-one-action": "bulk", + "x-nginx-one-entity": "data plane key", "tags": [ "Data Plane Key" ], - "x-nginx-one-action": "create", - "x-nginx-one-entity": "data plane key", - "summary": "Create a data plane key", - "description": "Creates a unique data plane key that you can use to register NGINX instances with NGINX One.\n\n**IMPORTANT**: Save the data plane key somewhere secure for reference. The key is displayed only once and cannot be retrieved again.\n", - "operationId": "createDataPlaneKey", + "summary": "Bulk operation on multiple data plane keys", + "operationId": "BulkDataPlaneKeys", + "description": "Performs bulk operation on one or more data plane keys, only delete is supported.", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DataPlaneKeyCreateRequest" - }, - "examples": { - "DataPlaneKeyCreateRequest": { - "$ref": "#/components/examples/DataPlaneKeyRequest" - } + "$ref": "#/components/schemas/DataPlaneKeyBulkRequest" } } } }, "responses": { "200": { - "description": "Successfully created the data plane key.", + "description": "Batch request completed.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DataPlaneKeyResponse" - }, - "examples": { - "DataPlaneKeyResponse": { - "$ref": "#/components/examples/DataPlaneKeyResponse" - } + "$ref": "#/components/schemas/DataPlaneKeyBulkResponse" } } } }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -259,36 +292,47 @@ } }, "/data-plane-keys/{data_plane_key_id}": { - "delete": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "get": { "tags": [ "Data Plane Key" ], - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "data plane key", - "summary": "Delete a data plane key", - "description": "Deletes a data plane key.\n", - "operationId": "deleteDataPlaneKey", + "summary": "Retrieve a data plane key", + "description": "Retrieves the details for an existing data plane key.\n", + "operationId": "getDataPlaneKey", "parameters": [ { "$ref": "#/components/parameters/DataPlaneKeyParamObjectID" } ], "responses": { - "204": { - "description": "Successfully deleted the data plane key." - }, - "404": { - "description": "The data plane key with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "200": { + "description": "Successfully retrieved the details of the data plane key.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/DataPlaneKey" + }, + "examples": { + "DataPlaneKeys": { + "$ref": "#/components/examples/DataPlaneKey" + } } } } }, - "409": { - "description": "Cannot delete an active data plane key. Revoke the key first, then try deleting it again.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -309,36 +353,36 @@ } } }, - "get": { + "delete": { "tags": [ "Data Plane Key" ], - "summary": "Retrieve a data plane key", - "description": "Retrieves the details for an existing data plane key.\n", - "operationId": "getDataPlaneKey", + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "data plane key", + "summary": "Delete a data plane key", + "description": "Deletes a data plane key.\n", + "operationId": "deleteDataPlaneKey", "parameters": [ { "$ref": "#/components/parameters/DataPlaneKeyParamObjectID" } ], "responses": { - "200": { - "description": "Successfully retrieved the details of the data plane key.", + "204": { + "description": "Successfully deleted the data plane key." + }, + "404": { + "description": "The data plane key with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DataPlaneKey" - }, - "examples": { - "DataPlaneKeys": { - "$ref": "#/components/examples/DataPlaneKey" - } + "$ref": "#/components/schemas/Error" } } } }, - "401": { - "description": "Access denied.", + "409": { + "description": "Cannot delete an active data plane key. Revoke the key first, then try deleting it again.", "content": { "application/json": { "schema": { @@ -438,6 +482,17 @@ } }, "/data-plane-keys/{data_plane_key_id}/revoke": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], "put": { "tags": [ "Data Plane Key" @@ -491,13 +546,78 @@ } } }, - "/certificates": { + "/instances/summary": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], "get": { "tags": [ - "Certificates" + "Instances" ], - "summary": "List all SSL certificates", - "description": "Returns a paginated list showing metadata for every SSL certificate.\n", + "summary": "Retrieve a summary for all instances", + "description": "Retrieves a comprehensive summary for all NGINX instances, which includes details such as:\n * Certificate status and associations\n * Operating system details\n * Version of the NGINX Agent\n * Overall system status\n", + "operationId": "listSummary", + "responses": { + "200": { + "description": "Successfully retrieved the summary of NGINX instances.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/InstanceSummary" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/instances": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "get": { + "tags": [ + "Instances" + ], + "summary": "List all instances", + "operationId": "listInstances", + "description": "Returns a list of all NGINX instances, providing details such as:\n * Unique identifiers for each instance\n * Timestamps for key actions (like registration and last report)\n * Information about the NGINX build\n * Version of the NGINX Agent\n", "parameters": [ { "$ref": "#/components/parameters/Paginated" @@ -509,7 +629,7 @@ "$ref": "#/components/parameters/Offset" }, { - "$ref": "#/components/parameters/FilterFieldCertificates" + "$ref": "#/components/parameters/FilterFieldInstances" }, { "$ref": "#/components/parameters/FilterOperands" @@ -521,17 +641,16 @@ "$ref": "#/components/parameters/SortDirection" }, { - "$ref": "#/components/parameters/SortNameCertificates" + "$ref": "#/components/parameters/SortNameInstances" } ], - "operationId": "listCertificates", "responses": { "200": { - "description": "Successfully retrieved the list of SSL certificates.", + "description": "Successfully retrieved the list of instances.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateListResponse" + "$ref": "#/components/schemas/InstanceListResponse" } } } @@ -558,42 +677,32 @@ } } }, - "post": { - "x-nginx-one-action": "create", - "x-nginx-one-entity": "NGINX certificate", + "patch": { + "x-nginx-one-action": "bulk", + "x-nginx-one-entity": "NGINX instance", "tags": [ - "Certificates" + "Instances" ], - "summary": "Create an SSL certificate", - "operationId": "createCertificate", - "description": "Creates a new SSL certificate with an optional name. \nYou must supply the certificate's content in base64-encoded PEM format.\nAny warnings will be displayed only upon creation of the certificate object, and\nis not retrievable after it is created.\n", + "summary": "Bulk operation on multiple instances", + "operationId": "BulkInstances", + "description": "Performs bulk operation on one or more NGINX instances, only delete is supported.", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateRequest" + "$ref": "#/components/schemas/InstanceBulkRequest" } } } }, "responses": { "200": { - "description": "Successfully created the SSL certificate.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CertificateResponse" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "description": "Batch request completed.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/InstanceBulkResponse" } } } @@ -621,37 +730,66 @@ } } }, - "/certificates/{certificateObjectID}": { - "delete": { - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "NGINX certificate", + "/instances/{instanceObjectID}/cves": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "get": { "tags": [ - "Certificates" + "Instances" ], - "summary": "Delete an SSL certificate", - "operationId": "deleteCertificate", - "description": "* Deletes a managed SSL certificate from the NGINX One console. This operation is disabled for unmanaged certificates, as they get cleaned up automatically when they are not used in any NGINX configuration. \n* An optional flag `deleteFromDataPlanes` when set to true, can be used to remove the certificate from data plane instances to where it was deployed.\n * Deleting from data planes triggers publications on either instances or Config Sync Groups. After the managed cert object is deleted from NGINX One Console, a `PublicationBulkResponse` is returned along with status code 202, indicating whether an error occurred while issuing a publication to a data plane target.\n * If this cert is not associated with any data plane, status code 204 is returned when `deleteFromDataPlanes` set to true.\n", + "summary": "Retrieve an instance's security advisories (CVEs)", + "description": "Retrieves a list of the security advisories (CVEs) for an NGINX instance.", + "operationId": "listInstanceSecurityAdvisories", "parameters": [ { - "$ref": "#/components/parameters/DeleteFromDataPlanesParamFlag" + "$ref": "#/components/parameters/InstanceParamObjectID" } ], "responses": { - "202": { - "description": "Successfully deleted the SSL certificate. Handling deletion of certificate from data planes in the background.", + "200": { + "description": "Successfully retrieved the list of security advisories (CVEs).", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PublicationBulkResponse" + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxSecurityAdvisory" + } } } } }, - "204": { - "description": "Successfully deleted the SSL certificate." + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "404": { + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { "application/json": { "schema": { @@ -659,6 +797,44 @@ } } } + } + } + } + }, + "/instances/{instanceObjectID}": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "get": { + "tags": [ + "Instances" + ], + "summary": "Retrieve an instance", + "description": "Retrieves the details for an NGINX instance, including\n* Hostname\n* System status\n* Timestamps of key actions (registration, last reported, etc.)\n* NGINX build information\n* Certificate data\n* Operating system version\n* NGINX Agent version\n* Config Sync Group membership details\n* Control plane object ID, name, product and version\n", + "operationId": "getInstance", + "parameters": [ + { + "$ref": "#/components/parameters/InstanceParamObjectID" + } + ], + "responses": { + "200": { + "description": "Successfully retrieved the details of the NGINX instance.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/InstanceDetails" + } + } + } }, "401": { "description": "Access denied.", @@ -671,7 +847,7 @@ } }, "404": { - "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -692,23 +868,23 @@ } } }, - "get": { + "delete": { "tags": [ - "Certificates" + "Instances" + ], + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "NGINX instance", + "summary": "Delete an instance", + "description": "Deletes an NGINX instance. Associations with certificates will be cleaned up.\n", + "operationId": "deleteInstance", + "parameters": [ + { + "$ref": "#/components/parameters/InstanceParamObjectID" + } ], - "summary": "Retrieve an SSL certificate", - "operationId": "getCertificate", - "description": "Retrieves the details for an SSL certificate, including:\n* Object ID that uniquely identifies this certificate object\n* SSL certificate type (managed or unmanaged by NGINX One Console)\n* Certificate type (whether it is a CA bundle or a certificate-key pair)\n* Subject name of the leaf certificate, or the soonest-expiring CA in a bundle\n * This subject name will be the DNS name in the SAN extension of the certificate. If not present, it will be the certificate's common name\n* Status of the certificate (valid, expiring, expired)\n* Validity period, if applicable to multiple certificates\n* Metadata for each public certificate if multiples are provided\n* Private key metadata, if available\n", "responses": { - "200": { - "description": "Successfully retrieved the details of the SSL certificate.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CertificateResponse" - } - } - } + "204": { + "description": "Successfully deleted the NGINX instance." }, "401": { "description": "Access denied.", @@ -721,7 +897,7 @@ } }, "404": { - "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -741,38 +917,46 @@ } } } - }, - "parameters": [ + } + }, + "/instances/parse-nginx-config": { + "servers": [ { - "$ref": "#/components/parameters/CertificateParamObjectID" + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true } ], - "patch": { - "x-nginx-one-action": "update", - "x-nginx-one-entity": "NGINX certificate", + "put": { "tags": [ - "Certificates" + "Instances" ], - "summary": "Update an SSL certificate", - "operationId": "updateCertificate", - "description": "Updates public certificates, private keys, or both. \nThis endpoint can also be used to update a Certificate Authority (CA) bundle.\n", + "x-nginx-one-action": "parse", + "x-nginx-one-entity": "NGINX instance configuration", + "summary": "Generate a crossplane representation of provided NGINX configuration.", + "description": "Returns a crossplane representation of provided NGINX config.", + "operationId": "parseNginxConfig", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateUpdateRequest" + "$ref": "#/components/schemas/NginxConfigRequest" } } } }, "responses": { "200": { - "description": "Successfully updated the specified SSL certificate.", + "description": "Successfully parsed the provided NGINX configuration.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateResponse" + "$ref": "#/components/schemas/ParsedNginxConfig" } } } @@ -797,16 +981,6 @@ } } }, - "404": { - "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -820,66 +994,46 @@ } } }, - "/certificates/{certificateObjectID}/deployments": { + "/instances/{instanceObjectID}/config-report": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "parameters": [ + { + "$ref": "#/components/parameters/InstanceParamObjectID" + } + ], "get": { "tags": [ - "Certificates" - ], - "summary": "List SSL certificate deployments", - "description": "Returns a paginated list showing all the deployments for a SSL certificate and assigned file path(s).\n", - "parameters": [ - { - "$ref": "#/components/parameters/CertificateParamObjectID" - }, - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/FilterFieldCertificateDeployments" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameCertificateDeployments" - } + "Instances" ], - "operationId": "listCertificateDeployments", + "summary": "Retrieve an analysis report for an instance's configuration", + "description": "Analyzes the configuration of an NGINX instance and returns a detailed report.\nThe report includes insights, identified issues, and recommendations for optimizing and troubleshooting.\n", + "operationId": "getInstanceConfigReport", "responses": { "200": { - "description": "Successfully retrieved the list of SSL certificate deployments.", + "description": "Successfully retrieved the NGINX configuration analysis for the specified instance.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateDeploymentListResponse" + "$ref": "#/components/schemas/NginxConfigReports" } } } }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "204": { + "description": "The requested instance exists, but analysis of the NGINX configuration is not yet completed. Please retry the request at a later time to retrieve the report." }, "404": { - "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -899,35 +1053,33 @@ } } } - } - }, - "/certificates/parse": { - "post": { - "x-nginx-one-action": "validate", - "x-nginx-one-entity": "NGINX certificate", + }, + "put": { "tags": [ - "Certificates" + "Instances" ], - "summary": "Parse and validate an SSL certificate", - "operationId": "parseCertificate", - "description": "Parses and validates an SSL certificate. \nIt checks the provided PEM files and verifies that the public certificates follow the correct X.509 format. \nIf the certificate cannot be parsed, an error will be returned. \nOtherwise, as long as the certificate is parsable, a `200 OK` status will be returned even if there are issues \nsuch as mismatched private keys or expired certificates. Details of any issues found will be shown in the \"warnings\" field of the response.\n", + "x-nginx-one-action": "analyze", + "x-nginx-one-entity": "NGINX instance configuration", + "summary": "Generate an analysis report for the provided configuration", + "description": "Returns an analysis report for the provided NGINX configuration. This report includes insights, identified issues, and recommendations for optimizing and troubleshooting. Note that this operation is for analysis purposes only and does not apply any changes to the configuration. The report is not stored and is provided only in the API response. To publish the configuration, use the `PUT /instances/{instanceObjectID}/config` endpoint.", + "operationId": "analyzeInstanceConfig", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateRequest" + "$ref": "#/components/schemas/NginxConfigRequest" } } } }, "responses": { "200": { - "description": "Successfully parsed and validated the SSL certificate.", + "description": "Successfully analyzed the provided NGINX configuration.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateResponse" + "$ref": "#/components/schemas/NginxConfigReports" } } } @@ -952,6 +1104,16 @@ } } }, + "404": { + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -963,50 +1125,43 @@ } } } - } - }, - "/config-report": {}, - "/config-sync-groups": { - "get": { + }, + "patch": { "tags": [ - "Config Sync Groups" + "Instances" ], - "summary": "List all config sync groups", - "operationId": "listConfigSyncGroups", - "description": "Returns a list of all NGINX config sync groups, providing details such as:\n * Name of the config sync group\n * List of instance with details\n * Version of the NGINX configuration that's expected to be on all listed instances\n * Status of apply configuration operation \n * Timestamp of last reported action\n", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/FilterFieldConfigSyncGroups" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameConfigSyncGroups" + "x-nginx-one-action": "analyze", + "x-nginx-one-entity": "NGINX instance configuration", + "summary": "Generate an analysis report for the provided modified configuration", + "description": "Analyzes the provided partial updates to an existing NGINX configuration and generates a report detailing potential issues along with optimization suggestions. \nThis analysis accounts for additive updates made to `NginxConfig`. To delete files, omit the `file.contents` field. \nThis method compares the provided `config_version` with the current NGINX instance configuration to detect conflicts, which may arise if the `config_version` does not match due to an out-of-band update. \nNote that this operation is for analysis purposes only and does not apply any changes to the configuration. \nThe report is not stored and is provided only in the API response.\nTo publish the configuration, use the `PATCH /instances/{instanceObjectID}/config` endpoint.\n", + "operationId": "analyzeInstanceConfigWithModify", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NginxConfigRequest" + } + } } - ], + }, "responses": { "200": { - "description": "Successfully retrieved the list of NGINX config sync groups.", + "description": "Successfully analyzed the provided NGINX configuration.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupListResponse" + "$ref": "#/components/schemas/NginxConfigReports" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" } } } @@ -1021,6 +1176,16 @@ } } }, + "404": { + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -1032,33 +1197,39 @@ } } } - }, - "patch": { - "x-nginx-one-action": "bulk", - "x-nginx-one-entity": "config sync group", + } + }, + "/instances/{instanceObjectID}/config": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "parameters": [ + { + "$ref": "#/components/parameters/InstanceParamObjectID" + } + ], + "get": { "tags": [ - "Config Sync Groups" + "Instances" ], - "summary": "Bulk operation on multiple config sync groups", - "operationId": "BulkConfigSyncGroups", - "description": "Performs bulk operation on one or more config sync groups, only delete is supported.", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupBulkRequest" - } - } - } - }, + "summary": "Retrieve an instance's configuration details", + "description": "Returns the configuration details for an NGINX instance, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Details about deployed payloads of managed SSL certificates and keys\n* Unique identifiers\n", + "operationId": "getInstanceConfig", "responses": { "200": { - "description": "Batch request completed.", + "description": "Successfully retrieved the configuration details for the specified NGINX instance.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupBulkResponse" + "$ref": "#/components/schemas/NginxConfig" } } } @@ -1073,6 +1244,16 @@ } } }, + "404": { + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -1085,38 +1266,48 @@ } } }, - "post": { - "x-nginx-one-action": "create", - "x-nginx-one-entity": "NGINX config sync group", + "put": { "tags": [ - "Config Sync Groups" + "Instances" ], - "summary": "Create an NGINX config sync group", - "operationId": "createConfigSyncGroup", - "description": "Create NGINX config sync group with a unique name to identify it within the tenant namespace.\n", + "x-nginx-one-action": "create", + "x-nginx-one-entity": "NGINX instance configuration", + "summary": "Publish a configuration to an instance", + "description": "Publishes a new or updated NGINX configuration to the specified instance.\nIn the specified `configs`, empty files are not allowed in the directory.\nIf no existing configuration is found, a new one is created; otherwise, the current configuration is overwritten. \nBefore publishing, use the `PUT /instances/{instanceObjectID}/config-report` endpoint to generate an analysis report for the provided configuration.\nYou can specify `payloads` in the request to deploy managed certificates and keys to the dataplane. Include file paths\nfor each payload component.\n", + "operationId": "publishInstanceConfig", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupCreateRequest" + "$ref": "#/components/schemas/NginxConfigRequest" } } } }, "responses": { - "200": { - "description": "Successfully created NGINX config sync group", + "202": { + "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /instances/{instanceObjectID}/publications.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupCreateResponse" + "$ref": "#/components/schemas/PublicationInstance" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" } } } }, "401": { - "description": "Access denied", + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -1125,8 +1316,8 @@ } } }, - "409": { - "description": "The NGINX config sync group can't be created because the name is already in use", + "404": { + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -1146,24 +1337,49 @@ } } } - } - }, - "/config-sync-groups/{configSyncGroupObjectID}": { - "delete": { - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "NGINX config sync group", + }, + "patch": { "tags": [ - "Config Sync Groups" + "Instances" ], - "summary": "Delete an NGINX config sync group", - "description": "Delete a NGINX config sync group from the NGINX One console. You can delete a config sync group, only if it contains no NGINX instances.\n", - "operationId": "deleteConfigSyncGroup", + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX instance configuration", + "summary": "Apply partial updates to an instance's configuration", + "description": "Applies the specified partial updates to an existing NGINX configuration. \nThis endpoint accepts additive updates to `NginxConfig`. \nTo delete files, omit the `file.contents` field. \nThis method compares the provided config_version with the current NGINX instance configuration to detect conflicts, which may arise if the config_version does not match due to an out-of-band update. \nBefore publishing, use the `PATCH /instances/{instanceObjectID}/config-report` endpoint to generate an analysis report for the modified configuration.\n", + "operationId": "publishInstanceConfigWithModify", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NginxConfigRequest" + } + } + } + }, "responses": { - "204": { - "description": "Successfully deleted the NGINX config sync group" + "202": { + "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /instances/{instanceObjectID}/publications.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PublicationInstance" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } }, "401": { - "description": "Access denied", + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -1173,7 +1389,7 @@ } }, "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -1193,32 +1409,48 @@ } } } - }, + } + }, + "/instances/{instanceObjectID}/configs": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "parameters": [ + { + "$ref": "#/components/parameters/InstanceParamObjectID" + } + ], "get": { "tags": [ - "Config Sync Groups" + "Instances" ], - "summary": "Retrieve an NGINX config sync group", - "description": "Retrieve the details for an NGINX config sync group, including:\n* name\n* Instances and details of each instance\n* Timestamp of last reported action\n* NGINX config version on the config sync group\n* Certificate summary referenced by config sync group members\n* NGINX config sync operation status\n* Last config sync group publication operation status\n", - "operationId": "getConfigSyncGroup", + "summary": "Retrieves the stored NGINX configurations for an instance", + "description": "Returns a list of all configurations for a NGINX instance. Only the last 10 are kept on the NGINX One Console for a NGINX instance.", + "operationId": "listInstanceConfigurations", "responses": { "200": { - "description": "Successfully retrieved the details of the NGINX config sync group.", + "description": "Successfully retrieved the list of NGINX configurations for the specified NGINX instance.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupDetails" - }, - "examples": { - "ConfigSyncGroupDetails": { - "$ref": "#/components/examples/ConfigSyncGroupDetails" + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxConfigMeta" } } } } }, "401": { - "description": "Access denied", + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -1228,7 +1460,7 @@ } }, "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -1248,24 +1480,38 @@ } } } - }, + } + }, + "/instances/{instanceObjectID}/configs/{instanceConfigurationObjectID}": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], "parameters": [ { - "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" + "$ref": "#/components/parameters/InstanceParamObjectID" + }, + { + "$ref": "#/components/parameters/InstanceConfigurationParamObjectID" } - ] - }, - "/config-sync-groups/{configSyncGroupObjectID}/config": { + ], "get": { "tags": [ - "Config Sync Groups" + "Instances" ], - "summary": "Retrieve a config sync group's configuration details", - "description": "Returns the configuration details for a NGINX config sync group, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Unique identifiers\n", - "operationId": "getConfigSyncGroupConfig", + "summary": "Retrieve an instance's configuration details", + "description": "Returns the configuration details for an NGINX instance, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Unique identifiers\n", + "operationId": "getInstanceConfigWithObjectID", "responses": { "200": { - "description": "Successfully retrieved the configuration details for the specified NGINX config sync group.", + "description": "Successfully retrieved the configuration details for the specified NGINX instance and NGINX configuration.", "content": { "application/json": { "schema": { @@ -1285,7 +1531,7 @@ } }, "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX instance or NGINX configuration with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -1305,74 +1551,48 @@ } } } - }, - "parameters": [ + } + }, + "/instances/{instanceObjectID}/publications": { + "servers": [ { - "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true } ], - "patch": { + "get": { "tags": [ - "Config Sync Groups" + "Instances" ], - "x-nginx-one-action": "update", - "x-nginx-one-entity": "NGINX config sync group configuration", - "summary": "Apply partial updates to config sync group's configuration", - "description": "Applies the specified partial updates to an existing NGINX configuration. Details:\n * This endpoint accepts additive updates to `NginxConfig`. \n * To delete files, omit the `file.contents` field. \n * This method compares the provided config_version with the current NGINX config sync group configuration to detect conflicts, which may arise if the config_version does not match due to an out-of-band update.\n", - "operationId": "patchConfigSyncGroupConfig", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" - } - } + "summary": "Retrieve the publications for an instance", + "description": "Returns a list of all publications for a NGINX instance.", + "operationId": "listInstancePublications", + "parameters": [ + { + "$ref": "#/components/parameters/InstanceParamObjectID" } - }, + ], "responses": { "200": { - "description": "Successfully stored the configuration of the NGINX config sync group", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfig" - } - } - } - }, - "202": { - "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /config-sync-groups/{configSyncGroupObjectID}/publications.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PublicationInstance" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "description": "Successfully retrieved the list of all publications for the specified NGINX instance.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "type": "array", + "items": { + "$ref": "#/components/schemas/PublicationInstance" + } } } } }, "401": { - "description": "Access denied", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -1392,59 +1612,48 @@ } } } - }, - "put": { + } + }, + "/instances/{instanceObjectID}/publications/{publicationObjectID}": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "get": { "tags": [ - "Config Sync Groups" + "Instances" ], - "x-nginx-one-action": "create", - "x-nginx-one-entity": "NGINX config sync group configuration", - "summary": "Publish a configuration to NGINX config sync group", - "description": "Publishes a new or updated NGINX configuration to the specified config sync group. \nIf no existing configuration is found, a new one is created; otherwise, the current configuration is overwritten.\n", - "operationId": "publishConfigSyncGroupConfig", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" - } - } + "summary": "Retrieve a publication for an NGINX instance.", + "description": "Returns a specific publication for an NGINX instance. Only 5 previous entries of Publication are kept for each NGINX instance.", + "operationId": "getInstancePublication", + "parameters": [ + { + "$ref": "#/components/parameters/InstanceParamObjectID" + }, + { + "$ref": "#/components/parameters/PublicationParamObjectID" } - }, + ], "responses": { "200": { - "description": "Successfully stored the configuration of the NGINX config sync group.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfig" - } - } - } - }, - "202": { - "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /config-sync-groups/{configSyncGroupObjectID}/publications.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupPublication" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "description": "Successfully retrieved the specific Publication for the specified NGINX instance.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/PublicationInstance" } } } }, "401": { - "description": "Access denied", + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -1454,7 +1663,7 @@ } }, "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX instance or Publication with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -1476,30 +1685,42 @@ } } }, - "/config-sync-groups/{configSyncGroupObjectID}/config-report": { + "/features": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], "get": { + "x-nodoc": true, "tags": [ - "Config Sync Groups" + "Feature Flags" ], - "summary": "Retrieve an analysis report for the configuration of an NGINX config sync group", - "description": "Analyzes the configuration of an NGINX config sync group and returns a detailed report.\nThe report includes insights, identified issues, and recommendations for optimizing and troubleshooting.\n", - "operationId": "getConfigSyncGroupConfigReport", + "summary": "List all enabled feature flags", + "description": "Returns a list of all the enabled feature flags in the NGINX One console.", + "operationId": "getEnabledFeatureFlags", "responses": { "200": { - "description": "Successfully retrieved the NGINX configuration analysis for the specified config sync group.", + "description": "Successfully retrieved the list of enabled feature flags.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigReports" + "type": "array", + "items": { + "$ref": "#/components/schemas/FeatureFlagKey" + } } } } }, - "204": { - "description": "The requested config sync group exists, but analysis of the NGINX configuration is not yet completed. Please retry the request at a later time to retrieve the report." - }, - "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -1519,48 +1740,46 @@ } } } - }, - "parameters": [ + } + }, + "/config-sync-groups": { + "servers": [ { - "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true } ], - "patch": { - "x-nginx-one-action": "analyze", - "x-nginx-one-entity": "NGINX config sync group configuration", + "post": { + "x-nginx-one-action": "create", + "x-nginx-one-entity": "NGINX config sync group", "tags": [ "Config Sync Groups" ], - "summary": "Generate an analysis report for the configuration of the modified NGINX config sync group", - "description": "Analyzes the provided partial updates merging with an existing configuration of an NGINX config sync group. Generates a report detailing potential issues along with optimization suggestions. \nThis analysis accounts for additive updates made to NGINX configuration. To delete files, omit the `file.contents` field. \nThis method compares the provided `config_version` with the current NGINX config sync group's configuration to detect conflicts, which may arise if the `config_version` does not match due to an out-of-band update. \nNote that this operation is for analysis purposes only and does not apply any changes to the configuration. \nThe report is not stored and is provided only in the API response.\nTo publish the configuration, use the `PATCH /config-sync-groups/{configSyncGroupObjectID}/config` endpoint.\n", - "operationId": "analyzeConfigSyncGroupConfigPatch", + "summary": "Create an NGINX config sync group", + "operationId": "createConfigSyncGroup", + "description": "Create NGINX config sync group with a unique name to identify it within the tenant namespace.\n", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" + "$ref": "#/components/schemas/ConfigSyncGroupCreateRequest" } } } }, "responses": { "200": { - "description": "Successfully analyzed the provided NGINX configuration", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfigReports" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "description": "Successfully created NGINX config sync group", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/ConfigSyncGroupCreateResponse" } } } @@ -1575,8 +1794,8 @@ } } }, - "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "409": { + "description": "The NGINX config sync group can't be created because the name is already in use", "content": { "application/json": { "schema": { @@ -1597,58 +1816,52 @@ } } }, - "put": { - "x-nginx-one-action": "analyze", - "x-nginx-one-entity": "NGINX config sync group configuration", + "get": { "tags": [ "Config Sync Groups" ], - "summary": "Generate an analysis report for the configuration of the NGINX config sync group", - "description": "Returns an analysis report for the configuration of the NGINX config sync group. This report includes insights, identified issues, and recommendations for optimizing and troubleshooting. Note that this operation is for analysis purposes only and does not apply any changes to the configuration. The report is not stored and is provided only in the API response. To publish the configuration, use the `PUT /config-sync-groups/{configSyncGroupObjectID}/config` endpoint.", - "operationId": "analyzeConfigSyncGroupConfig", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" - } - } - } - }, - "responses": { - "200": { - "description": "Successfully analyzed the provided NGINX configuration.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfigReports" - } - } - } + "summary": "List all config sync groups", + "operationId": "listConfigSyncGroups", + "description": "Returns a list of all NGINX config sync groups, providing details such as:\n * Name of the config sync group\n * List of instance with details\n * Version of the NGINX configuration that's expected to be on all listed instances\n * Status of apply configuration operation \n * Timestamp of last reported action\n", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + { + "$ref": "#/components/parameters/Limit" }, - "401": { - "description": "Access denied", + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/FilterFieldConfigSyncGroups" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameConfigSyncGroups" + } + ], + "responses": { + "200": { + "description": "Successfully retrieved the list of NGINX config sync groups.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/ConfigSyncGroupListResponse" } } } }, - "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -1668,39 +1881,39 @@ } } } - } - }, - "/config-sync-groups/{configSyncGroupObjectID}/config/{configSyncGroupConfigurationObjectID}": { - "get": { + }, + "patch": { + "x-nginx-one-action": "bulk", + "x-nginx-one-entity": "config sync group", "tags": [ "Config Sync Groups" ], - "summary": "Retrieve details the NGINX config sync group", - "description": "Returns the configuration details for an NGINX config sync group, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Unique identifiers\n", - "operationId": "getConfigSyncGroupConfigWithObjectID", + "summary": "Bulk operation on multiple config sync groups", + "operationId": "BulkConfigSyncGroups", + "description": "Performs bulk operation on one or more config sync groups, only delete is supported.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ConfigSyncGroupBulkRequest" + } + } + } + }, "responses": { "200": { - "description": "Successfully retrieved the configuration details for the specified NGINX config sync group and NGINX configuration.", + "description": "Batch request completed.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfig" + "$ref": "#/components/schemas/ConfigSyncGroupBulkResponse" } } } }, "401": { - "description": "Access denied", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "404": { - "description": "The NGINX config sync group or NGINX configuration with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -1720,33 +1933,43 @@ } } } - }, + } + }, + "/config-sync-groups/{configSyncGroupObjectID}": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], "parameters": [ { "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" - }, - { - "$ref": "#/components/parameters/ConfigSyncGroupConfigurationParamObjectID" } - ] - }, - "/config-sync-groups/{configSyncGroupObjectID}/configs": { + ], "get": { "tags": [ "Config Sync Groups" ], - "summary": "Retrieves stored NGINX configurations for a NGINX config sync group", - "description": "Returns a list of all configurations for a NGINX config sync group. Only the last 10 are kept on the NGINX One Console for a NGINX config sync group.", - "operationId": "listConfigSyncGroupConfigurations", + "summary": "Retrieve an NGINX config sync group", + "description": "Retrieve the details for an NGINX config sync group, including:\n* name\n* Instances and details of each instance\n* Timestamp of last reported action\n* NGINX config version on the config sync group\n* Certificate summary referenced by config sync group members\n* NGINX config sync operation status\n* Last config sync group publication operation status\n", + "operationId": "getConfigSyncGroup", "responses": { "200": { - "description": "Successfully retrieved the list of NGINX configurations for the specified NGINX config sync group.", + "description": "Successfully retrieved the details of the NGINX config sync group.", "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NginxConfigMeta" + "$ref": "#/components/schemas/ConfigSyncGroupDetails" + }, + "examples": { + "ConfigSyncGroupDetails": { + "$ref": "#/components/examples/ConfigSyncGroupDetails" } } } @@ -1784,33 +2007,18 @@ } } }, - "parameters": [ - { - "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" - } - ] - }, - "/config-sync-groups/{configSyncGroupObjectID}/publications": { - "get": { + "delete": { + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "NGINX config sync group", "tags": [ "Config Sync Groups" ], - "summary": "Retrieve the publications for the NGINX config sync group", - "description": "Returns a list of publications for a NGINX config sync group, providing details such as:\n * Current status along with reason(s) including the target instance object, cause and relevant message\n * Configuration version\n", - "operationId": "listConfigSyncGroupPublications", + "summary": "Delete an NGINX config sync group", + "description": "Delete a NGINX config sync group from the NGINX One console. You can delete a config sync group, only if it contains no NGINX instances.\n", + "operationId": "deleteConfigSyncGroup", "responses": { - "200": { - "description": "Successfully retrieved the list of all publications for the specified NGINX config sync group.", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/ConfigSyncGroupPublication" - } - } - } - } + "204": { + "description": "Successfully deleted the NGINX config sync group" }, "401": { "description": "Access denied", @@ -1843,34 +2051,45 @@ } } } - }, + } + }, + "/config-sync-groups/{configSyncGroupObjectID}/config": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], "parameters": [ { "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" } - ] - }, - "/config-sync-groups/{configSyncGroupObjectID}/publications/{publicationObjectID}": { + ], "get": { "tags": [ "Config Sync Groups" ], - "summary": "Retrieve the publications for the NGINX config sync group, providing details such as:\n * Current status along with reason(s) including the target instance object, cause and relevant message\n * Configuration version\n", - "description": "Returns a publication for a NGINX config sync group.", - "operationId": "getConfigSyncGroupPublication", + "summary": "Retrieve a config sync group's configuration details", + "description": "Returns the configuration details for a NGINX config sync group, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Unique identifiers\n", + "operationId": "getConfigSyncGroupConfig", "responses": { "200": { - "description": "Successfully retrieved the publication for the specified NGINX config sync group.", + "description": "Successfully retrieved the configuration details for the specified NGINX config sync group.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupPublication" + "$ref": "#/components/schemas/NginxConfig" } } } }, "401": { - "description": "Access denied", + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -1901,198 +2120,150 @@ } } }, - "parameters": [ - { - "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" - }, - { - "$ref": "#/components/parameters/PublicationParamObjectID" - } - ] - }, - "/control-planes": { - "get": { + "put": { "tags": [ - "Control Planes" + "Config Sync Groups" ], - "x-feature-flag": "control_planes_m1", - "summary": "List control planes", - "operationId": "listControlPlanes", - "description": "Returns a paginated list of control planes.\n", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameControlPlanes" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/FilterFieldControlPlanes" + "x-nginx-one-action": "create", + "x-nginx-one-entity": "NGINX config sync group configuration", + "summary": "Publish a configuration to NGINX config sync group", + "description": "Publishes a new or updated NGINX configuration to the specified config sync group. \nIf no existing configuration is found, a new one is created; otherwise, the current configuration is overwritten.\n", + "operationId": "publishConfigSyncGroupConfig", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NginxConfigRequest" + } + } } - ], + }, "responses": { "200": { - "description": "Successfully retrieved the list of control planes.", + "description": "Successfully stored the configuration of the NGINX config sync group.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ControlPlaneListResponse" + "$ref": "#/components/schemas/NginxConfig" + } + } + } + }, + "202": { + "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /config-sync-groups/{configSyncGroupObjectID}/publications.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ConfigSyncGroupPublication" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" } } } }, "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/control-planes/{controlPlaneObjectID}": { - "delete": { - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "Control Plane", - "tags": [ - "Control Planes" - ], - "summary": "Delete a control plane", - "description": "Delete a control plane from the NGINX One Console. You can delete a control plane, only if it contains no NGINX instances.\n", - "operationId": "deleteControlPlane", - "responses": { - "204": { - "description": "Successfully deleted the control plane" - }, - "401": { - "$ref": "#/components/responses/Unauthorized" + "description": "Access denied", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } }, "404": { - "$ref": "#/components/responses/NotFound" + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } }, "500": { - "$ref": "#/components/responses/InternalServerErr" + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } } } }, - "get": { + "patch": { "tags": [ - "Control Planes" + "Config Sync Groups" ], - "summary": "Retrieve a control plane", - "description": "Retrieve the details for a control plane, including:\n* Object ID\n* Product name and version\n* Cluster UUID\n* Kubernetes namespace\n* Deployment UUID\n* Data plane key\n* Certificate summary referenced by control plane instances\n* Instance status summary\n", - "operationId": "getControlPlane", + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX config sync group configuration", + "summary": "Apply partial updates to config sync group's configuration", + "description": "Applies the specified partial updates to an existing NGINX configuration. Details:\n * This endpoint accepts additive updates to `NginxConfig`. \n * To delete files, omit the `file.contents` field. \n * This method compares the provided config_version with the current NGINX config sync group configuration to detect conflicts, which may arise if the config_version does not match due to an out-of-band update.\n", + "operationId": "patchConfigSyncGroupConfig", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NginxConfigRequest" + } + } + } + }, "responses": { "200": { - "description": "Successfully retrieved the details of the control plane.", + "description": "Successfully stored the configuration of the NGINX config sync group", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ControlPlaneDetails" + "$ref": "#/components/schemas/NginxConfig" } } } }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "404": { - "$ref": "#/components/responses/NotFound" + "202": { + "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /config-sync-groups/{configSyncGroupObjectID}/publications.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PublicationInstance" + } + } + } }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - }, - "parameters": [ - { - "$ref": "#/components/parameters/ControlPlaneParamObjectID" - } - ], - "x-feature-flag": "control_planes_m1" - }, - "/control-planes/summary": { - "get": { - "tags": [ - "Control Planes" - ], - "summary": "Retrieve a summary for all Control Planes.", - "description": "Retrieves details for all control planes, including:\n * Number of control planes for each product name/version\n", - "operationId": "getControlPlaneSummary", - "responses": { - "200": { - "description": "Successfully retrieved the summary of control planes.", + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ControlPlaneSummary" + "$ref": "#/components/schemas/Error" } } } }, "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - }, - "x-feature-flag": "control_planes_m1" - }, - "/cves": { - "get": { - "tags": [ - "CVEs" - ], - "summary": "List of all CVEs affecting the instances", - "operationId": "listNginxCVEs", - "description": "Returns a list of all CVEs that affect at least one instance under the tenant\n", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameCVEs" - } - ], - "responses": { - "200": { - "description": "Successfully retrieved the list of CVEs.", + "description": "Access denied", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CVEListResponse" + "$ref": "#/components/schemas/Error" } } } }, - "401": { - "description": "Access denied.", + "404": { + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -2114,32 +2285,46 @@ } } }, - "/cves/{nginxCVEID}": { + "/config-sync-groups/{configSyncGroupObjectID}/configs": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "parameters": [ + { + "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" + } + ], "get": { "tags": [ - "CVEs" - ], - "summary": "Retrieve NGINX CVE details", - "operationId": "GetNginxCVEDetails", - "description": "Retrieve CVE details\n", - "parameters": [ - { - "$ref": "#/components/parameters/NginxCVEParamID" - } + "Config Sync Groups" ], + "summary": "Retrieves stored NGINX configurations for a NGINX config sync group", + "description": "Returns a list of all configurations for a NGINX config sync group. Only the last 10 are kept on the NGINX One Console for a NGINX config sync group.", + "operationId": "listConfigSyncGroupConfigurations", "responses": { "200": { - "description": "Successfully retrieved NGINX CVE details.", + "description": "Successfully retrieved the list of NGINX configurations for the specified NGINX config sync group.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxCVEDetailsResponse" + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxConfigMeta" + } } } } }, "401": { - "description": "Access denied.", + "description": "Access denied", "content": { "application/json": { "schema": { @@ -2149,7 +2334,7 @@ } }, "404": { - "description": "CVE with the specified nginxCVEID was not found. Check that the nginxCVEID provided is correct and corresponds to an existing resource.", + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -2171,47 +2356,46 @@ } } }, - "/cves/{nginxCVEID}/impacted_instances": { + "/config-sync-groups/{configSyncGroupObjectID}/config/{configSyncGroupConfigurationObjectID}": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "parameters": [ + { + "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" + }, + { + "$ref": "#/components/parameters/ConfigSyncGroupConfigurationParamObjectID" + } + ], "get": { "tags": [ - "CVEs" - ], - "summary": "Retrieve the instances impacted by a CVE", - "description": "Retrieves a list of the instances impacted by a security advisory.", - "operationId": "listCVEImpactedInstances", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameCVEImpactedInstances" - }, - { - "$ref": "#/components/parameters/NginxCVEParamID" - } + "Config Sync Groups" ], + "summary": "Retrieve details the NGINX config sync group", + "description": "Returns the configuration details for an NGINX config sync group, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Unique identifiers\n", + "operationId": "getConfigSyncGroupConfigWithObjectID", "responses": { "200": { - "description": "Successfully retrieved the list of instances affected by the CVE.", + "description": "Successfully retrieved the configuration details for the specified NGINX config sync group and NGINX configuration.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CVEImpactedInstancesListResponse" + "$ref": "#/components/schemas/NginxConfig" } } } }, "401": { - "description": "Access denied.", + "description": "Access denied", "content": { "application/json": { "schema": { @@ -2221,7 +2405,7 @@ } }, "404": { - "description": "The CVE with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing CVE.", + "description": "The NGINX config sync group or NGINX configuration with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -2243,47 +2427,56 @@ } } }, - "/events": { + "/config-sync-groups/{configSyncGroupObjectID}/publications": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "parameters": [ + { + "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" + } + ], "get": { "tags": [ - "Events" - ], - "summary": "Retrieve system events.", - "description": "Retrieves a list of the system events.", - "operationId": "listEvents", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/FilterFieldEvents" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - } + "Config Sync Groups" ], + "summary": "Retrieve the publications for the NGINX config sync group", + "description": "Returns a list of publications for a NGINX config sync group, providing details such as:\n * Current status along with reason(s) including the target instance object, cause and relevant message\n * Configuration version\n", + "operationId": "listConfigSyncGroupPublications", "responses": { "200": { - "description": "Successfully retrieved the list of events.", + "description": "Successfully retrieved the list of all publications for the specified NGINX config sync group.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/EventsListResponse" + "type": "array", + "items": { + "$ref": "#/components/schemas/ConfigSyncGroupPublication" + } } } } }, "401": { - "description": "Access denied.", + "description": "Access denied", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -2305,32 +2498,46 @@ } } }, - "/events/{eventObjectID}": { + "/config-sync-groups/{configSyncGroupObjectID}/publications/{publicationObjectID}": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "parameters": [ + { + "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" + }, + { + "$ref": "#/components/parameters/PublicationParamObjectID" + } + ], "get": { "tags": [ - "Events" - ], - "operationId": "getEvent", - "summary": "Retrieve specific event.", - "description": "Retrieve a specific event using the event object_id.", - "parameters": [ - { - "$ref": "#/components/parameters/EventParamObjectID" - } + "Config Sync Groups" ], + "summary": "Retrieve the publications for the NGINX config sync group, providing details such as:\n * Current status along with reason(s) including the target instance object, cause and relevant message\n * Configuration version\n", + "description": "Returns a publication for a NGINX config sync group.", + "operationId": "getConfigSyncGroupPublication", "responses": { "200": { - "description": "Successfully retrieved the details of the event.", + "description": "Successfully retrieved the publication for the specified NGINX config sync group.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Event" + "$ref": "#/components/schemas/ConfigSyncGroupPublication" } } } }, "401": { - "description": "Access denied.", + "description": "Access denied", "content": { "application/json": { "schema": { @@ -2340,7 +2547,7 @@ } }, "404": { - "description": "The Event with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -2362,53 +2569,46 @@ } } }, - "/instances": { + "/config-sync-groups/{configSyncGroupObjectID}/config-report": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "parameters": [ + { + "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" + } + ], "get": { "tags": [ - "Instances" - ], - "summary": "List all instances", - "operationId": "listInstances", - "description": "Returns a list of all NGINX instances, providing details such as:\n * Unique identifiers for each instance\n * Timestamps for key actions (like registration and last report)\n * Information about the NGINX build\n * Version of the NGINX Agent\n", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/FilterFieldInstances" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameInstances" - } + "Config Sync Groups" ], + "summary": "Retrieve an analysis report for the configuration of an NGINX config sync group", + "description": "Analyzes the configuration of an NGINX config sync group and returns a detailed report.\nThe report includes insights, identified issues, and recommendations for optimizing and troubleshooting.\n", + "operationId": "getConfigSyncGroupConfigReport", "responses": { "200": { - "description": "Successfully retrieved the list of instances.", + "description": "Successfully retrieved the NGINX configuration analysis for the specified config sync group.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/InstanceListResponse" + "$ref": "#/components/schemas/NginxConfigReports" } } } }, - "401": { - "description": "Access denied.", + "204": { + "description": "The requested config sync group exists, but analysis of the NGINX configuration is not yet completed. Please retry the request at a later time to retrieve the report." + }, + "404": { + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -2429,48 +2629,38 @@ } } }, - "patch": { - "x-nginx-one-action": "bulk", - "x-nginx-one-entity": "NGINX instance", + "put": { + "x-nginx-one-action": "analyze", + "x-nginx-one-entity": "NGINX config sync group configuration", "tags": [ - "Instances" + "Config Sync Groups" ], - "summary": "Bulk operation on multiple instances", - "operationId": "BulkInstances", - "description": "Performs bulk operation on one or more NGINX instances, only delete is supported.", + "summary": "Generate an analysis report for the configuration of the NGINX config sync group", + "description": "Returns an analysis report for the configuration of the NGINX config sync group. This report includes insights, identified issues, and recommendations for optimizing and troubleshooting. Note that this operation is for analysis purposes only and does not apply any changes to the configuration. The report is not stored and is provided only in the API response. To publish the configuration, use the `PUT /config-sync-groups/{configSyncGroupObjectID}/config` endpoint.", + "operationId": "analyzeConfigSyncGroupConfig", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/InstanceBulkRequest" + "$ref": "#/components/schemas/NginxConfigRequest" } } } }, "responses": { "200": { - "description": "Batch request completed.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/InstanceBulkResponse" - } - } - } - }, - "401": { - "description": "Access denied.", + "description": "Successfully analyzed the provided NGINX configuration.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/NginxConfigReports" } } } }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { "application/json": { "schema": { @@ -2478,31 +2668,9 @@ } } } - } - } - } - }, - "/instances/{instanceObjectID}": { - "delete": { - "tags": [ - "Instances" - ], - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "NGINX instance", - "summary": "Delete an instance", - "description": "Deletes an NGINX instance. Associations with certificates will be cleaned up.\n", - "operationId": "deleteInstance", - "parameters": [ - { - "$ref": "#/components/parameters/InstanceParamObjectID" - } - ], - "responses": { - "204": { - "description": "Successfully deleted the NGINX instance." }, "401": { - "description": "Access denied.", + "description": "Access denied", "content": { "application/json": { "schema": { @@ -2512,7 +2680,7 @@ } }, "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -2533,31 +2701,48 @@ } } }, - "get": { + "patch": { + "x-nginx-one-action": "analyze", + "x-nginx-one-entity": "NGINX config sync group configuration", "tags": [ - "Instances" + "Config Sync Groups" ], - "summary": "Retrieve an instance", - "description": "Retrieves the details for an NGINX instance, including\n* Hostname\n* System status\n* Timestamps of key actions (registration, last reported, etc.)\n* NGINX build information\n* Certificate data\n* Operating system version\n* NGINX Agent version\n* Config Sync Group membership details\n* Control plane object ID, name, product and version\n", - "operationId": "getInstance", - "parameters": [ - { - "$ref": "#/components/parameters/InstanceParamObjectID" + "summary": "Generate an analysis report for the configuration of the modified NGINX config sync group", + "description": "Analyzes the provided partial updates merging with an existing configuration of an NGINX config sync group. Generates a report detailing potential issues along with optimization suggestions. \nThis analysis accounts for additive updates made to NGINX configuration. To delete files, omit the `file.contents` field. \nThis method compares the provided `config_version` with the current NGINX config sync group's configuration to detect conflicts, which may arise if the `config_version` does not match due to an out-of-band update. \nNote that this operation is for analysis purposes only and does not apply any changes to the configuration. \nThe report is not stored and is provided only in the API response.\nTo publish the configuration, use the `PATCH /config-sync-groups/{configSyncGroupObjectID}/config` endpoint.\n", + "operationId": "analyzeConfigSyncGroupConfigPatch", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NginxConfigRequest" + } + } } - ], + }, "responses": { "200": { - "description": "Successfully retrieved the details of the NGINX instance.", + "description": "Successfully analyzed the provided NGINX configuration", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/InstanceDetails" + "$ref": "#/components/schemas/NginxConfigReports" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" } } } }, "401": { - "description": "Access denied.", + "description": "Access denied", "content": { "application/json": { "schema": { @@ -2567,7 +2752,7 @@ } }, "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -2589,37 +2774,64 @@ } } }, - "/instances/{instanceObjectID}/config": { + "/certificates": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], "get": { "tags": [ - "Instances" + "Certificates" ], - "summary": "Retrieve an instance's configuration details", - "description": "Returns the configuration details for an NGINX instance, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Details about deployed payloads of managed SSL certificates and keys\n* Unique identifiers\n", - "operationId": "getInstanceConfig", - "responses": { - "200": { - "description": "Successfully retrieved the configuration details for the specified NGINX instance.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfig" - } - } - } + "summary": "List all SSL certificates", + "description": "Returns a paginated list showing metadata for every SSL certificate.\n", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" }, - "401": { - "description": "Access denied.", + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/FilterFieldCertificates" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameCertificates" + } + ], + "operationId": "listCertificates", + "responses": { + "200": { + "description": "Successfully retrieved the list of SSL certificates.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/CertificateListResponse" } } } }, - "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -2640,37 +2852,32 @@ } } }, - "parameters": [ - { - "$ref": "#/components/parameters/InstanceParamObjectID" - } - ], - "patch": { + "post": { + "x-nginx-one-action": "create", + "x-nginx-one-entity": "NGINX certificate", "tags": [ - "Instances" + "Certificates" ], - "x-nginx-one-action": "update", - "x-nginx-one-entity": "NGINX instance configuration", - "summary": "Apply partial updates to an instance's configuration", - "description": "Applies the specified partial updates to an existing NGINX configuration. \nThis endpoint accepts additive updates to `NginxConfig`. \nTo delete files, omit the `file.contents` field. \nThis method compares the provided config_version with the current NGINX instance configuration to detect conflicts, which may arise if the config_version does not match due to an out-of-band update. \nBefore publishing, use the `PATCH /instances/{instanceObjectID}/config-report` endpoint to generate an analysis report for the modified configuration.\n", - "operationId": "publishInstanceConfigWithModify", + "summary": "Create an SSL certificate", + "operationId": "createCertificate", + "description": "Creates a new SSL certificate with an optional name. \nYou must supply the certificate's content in base64-encoded PEM format.\nAny warnings will be displayed only upon creation of the certificate object, and\nis not retrievable after it is created.\n", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" + "$ref": "#/components/schemas/CertificateRequest" } } } }, "responses": { - "202": { - "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /instances/{instanceObjectID}/publications.", + "200": { + "description": "Successfully created the SSL certificate.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PublicationInstance" + "$ref": "#/components/schemas/CertificateResponse" } } } @@ -2695,8 +2902,52 @@ } } }, - "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, + "patch": { + "x-nginx-one-action": "bulk", + "x-nginx-one-entity": "NGINX certificate", + "x-feature-flag": "cert-api-bulk", + "x-nodoc": true, + "tags": [ + "Certificates" + ], + "summary": "Bulk operation on multiple managed certificates", + "operationId": "bulkCertificates", + "description": "Performs bulk operation on one or more managed certificates, only delete is supported.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CertificateBulkRequest" + } + } + } + }, + "responses": { + "200": { + "description": "Batch request completed.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CertificateBulkResponse" + } + } + } + }, + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -2716,33 +2967,46 @@ } } } - }, - "put": { + } + }, + "/certificates/parse": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "post": { + "x-nginx-one-action": "validate", + "x-nginx-one-entity": "NGINX certificate", "tags": [ - "Instances" + "Certificates" ], - "x-nginx-one-action": "create", - "x-nginx-one-entity": "NGINX instance configuration", - "summary": "Publish a configuration to an instance", - "description": "Publishes a new or updated NGINX configuration to the specified instance.\nIn the specified `configs`, empty files are not allowed in the directory.\nIf no existing configuration is found, a new one is created; otherwise, the current configuration is overwritten. \nBefore publishing, use the `PUT /instances/{instanceObjectID}/config-report` endpoint to generate an analysis report for the provided configuration.\nYou can specify `payloads` in the request to deploy managed certificates and keys to the dataplane. Include file paths\nfor each payload component.\n", - "operationId": "publishInstanceConfig", + "summary": "Parse and validate an SSL certificate", + "operationId": "parseCertificate", + "description": "Parses and validates an SSL certificate. \nIt checks the provided PEM files and verifies that the public certificates follow the correct X.509 format. \nIf the certificate cannot be parsed, an error will be returned. \nOtherwise, as long as the certificate is parsable, a `200 OK` status will be returned even if there are issues \nsuch as mismatched private keys or expired certificates. Details of any issues found will be shown in the \"warnings\" field of the response.\n", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" + "$ref": "#/components/schemas/CertificateRequest" } } } }, "responses": { - "202": { - "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /instances/{instanceObjectID}/publications.", + "200": { + "description": "Successfully parsed and validated the SSL certificate.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PublicationInstance" + "$ref": "#/components/schemas/CertificateResponse" } } } @@ -2767,16 +3031,6 @@ } } }, - "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -2790,30 +3044,53 @@ } } }, - "/instances/{instanceObjectID}/config-report": { + "/certificates/{certificateObjectID}": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "parameters": [ + { + "$ref": "#/components/parameters/CertificateParamObjectID" + } + ], "get": { "tags": [ - "Instances" + "Certificates" ], - "summary": "Retrieve an analysis report for an instance's configuration", - "description": "Analyzes the configuration of an NGINX instance and returns a detailed report.\nThe report includes insights, identified issues, and recommendations for optimizing and troubleshooting.\n", - "operationId": "getInstanceConfigReport", + "summary": "Retrieve an SSL certificate", + "operationId": "getCertificate", + "description": "Retrieves the details for an SSL certificate, including:\n* Object ID that uniquely identifies this certificate object\n* SSL certificate type (managed or unmanaged by NGINX One Console)\n* Certificate type (whether it is a CA bundle or a certificate-key pair)\n* Subject name of the leaf certificate, or the soonest-expiring CA in a bundle\n * This subject name will be the DNS name in the SAN extension of the certificate. If not present, it will be the certificate's common name\n* Status of the certificate (valid, expiring, expired)\n* Validity period, if applicable to multiple certificates\n* Metadata for each public certificate if multiples are provided\n* Private key metadata, if available\n", "responses": { "200": { - "description": "Successfully retrieved the NGINX configuration analysis for the specified instance.", + "description": "Successfully retrieved the details of the SSL certificate.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigReports" + "$ref": "#/components/schemas/CertificateResponse" } } } }, - "204": { - "description": "The requested instance exists, but analysis of the NGINX configuration is not yet completed. Please retry the request at a later time to retrieve the report." + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } }, "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -2834,37 +3111,32 @@ } } }, - "parameters": [ - { - "$ref": "#/components/parameters/InstanceParamObjectID" - } - ], "patch": { + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX certificate", "tags": [ - "Instances" + "Certificates" ], - "x-nginx-one-action": "analyze", - "x-nginx-one-entity": "NGINX instance configuration", - "summary": "Generate an analysis report for the provided modified configuration", - "description": "Analyzes the provided partial updates to an existing NGINX configuration and generates a report detailing potential issues along with optimization suggestions. \nThis analysis accounts for additive updates made to `NginxConfig`. To delete files, omit the `file.contents` field. \nThis method compares the provided `config_version` with the current NGINX instance configuration to detect conflicts, which may arise if the `config_version` does not match due to an out-of-band update. \nNote that this operation is for analysis purposes only and does not apply any changes to the configuration. \nThe report is not stored and is provided only in the API response.\nTo publish the configuration, use the `PATCH /instances/{instanceObjectID}/config` endpoint.\n", - "operationId": "analyzeInstanceConfigWithModify", + "summary": "Update an SSL certificate", + "operationId": "updateCertificate", + "description": "Updates public certificates, private keys, or both. \nThis endpoint can also be used to update a Certificate Authority (CA) bundle.\n", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" + "$ref": "#/components/schemas/CertificateUpdateRequest" } } } }, "responses": { "200": { - "description": "Successfully analyzed the provided NGINX configuration.", + "description": "Successfully updated the specified SSL certificate.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigReports" + "$ref": "#/components/schemas/CertificateResponse" } } } @@ -2890,7 +3162,7 @@ } }, "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -2911,36 +3183,34 @@ } } }, - "put": { + "delete": { + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "NGINX certificate", "tags": [ - "Instances" + "Certificates" ], - "x-nginx-one-action": "analyze", - "x-nginx-one-entity": "NGINX instance configuration", - "summary": "Generate an analysis report for the provided configuration", - "description": "Returns an analysis report for the provided NGINX configuration. This report includes insights, identified issues, and recommendations for optimizing and troubleshooting. Note that this operation is for analysis purposes only and does not apply any changes to the configuration. The report is not stored and is provided only in the API response. To publish the configuration, use the `PUT /instances/{instanceObjectID}/config` endpoint.", - "operationId": "analyzeInstanceConfig", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" - } - } + "summary": "Delete an SSL certificate", + "operationId": "deleteCertificate", + "description": "* Deletes a managed SSL certificate from the NGINX One console. This operation is disabled for unmanaged certificates, as they get cleaned up automatically when they are not used in any NGINX configuration. \n* An optional flag `deleteFromDataPlanes` when set to true, can be used to remove the certificate from data plane instances to where it was deployed.\n * Deleting from data planes triggers publications on either instances or Config Sync Groups. After the managed cert object is deleted from NGINX One Console, a `PublicationBulkResponse` is returned along with status code 202, indicating whether an error occurred while issuing a publication to a data plane target.\n * If this cert is not associated with any data plane, status code 204 is returned when `deleteFromDataPlanes` set to true.\n", + "parameters": [ + { + "$ref": "#/components/parameters/DeleteFromDataPlanesParamFlag" } - }, + ], "responses": { - "200": { - "description": "Successfully analyzed the provided NGINX configuration.", + "202": { + "description": "Successfully deleted the SSL certificate. Handling deletion of certificate from data planes in the background.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigReports" + "$ref": "#/components/schemas/PublicationBulkResponse" } } } }, + "204": { + "description": "Successfully deleted the SSL certificate." + }, "400": { "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { @@ -2962,7 +3232,7 @@ } }, "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -2984,24 +3254,61 @@ } } }, - "/instances/{instanceObjectID}/configs": { + "/certificates/{certificateObjectID}/deployments": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], "get": { "tags": [ - "Instances" + "Certificates" ], - "summary": "Retrieves the stored NGINX configurations for an instance", - "description": "Returns a list of all configurations for a NGINX instance. Only the last 10 are kept on the NGINX One Console for a NGINX instance.", - "operationId": "listInstanceConfigurations", - "responses": { - "200": { - "description": "Successfully retrieved the list of NGINX configurations for the specified NGINX instance.", + "summary": "List SSL certificate deployments", + "description": "Returns a paginated list showing all the deployments for a SSL certificate and assigned file path(s).\n", + "parameters": [ + { + "$ref": "#/components/parameters/CertificateParamObjectID" + }, + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/FilterFieldCertificateDeployments" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameCertificateDeployments" + } + ], + "operationId": "listCertificateDeployments", + "responses": { + "200": { + "description": "Successfully retrieved the list of SSL certificate deployments.", "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NginxConfigMeta" - } + "$ref": "#/components/schemas/CertificateDeploymentListResponse" } } } @@ -3017,7 +3324,7 @@ } }, "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -3037,28 +3344,51 @@ } } } - }, - "parameters": [ + } + }, + "/cves": { + "servers": [ { - "$ref": "#/components/parameters/InstanceParamObjectID" + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true } - ] - }, - "/instances/{instanceObjectID}/configs/{instanceConfigurationObjectID}": { + ], "get": { "tags": [ - "Instances" + "CVEs" + ], + "summary": "List of all CVEs affecting any instance/control plane", + "operationId": "listNginxCVEs", + "description": "Returns a list of all CVEs that affect an instance/control plane under the tenant\n", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameCVEs" + } ], - "summary": "Retrieve an instance's configuration details", - "description": "Returns the configuration details for an NGINX instance, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Unique identifiers\n", - "operationId": "getInstanceConfigWithObjectID", "responses": { "200": { - "description": "Successfully retrieved the configuration details for the specified NGINX instance and NGINX configuration.", + "description": "Successfully retrieved the list of CVEs.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfig" + "$ref": "#/components/schemas/CVEListResponse" } } } @@ -3073,16 +3403,6 @@ } } }, - "404": { - "description": "The NGINX instance or NGINX configuration with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -3094,39 +3414,39 @@ } } } - }, - "parameters": [ - { - "$ref": "#/components/parameters/InstanceParamObjectID" - }, + } + }, + "/cves/{nginxCVEID}": { + "servers": [ { - "$ref": "#/components/parameters/InstanceConfigurationParamObjectID" + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true } - ] - }, - "/instances/{instanceObjectID}/cves": { + ], "get": { "tags": [ - "Instances" + "CVEs" ], - "summary": "Retrieve an instance's security advisories (CVEs)", - "description": "Retrieves a list of the security advisories (CVEs) for an NGINX instance.", - "operationId": "listInstanceSecurityAdvisories", + "summary": "Retrieve NGINX CVE details", + "operationId": "GetNginxCVEDetails", + "description": "Retrieve CVE details\n", "parameters": [ { - "$ref": "#/components/parameters/InstanceParamObjectID" + "$ref": "#/components/parameters/NginxCVEParamID" } ], "responses": { "200": { - "description": "Successfully retrieved the list of security advisories (CVEs).", + "description": "Successfully retrieved NGINX CVE details.", "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NginxSecurityAdvisory" - } + "$ref": "#/components/schemas/NginxCVEDetailsResponse" } } } @@ -3142,7 +3462,7 @@ } }, "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "CVE with the specified nginxCVEID was not found. Check that the nginxCVEID provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -3164,29 +3484,52 @@ } } }, - "/instances/{instanceObjectID}/publications": { + "/cves/{nginxCVEID}/impacted_instances": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], "get": { "tags": [ - "Instances" + "CVEs" ], - "summary": "Retrieve the publications for an instance", - "description": "Returns a list of all publications for a NGINX instance.", - "operationId": "listInstancePublications", + "summary": "Retrieve the instances impacted by a CVE", + "description": "Retrieves a list of the instances impacted by a security advisory.", + "operationId": "listCVEImpactedInstances", "parameters": [ { - "$ref": "#/components/parameters/InstanceParamObjectID" + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameCVEImpactedInstances" + }, + { + "$ref": "#/components/parameters/NginxCVEParamID" } ], "responses": { "200": { - "description": "Successfully retrieved the list of all publications for the specified NGINX instance.", + "description": "Successfully retrieved the list of instances affected by the CVE.", "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/PublicationInstance" - } + "$ref": "#/components/schemas/CVEImpactedInstancesListResponse" } } } @@ -3201,6 +3544,16 @@ } } }, + "404": { + "description": "The CVE with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing CVE.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -3214,29 +3567,53 @@ } } }, - "/instances/{instanceObjectID}/publications/{publicationObjectID}": { + "/cves/{nginxCVEID}/control-planes": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], "get": { + "x-feature-flag": "control-planes-m2", "tags": [ - "Instances" + "CVEs" ], - "summary": "Retrieve a publication for an NGINX instance.", - "description": "Returns a specific publication for an NGINX instance. Only 5 previous entries of Publication are kept for each NGINX instance.", - "operationId": "getInstancePublication", + "summary": "Retrieve the control planes impacted by a CVE", + "description": "Retrieves a list of the control planes impacted by a security advisory.", + "operationId": "listCVEImpactedControlPlanes", "parameters": [ { - "$ref": "#/components/parameters/InstanceParamObjectID" + "$ref": "#/components/parameters/Paginated" }, { - "$ref": "#/components/parameters/PublicationParamObjectID" + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameCVEImpactedControlPlanes" + }, + { + "$ref": "#/components/parameters/NginxCVEParamID" } ], "responses": { "200": { - "description": "Successfully retrieved the specific Publication for the specified NGINX instance.", + "description": "Successfully retrieved the list of control planes affected by the CVE.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PublicationInstance" + "$ref": "#/components/schemas/CVEImpactedControlPlanesListResponse" } } } @@ -3252,7 +3629,7 @@ } }, "404": { - "description": "The NGINX instance or Publication with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The CVE with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing CVE.", "content": { "application/json": { "schema": { @@ -3274,21 +3651,52 @@ } } }, - "/instances/summary": { + "/events": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], "get": { "tags": [ - "Instances" + "Events" + ], + "summary": "Retrieve system events.", + "description": "Retrieves a list of the system events.", + "operationId": "listEvents", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/FilterFieldEvents" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + } ], - "summary": "Retrieve a summary for all instances", - "description": "Retrieves a comprehensive summary for all NGINX instances, which includes details such as:\n * Certificate status and associations\n * Operating system details\n * Version of the NGINX Agent\n * Overall system status\n", - "operationId": "listSummary", "responses": { "200": { - "description": "Successfully retrieved the summary of NGINX instances.", + "description": "Successfully retrieved the list of events.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/InstanceSummary" + "$ref": "#/components/schemas/EventsListResponse" } } } @@ -3316,48 +3724,37 @@ } } }, - "/staged-configs": { + "/events/{eventObjectID}": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], "get": { - "x-feature-flag": "staged-configs", "tags": [ - "Staged Configs" + "Events" ], - "summary": "List all staged configs", - "operationId": "listStagedConfigs", - "description": "Returns a list of all NGINX staged configs, providing details such as:\n * Name and object_id of staged config\n * Created and modified timestamps\n", + "operationId": "getEvent", + "summary": "Retrieve specific event.", + "description": "Retrieve a specific event using the event object_id.", "parameters": [ { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/FilterFieldStagedConfigs" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameStagedConfigs" + "$ref": "#/components/parameters/EventParamObjectID" } ], "responses": { "200": { - "description": "Successfully retrieved the list of NGINX staged configs.", + "description": "Successfully retrieved the details of the event.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/StagedConfigListResponse" + "$ref": "#/components/schemas/Event" } } } @@ -3372,6 +3769,16 @@ } } }, + "404": { + "description": "The Event with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -3383,7 +3790,20 @@ } } } - }, + } + }, + "/staged-configs": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], "post": { "x-feature-flag": "staged-configs", "x-nginx-one-action": "create", @@ -3446,25 +3866,41 @@ } } } - } - }, - "/staged-configs/{stagedConfigObjectID}": { - "delete": { - "x-feature-flag": "staged-configs", - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "NGINX staged config", + }, + "patch": { + "x-nginx-one-action": "bulk", + "x-nginx-one-entity": "NGINX staged configs", + "x-feature-flag": "staged-configs-phase-2", + "x-nodoc": true, "tags": [ "Staged Configs" ], - "summary": "Delete an NGINX staged config", - "description": "Delete a NGINX staged config from the NGINX One console.\n", - "operationId": "deleteStagedConfig", + "summary": "Bulk operation on multiple staged configs", + "operationId": "bulkStagedConfigs", + "description": "Performs bulk operation on one or more staged configs, only delete is supported.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/StagedConfigBulkRequest" + } + } + } + }, "responses": { - "204": { - "description": "Successfully deleted the NGINX staged configs" + "200": { + "description": "Batch request completed.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/StagedConfigBulkResponse" + } + } + } }, "401": { - "description": "Access denied", + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -3473,8 +3909,65 @@ } } }, - "404": { - "description": "The NGINX staged config with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, + "get": { + "x-feature-flag": "staged-configs", + "tags": [ + "Staged Configs" + ], + "summary": "List all staged configs", + "operationId": "listStagedConfigs", + "description": "Returns a list of all NGINX staged configs, providing details such as:\n * Name and object_id of staged config\n * Created and modified timestamps\n", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/FilterFieldStagedConfigs" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameStagedConfigs" + } + ], + "responses": { + "200": { + "description": "Successfully retrieved the list of NGINX staged configs.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/StagedConfigListResponse" + } + } + } + }, + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -3494,7 +3987,25 @@ } } } - }, + } + }, + "/staged-configs/{stagedConfigObjectID}": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "parameters": [ + { + "$ref": "#/components/parameters/StagedConfigParamObjectID" + } + ], "get": { "x-feature-flag": "staged-configs", "tags": [ @@ -3546,31 +4057,19 @@ } } }, - "parameters": [ - { - "$ref": "#/components/parameters/StagedConfigParamObjectID" - } - ] - }, - "/staged-configs/{stagedConfigObjectID}/config": { - "get": { + "delete": { + "x-feature-flag": "staged-configs", + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "NGINX staged config", "tags": [ "Staged Configs" ], - "x-feature-flag": "staged-configs", - "summary": "Retrieve an NGINX staged config", - "description": "Retrieve the details for an NGINX staged config.\n", - "operationId": "getStagedConfig", + "summary": "Delete an NGINX staged config", + "description": "Delete a NGINX staged config from the NGINX One console.\n", + "operationId": "deleteStagedConfig", "responses": { - "200": { - "description": "Successfully retrieved the details of the NGINX staged config.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/StagedConfigResponse" - } - } - } + "204": { + "description": "Successfully deleted the NGINX staged configs" }, "401": { "description": "Access denied", @@ -3603,49 +4102,40 @@ } } } - }, + } + }, + "/staged-configs/{stagedConfigObjectID}/config": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], "parameters": [ { "$ref": "#/components/parameters/StagedConfigParamObjectID" } ], - "patch": { + "get": { "tags": [ "Staged Configs" ], "x-feature-flag": "staged-configs", - "x-nginx-one-action": "update", - "x-nginx-one-entity": "NGINX staged config", - "summary": "Apply partial updates to staged config", - "description": "Applies the specified partial updates to an existing NGINX staged config Details:\n * This endpoint accepts additive updates to `NginxConfig`. Base `nginx.conf` file must always be provided along with additives.\n * To delete files, omit the `file.contents` field.\n * `config_version` is used to ensure the requested patch is applied against the same version.\n", - "operationId": "patchStagedConfig", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/StagedConfigChangeRequest" - } - } - } - }, + "summary": "Retrieve an NGINX staged config", + "description": "Retrieve the details for an NGINX staged config.\n", + "operationId": "getStagedConfig", "responses": { "200": { - "description": "Successfully stored the NGINX staged configuration.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/StagedConfigMeta" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "description": "Successfully retrieved the details of the NGINX staged config.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/StagedConfigResponse" } } } @@ -3670,16 +4160,6 @@ } } }, - "409": { - "description": "NGINX config version mismatch. Provided config_version does not match recent config_version for the NGINX staged config, possible conflict.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -3764,30 +4244,57 @@ } } } - } - }, - "/staged-configs/{stagedConfigObjectID}/config-report": { - "get": { + }, + "patch": { "tags": [ "Staged Configs" ], "x-feature-flag": "staged-configs", - "summary": "Retrieve an analysis report for the NGINX staged config", - "description": "Analyzes the NGINX staged config and returns a detailed report.\nThe report includes insights, identified issues, and recommendations for optimizing and troubleshooting.\n", - "operationId": "getStagedConfigReport", - "responses": { - "200": { - "description": "Successfully retrieved the NGINX configuration analysis for the specified staged config.", - "content": { + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX staged config", + "summary": "Apply partial updates to staged config", + "description": "Applies the specified partial updates to an existing NGINX staged config Details:\n * This endpoint accepts additive updates to `NginxConfig`. Base `nginx.conf` file must always be provided along with additives.\n * To delete files, omit the `file.contents` field.\n * `config_version` is used to ensure the requested patch is applied against the same version.\n", + "operationId": "patchStagedConfig", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/StagedConfigChangeRequest" + } + } + } + }, + "responses": { + "200": { + "description": "Successfully stored the NGINX staged configuration.", + "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigReports" + "$ref": "#/components/schemas/StagedConfigMeta" } } } }, - "204": { - "description": "The requested staged config exists, but analysis of the NGINX configuration is not yet completed. Please retry the request at a later time to retrieve the report." + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } }, "404": { "description": "The NGINX staged config with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", @@ -3799,6 +4306,16 @@ } } }, + "409": { + "description": "NGINX config version mismatch. Provided config_version does not match recent config_version for the NGINX staged config, possible conflict.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -3810,12 +4327,69 @@ } } } - }, + } + }, + "/staged-configs/{stagedConfigObjectID}/config-report": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], "parameters": [ { "$ref": "#/components/parameters/StagedConfigParamObjectID" } ], + "get": { + "tags": [ + "Staged Configs" + ], + "x-feature-flag": "staged-configs", + "summary": "Retrieve an analysis report for the NGINX staged config", + "description": "Analyzes the NGINX staged config and returns a detailed report.\nThe report includes insights, identified issues, and recommendations for optimizing and troubleshooting.\n", + "operationId": "getStagedConfigReport", + "responses": { + "200": { + "description": "Successfully retrieved the NGINX configuration analysis for the specified staged config.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NginxConfigReports" + } + } + } + }, + "204": { + "description": "The requested staged config exists, but analysis of the NGINX configuration is not yet completed. Please retry the request at a later time to retrieve the report." + }, + "404": { + "description": "The NGINX staged config with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, "patch": { "x-feature-flag": "staged-configs", "x-nginx-one-action": "analyze", @@ -3890,49 +4464,48 @@ } } }, - "/monitor/metrics_query_topx": { - "post": { - "tags": [ - "Metrics" - ], - "summary": "Retrieve system metrics for instances with series limit", - "operationId": "queryMetricsInputTopX", - "description": "Returns (up to 10,000) system metrics for NGINX instances with series limit based on query parameters.\n\nYou can filter metrics by name and timestamp, aggregate metrics over a configurable period of time, and group metrics by dimension.\n", - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/MetricTopXQueryRequest" - }, - "example": { - "start_time": "now-1h", - "end_time": "now", - "resolution": "1m", - "metrics": [ - { - "aggregate": "sum", - "name": "nginx.http.request.count" - } - ], - "series_limit": 1, - "group_series_by": "instance_object_id" - } + "/staged-configs/{stagedConfigObjectID}/export": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" } + }, + "x-nodoc": true + } + ], + "get": { + "parameters": [ + { + "$ref": "#/components/parameters/StagedConfigParamObjectID" } - }, + ], + "tags": [ + "Staged Configs" + ], + "x-feature-flag": "staged-configs-phase-2", + "x-nginx-one-action": "export", + "x-nginx-one-entity": "NGINX staged config", + "summary": "Export staged configuration", + "description": "Exports staged configuration as a gzipped tar archive. Does not include sensitive data such as SSL certificates. [Learn more](https://docs.nginx.com/nginx-one/how-to/staged-configs/import-export-staged-config/).\n", + "operationId": "exportStagedConfig", "responses": { "200": { - "description": "Successfully retrieved system metrics.", + "description": "Successfully exported the staged configuration.", "content": { - "application/json": { + "application/gzip": { "schema": { - "$ref": "#/components/schemas/MetricQueryResultEx" + "type": "string", + "format": "binary", + "example": "my-staged-config-2025-01-01T20_25_03.tar.gz" } } } }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "401": { + "description": "Access denied", "content": { "application/json": { "schema": { @@ -3942,7 +4515,7 @@ } }, "404": { - "description": "The requested metric resource was not found. Check that the resource name provided is correct and corresponds to an existing resource.", + "description": "The NGINX staged config with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -3964,111 +4537,65 @@ } } }, - "/settings/instance-cleanup": { - "get": { - "tags": [ - "Settings" - ], - "summary": "Retrieve settings", - "description": "Retrieves settings for NGINX Instance cleanup\n", - "operationId": "getSettingInstanceCleanup", - "responses": { - "200": { - "description": "Successfully retrieved the setting for NGINX Instance cleanup.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/SettingsInstanceCleanup" - } - } + "/staged-configs/import": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" } }, - "400": { - "$ref": "#/components/responses/InvalidRequest" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } + "x-nodoc": true } - }, - "put": { - "x-nginx-one-action": "update", - "x-nginx-one-entity": "NGINX Instance Cleanup Setting", + ], + "post": { "tags": [ - "Settings" + "Staged Configs" ], - "summary": "Update settings", - "description": "Update settings for NGINX Instance cleanup\n", - "operationId": "updateSettingInstanceCleanup", + "x-feature-flag": "staged-configs-phase-2", + "x-nginx-one-action": "import", + "x-nginx-one-entity": "NGINX staged config", + "summary": "Import staged configuration\n", + "description": "Imports a gzipped tar archive (.tar.gz) containing configuration and aux files into NGINX One. \nOnly non-hidden files are included in the import.\n\nMaximum compressed archive size: **5 MB**\nMaximum uncompressed individual file size: **10 MB**\n\nIf `parse_only` is set to `true`, the configuration is only validated and not staged.\nBy default, validation is performed and a staged configuration is created upon success.\n", + "parameters": [ + { + "$ref": "#/components/parameters/StagedConfigImportParseOnly" + } + ], + "operationId": "importStagedConfig", "requestBody": { "required": true, "content": { - "application/json": { + "multipart/form-data": { "schema": { - "$ref": "#/components/schemas/SettingsInstanceCleanup" + "$ref": "#/components/schemas/StagedConfigImportRequest" + }, + "encoding": { + "file": { + "contentType": "application/gzip, application/x-gzip" + } } } } }, "responses": { "200": { - "description": "Successfully updated settings for NGINX Instance cleanup.", + "description": "Return if `parse_only` is `true`: Returns data matching `StagedConfigCreateRequest` that can be used to create the staged config later. \n", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/SettingsInstanceCleanup" + "$ref": "#/components/schemas/StagedConfigCreateRequest" } } } }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/app-protect/policies": { - "get": { - "x-feature-flag": "nap-waf", - "tags": [ - "NGINX App Protect" - ], - "summary": "List NGINX App Protect policies", - "description": "Returns a list of NGINX App Protect policies along with deployment details.", - "operationId": "listNapPolicies", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameNapPolicies" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/FilterFieldNapPolicy" - } - ], - "responses": { - "200": { - "description": "Successfully returned NGINX App Protect policies.", + "201": { + "description": "Return if `parse_only` is `false` or omitted: Confirms the import parsed successfully and the staged config was created.\n", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapPolicyListResponse" + "$ref": "#/components/schemas/StagedConfigCreateResponse" } } } @@ -4084,7 +4611,7 @@ } }, "401": { - "description": "Access denied.", + "description": "Access denied", "content": { "application/json": { "schema": { @@ -4104,85 +4631,48 @@ } } } - }, - "patch": { - "x-nginx-one-action": "bulk", - "x-nginx-one-entity": "NGINX Nap Policies", - "x-feature-flag": "nap-waf", - "tags": [ - "NGINX App Protect" - ], - "summary": "Bulk operation on multiple Nap policy", - "operationId": "bulkNAPPolicy", - "description": "Performs bulk operation on one or more Nap policy, only delete is supported.", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapPolicyBulkRequest" - } - } - } - }, - "responses": { - "200": { - "description": "Batch request completed.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapBulkResponse" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } + } + }, + "/config-report": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" } }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } + "x-nodoc": true } - }, + ], "post": { - "x-feature-flag": "nap-waf", + "x-nodoc": true, + "x-feature-flag": "staged-configs", + "x-nginx-one-action": "analyze", + "x-nginx-one-entity": "NGINX configuration", "tags": [ - "NGINX App Protect" + "Staged Configs" ], - "summary": "Create NGINX App Protect policy", - "description": "Creates NGINX App Protect policy.", - "operationId": "createNapPolicy", + "summary": "Generate an analysis report for the provided NGINX configuration", + "operationId": "analyzeNginxConfig", + "description": "Returns an analysis report for the provided NGINX configuration. This report includes insights, identified issues, and recommendations for optimizing and troubleshooting. Note that this operation is for analysis purposes only and does not affect any resources. The report is not stored and is provided only in the API response.\n", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapPolicy" + "$ref": "#/components/schemas/NginxConfigRequest" } } } }, "responses": { - "201": { - "description": "Successfully created NGINX App Protect policy.", + "200": { + "description": "Successfully analyzed the provided NGINX configuration.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapPolicyMetadata" + "$ref": "#/components/schemas/NginxConfigReports" } } } @@ -4220,96 +4710,216 @@ } } }, - "/app-protect/policies/{nap_policy_object_id}": { - "delete": { - "x-feature-flag": "nap-waf", + "/control-planes": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "get": { "tags": [ - "NGINX App Protect" + "Control Planes" ], - "summary": "Delete NGINX App Protect policy", - "description": "Deletes NGINX App Protect policy.", - "operationId": "deleteNapPolicy", + "summary": "List control planes", + "operationId": "listControlPlanes", + "description": "Returns a paginated list of control planes.\n", "parameters": [ { - "$ref": "#/components/parameters/NapPolicyParamObjectID" + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameControlPlanes" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldControlPlanes" } ], "responses": { - "204": { - "description": "Successfully deleted NGINX App Protect policy." - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "200": { + "description": "Successfully retrieved the list of control planes.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/ControlPlaneListResponse" } } } }, "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/control-planes/summary": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" } }, - "404": { - "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "x-nodoc": true + } + ], + "get": { + "tags": [ + "Control Planes" + ], + "summary": "Retrieve a summary for all Control Planes.", + "description": "Retrieves details for all control planes, including:\n * Number of control planes for each product name/version\n", + "operationId": "getControlPlaneSummary", + "responses": { + "200": { + "description": "Successfully retrieved the summary of control planes.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/ControlPlaneSummary" } } } }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/control-planes/{controlPlaneObjectID}": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "parameters": [ + { + "$ref": "#/components/parameters/ControlPlaneParamObjectID" + } + ], + "get": { + "tags": [ + "Control Planes" + ], + "summary": "Retrieve a control plane", + "description": "Retrieve the details for a control plane, including:\n* Object ID\n* Product name and version\n* Cluster UUID\n* Kubernetes namespace\n* Deployment UUID\n* Data plane key\n* Certificate summary referenced by control plane instances\n* Instance status summary\n", + "operationId": "getControlPlane", + "responses": { + "200": { + "description": "Successfully retrieved the details of the control plane.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/ControlPlaneDetails" } } } + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" } } }, + "delete": { + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "Control Plane", + "tags": [ + "Control Planes" + ], + "summary": "Delete a control plane", + "description": "Delete a control plane from the NGINX One Console. You can delete a control plane, only if it contains no NGINX instances.\n", + "operationId": "deleteControlPlane", + "responses": { + "204": { + "description": "Successfully deleted the control plane" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/control-planes/{controlPlaneObjectID}/cves": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], "get": { - "x-feature-flag": "nap-waf", + "x-feature-flag": "control-planes-m2", "tags": [ - "NGINX App Protect" + "Control Planes" ], - "summary": "Get NGINX App Protect policy details", - "description": "Returns NGINX App Protect policy summary.", - "operationId": "getNapPolicy", + "summary": "Retrieve a control plane's security advisories (CVEs)", + "description": "Retrieves a list of the security advisories (CVEs) for an NGINX control plane.", + "operationId": "listControlPlaneSecurityAdvisories", "parameters": [ { - "$ref": "#/components/parameters/NapPolicyParamObjectID" + "$ref": "#/components/parameters/ControlPlaneParamObjectID" } ], "responses": { "200": { - "description": "Successfully returned NGINX App Protect policy details.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapPolicyObject" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "description": "Successfully retrieved the list of security advisories (CVEs).", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxSecurityAdvisory" + } } } } @@ -4325,7 +4935,7 @@ } }, "404": { - "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX control plane with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -4345,37 +4955,60 @@ } } } - }, - "put": { - "x-feature-flag": "nap-waf", + } + }, + "/monitor/metrics_query": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "post": { "tags": [ - "NGINX App Protect" - ], - "summary": "Update NGINX App Protect policy details", - "description": "Update NGINX App Protect policy details.", - "operationId": "updateNapPolicy", - "parameters": [ - { - "$ref": "#/components/parameters/NapPolicyParamObjectID" - } + "Metrics" ], + "summary": "Retrieve system metrics for instances", + "operationId": "queryMetricsInput", + "description": "Returns (up to 10,000) system metrics for NGINX instances based on query parameters.\n\nYou can filter metrics by name and timestamp, aggregate metrics over a configurable period of time, and group metrics by dimension.\n", "requestBody": { - "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapPolicy" + "$ref": "#/components/schemas/MetricQueryRequest" + }, + "example": { + "start_time": "now-1h", + "end_time": "now", + "resolution": "5m", + "metrics": [ + { + "name": "nginx.http.request.count", + "aggregate": "sum" + } + ], + "order_by": [ + { + "direction": "asc", + "dimension": "instance_object_id" + } + ] } } } }, "responses": { - "201": { - "description": "Successfully created an NGINX App Protect policy version.", + "200": { + "description": "Successfully retrieved system metrics.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapPolicyMetadata" + "$ref": "#/components/schemas/MetricQueryResultEx" } } } @@ -4390,18 +5023,8 @@ } } }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, "404": { - "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "description": "The requested metric resource was not found. Check that the resource name provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -4423,51 +5046,54 @@ } } }, - "/app-protect/policies/{nap_policy_object_id}/deployments": { - "get": { - "x-feature-flag": "nap-waf", + "/monitor/metrics_query_topx": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "post": { "tags": [ - "NGINX App Protect" + "Metrics" ], - "summary": "List NGINX App Protect deployments", - "description": "Returns NGINX App Protect deployments, providing details such as:\n * Target of the deployment\n * Time of deployment\n * Enforcement mode\n * Policy version\n * Threat campaign\n * Attack signature\n * Bot signature\n", - "operationId": "listNapPolicyDeployments", - "parameters": [ - { - "$ref": "#/components/parameters/NapPolicyParamObjectID" - }, - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameNapPolicyDeployments" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/FilterFieldNapPolicyDeployment" + "summary": "Retrieve system metrics for instances with series limit", + "operationId": "queryMetricsInputTopX", + "description": "Returns (up to 10,000) system metrics for NGINX instances with series limit based on query parameters.\n\nYou can filter metrics by name and timestamp, aggregate metrics over a configurable period of time, and group metrics by dimension.\n", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/MetricTopXQueryRequest" + }, + "example": { + "start_time": "now-1h", + "end_time": "now", + "resolution": "1m", + "metrics": [ + { + "aggregate": "sum", + "name": "nginx.http.request.count" + } + ], + "series_limit": 1, + "group_series_by": "instance_object_id" + } + } } - ], + }, "responses": { "200": { - "description": "Successfully returned NGINX App Protect deployments.", + "description": "Successfully retrieved system metrics.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapPolicyDeploymentsListResponse" + "$ref": "#/components/schemas/MetricQueryResultEx" } } } @@ -4482,8 +5108,8 @@ } } }, - "401": { - "description": "Access denied.", + "404": { + "description": "The requested metric resource was not found. Check that the resource name provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -4492,8 +5118,8 @@ } } }, - "404": { - "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { "application/json": { "schema": { @@ -4501,47 +5127,203 @@ } } } + } + } + } + }, + "/settings/instance-cleanup": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "get": { + "tags": [ + "Settings" + ], + "summary": "Retrieve settings", + "description": "Retrieves settings for NGINX Instance cleanup\n", + "operationId": "getSettingInstanceCleanup", + "responses": { + "200": { + "description": "Successfully retrieved the setting for NGINX Instance cleanup.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SettingsInstanceCleanup" + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" }, "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", + "$ref": "#/components/responses/InternalServerErr" + } + } + }, + "put": { + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX Instance Cleanup Setting", + "tags": [ + "Settings" + ], + "summary": "Update settings", + "description": "Update settings for NGINX Instance cleanup\n", + "operationId": "updateSettingInstanceCleanup", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SettingsInstanceCleanup" + } + } + } + }, + "responses": { + "200": { + "description": "Successfully updated settings for NGINX Instance cleanup.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/SettingsInstanceCleanup" } } } + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" } } } }, - "/app-protect/policies/{nap_policy_object_id}/version": { + "/settings/acme": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], "get": { - "x-feature-flag": "nap-waf", + "x-feature-flag": "acme-cert", + "x-nodoc": true, "tags": [ - "NGINX App Protect" + "Settings" ], - "summary": "Get the latest NGINX App Protect policy version details", - "description": "Returns the latest NGINX App Protect policy version details.", - "operationId": "getLatestNapPolicyVersion", - "parameters": [ - { - "$ref": "#/components/parameters/NapPolicyParamObjectID" + "summary": "Retrieve settings", + "description": "Retrieves settings for ACME Integration to provision SSL certificates\n", + "operationId": "getSettingACME", + "responses": { + "200": { + "description": "Successfully retrieved the setting for ACME integration.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SettingsACMEIntegration" + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" } + } + }, + "put": { + "x-nodoc": true, + "x-feature-flag": "acme-cert", + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX ACME Integrations Setting", + "tags": [ + "Settings" ], + "summary": "Update settings", + "description": "Update settings for ACME Integration to provision SSL certificates\n", + "operationId": "updateSettingACME", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SettingsACMEIntegration" + } + } + } + }, "responses": { "200": { - "description": "Successfully returned NGINX App Protect policy version details.", + "description": "Successfully updated settings for ACME integration.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapPolicyVersionDetails" + "$ref": "#/components/schemas/SettingsACMEIntegration" } } } }, - "401": { - "description": "Access denied.", + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/nginx-usage": { + "servers": [ + { + "url": "/api", + "x-nodoc": true + } + ], + "post": { + "tags": [ + "Usage" + ], + "x-feature-flag": "entitlement", + "summary": "Use http POST on this API to register NGINX instances", + "description": "Creates a usage entry from NGINX instance", + "operationId": "postUsageTracking", + "security": [ + { + "BearerAuth": [] + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NginxUsageTrackingRequest" + }, + "examples": { + "nginxUsageTrackingRequest": { + "$ref": "#/components/examples/NginxUsageTrackingRequest" + } + } + } + } + }, + "responses": { + "204": { + "description": "Successfully created the usage entry." + }, + "400": { + "description": "Missing or bad data in request.", "content": { "application/json": { "schema": { @@ -4550,8 +5332,8 @@ } } }, - "404": { - "description": "The NGINX App Protect policy version with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -4573,57 +5355,62 @@ } } }, - "/app-protect/policies/{nap_policy_object_id}/versions": { - "get": { - "x-feature-flag": "nap-waf", + "/chatbot/message": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "post": { + "x-nginx-one-action": "query", + "x-nginx-one-entity": "NGINX One AI Assistant", + "x-nodoc": true, "tags": [ - "NGINX App Protect" + "Chatbot" ], - "summary": "List NGINX App Protect policy versions", - "description": "Returns NGINX App Protect policy versions.", - "operationId": "listNapPolicyVersions", - "parameters": [ - { - "$ref": "#/components/parameters/NapPolicyParamObjectID" - }, - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameNapPolicyVersions" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/FilterFieldNapPolicyVersion" + "summary": "Send a prompt to the AI Gateway", + "description": "This endpoint sends a prompt as a specified persona to the AI Gateway.", + "operationId": "sendChatbotMessage", + "requestBody": { + "description": "The request body contains the message you want to send to the chatbot", + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ChatbotRequest" + }, + "examples": { + "ChatbotRequest": { + "$ref": "#/components/examples/ChatbotRequest" + } + } + } } - ], + }, "responses": { "200": { - "description": "Successfully returned the NGINX App Protect policy versions.", + "description": "The message was sent successfully.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapPolicyVersionsListResponse" + "$ref": "#/components/schemas/ChatbotResponse" + }, + "examples": { + "ChatbotResponse": { + "$ref": "#/components/examples/ChatbotResponse" + } } } } }, "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "description": "The request is missing data or contains bad data.", "content": { "application/json": { "schema": { @@ -4633,7 +5420,7 @@ } }, "401": { - "description": "Access denied.", + "description": "Access is denied.", "content": { "application/json": { "schema": { @@ -4642,8 +5429,8 @@ } } }, - "404": { - "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "422": { + "description": "Prompt cannot be answered due to a policy violation.", "content": { "application/json": { "schema": { @@ -4653,7 +5440,7 @@ } }, "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", + "description": "A server error occurred. Please try again later.", "content": { "application/json": { "schema": { @@ -4665,29 +5452,51 @@ } } }, - "/app-protect/policies/{nap_policy_object_id}/versions/{nap_policy_version_object_id}": { - "delete": { - "x-feature-flag": "nap-waf", + "/chatbot/feedback": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "post": { + "x-nginx-one-action": "create", + "x-nginx-one-entity": "NGINX One AI Assistant", + "x-nodoc": true, "tags": [ - "NGINX App Protect" + "Chatbot" ], - "summary": "Delete NGINX App Protect policy version", - "description": "Deletes the NGINX App Protect policy version.", - "operationId": "deleteNapPolicyVersion", - "parameters": [ - { - "$ref": "#/components/parameters/NapPolicyParamObjectID" - }, - { - "$ref": "#/components/parameters/NapPolicyVersionParamObjectID" + "summary": "Record feedback for a specific response from the AI Assistant", + "description": "This endpoint records feedback for a specific response from the AI Assistant which is then stored in an s3 bucket", + "operationId": "saveChatbotFeedback", + "requestBody": { + "description": "The request body contains the feedback for a specific response from the AI Assistant", + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ChatbotFeedback" + }, + "examples": { + "ChatbotRequest": { + "$ref": "#/components/examples/ChatbotFeedback" + } + } + } } - ], + }, "responses": { - "204": { - "description": "Successfully deleted the NGINX App Protect policy version." + "200": { + "description": "The feedback was sent successfully.", + "content": {} }, - "401": { - "description": "Access denied.", + "400": { + "description": "The request is missing data or contains bad data.", "content": { "application/json": { "schema": { @@ -4696,8 +5505,8 @@ } } }, - "404": { - "description": "The NGINX App Protect policy version with the specified nap_policy_version_object_id and nap_policy_version_object_id was not found. Check that the object IDs provided are correct and corresponds to existing resources.", + "401": { + "description": "Access is denied.", "content": { "application/json": { "schema": { @@ -4707,7 +5516,7 @@ } }, "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", + "description": "A server error occurred. Please try again later.", "content": { "application/json": { "schema": { @@ -4717,36 +5526,76 @@ } } } - }, - "get": { - "x-feature-flag": "nap-waf", + } + }, + "/inventory": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "post": { + "x-feature-flag": "inventory", "tags": [ - "NGINX App Protect" + "Inventory" ], - "summary": "Get the specified NGINX App Protect policy version details", - "description": "Returns the specified NGINX App Protect policy version details.", - "operationId": "getNapPolicyVersion", - "parameters": [ - { - "$ref": "#/components/parameters/NapPolicyParamObjectID" - }, - { - "$ref": "#/components/parameters/NapPolicyVersionParamObjectID" + "summary": "NGINX Plus: Retrieve tenant usage information", + "operationId": "getInventory", + "description": "Based on query parameters.\n\nYou can filter and aggregate metrics by name and `start_time` through `end_time`.\n", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/InventoryMetricQueryRequest" + }, + "example": { + "start_time": "now-1d", + "end_time": "now", + "metrics": [ + { + "name": "nginx.plus.instances", + "aggregate": [ + "count", + "sum", + "avg", + "min", + "max" + ] + }, + { + "name": "k8s.cluster.nodes", + "aggregate": [ + "count", + "sum", + "avg", + "min", + "max" + ] + } + ] + } + } } - ], + }, "responses": { "200": { - "description": "Successfully returned NGINX App Protect policy version details.", + "description": "Successfully retrieved tenant usage information.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapPolicyVersionDetails" + "$ref": "#/components/schemas/InventoryResponse" } } } }, - "401": { - "description": "Access denied.", + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { "application/json": { "schema": { @@ -4755,8 +5604,8 @@ } } }, - "404": { - "description": "The NGINX App Protect policy version with the specified nap_policy_version_object_id and nap_policy_version_object_id was not found. Check that the object IDs provided are correct and corresponds to existing resources.", + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { "application/json": { "schema": { @@ -4764,1593 +5613,5463 @@ } } } + } + } + } + }, + "/app-protect/signatures": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", + "x-nodoc": true + } + ], + "get": { + "x-feature-flag": "nap-waf-m3", + "tags": [ + "NGINX App Protect" + ], + "summary": "List Signatures", + "description": "Returns signatures. A signature is a predefined detection rule that identifies specific attack patterns or\ncharacteristics commonly associated with web application security threats.\n", + "operationId": "listSignatures", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameNapSignatures" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldNapSignatures" + } + ], + "responses": { + "200": { + "description": "Successfully returned list of signatures.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/NapSignatureListResponse" } } } + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" } } } - } - }, - "components": { - "parameters": { - "Paginated": { - "name": "paginated", - "in": "query", - "schema": { - "type": "boolean", - "default": true - }, - "description": "A boolean indicating if the results should be presented as a paginated list. Defaults to `true`. \nWhen set to `false` a maximum of 3000 results are returned.\n", - "required": false - }, - "Limit": { - "name": "limit", - "in": "query", - "schema": { - "type": "integer", - "minimum": 0 - }, - "description": "An integer that specifies the maximum number of items to be returned. \nSetting this to `0` will result in no items being returned, but a total count will still be provided. \nThis parameter is not applicable if `paginated` is `false`.\n", - "required": false - }, - "Offset": { - "name": "offset", - "in": "query", - "schema": { - "type": "integer", - "minimum": 1 - }, - "description": "An integer that specifies the starting position of the results, starting at `1`.\nThis parameter is not applicable if `paginated` is `false`.\n" - }, - "FilterFieldDataPlaneKeys": { - "name": "filter_fields", - "in": "query", - "description": "Filter options for data plane keys; used in conjunction with other filter parameters having the same array length.\n\nWhen filtering on `status`, only the following `filter_values` are supported:\n * revoked\n * expired\n * valid\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameDataPlaneKeys" - } - } - }, - "FilterOperands": { - "name": "filter_ops", - "in": "query", - "description": "An array of strings defining the operands for filtering, to be used in conjunction with `filter_fields` and `filter_values`. \nAll filter parameters must have matching array lengths. Currently, the only supported operand is `\"IN\"`.\n", - "schema": { - "$ref": "#/components/schemas/FilterOperands" + }, + "/app-protect/signatures/{signatureID}": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true } - }, - "FilterValues": { - "name": "filter_values", - "in": "query", - "description": "An array of strings containing the keywords for filtering. \nMultiple keywords can be chained using the `|` character. \nEnsure this parameter's array length matches those of `filter_fields` and `filter_ops` for effective filtering.\nThe total length of the filter string should not exceed 1024 characters.\n", + ], + "get": { + "x-feature-flag": "nap-waf-m3", + "tags": [ + "NGINX App Protect" + ], + "summary": "Retrieve a NGINX App Protect signature.", + "description": "A signature is a predefined detection rule that identifies specific attack patterns or characteristics commonly \nassociated with web application security threats.\n", + "parameters": [ + { + "$ref": "#/components/parameters/NapSignatureID" + } + ], + "operationId": "getSignature", + "responses": { + "200": { + "description": "Successfully returned the specified signature.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapSignature" + } + } + } + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/app-protect/signature-sets": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "get": { + "x-feature-flag": "nap-waf-m3", + "tags": [ + "NGINX App Protect" + ], + "summary": "List NGINX App Protect signature sets", + "description": "Returns NGINX App Protect signature sets. Signature sets are predefined or user-defined groups of detection mechanisms (signatures) \nthat identify specific attack types, such as SQL injection, Cross-Site Scripting (XSS), or other web-based threats.\n", + "operationId": "listSignatureSets", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameNapSignatureSets" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldNapSignatureSets" + } + ], + "responses": { + "200": { + "description": "Successfully returned signature sets.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapSignatureSetListResponse" + } + } + } + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/app-protect/signature-sets/{signatureSetObjectID}": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "get": { + "x-feature-flag": "nap-waf-m3", + "tags": [ + "NGINX App Protect" + ], + "summary": "Retrieve a NGINX App Protect signature set", + "description": "Returns a NGINX App Protect signature set. Signature sets are predefined or user-defined groups of detection \nmechanisms (signatures) that identify specific attack types, such as SQL injection, Cross-Site Scripting (XSS), \nor other web-based threats.\n", + "operationId": "getSignatureSet", + "parameters": [ + { + "$ref": "#/components/parameters/NapSignatureSetObjectID" + } + ], + "responses": { + "200": { + "description": "Successfully returned Signature Sets.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapSignatureSet" + } + } + } + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/app-protect/signature-sets/{signatureSetObjectID}/signatures": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "get": { + "x-feature-flag": "nap-waf-m3", + "tags": [ + "NGINX App Protect" + ], + "summary": "List NGINX App Protect signatures in the specified signature set.", + "description": "Returns a list of signatures in the NGINX App Protect signature set.\n", + "operationId": "listSignatureSetSignatures", + "parameters": [ + { + "$ref": "#/components/parameters/NapSignatureSetObjectID" + } + ], + "responses": { + "200": { + "description": "Successfully returned signatures for signature set.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NapSignatureMeta" + } + } + } + } + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/app-protect/threat-campaign/versions": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "get": { + "tags": [ + "NGINX App Protect" + ], + "summary": "List Threat Campaign versions", + "description": "Returns Threat Campaign versions.", + "operationId": "listThreatCampaignVersions", + "responses": { + "200": { + "description": "Successfully returned Threat Campaign versions.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ThreatCampaignVersionsListResponse" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/attack-signature/versions": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "get": { + "tags": [ + "NGINX App Protect" + ], + "summary": "List Attack Signature versions", + "description": "Returns Attack Signature versions.", + "operationId": "listAttackSignatureVersions", + "responses": { + "200": { + "description": "Successfully returned Attack Signature versions.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AttackSignatureVersionsListResponse" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/bot-signature/versions": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "get": { + "tags": [ + "NGINX App Protect" + ], + "summary": "List Bot Signature versions", + "description": "Returns Bot Signature versions.", + "operationId": "listBotSignatureVersions", + "responses": { + "200": { + "description": "Successfully returned Bot Signature versions.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/BotSignatureVersionsListResponse" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/versions": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "get": { + "tags": [ + "NGINX App Protect" + ], + "summary": "List supported NGINX App Protect versions", + "description": "Returns supported NGINX App Protect versions details for releases.", + "operationId": "listNapVersions", + "responses": { + "200": { + "description": "Successfully returned NGINX App Protect versions.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapVersionsListResponse" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/policies": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "get": { + "tags": [ + "NGINX App Protect" + ], + "summary": "List NGINX App Protect policies", + "description": "Returns a list of NGINX App Protect policies along with deployment details.", + "operationId": "listNapPolicies", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameNapPolicies" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldNapPolicy" + } + ], + "responses": { + "200": { + "description": "Successfully returned NGINX App Protect policies.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapPolicyListResponse" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, + "post": { + "x-nginx-one-action": "create", + "x-nginx-one-entity": "NGINX App Protect Policies", + "tags": [ + "NGINX App Protect" + ], + "summary": "Create NGINX App Protect policy", + "description": "Creates NGINX App Protect policy.", + "operationId": "createNapPolicy", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapPolicy" + } + } + } + }, + "responses": { + "201": { + "description": "Successfully created NGINX App Protect policy.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapPolicyMetadata" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, + "patch": { + "x-nginx-one-action": "bulk", + "x-nginx-one-entity": "NGINX App Protect Policies", + "tags": [ + "NGINX App Protect" + ], + "summary": "Bulk operation on multiple Nap policy", + "operationId": "bulkNAPPolicy", + "description": "Performs bulk operation on one or more Nap policy, only delete is supported.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapPolicyBulkRequest" + } + } + } + }, + "responses": { + "200": { + "description": "Batch request completed.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapBulkResponse" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/policies/{nap_policy_object_id}": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "get": { + "tags": [ + "NGINX App Protect" + ], + "summary": "Get NGINX App Protect policy details", + "description": "Returns NGINX App Protect policy summary.", + "operationId": "getNapPolicy", + "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + } + ], + "responses": { + "200": { + "description": "Successfully returned NGINX App Protect policy details.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapPolicyObject" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, + "put": { + "tags": [ + "NGINX App Protect" + ], + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX App Protect Policies", + "summary": "Update NGINX App Protect policy details", + "description": "Update NGINX App Protect policy details.", + "operationId": "updateNapPolicy", + "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapPolicy" + } + } + } + }, + "responses": { + "201": { + "description": "Successfully created an NGINX App Protect policy version.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapPolicyMetadata" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, + "delete": { + "tags": [ + "NGINX App Protect" + ], + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "NGINX App Protect Policies", + "summary": "Delete NGINX App Protect policy", + "description": "Deletes NGINX App Protect policy.", + "operationId": "deleteNapPolicy", + "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + } + ], + "responses": { + "204": { + "description": "Successfully deleted NGINX App Protect policy." + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/policies/{nap_policy_object_id}/versions": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "get": { + "tags": [ + "NGINX App Protect" + ], + "summary": "List NGINX App Protect policy versions", + "description": "Returns NGINX App Protect policy versions.", + "operationId": "listNapPolicyVersions", + "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + }, + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameNapPolicyVersions" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldNapPolicyVersion" + } + ], + "responses": { + "200": { + "description": "Successfully returned the NGINX App Protect policy versions.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapPolicyVersionsListResponse" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/policies/{nap_policy_object_id}/version": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "get": { + "tags": [ + "NGINX App Protect" + ], + "summary": "Get the latest NGINX App Protect policy version details", + "description": "Returns the latest NGINX App Protect policy version details.", + "operationId": "getLatestNapPolicyVersion", + "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + } + ], + "responses": { + "200": { + "description": "Successfully returned NGINX App Protect policy version details.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapPolicyVersionDetails" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect policy version with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/policies/{nap_policy_object_id}/versions/{nap_policy_version_object_id}": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "get": { + "tags": [ + "NGINX App Protect" + ], + "summary": "Get the specified NGINX App Protect policy version details", + "description": "Returns the specified NGINX App Protect policy version details.", + "operationId": "getNapPolicyVersion", + "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + }, + { + "$ref": "#/components/parameters/NapPolicyVersionParamObjectID" + } + ], + "responses": { + "200": { + "description": "Successfully returned NGINX App Protect policy version details.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapPolicyVersionDetails" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect policy version with the specified nap_policy_version_object_id and nap_policy_version_object_id was not found. Check that the object IDs provided are correct and corresponds to existing resources.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, + "delete": { + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "NGINX App Protect Policy Version", + "tags": [ + "NGINX App Protect" + ], + "summary": "Delete NGINX App Protect policy version", + "description": "Deletes the NGINX App Protect policy version.", + "operationId": "deleteNapPolicyVersion", + "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + }, + { + "$ref": "#/components/parameters/NapPolicyVersionParamObjectID" + } + ], + "responses": { + "204": { + "description": "Successfully deleted the NGINX App Protect policy version." + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect policy version with the specified nap_policy_version_object_id and nap_policy_version_object_id was not found. Check that the object IDs provided are correct and corresponds to existing resources.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/policies/{nap_policy_object_id}/deployments": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "get": { + "tags": [ + "NGINX App Protect" + ], + "summary": "List NGINX App Protect deployments", + "description": "Returns NGINX App Protect deployments, providing details such as:\n * Target of the deployment\n * Time of deployment\n * Enforcement mode\n * Policy version\n * Threat campaign\n * Attack signature\n * Bot signature\n", + "operationId": "listNapPolicyDeployments", + "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + }, + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameNapPolicyDeployments" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldNapPolicyDeployment" + } + ], + "responses": { + "200": { + "description": "Successfully returned NGINX App Protect deployments.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapPolicyDeploymentsListResponse" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/log-profiles": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "get": { + "tags": [ + "NGINX App Protect" + ], + "summary": "List NGINX App Protect log profiles", + "description": "Returns NGINX App Protect log profiles.", + "operationId": "listNapLogProfiles", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameNapLogProfiles" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldNapLogProfile" + } + ], + "responses": { + "200": { + "description": "Successfully returned NGINX App Protect log profiles.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapLogProfileListResponse" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, + "post": { + "tags": [ + "NGINX App Protect" + ], + "summary": "Create NGINX App Protect log profile", + "description": "Creates NGINX App Protect log profile.", + "operationId": "createNapLogProfile", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapLogProfileCreateRequest" + } + } + } + }, + "responses": { + "201": { + "description": "Successfully created NGINX App Protect log profile.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapLogProfileMetadata" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/log-profiles/{nap_log_profile_object_id}": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "get": { + "tags": [ + "NGINX App Protect" + ], + "summary": "Get NGINX App Protect log profile details", + "description": "Returns NGINX App Protect log profile details.", + "operationId": "getNapLogProfile", + "parameters": [ + { + "$ref": "#/components/parameters/NapLogProfileParamObjectID" + } + ], + "responses": { + "200": { + "description": "Successfully returned NGINX App Protect log profile details.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapLogProfileGetResponse" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect log profile with the specified nap_log_profile_object_id was not found. Check that the nap_log_profile_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, + "put": { + "tags": [ + "NGINX App Protect" + ], + "summary": "Update NGINX App Protect log profile details", + "description": "Update NGINX App Protect log profile details.", + "operationId": "updateNapLogProfile", + "parameters": [ + { + "$ref": "#/components/parameters/NapLogProfileParamObjectID" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapLogProfileUpdateRequest" + } + } + } + }, + "responses": { + "200": { + "description": "Successfully updated NGINX App Protect log profile details.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapLogProfileMetadata" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect log profile with the specified nap_log_profile_object_id was not found. Check that the nap_log_profile_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, + "delete": { + "tags": [ + "NGINX App Protect" + ], + "summary": "Delete NGINX App Protect log profile", + "description": "Deletes NGINX App Protect log profile.", + "operationId": "deleteNapLogProfile", + "parameters": [ + { + "$ref": "#/components/parameters/NapLogProfileParamObjectID" + } + ], + "responses": { + "204": { + "description": "Successfully deleted NGINX App Protect log profile." + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect log profile with the specified nap_log_profile_object_id was not found. Check that the nap_log_profile_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/global-settings": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "get": { + "tags": [ + "NGINX App Protect" + ], + "summary": "List NGINX App Protect global setting objects", + "description": "Returns NGINX App Protect global setting objects.", + "operationId": "listNapGlobalSettings", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameNapGlobalSettings" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldNapGlobalSetting" + } + ], + "responses": { + "200": { + "description": "Successfully returned NGINX App Protect global settings.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapGlobalSettingsListResponse" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, + "post": { + "tags": [ + "NGINX App Protect" + ], + "summary": "Create NGINX App Protect global setting object", + "description": "Creates NGINX App Protect global setting object.", + "operationId": "createNapGlobalSetting", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapGlobalSettingCreateRequest" + } + } + } + }, + "responses": { + "201": { + "description": "Successfully created NGINX App Protect global setting object.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapGlobalSettingMetadata" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/app-protect/global-settings/{nap_global_setting_object_id}": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "get": { + "tags": [ + "NGINX App Protect" + ], + "summary": "Get NGINX App Protect global setting details", + "description": "Returns the NGINX App Protect global setting details.", + "operationId": "getNapGlobalSetting", + "parameters": [ + { + "$ref": "#/components/parameters/NapGlobalSettingParamObjectID" + } + ], + "responses": { + "200": { + "description": "Successfully returned NGINX App Protect global setting details.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapGlobalSettingGetResponse" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect global setting object with the specified nap_global_setting_object_id was not found. Check that the nap_global_setting_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, + "put": { + "tags": [ + "NGINX App Protect" + ], + "summary": "Update NGINX App Protect global setting details", + "description": "Update NGINX App Protect global setting details.", + "operationId": "updateNapGlobalSetting", + "parameters": [ + { + "$ref": "#/components/parameters/NapGlobalSettingParamObjectID" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapGlobalSettingUpdateRequest" + } + } + } + }, + "responses": { + "200": { + "description": "Successfully updated NGINX App Protect global setting details.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapGlobalSettingMetadata" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect global setting object with the specified nap_global_setting_object_id was not found. Check that the nap_global_setting_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + }, + "delete": { + "tags": [ + "NGINX App Protect" + ], + "summary": "Delete NGINX App Protect global setting object", + "description": "Deletes NGINX App Protect global setting object.", + "operationId": "deleteNapGlobalSetting", + "parameters": [ + { + "$ref": "#/components/parameters/NapGlobalSettingParamObjectID" + } + ], + "responses": { + "204": { + "description": "Successfully deleted NGINX App Protect global setting object." + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX App Protect global setting object with the specified nap_global_setting_object_id was not found. Check that the nap_global_setting_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/deployments": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + } + } + ], + "get": { + "tags": [ + "Deployments" + ], + "summary": "List NAAS deployments", + "description": "Returns a list of NAAS deployments.", + "operationId": "listDeployments", + "responses": { + "200": { + "description": "Successfully returned the list of NAAS deployments.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/DeploymentListResponse" + }, + "examples": { + "DeploymentListResponse": { + "$ref": "#/components/examples/DeploymentListResponse" + } + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + }, + "post": { + "tags": [ + "Deployments" + ], + "summary": "Create deployment", + "description": "Creates a new NAAS deployment.", + "operationId": "createDeployment", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/DeploymentCreateRequest" + }, + "examples": { + "DeploymentCreateRequest": { + "$ref": "#/components/examples/DeploymentCreateRequest" + } + } + } + } + }, + "responses": { + "202": { + "description": "Successfully created the NAAS deployment.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Deployment" + }, + "examples": { + "DeploymentCreateResponse": { + "$ref": "#/components/examples/DeploymentCreateResponse" + } + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/deployments/{deployment_id}": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + } + } + ], + "get": { + "tags": [ + "Deployments" + ], + "summary": "Get NAAS deployment", + "description": "Returns NAAS deployment details.", + "operationId": "getDeployment", + "parameters": [ + { + "$ref": "#/components/parameters/DeploymentObjectID" + } + ], + "responses": { + "200": { + "description": "Successfully returned the deployment details.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Deployment" + }, + "examples": { + "DeploymentGetResponse": { + "$ref": "#/components/examples/DeploymentCreateResponse" + } + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + }, + "patch": { + "tags": [ + "Deployments" + ], + "summary": "Update NAAS deployment", + "description": "Updates the specified NAAS deployment.", + "operationId": "updateDeployment", + "parameters": [ + { + "$ref": "#/components/parameters/DeploymentObjectID" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/DeploymentUpdateRequest" + }, + "examples": { + "DeploymentUpdateRequest": { + "$ref": "#/components/examples/DeploymentUpdateRequest" + } + } + } + } + }, + "responses": { + "202": { + "description": "Successfully updated the deployment.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Deployment" + }, + "examples": { + "DeploymentUpdateResponse": { + "$ref": "#/components/examples/DeploymentUpdateResponse" + } + } + } + } + }, + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, + "409": { + "$ref": "#/components/responses/Conflict" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + }, + "delete": { + "tags": [ + "Deployments" + ], + "summary": "Delete NAAS deployment", + "description": "Deletes the specified NAAS deployment.", + "operationId": "deleteDeployment", + "parameters": [ + { + "$ref": "#/components/parameters/DeploymentObjectID" + } + ], + "responses": { + "202": { + "description": "Successfully deleted the deployment.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Deployment" + }, + "examples": { + "DeploymentDeleteResponse": { + "$ref": "#/components/examples/DeploymentDeleteResponse" + } + } + } + } + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/load-test/load-model": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "post": { + "tags": [ + "Load Test" + ], + "summary": "Create a new load model", + "description": "Creates a new load model with specified parameters and begins pre-loading.", + "requestBody": { + "required": true, + "content": { + "text/plain": { + "schema": { + "type": "string", + "example": "numberOfInstances: 10\ntype: monitor\ncustomer: customer_1\n" + } + } + } + }, + "responses": { + "202": { + "description": "Load model created successfully and pre-loading started", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "loadModelUID": { + "type": "string", + "example": "644f78cf1e7342af967707d5" + } + } + } + } + } + }, + "400": { + "description": "Invalid input", + "$ref": "#/components/responses/InvalidRequest" + } + } + } + }, + "/load-test/load-runner/{loadModelUID}/configuration": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "get": { + "tags": [ + "Load Test" + ], + "summary": "Get load runner configuration and model details", + "description": "Returns details of the load model and configuration after creation.", + "parameters": [ + { + "$ref": "#/components/parameters/loadModelUID" + } + ], + "responses": { + "200": { + "description": "Configuration details", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "loadModelUID": { + "type": "string", + "example": "644f78cf1e7342af967707d5" + }, + "configurationDetails": { + "type": "object", + "example": { + "numberOfInstances": 10 + } + } + } + } + } + } + }, + "404": { + "description": "Configuration not found", + "$ref": "#/components/responses/NotFound" + } + } + } + }, + "/load-test/load-runner/{loadModelUID}/status": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "get": { + "tags": [ + "Load Test" + ], + "summary": "Get current status of a load test", + "description": "Returns the current status of a load test run (e.g., in-progress, not started, provisioning).", + "parameters": [ + { + "$ref": "#/components/parameters/loadModelUID" + } + ], + "responses": { + "200": { + "description": "Status details for a load test that's ready to run, is running, or has completed.", + "content": { + "application/json": { + "schema": { + "type": "string", + "example": "not started" + } + } + } + }, + "202": { + "description": "Status details for a load test that is currently being provisioned or failed to be provisioned.", + "content": { + "application/json": { + "schema": { + "type": "string", + "example": "provisioning" + } + } + } + }, + "404": { + "description": "Status not found", + "$ref": "#/components/responses/NotFound" + } + } + } + }, + "/load-test/load-runner/{loadModelUID}/start": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "get": { + "tags": [ + "Load Test" + ], + "summary": "Begins the run for a load model", + "description": "Starts a load test after data preloading is complete.", + "parameters": [ + { + "$ref": "#/components/parameters/loadModelUID" + } + ], + "responses": { + "200": { + "description": "Operation successful" + }, + "404": { + "description": "Failed to start run", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + }, + "/load-test/load-runner/{loadModelUID}/shutdown": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "put": { + "tags": [ + "Load Test" + ], + "summary": "Initiate stop, shutdown, and cleanup", + "description": "Stops an ongoing load test and performs necessary cleanup operations.", + "parameters": [ + { + "$ref": "#/components/parameters/loadModelUID" + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "Optional comment to associate with the shutdown." + } + }, + "required": [ + "comment" + ] + } + } + } + }, + "responses": { + "200": { + "description": "Operation successful" + }, + "400": { + "description": "Invalid action or LoadModelUID", + "$ref": "#/components/responses/NotFound" + } + } + } + }, + "/load-test/{loadModelUID}/summary": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "get": { + "tags": [ + "Load Test" + ], + "summary": "Get summary by LoadModelUID of a load test run", + "description": "Returns the summary of a load test run including metrics and results.", + "parameters": [ + { + "$ref": "#/components/parameters/loadModelUID" + } + ], + "responses": { + "200": { + "description": "Load test summary", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "loadModelUID": { + "type": "string" + }, + "summaryDetails": { + "type": "object", + "example": { + "instancesChecked": 10, + "totalRequests": 10000, + "averageResponseTime": "200ms", + "successRate": "99.9%" + } + } + }, + "required": [ + "loadModelUID", + "summaryDetails" + ] + } + } + } + }, + "404": { + "description": "Load test not found", + "$ref": "#/components/responses/NotFound" + } + } + } + }, + "/load-test/observability-metrics": { + "servers": [ + { + "url": "/api/v1/namespaces/{namespace}", + "variables": { + "namespace": { + "default": "default" + } + }, + "x-nodoc": true + } + ], + "post": { + "tags": [ + "Load Test" + ], + "summary": "Store observability metrics for the current load test run", + "description": "Stores observability metrics generated during the test run (e.g., CPU, memory, network usage).", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ObservabilityMetricsRequest" + } + } + } + }, + "responses": { + "201": { + "description": "Metrics stored successfully" + }, + "400": { + "description": "Invalid input data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + } + } + } + } + }, + "components": { + "parameters": { + "Paginated": { + "name": "paginated", + "in": "query", + "schema": { + "type": "boolean", + "default": true + }, + "description": "A boolean indicating if the results should be presented as a paginated list. Defaults to `true`. \nWhen set to `false` a maximum of 3000 results are returned.\n", + "required": false + }, + "Limit": { + "name": "limit", + "in": "query", + "schema": { + "type": "integer", + "minimum": 0 + }, + "description": "An integer that specifies the maximum number of items to be returned. \nSetting this to `0` will result in no items being returned, but a total count will still be provided. \nThis parameter is not applicable if `paginated` is `false`.\n", + "required": false + }, + "Offset": { + "name": "offset", + "in": "query", + "schema": { + "type": "integer", + "minimum": 1 + }, + "description": "An integer that specifies the starting position of the results, starting at `1`.\nThis parameter is not applicable if `paginated` is `false`.\n" + }, + "FilterFieldDataPlaneKeys": { + "name": "filter_fields", + "in": "query", + "description": "Filter options for data plane keys; used in conjunction with other filter parameters having the same array length.\n\nWhen filtering on `status`, only the following `filter_values` are supported:\n * revoked\n * expired\n * valid\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameDataPlaneKeys" + } + } + }, + "FilterOperands": { + "name": "filter_ops", + "in": "query", + "description": "An array of strings defining the operands for filtering, to be used in conjunction with `filter_fields` and `filter_values`. \nAll filter parameters must have matching array lengths. Currently, the only supported operand is `\"IN\"`.\n", + "schema": { + "$ref": "#/components/schemas/FilterOperands" + } + }, + "FilterValues": { + "name": "filter_values", + "in": "query", + "description": "An array of strings containing the keywords for filtering. \nMultiple keywords can be chained using the `|` character. \nEnsure this parameter's array length matches those of `filter_fields` and `filter_ops` for effective filtering.\nThe total length of the filter string should not exceed 1024 characters.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "example": "value1|value2|value3", + "minLength": 1, + "maxLength": 1024 + } + } + }, + "DataPlaneKeyParamObjectID": { + "name": "data_plane_key_id", + "in": "path", + "schema": { + "$ref": "#/components/schemas/DataPlaneKeyObjectID" + }, + "description": "A globally unique identifier for the data plane key.\n", + "required": true + }, + "FilterFieldInstances": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `hostname`, `nginx_version`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameInstances" + } + } + }, + "SortDirection": { + "name": "sort_dir", + "in": "query", + "description": "Sorting direction for the criteria and the resulting collection returned. Defaults to descending if not specified.\n", + "schema": { + "type": "string", + "enum": [ + "Ascending", + "Descending" + ], + "x-enum-varnames": [ + "ascending", + "descending" + ] + } + }, + "SortNameInstances": { + "name": "sort_instances", + "in": "query", + "description": "Sort instances by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "hostname", + "status", + "last_reported" + ], + "x-enum-varnames": [ + "sort_name_instance_hostname", + "sort_name_instance_status", + "sort_name_instance_last_reported" + ] + } + } + }, + "InstanceParamObjectID": { + "name": "instanceObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/InstanceObjectID" + }, + "description": "A globally unique identifier for the NGINX instance.\n", + "required": true + }, + "InstanceConfigurationParamObjectID": { + "name": "instanceConfigurationObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/NginxConfigObjectID" + }, + "description": "A globally unique identifier for the NGINX instance configuration.\n", + "required": true + }, + "PublicationParamObjectID": { + "name": "publicationObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/PublicationObjectID" + }, + "description": "A globally unique identifier for a Publication.\n", + "required": true + }, + "FilterFieldConfigSyncGroups": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `name`, `config_status`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameConfigSyncGroups" + } + } + }, + "SortNameConfigSyncGroups": { + "name": "sort_config_sync_groups", + "in": "query", + "description": "Sort config sync groups by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name" + ], + "x-enum-varnames": [ + "sort_name_config_sync_group_name" + ] + } + } + }, + "ConfigSyncGroupParamObjectID": { + "name": "configSyncGroupObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/ConfigSyncGroupObjectID" + }, + "description": "A globally unique identifier for the NGINX config sync group.\n", + "required": true + }, + "ConfigSyncGroupConfigurationParamObjectID": { + "name": "configSyncGroupConfigurationObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/NginxConfigObjectID" + }, + "description": "A globally unique identifier for the NGINX config sync group configuration.\n", + "required": true + }, + "FilterFieldCertificates": { + "name": "filter_fields", + "in": "query", + "description": "Filter options for certificates; used in conjunction with other filter parameters having the same array length.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameCertificates" + } + } + }, + "SortNameCertificates": { + "name": "sort_certificates", + "in": "query", + "description": "Sort certificates by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name", + "subject_name", + "not_before", + "not_after" + ], + "x-enum-varnames": [ + "sort_name_certificates_name", + "sort_name_certificates_subject_name", + "sort_name_certificates_not_before", + "sort_name_certificates_not_after" + ] + } + } + }, + "CertificateParamObjectID": { + "name": "certificateObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/CertificateObjectID" + }, + "description": "A globally unique identifier for the certificate.\n", + "required": true + }, + "DeleteFromDataPlanesParamFlag": { + "name": "deleteFromDataPlanes", + "in": "query", + "schema": { + "type": "boolean" + }, + "description": "Flag indicating whether the certificate should be deleted from its associated data planes.\n" + }, + "FilterFieldCertificateDeployments": { + "name": "filter_fields", + "in": "query", + "description": "Filter options for certificate deployments; used in conjunction with other filter parameters having the same array length.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameCertificateDeployments" + } + } + }, + "SortNameCertificateDeployments": { + "name": "sort_certificate_deployments", + "in": "query", + "description": "Sort certificate deployments by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name" + ], + "x-enum-varnames": [ + "sort_name_certificate_deployments_name" + ] + } + } + }, + "SortNameCVEs": { + "name": "sort_cves", + "in": "query", + "description": "Sort CVEs by the number of instances/control planes affected by that CVE.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "instance_count", + "control_plane_count", + "severity", + "cve_id", + "published_at" + ], + "x-enum-varnames": [ + "sort_instance_count", + "sort_control_plane_count", + "sort_cve_severity", + "sort_cve_id", + "sort_published_at" + ] + } + } + }, + "NginxCVEParamID": { + "name": "nginxCVEID", + "in": "path", + "schema": { + "type": "string", + "pattern": "^\\d{4}-\\d{4,19}$" + }, + "description": "A globally unique identifier for NGINX CVE.\n", + "required": true + }, + "SortNameCVEImpactedInstances": { + "name": "sort_cve_impacted_instances", + "in": "query", + "description": "Sort the Instances that are affected by a CVE\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "hostname", + "status" + ], + "x-enum-varnames": [ + "sort_name_cve_impacted_instances_hostname", + "sort_name_cve_impacted_instances_status" + ] + } + } + }, + "SortNameCVEImpactedControlPlanes": { + "name": "sort_cve_impacted_control_planes", + "in": "query", + "description": "Sort the control planes that are affected by a CVE\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name", + "product_version" + ], + "x-enum-varnames": [ + "sort_name_cve_impacted_control_planes_name", + "sort_name_cve_impacted_control_planes_product_version" + ] + } + } + }, + "FilterFieldEvents": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `hostname`, `object_id`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameEvents" + } + } + }, + "EventParamObjectID": { + "name": "eventObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/EventObjectID" + }, + "description": "A globally unique identifier for an event.\n", + "required": true + }, + "FilterFieldStagedConfigs": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterStagedConfigs" + } + } + }, + "SortNameStagedConfigs": { + "name": "sort_staged_configs", + "in": "query", + "description": "Sort staged configs by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name" + ], + "x-enum-varnames": [ + "sort_name_staged_config_name" + ] + } + } + }, + "StagedConfigParamObjectID": { + "name": "stagedConfigObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/StagedConfigObjectID" + }, + "description": "A globally unique identifier for the NGINX staged config.\n", + "required": true + }, + "StagedConfigImportParseOnly": { + "name": "parseOnly", + "in": "query", + "schema": { + "type": "boolean", + "default": false + }, + "description": "Optional flag to control how the request is processed.\n - When `false` or omitted (by default), the request creates a Staged Config directly. (`StagedConfigCreateResponse`)\n - When `true`, the request parses the import and returns metadata you can use to create a Staged Config through a POST. ( `StagedConfigCreateRequest`)\n", + "required": false + }, + "SortNameControlPlanes": { + "name": "sort_control_planes", + "in": "query", + "description": "Sort control planes by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name" + ], + "x-enum-varnames": [ + "sort_name_control_plane_name" + ] + } + } + }, + "FilterFieldControlPlanes": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings. Identifies the fields to filter by (for example, `name`, `product`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameControlPlanes" + } + } + }, + "ControlPlaneParamObjectID": { + "name": "controlPlaneObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/ControlPlaneObjectID" + }, + "description": "A globally unique identifier for the control plane.\n", + "required": true + }, + "NapSignatureID": { + "name": "signatureID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/NapSignatureID" + }, + "description": "An unique identifier for the NGINX App Protect signature.\n", + "required": true + }, + "NapSignatureSetObjectID": { + "name": "signatureSetObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/NapSignatureSetObjectID" + }, + "description": "A globally unique identifier for the NGINX App Protect signature set.\n", + "required": true + }, + "SortNameNapSignatures": { + "name": "sort_fields", + "in": "query", + "description": "Sort NGINX App Protect signatures by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name", + "signature_id" + ], + "x-enum-varnames": [ + "sort_name_nap_signatures_name", + "sort_name_nap_signatures_signature_id" + ] + } + } + }, + "SortNameNapSignatureSets": { + "name": "sort_fields", + "in": "query", + "description": "Sort NGINX App Protect signature sets by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name", + "signature_count" + ], + "x-enum-varnames": [ + "sort_name_nap_signature_sets_name", + "sort_name_nap_signature_sets_signature_count" + ] + } + } + }, + "FilterFieldNapSignatures": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `accuracy`, `risk`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameNapSignatures" + } + } + }, + "FilterFieldNapSignatureSets": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `type`, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameNapSignatureSets" + } + } + }, + "SortNameNapPolicies": { + "name": "sort_nap_policies", + "in": "query", + "description": "Sort NGINX App Protect policies by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name", + "deployment_count", + "enforcement_mode", + "last_deployed" + ], + "x-enum-varnames": [ + "sort_name_nap_policies_name", + "sort_name_nap_policies_deployment_count", + "sort_name_nap_policies_enforcement_mode", + "sort_name_nap_policies_last_deployed" + ] + } + } + }, + "FilterFieldNapPolicy": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameNapPolicy" + } + } + }, + "NapPolicyParamObjectID": { + "name": "nap_policy_object_id", + "in": "path", + "schema": { + "$ref": "#/components/schemas/NapPolicyObjectID" + }, + "description": "A globally unique identifier for the App Protect policy.\n", + "required": true + }, + "SortNameNapPolicyVersions": { + "name": "sort_nap_policy_versions", + "in": "query", + "description": "Sort NGINX App Protect policy versions by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "created_at", + "deployment_status", + "deployment_count", + "enforcement_mode" + ], + "x-enum-varnames": [ + "sort_name_nap_policy_versions_created_at", + "sort_name_nap_policy_versions_deployment_status", + "sort_name_nap_policy_versions_deployment_count", + "sort_name_nap_policy_versions_enforcement_mode" + ] + } + } + }, + "FilterFieldNapPolicyVersion": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameNapPolicyVersion" + } + } + }, + "NapPolicyVersionParamObjectID": { + "name": "nap_policy_version_object_id", + "in": "path", + "schema": { + "$ref": "#/components/schemas/NapPolicyVersionObjectID" + }, + "description": "A globally unique identifier for the App Protect policy version.\n", + "required": true + }, + "SortNameNapPolicyDeployments": { + "name": "sort_nap_deployments", + "in": "query", + "description": "Sort NGINX App Protect deployments by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name", + "type", + "policy_version", + "status", + "deployed_on", + "threat_campaign_version", + "attack_signature_version", + "bot_signature_version" + ], + "x-enum-varnames": [ + "sort_name_nap_policy_deployments_name", + "sort_name_nap_policy_deployments_type", + "sort_name_nap_policy_deployments_policy_version", + "sort_name_nap_policy_deployments_status", + "sort_name_nap_policy_deployments_deployed_on", + "sort_name_nap_policy_deployments_threat_campaign_version", + "sort_name_nap_policy_deployments_attack_signature_version", + "sort_name_nap_policy_deployments_bot_sigature_version" + ] + } + } + }, + "FilterFieldNapPolicyDeployment": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameNapPolicyDeployment" + } + } + }, + "SortNameNapLogProfiles": { + "name": "sort_nap_log_profiles", + "in": "query", + "description": "Sort NGINX App Protect log profiles by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name" + ], + "x-enum-varnames": [ + "sort_name_nap_log_profiles_name" + ] + } + } + }, + "FilterFieldNapLogProfile": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameNapLogProfile" + } + } + }, + "NapLogProfileParamObjectID": { + "name": "nap_log_profile_object_id", + "in": "path", + "schema": { + "$ref": "#/components/schemas/NapLogProfileObjectID" + }, + "description": "A globally unique identifier for the App Protect log profile.\n", + "required": true + }, + "SortNameNapGlobalSettings": { + "name": "sort_nap_global_settings", + "in": "query", + "description": "Sort NGINX App Protect global settings by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name" + ], + "x-enum-varnames": [ + "sort_name_nap_global_settings_name" + ] + } + } + }, + "FilterFieldNapGlobalSetting": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", "schema": { "type": "array", "items": { + "$ref": "#/components/schemas/FilterNameNapGlobalSettings" + } + } + }, + "NapGlobalSettingParamObjectID": { + "name": "nap_global_setting_object_id", + "in": "path", + "schema": { + "$ref": "#/components/schemas/NapGlobalSettingObjectID" + }, + "description": "A globally unique identifier for the App Protect global settings object.\n", + "required": true + }, + "DeploymentObjectID": { + "name": "deployment_id", + "in": "path", + "schema": { + "$ref": "#/components/schemas/DeploymentObjectID" + }, + "description": "A globally unique identifier for the NAAS deployment.", + "required": true + }, + "loadModelUID": { + "name": "loadModelUID", + "in": "path", + "required": true, + "schema": { + "type": "string", + "format": "uuid" + }, + "description": "A globally unique identifier for a Load Model.", + "example": "f038dca0-b55c-410a-95a6-b9f876792ce8" + } + }, + "schemas": { + "FilterNameDataPlaneKeys": { + "type": "string", + "description": "Keywords for data plane key filters.\nWhen filtering on `status`, only the following `filter_values` are supported:\n * revoked\n * valid\n", + "enum": [ + "name", + "status", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_data_plane_key_name", + "filter_name_data_plane_key_status", + "filter_name_data_plane_key_object_id" + ] + }, + "FilterOperand": { + "type": "string", + "enum": [ + "IN" + ], + "x-enum-varnames": [ + "filter_operands_in" + ] + }, + "FilterOperands": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterOperand" + } + }, + "PaginationResponse": { + "type": "object", + "description": "Outlines pagination details for list responses, including total results, start index, and items per page.", + "required": [ + "total", + "count" + ], + "properties": { + "total": { + "type": "integer", + "description": "The absolute total number of the resource in the NGINX One Console, ignoring any filter(s).\n" + }, + "count": { + "type": "integer", + "description": "The total number of results generated by the list or query operation, accounting for any filter(s).\nThis number can be greater than the number of returned resources when pagination is in effect and a page size limit (or maximum allowed) is reached.\n" + }, + "start_index": { + "type": "integer", + "description": "The first result's starting position in the list. This is disregarded when `paginated=false`.\n" + }, + "items_per_page": { + "type": "integer", + "description": "The number of items to display per page. This is disregarded when `paginated=false`.\n" + } + }, + "example": { + "total": 101, + "count": 1, + "start_index": 1, + "items_per_page": 100 + } + }, + "DataPlaneKeyObjectID": { + "description": "A globally unique identifier for the data plane key.", + "type": "string", + "format": "object_id", + "pattern": "^key_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "DataPlaneKey": { + "type": "object", + "description": "Represents a data plane key with details such as object_id, name, and timestamps.", + "required": [ + "object_id", + "name", + "revoked", + "expires_at", + "created_at", + "modified_at" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/DataPlaneKeyObjectID" + }, + "name": { + "description": "The name given to the data plane key.", + "type": "string" + }, + "revoked": { + "description": "Indicates whether the data plane key has been revoked or not.", + "type": "boolean" + }, + "revoked_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the data plane key was revoked." + }, + "expires_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the data plane key expires." + }, + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the data plane key was created." + }, + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the data plane key was last modified." + }, + "instances_count": { + "type": "integer", + "description": "The number of registered instances using this data plane key. If field not populated, user should see the key has `unknown` key count" + }, + "control_planes_count": { + "type": "integer", + "description": "The number of observed control planes using this data plane key." + } + } + }, + "DataPlaneKeyListResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" + }, + { + "type": "object", + "description": "List of data plane keys.", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of DataPlaneKey objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/DataPlaneKey" + } + } + } + } + ] + }, + "Error": { + "description": "This object contains details about the errors that are returned when API requests fail.", + "type": "object", + "required": [ + "message", + "request_id", + "timestamp" + ], + "properties": { + "message": { + "description": "The error message describing the problem.", + "type": "string" + }, + "request_id": { + "description": "The unique identifier of the API request that failed.", + "type": "string" + }, + "timestamp": { + "description": "The date and time (in UTC) when the error happened.", + "type": "string" + }, + "detail": { + "description": "Additional information about the error, if available.", + "type": "string" + } + } + }, + "DataPlaneKeyCreateRequest": { + "type": "object", + "description": "Request structure for creating a new data plane key.", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "Give the data plane key a name so you can tell it apart from others.", "type": "string", - "example": "value1|value2|value3", "minLength": 1, - "maxLength": 1024 + "maxLength": 128 + }, + "expires_at": { + "type": "string", + "format": "date-time", + "description": "Set an expiration date and time for the data plane key in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. \nIf an expiration date isn't specified, the key will expire one year after it's created. \n\nYou can use the _Update a data plane key_ endpoint to extend the expiration date.\nIt's not possible to update the expiration date once the data plane key has expired.\n" + } + } + }, + "DataPlaneKeyResponse": { + "type": "object", + "description": "Response structure containing details of the created or retrieved data plane key.", + "required": [ + "key", + "object_id", + "expires_at" + ], + "properties": { + "name": { + "description": "The name to be give to the new data plane key.", + "type": "string" + }, + "object_id": { + "$ref": "#/components/schemas/DataPlaneKeyObjectID" + }, + "key": { + "description": "The data plane key value. Save this key somewhere secure as it isn't saved and is shown only once.", + "type": "string" + }, + "expires_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the data plane key will expire." + } + } + }, + "BulkRequestAction": { + "type": "string", + "default": "modify", + "description": "Bulk action to perform:\n * `create` creates a new object given all required elements.\n * `modify` updates one or more elements of an existing object.\n * `delete` removes the existing object.\n", + "enum": [ + "create", + "modify", + "delete" + ], + "x-enum-varnames": [ + "bulk_action_create", + "bulk_action_modify", + "bulk_action_delete" + ] + }, + "DataPlaneKeyBulkRequestData": { + "type": "object", + "description": "Part of bulk operation on a data plane key, only `delete` is supported.", + "required": [ + "action", + "object_id" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/DataPlaneKeyObjectID" + }, + "action": { + "$ref": "#/components/schemas/BulkRequestAction" + } + }, + "example": { + "object_id": "key_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" + } + }, + "DataPlaneKeyBulkRequest": { + "type": "array", + "items": { + "$ref": "#/components/schemas/DataPlaneKeyBulkRequestData" + }, + "minItems": 1, + "maxItems": 50, + "example": [ + { + "object_id": "key_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" + }, + { + "object_id": "key_PL0c1XodRemmzVEjiXSsTg", + "action": "delete" + } + ] + }, + "ObjectID": { + "description": "A globally unique identifier.", + "type": "string", + "format": "object_id", + "pattern": "^\\w+_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "BulkRequestObjectStatus": { + "type": "object", + "required": [ + "outcome" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/ObjectID" + }, + "name": { + "type": "string", + "description": "this is the user facing name of the object." + }, + "outcome": { + "type": "string", + "description": "This is the outcome that corresponds to the action.\n* deleted - the object deletion was processed, and the object was deleted.\n* accepted - the request was accepted, and will be processed.\n* failed - the request failed, see failure_reason for more details.\n* invalid - the request was invalid, see failure_reason for more details.\n", + "enum": [ + "deleted", + "accepted", + "failed", + "invalid" + ], + "x-enum-varnames": [ + "build_request_object_status_deleted", + "build_request_object_status_accepted", + "build_request_object_status_failed", + "build_request_object_status_invalid" + ] + }, + "failure_reason": { + "type": "string", + "description": "this is the failure reason populated when outcome is 'failed' or 'invalid'." + } + } + }, + "DataPlaneKeyBulkResponse": { + "description": "The data plane key bulk outcome.", + "type": "array", + "items": { + "$ref": "#/components/schemas/BulkRequestObjectStatus" + } + }, + "DataPlaneKeyUpdateRequest": { + "type": "object", + "description": "Request structure for updating an existing data plane key.", + "properties": { + "name": { + "description": "Give the data plane key a new name so you can tell it apart from others.", + "type": "string", + "minLength": 1, + "maxLength": 128 + }, + "expires_at": { + "type": "string", + "format": "date-time", + "description": "Adjust the expiration date and time for the data plane key in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. \n\nIt's not possible to update the expiration date once the data plane key has expired.\n" + } + } + }, + "CertificateStatus": { + "type": "string", + "description": "Status of the certificate:\n * `valid` - The certificate is currently valid and operational.\n * `expiring` - The certificate will expire within the next 30 days. Consider renewing it to maintain uninterrupted service.\n * `expired` - The certificate is no longer valid. Immediate renewal is recommended to ensure secure connections.\n * `not_ready` - The certificate is not ready to be used, based on the start date of its validity period.\n", + "enum": [ + "valid", + "expiring", + "expired", + "not_ready" + ], + "x-enum-varnames": [ + "certificate_status_valid", + "certificate_status_expiring", + "certificate_status_expired", + "certificate_status_not_ready" + ] + }, + "CertificateSummaryItem": { + "description": "summary information for certificate with certain status.", + "type": "object", + "required": [ + "status", + "count", + "affected_instances" + ], + "properties": { + "status": { + "$ref": "#/components/schemas/CertificateStatus" + }, + "count": { + "description": "The total number of SSL certificates for each status category.", + "type": "integer" + }, + "affected_instances": { + "description": "Indicates the total number of SSL/TLS certificates corresponding to the status provided.", + "type": "integer" } } }, - "DataPlaneKeyParamObjectID": { - "name": "data_plane_key_id", - "in": "path", - "schema": { - "$ref": "#/components/schemas/DataPlaneKeyObjectID" - }, - "description": "A globally unique identifier for the data plane key.\n", - "required": true - }, - "FilterFieldCertificates": { - "name": "filter_fields", - "in": "query", - "description": "Filter options for certificates; used in conjunction with other filter parameters having the same array length.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameCertificates" + "SummaryDisplayCount": { + "description": "The name, the total count, and an optional user-friendly display name of the resource being summarized.", + "type": "object", + "required": [ + "name", + "count" + ], + "properties": { + "name": { + "description": "Identifies the category of data being reported, such as an operating system, NGINX version, or another type.", + "type": "string" + }, + "count": { + "description": "The number of resources matching the given type.", + "type": "integer" + }, + "display": { + "description": "A user-friendly label for the category count, intended for display purposes where a more descriptive or readable format is preferred.", + "type": "string" } } }, - "SortDirection": { - "name": "sort_dir", - "in": "query", - "description": "Sorting direction for the criteria and the resulting collection returned. Defaults to descending if not specified.\n", - "schema": { - "type": "string", - "enum": [ - "Ascending", - "Descending" - ], - "x-enum-varnames": [ - "ascending", - "descending" - ] + "OperatingSystemVersionSummary": { + "description": "An array of operating systems and their versions on the NGINX data plane.", + "type": "array", + "items": { + "$ref": "#/components/schemas/SummaryDisplayCount" } }, - "SortNameCertificates": { - "name": "sort_certificates", - "in": "query", - "description": "Sort certificates by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name", - "subject_name", - "not_before", - "not_after" - ], - "x-enum-varnames": [ - "sort_name_certificates_name", - "sort_name_certificates_subject_name", - "sort_name_certificates_not_before", - "sort_name_certificates_not_after" - ] - } + "NGINXVersionSummary": { + "description": "An array of NGINX versions installed across the NGINX data plane.", + "type": "array", + "items": { + "$ref": "#/components/schemas/SummaryDisplayCount" } }, - "CertificateParamObjectID": { - "name": "certificateObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/CertificateObjectID" - }, - "description": "A globally unique identifier for the certificate.\n", - "required": true - }, - "DeleteFromDataPlanesParamFlag": { - "name": "deleteFromDataPlanes", - "in": "query", - "schema": { - "type": "boolean" - }, - "description": "Flag indicating whether the certificate should be deleted from its associated data planes.\n" - }, - "FilterFieldCertificateDeployments": { - "name": "filter_fields", - "in": "query", - "description": "Filter options for certificate deployments; used in conjunction with other filter parameters having the same array length.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameCertificateDeployments" + "StatusSummary": { + "description": "An overview of the status for each NGINX instance, indicating availability.", + "type": "object", + "required": [ + "online", + "offline", + "unavailable" + ], + "properties": { + "online": { + "description": "The number of NGINX instances reporting as `online`.\nThe NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n", + "type": "integer" + }, + "offline": { + "description": "The number of NGINX instances reporting as `offline`.\nThe NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n", + "type": "integer" + }, + "unavailable": { + "description": "The number of NGINX instances reporting as `unavailable`.\nThe NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n", + "type": "integer" } } }, - "SortNameCertificateDeployments": { - "name": "sort_certificate_deployments", - "in": "query", - "description": "Sort certificate deployments by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name" - ], - "x-enum-varnames": [ - "sort_name_certificate_deployments_name" - ] + "CveSeverityType": { + "type": "string", + "description": "Severity ratings:\n * `high` - High severity.\n * `medium` - Moderate severity.\n * `low` - Least severe.\n * `none` - Not severe.\n * `other` - Severity that does not fit the other categories.\n", + "enum": [ + "high", + "medium", + "low", + "none", + "other" + ], + "x-enum-varnames": [ + "cve_severity_type_high", + "cve_severity_type_medium", + "cve_severity_type_low", + "cve_severity_type_none", + "cve_severity_type_other" + ] + }, + "CveSummary": { + "description": "A summary of Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", + "type": "object", + "required": [ + "severity", + "count", + "affected_instances" + ], + "properties": { + "severity": { + "$ref": "#/components/schemas/CveSeverityType" + }, + "count": { + "description": "The number of CVEs at each severity level.", + "type": "integer" + }, + "affected_instances": { + "description": "The number of NGINX instances affected by each CVE.", + "type": "integer" } } }, - "FilterFieldConfigSyncGroups": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `name`, `config_status`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameConfigSyncGroups" + "RecommendationType": { + "type": "string", + "description": "Types of configuration recommendations:\n * `best_practice` - Suggestions based on established best practices.\n * `security` - Recommendations related to security.\n * `optimization` - Advice for optimizing performance.\n * `other` - Recommendations that do not fit the above categories.\n", + "enum": [ + "best_practice", + "security", + "optimization", + "other" + ], + "x-enum-varnames": [ + "recommendation_type_best_practice", + "recommendation_type_security", + "recommendation_type_optimization", + "recommendation_type_other" + ] + }, + "IssueSummary": { + "description": "A summary of issue details from the configuration analysis report.", + "type": "object", + "required": [ + "type", + "count", + "affected_instances" + ], + "properties": { + "type": { + "$ref": "#/components/schemas/RecommendationType" + }, + "count": { + "description": "The number of times this recommendation appears in the configuration analysis report.", + "type": "integer" + }, + "affected_instances": { + "description": "The number of instances affected by this issue.", + "type": "integer" } } }, - "SortNameConfigSyncGroups": { - "name": "sort_config_sync_groups", - "in": "query", - "description": "Sort config sync groups by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name" - ], - "x-enum-varnames": [ - "sort_name_config_sync_group_name" - ] + "InstanceSummary": { + "description": "A summary of NGINX instances, including certificates, OS versions, NGINX versions, and status details.", + "type": "object", + "properties": { + "certs": { + "description": "An array detailing each certificate's status across all NGINX instances.", + "type": "array", + "items": { + "$ref": "#/components/schemas/CertificateSummaryItem" + } + }, + "os": { + "$ref": "#/components/schemas/OperatingSystemVersionSummary" + }, + "nginx_versions": { + "$ref": "#/components/schemas/NGINXVersionSummary" + }, + "statuses": { + "$ref": "#/components/schemas/StatusSummary" + }, + "cves": { + "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", + "type": "array", + "items": { + "$ref": "#/components/schemas/CveSummary" + } + }, + "recommendations": { + "description": "An array summarizing the suggestions from the configuration analysis report.", + "type": "array", + "items": { + "$ref": "#/components/schemas/IssueSummary" + } } } }, - "ConfigSyncGroupParamObjectID": { - "name": "configSyncGroupObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupObjectID" - }, - "description": "A globally unique identifier for the NGINX config sync group.\n", - "required": true - }, - "ConfigSyncGroupConfigurationParamObjectID": { - "name": "configSyncGroupConfigurationObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/NginxConfigObjectID" - }, - "description": "A globally unique identifier for the NGINX config sync group configuration.\n", - "required": true + "FilterNameInstances": { + "type": "string", + "description": "Keywords for instance filters.\n\nWhen filtering on `instance_status`, only the following `filter_values` are supported:\n * online\n * offline\n * unavailable\n * unknown\nWhen filtering base on `cert_status`, only the following `filter_values` are supported:\n * valid\n * expiring\n * expired\n * not_ready\n", + "enum": [ + "hostname", + "nginx_version", + "os_version", + "instance_status", + "cert_status", + "cve_severity", + "config_recommendation", + "key_object_id", + "system_id", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_instances_hostname", + "filter_name_instances_nginx_version", + "filter_name_instances_os_version", + "filter_name_instances_instance_status", + "filter_name_instances_cert_status", + "filter_name_instances_cve_severity", + "filter_name_instances_config_recommendation", + "filter_name_instances_key_object_id", + "filter_name_instances_system_id", + "filter_name_instances_object_id" + ] }, - "PublicationParamObjectID": { - "name": "publicationObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/PublicationObjectID" - }, - "description": "A globally unique identifier for a Publication.\n", - "required": true + "InstanceObjectID": { + "description": "A globally unique identifier for the NGINX instance.", + "type": "string", + "format": "object_id", + "pattern": "^inst_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } }, - "SortNameControlPlanes": { - "name": "sort_control_planes", - "in": "query", - "description": "Sort control planes by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name" - ], - "x-enum-varnames": [ - "sort_name_control_plane_name" - ] + "NginxBuild": { + "description": "The build details for the NGINX binary, including its configuration parameters.\n", + "type": "object", + "required": [ + "version" + ], + "properties": { + "version": { + "description": "The version number of the base open-source NGINX.", + "type": "string" + }, + "plus_release": { + "description": "The NGINX Plus release version, if applicable.", + "type": "string" + }, + "conf_path": { + "description": "The absolute path to the NGINX configuration, as set by the `--conf-path` option during build time.", + "type": "string" } } }, - "FilterFieldControlPlanes": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings. Identifies the fields to filter by (for example, `name`, `product`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameControlPlanes" + "NginxAppProtectVersions": { + "description": "Version information regarding NGINX App Protect.\n", + "type": "object", + "required": [ + "engine_version" + ], + "properties": { + "release_version": { + "description": "The release version of NGINX App Protect.", + "type": "string" + }, + "engine_version": { + "description": "The version of the App Protect enforcement engine.", + "type": "string" } } }, - "ControlPlaneParamObjectID": { - "name": "controlPlaneObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/ControlPlaneObjectID" - }, - "description": "A globally unique identifier for the control plane.\n", - "required": true - }, - "SortNameCVEs": { - "name": "sort_cves", - "in": "query", - "description": "Sort CVEs by the number of instances affected by that CVE.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "instance_count", - "severity", - "cve_id", - "published_at" - ], - "x-enum-varnames": [ - "sort_instance_count", - "sort_cve_severity", - "sort_cve_id", - "sort_published_at" - ] + "NginxAppProtectDeploymentCounts": { + "type": "object", + "description": "Summary count of NAP policy version deployment statues.", + "required": [ + "total", + "deployed", + "deploying", + "failed" + ], + "properties": { + "total": { + "description": "Total count of NAP policy versions across the NGINX data plane.", + "type": "integer" + }, + "deployed": { + "description": "The number of NAP policy versions that have deployed.", + "type": "integer" + }, + "deploying": { + "description": "The number of NAP policy versions that are deploying.", + "type": "integer" + }, + "failed": { + "description": "The number of NAP policy versions that have failed deployment.", + "type": "integer" } } }, - "NginxCVEParamID": { - "name": "nginxCVEID", - "in": "path", - "schema": { - "type": "string", - "pattern": "^\\d{4}-\\d{4,19}$" - }, - "description": "A globally unique identifier for NGINX CVE.\n", - "required": true - }, - "SortNameCVEImpactedInstances": { - "name": "sort_cve_impacted_instances", - "in": "query", - "description": "Sort the Instances that are affected by a CVE\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "hostname", - "status" + "NginxAppProtectSummary": { + "description": "Summary information regarding NGINX App Protect.\n", + "type": "object", + "allOf": [ + { + "$ref": "#/components/schemas/NginxAppProtectVersions" + }, + { + "type": "object", + "required": [ + "deployments" ], - "x-enum-varnames": [ - "sort_name_cve_impacted_instances_hostname", - "sort_name_cve_impacted_instances_status" - ] + "properties": { + "deployments": { + "$ref": "#/components/schemas/NginxAppProtectDeploymentCounts" + } + } + } + ] + }, + "CertificateInstanceSummary": { + "description": "A breakdown and tally of certificates, detailing the total count, number of expired certificates, certificates nearing expiration, and those that are valid.", + "type": "object", + "required": [ + "total", + "expired", + "expiring", + "valid", + "not_ready" + ], + "properties": { + "total": { + "description": "Total count of certificates across the NGINX data plane.", + "type": "integer" + }, + "expired": { + "description": "The number of certificates that have expired and are no longer valid.", + "type": "integer" + }, + "expiring": { + "description": "The number of certificates due to expire in the next 30 days.", + "type": "integer" + }, + "valid": { + "description": "The number of certificates that are valid and in good standing.", + "type": "integer" + }, + "not_ready": { + "description": "The number of certificates that are not ready to be used.", + "type": "integer" } } }, - "FilterFieldEvents": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `hostname`, `object_id`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameEvents" + "CveDetails": { + "description": "CVEs details, including the type and count.\n", + "type": "object", + "required": [ + "type", + "count" + ], + "properties": { + "type": { + "$ref": "#/components/schemas/CveSeverityType" + }, + "count": { + "description": "The total number of each CVE type.", + "type": "integer" } } }, - "EventParamObjectID": { - "name": "eventObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/EventObjectID" - }, - "description": "A globally unique identifier for an event.\n", - "required": true + "IssueDetails": { + "description": "Issue details, including the type and count.\n", + "type": "object", + "required": [ + "type", + "count" + ], + "properties": { + "type": { + "$ref": "#/components/schemas/RecommendationType" + }, + "count": { + "description": "The total number of issues identified for the specific recommendation type.", + "type": "integer" + } + } }, - "FilterFieldInstances": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `hostname`, `nginx_version`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameInstances" + "ControlPlaneObjectID": { + "description": "A globally unique identifier for the control plane.", + "type": "string", + "format": "object_id", + "pattern": "^ecp_.*", + "x-go-type": "objects.ID" + }, + "ControlPlaneBaseInfo": { + "type": "object", + "description": "Base information of a control plane, which includes name, product version and optionally an object ID.", + "required": [ + "name", + "product_version", + "created_at" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/ControlPlaneObjectID" + }, + "name": { + "description": "Control plane name.", + "type": "string" + }, + "product_version": { + "description": "Control plane product name and version.", + "type": "string" + }, + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the control plane was created." } } }, - "SortNameInstances": { - "name": "sort_instances", - "in": "query", - "description": "Sort instances by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { + "Instance": { + "type": "object", + "description": "Summary information about a NGINX instance.", + "required": [ + "object_id", + "hostname", + "system_id", + "agent_version", + "registered_at", + "last_reported", + "status" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/InstanceObjectID" + }, + "hostname": { + "description": "The name of the host system where the NGINX instance is running.", + "type": "string" + }, + "system_id": { + "description": "The unique identifier assigned to the host system by the NGINX Agent.", + "type": "string" + }, + "nginx_id": { + "description": "The unique identifier for the NGINX process on the host system, assigned by the NGINX Agent.", + "type": "string" + }, + "agent_version": { + "description": "The version of the NGINX Agent.", + "type": "string" + }, + "key_object_id": { + "$ref": "#/components/schemas/DataPlaneKeyObjectID" + }, + "nginx_build": { + "$ref": "#/components/schemas/NginxBuild" + }, + "os_version": { + "description": "The operating system's name and its and version or codename.\n", + "type": "string", + "example": "ubuntu_jammy" + }, + "nginx_app_protect": { + "$ref": "#/components/schemas/NginxAppProtectSummary" + }, + "registered_at": { + "description": "The date and time when the NGINX instance first registered with NGINX One.", + "type": "string", + "format": "date-time" + }, + "last_reported": { + "description": "The date and time of the most recent report received from the NGINX Agent.", + "type": "string", + "format": "date-time" + }, + "status": { "type": "string", + "description": "The current operational status of the NGINX instance, with the following possible values:\n* `unknown` - The status of the NGINX instance cannot be determined at this moment.\n* `unavailable` - The NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n* `offline` - The NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n* `online` - The NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n", "enum": [ - "hostname", - "status", - "last_reported" - ], - "x-enum-varnames": [ - "sort_name_instance_hostname", - "sort_name_instance_status", - "sort_name_instance_last_reported" + "unknown", + "unavailable", + "offline", + "online" ] + }, + "cert_summary": { + "$ref": "#/components/schemas/CertificateInstanceSummary" + }, + "cve_severity": { + "type": "array", + "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", + "items": { + "$ref": "#/components/schemas/CveDetails" + } + }, + "recommendations": { + "type": "array", + "description": "An array summarizing the suggestions from the configuration analysis report.", + "items": { + "$ref": "#/components/schemas/IssueDetails" + } + }, + "control_plane": { + "$ref": "#/components/schemas/ControlPlaneBaseInfo" } } }, - "InstanceParamObjectID": { - "name": "instanceObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/InstanceObjectID" - }, - "description": "A globally unique identifier for the NGINX instance.\n", - "required": true - }, - "InstanceConfigurationParamObjectID": { - "name": "instanceConfigurationObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/NginxConfigObjectID" - }, - "description": "A globally unique identifier for the NGINX instance configuration.\n", - "required": true - }, - "FilterFieldStagedConfigs": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterStagedConfigs" + "InstanceListResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" + }, + { + "type": "object", + "description": "List of data plane instances.", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of Instance objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/Instance" + } + } + } } + ], + "example": { + "total": 10, + "count": 1, + "start_index": 1, + "items_per_page": 100, + "items": [ + { + "agent_version": "v2.30.3", + "hostname": "4d116619f106", + "key": "key_Tet21AeYTHCj7taOwVfzyw", + "last_reported": "2023-12-06T22:37:24.120114Z", + "nginx_build": { + "conf_path": "/etc/nginx/nginx.conf", + "version": "1.25.3" + }, + "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", + "registered_at": "2023-12-06T22:37:24.120114Z", + "status": "unknown", + "system_id": "b2c0b6a8-8b6a-3a8f-a541-17d8899c119a", + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw" + } + ] } }, - "SortNameStagedConfigs": { - "name": "sort_staged_configs", - "in": "query", - "description": "Sort staged configs by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name" - ], - "x-enum-varnames": [ - "sort_name_staged_config_name" - ] + "InstanceBulkRequestData": { + "type": "object", + "description": "Part of bulk operation on a NGINX instance, only `delete` is supported.", + "required": [ + "action" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/InstanceObjectID" + }, + "action": { + "$ref": "#/components/schemas/BulkRequestAction" } + }, + "example": { + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" } }, - "StagedConfigParamObjectID": { - "name": "stagedConfigObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/StagedConfigObjectID" + "InstanceBulkRequest": { + "type": "array", + "items": { + "$ref": "#/components/schemas/InstanceBulkRequestData" }, - "description": "A globally unique identifier for the NGINX staged config.\n", - "required": true - }, - "SortNameNapPolicies": { - "name": "sort_nap_policies", - "in": "query", - "description": "Sort NGINX App Protect policies by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name", - "deployment_count", - "enforcement_mode", - "last_deployed" - ], - "x-enum-varnames": [ - "sort_name_nap_policies_name", - "sort_name_nap_policies_deployment_count", - "sort_name_nap_policies_enforcement_mode", - "sort_name_nap_policies_last_deployed" - ] + "maxItems": 50, + "example": [ + { + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" + }, + { + "object_id": "inst_PL0c1XodRemmzVEjiXSsTg", + "action": "delete" } - } + ] }, - "FilterFieldNapPolicy": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameNapPolicy" - } + "InstanceBulkResponse": { + "description": "The NGINX instance bulk outcome.", + "type": "array", + "items": { + "$ref": "#/components/schemas/BulkRequestObjectStatus" } }, - "NapPolicyParamObjectID": { - "name": "nap_policy_object_id", - "in": "path", - "schema": { - "$ref": "#/components/schemas/NapPolicyObjectID" - }, - "description": "A globally unique identifier for the App Protect policy.\n", - "required": true - }, - "SortNameNapPolicyDeployments": { - "name": "sort_nap_deployments", - "in": "query", - "description": "Sort NGINX App Protect deployments by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name", - "type", - "policy_version", - "status", - "deployed_on", - "threat_campaign_version", - "attack_signature_version", - "bot_signature_version" - ], - "x-enum-varnames": [ - "sort_name_nap_policy_deployments_name", - "sort_name_nap_policy_deployments_type", - "sort_name_nap_policy_deployments_policy_version", - "sort_name_nap_policy_deployments_status", - "sort_name_nap_policy_deployments_deployed_on", - "sort_name_nap_policy_deployments_threat_campaign_version", - "sort_name_nap_policy_deployments_attack_signature_version", - "sort_name_nap_policy_deployments_bot_sigature_version" - ] + "NginxSecurityAdvisory": { + "type": "object", + "description": "Details about a specific NGINX security advisory, including its severity, a link to more information, and a brief description.", + "required": [ + "id", + "severity", + "advisory", + "info" + ], + "properties": { + "id": { + "description": "The security advisory's unique identifier.", + "type": "string" + }, + "severity": { + "$ref": "#/components/schemas/CveSeverityType" + }, + "advisory": { + "description": "The URL to detailed information about the security advisory.", + "type": "string" + }, + "info": { + "description": "A brief description of security advisory.", + "type": "string" } } }, - "FilterFieldNapPolicyDeployment": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameNapPolicyDeployment" - } + "CertificateObjectID": { + "description": "A globally unique identifier for the certificates.", + "type": "string", + "format": "object_id", + "pattern": "^cert_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "SortNameNapPolicyVersions": { - "name": "sort_nap_policy_versions", - "in": "query", - "description": "Sort NGINX App Protect policy versions by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { + "CertificateType": { + "type": "string", + "description": "Certificate type:\n * `ca_bundle` - This certificate object is a CA bundle.\n * `cert_key` - This certificate object is consisted of public certificates and key.\n * `unmanaged` - This certificate is not managed by NGINX One console and its type is unmanaged.\n", + "enum": [ + "ca_bundle", + "cert_key", + "unmanaged" + ], + "x-enum-varnames": [ + "certificate_type_ca_bundle", + "certificate_type_pem_cert_key", + "certificate_type_unmanaged" + ] + }, + "CertificateDeploymentStatus": { + "type": "string", + "description": "Certificate deployment status:\n * `latest` - This certificate deployment is up to date with the latest certificates and key.\n * `stale` - This certificate deployment is outdated and needs to deploy the latest certificates and key.\n * `unmanaged` - This certificate deployment is unmanaged by NGINX One Console.\n", + "enum": [ + "latest", + "stale", + "unmanaged" + ], + "x-enum-varnames": [ + "certificate_deployment_status_latest", + "certificate_deployment_status_stale", + "certificate_deployment_status_unmanaged" + ] + }, + "CertAssociation": { + "type": "object", + "description": "Details for a certificate that's associated with an instance or a config sync group.", + "required": [ + "name", + "object_id", + "cert_type", + "subject_name", + "not_before", + "not_after", + "cert_status", + "deployment_status" + ], + "properties": { + "name": { + "type": "string", + "description": "A friendly name for the certificate." + }, + "object_id": { + "$ref": "#/components/schemas/CertificateObjectID" + }, + "cert_type": { + "$ref": "#/components/schemas/CertificateType" + }, + "cert_paths": { + "type": "array", + "description": "The list of file system paths where the certificate file is installed. \nSince a single certificate file may be applied in multiple contexts, all relevant paths are included.\n", + "example": [ + "/etc/ssl/cert.pem", + "/etc/ssl/cert.crt" + ], + "items": { + "type": "string" + } + }, + "key_paths": { + "type": "array", + "description": "The list of file system paths where the private key file is installed.\nSince a single key file may be applied in multiple contexts, all relevant paths are included.\n", + "example": [ + "/etc/nginx/key.pem", + "/etc/ssl/server.key" + ], + "items": { + "type": "string" + } + }, + "deployment_status": { + "$ref": "#/components/schemas/CertificateDeploymentStatus" + }, + "subject_name": { + "type": "string", + "description": "Hostname or domain for the certificate. Usually the subject-alt-name (SAN) value for the certificate.\nif SAN is not present, this will be the certificate subject's common name.\n", + "example": "nginx.com" + }, + "cert_status": { + "$ref": "#/components/schemas/CertificateStatus" + }, + "not_before": { "type": "string", - "enum": [ - "created_at", - "deployment_status", - "deployment_count", - "enforcement_mode" - ], - "x-enum-varnames": [ - "sort_name_nap_policy_versions_created_at", - "sort_name_nap_policy_versions_deployment_status", - "sort_name_nap_policy_versions_deployment_count", - "sort_name_nap_policy_versions_enforcement_mode" - ] - } - } - }, - "FilterFieldNapPolicyVersion": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameNapPolicyVersion" + "format": "date-time", + "description": "the effective date of the certificate." + }, + "not_after": { + "type": "string", + "format": "date-time", + "description": "The expiration date for the certificate." } } }, - "NapPolicyVersionParamObjectID": { - "name": "nap_policy_version_object_id", - "in": "path", - "schema": { - "$ref": "#/components/schemas/NapPolicyVersionObjectID" - }, - "description": "A globally unique identifier for the App Protect policy version.\n", - "required": true - } - }, - "schemas": { - "FilterNameDataPlaneKeys": { - "type": "string", - "description": "Keywords for data plane key filters.\nWhen filtering on `status`, only the following `filter_values` are supported:\n * revoked\n * valid\n", - "enum": [ + "OperatingSystem": { + "description": "Release details for the operating system.", + "type": "object", + "required": [ "name", - "status", - "object_id" + "id", + "codename", + "version", + "version_id" ], - "x-enum-varnames": [ - "filter_name_data_plane_key_name", - "filter_name_data_plane_key_status", - "filter_name_data_plane_key_object_id" - ] + "properties": { + "name": { + "description": "The official name of the operating system release.", + "type": "string" + }, + "id": { + "description": "The distinctive identifier for the operating system release.", + "type": "string" + }, + "codename": { + "description": "The codename assigned to the operating system release.", + "type": "string" + }, + "version": { + "description": "The version label for the operating system, which may include the name and version number or codename.", + "type": "string" + }, + "version_id": { + "description": "The specific version number of the operating system release.", + "type": "string" + } + }, + "example": { + "name": "Ubuntu", + "id": "ubuntu", + "codename": "bionic", + "version": "18.04.5 LTS (Bionic Beaver)", + "version_id": "18.04" + } }, - "FilterOperand": { + "ConfigSyncGroupObjectID": { + "description": "A globally unique identifier for the NGINX config sync group.", "type": "string", - "enum": [ - "IN" - ], - "x-enum-varnames": [ - "filter_operands_in" - ] - }, - "FilterOperands": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterOperand" + "format": "object_id", + "pattern": "^csg_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "PaginationResponse": { + "ConfigSyncGroupMeta": { "type": "object", - "description": "Outlines pagination details for list responses, including total results, start index, and items per page.", + "description": "Meta information of the NGINX config sync group including:\n* NGINX config sync group object ID\n* unique name of the config sync group in the tenant namespace\n* last publication timestamp\n", "required": [ - "total", - "count" + "object_id", + "name", + "created_at" ], "properties": { - "total": { - "type": "integer", - "description": "The absolute total number of the resource in the NGINX One Console, ignoring any filter(s).\n" + "object_id": { + "$ref": "#/components/schemas/ConfigSyncGroupObjectID" }, - "count": { - "type": "integer", - "description": "The total number of results generated by the list or query operation, accounting for any filter(s).\nThis number can be greater than the number of returned resources when pagination is in effect and a page size limit (or maximum allowed) is reached.\n" + "name": { + "description": "Name of the NGINX config sync group.", + "type": "string" }, - "start_index": { - "type": "integer", - "description": "The first result's starting position in the list. This is disregarded when `paginated=false`.\n" + "last_publication": { + "description": "The date and time of the most recent config sync group publication.", + "type": "string", + "format": "date-time" }, - "items_per_page": { - "type": "integer", - "description": "The number of items to display per page. This is disregarded when `paginated=false`.\n" + "created_at": { + "description": "The date and time when the config sync group was created.", + "type": "string", + "format": "date-time" } }, "example": { - "total": 101, - "count": 1, - "start_index": 1, - "items_per_page": 100 + "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", + "name": "test-config-sync-group", + "last_publication": "2023-12-06T22:37:24.120114Z", + "created_at": "2023-12-05T22:30:20.220114Z" } }, - "DataPlaneKeyObjectID": { - "description": "A globally unique identifier for the data plane key.", + "ConfigSyncStatus": { + "type": "string", + "description": "The current config sync status of the NGINX config sync group, with the following possible values:\n* `unknown` - The status cannot be determined at this moment.\n* `in_sync` - All NGINX instances in config sync group have same config as indicated by config_version.\n* `out_of_sync` - Some NGINX instances in config sync group have config different than indicated by config_version.\n* `sync_in_progress` - The operation of applying config_version to all NGINX instances in config sync group is in progress.\n", + "enum": [ + "unknown", + "in_sync", + "out_of_sync", + "sync_in_progress" + ], + "x-enum-varnames": [ + "nginx_config_sync_group_config_status_unknown", + "nginx_config_sync_group_config_status_in_sync", + "nginx_config_sync_group_config_status_out_of_sync", + "nginx_config_sync_group_config_status_in_progress" + ] + }, + "ConfigSyncGroupInstanceMeta": { + "allOf": [ + { + "$ref": "#/components/schemas/ConfigSyncGroupMeta" + }, + { + "type": "object", + "description": "Additional details on instance in the NGINX config sync group including:\n* config sync status\n", + "properties": { + "instance_config_status": { + "$ref": "#/components/schemas/ConfigSyncStatus" + } + } + } + ] + }, + "NapPolicyObjectID": { + "description": "A globally unique identifier for the App Protect policy.", "type": "string", "format": "object_id", - "pattern": "^key_.*", + "pattern": "^pol_.*", "x-go-type": "objects.ID", "x-go-type-import": { "name": "objects", "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "DataPlaneKey": { - "type": "object", - "description": "Represents a data plane key with details such as object_id, name, and timestamps.", + "NapPolicyVersionObjectID": { + "description": "A globally unique identifier for the App Protect policy version.", + "type": "string", + "format": "object_id", + "pattern": "^pv_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "PublicationObjectID": { + "description": "A globally unique identifier for the publication.", + "type": "string", + "format": "object_id", + "example": "pub_72pGHoGsSICL_THZrs964g", + "pattern": "^pub_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "NapPolicyEnforcementMode": { + "description": "The current enforcement mode of the NGINX App Protect policy, with the following possible values:\n* `blocking` - Any illegal or suspicious requests are logged and blocked.\n* `transparent` - Any illegal or suspicious requests are logged but not blocked.\n", + "type": "string", + "enum": [ + "blocking", + "transparent" + ], + "x-enum-varnames": [ + "nap_enforcement_mode_blocking", + "nap_enforcement_mode_transparent" + ] + }, + "NapDeploymentStatus": { + "description": "The current enforcement mode of the NGINX App Protect policy, with the following possible values:\n* `deployed` - The NGINX App Protect policy has been deployed.\n* `not_deployed` - The NGINX App Protect policy has not been deployed.\n* `deploying` - The NGINX App Protect policy is currently being deployed.\n* `failed` - The NGINX App Protect policy failed deploying.\n", + "type": "string", + "enum": [ + "deployed", + "not_deployed", + "deploying", + "failed" + ], + "x-enum-varnames": [ + "nap_deployment_status_deployed", + "nap_deployment_status_not_deployed", + "nap_deployment_status_deploying", + "nap_deployment_status_failed" + ] + }, + "NapAssociation": { + "description": "Details for a NGINX App Protect policy version that's associated with an instance or a config sync group.", "required": [ - "object_id", "name", - "revoked", - "expires_at", - "created_at", - "modified_at" + "version", + "policy_object_id", + "policy_version_object_id", + "paths", + "deployment_status", + "publication_object_id", + "deployed_on", + "enforcement_mode" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/DataPlaneKeyObjectID" - }, "name": { - "description": "The name given to the data plane key.", - "type": "string" - }, - "revoked": { - "description": "Indicates whether the data plane key has been revoked or not.", - "type": "boolean" - }, - "revoked_at": { "type": "string", - "format": "date-time", - "description": "The date and time when the data plane key was revoked." + "description": "Name of the policy at the time of the deployment." }, - "expires_at": { + "version": { "type": "string", - "format": "date-time", - "description": "The date and time when the data plane key expires." + "description": "Version of the policy at the time of the deployment." }, - "created_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the data plane key was created." + "policy_object_id": { + "$ref": "#/components/schemas/NapPolicyObjectID" }, - "modified_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the data plane key was last modified." + "policy_version_object_id": { + "$ref": "#/components/schemas/NapPolicyVersionObjectID" }, - "instances_count": { - "type": "integer", - "description": "The number of registered instances using this data plane key. If field not populated, user should see the key has `unknown` key count" + "publication_object_id": { + "$ref": "#/components/schemas/PublicationObjectID" }, - "control_planes_count": { - "type": "integer", - "description": "The number of observed control planes using this data plane key." + "enforcement_mode": { + "$ref": "#/components/schemas/NapPolicyEnforcementMode" + }, + "paths": { + "type": "array", + "description": "The list of file system paths where the compiled NAP policy version bundle file is installed. \nSince a single compiled NAP policy version bundle file may be applied in multiple contexts, all relevant paths are included.\n", + "example": [ + "/etc/nginx/default_policy.tgz", + "/etc/nginx/default_policy_server_2.tgz" + ], + "items": { + "type": "string" + } + }, + "deployment_status": { + "$ref": "#/components/schemas/NapDeploymentStatus" + }, + "deployed_on": { + "description": "Date and time of the deployment.", + "type": "string", + "format": "date-time" } + }, + "example": { + "name": "default_policy", + "version": "2025.05.01", + "policy_object_id": "pol_panEdeY-Sh2rWm365y7wsw", + "policy_version_object_id": "pv_kem7SCosTTOL9mMlNyY2GQ", + "publication_object_id": "pub_72pGHoGsSICL_THZrs964g", + "paths": [ + "/etc/nginx/default_policy.tgz" + ], + "deployment_status": "deployed", + "enforcement_mode": "transparent", + "deployed_on": "2023-12-06T22:37:24.120114Z" } }, - "DataPlaneKeyListResponse": { + "NapSignatureVersion": { + "description": "The version of the NGINX App Protect resource.", + "type": "string", + "example": "2023.12.06" + }, + "NapInstanceAssociation": { "allOf": [ { - "$ref": "#/components/schemas/PaginationResponse" + "$ref": "#/components/schemas/NapAssociation" }, { "type": "object", - "description": "List of data plane keys.", "required": [ - "items" + "threat_campaign_version", + "attack_signature_version", + "bot_signature_version" ], "properties": { - "items": { - "description": "An array of DataPlaneKey objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/DataPlaneKey" - } + "threat_campaign_version": { + "$ref": "#/components/schemas/NapSignatureVersion" + }, + "attack_signature_version": { + "$ref": "#/components/schemas/NapSignatureVersion" + }, + "bot_signature_version": { + "$ref": "#/components/schemas/NapSignatureVersion" } } } - ] - }, - "Error": { - "description": "This object contains details about the errors that are returned when API requests fail.", - "type": "object", - "required": [ - "message", - "request_id", - "timestamp" - ], - "properties": { - "message": { - "description": "The error message describing the problem.", - "type": "string" - }, - "request_id": { - "description": "The unique identifier of the API request that failed.", - "type": "string" - }, - "timestamp": { - "description": "The date and time (in UTC) when the error happened.", - "type": "string" - }, - "detail": { - "description": "Additional information about the error, if available.", - "type": "string" - } - } - }, - "DataPlaneKeyCreateRequest": { - "type": "object", - "description": "Request structure for creating a new data plane key.", - "required": [ - "name" ], - "properties": { - "name": { - "description": "Give the data plane key a name so you can tell it apart from others.", - "type": "string", - "minLength": 1, - "maxLength": 128 - }, - "expires_at": { - "type": "string", - "format": "date-time", - "description": "Set an expiration date and time for the data plane key in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. \nIf an expiration date isn't specified, the key will expire one year after it's created. \n\nYou can use the _Update a data plane key_ endpoint to extend the expiration date.\nIt's not possible to update the expiration date once the data plane key has expired.\n" - } + "example": { + "name": "default_policy", + "version": "2025.05.01", + "policy_object_id": "pol_panEdeY-Sh2rWm365y7wsw", + "policy_version_object_id": "pv_kem7SCosTTOL9mMlNyY2GQ", + "publication_object_id": "pub_72pGHoGsSICL_THZrs964g", + "paths": [ + "/etc/nginx/default_policy.tgz" + ], + "deployment_status": "deployed", + "enforcement_mode": "transparent", + "deployed_on": "2023-12-06T22:37:24.120114Z", + "threat_campaign_version": "2025.01.23", + "attack_signature_version": "2025.01.19", + "bot_signature_version": "2025.01.19" } }, - "DataPlaneKeyResponse": { + "NginxAppProtectDetails": { + "description": "Information regarding NGINX App Protect. Includes version and deployments.\n", "type": "object", - "description": "Response structure containing details of the created or retrieved data plane key.", "required": [ - "key", - "object_id", - "expires_at" + "engine_version", + "deployments" ], "properties": { - "name": { - "description": "The name to be give to the new data plane key.", + "release_version": { + "description": "The release version of NGINX App Protect.", "type": "string" }, - "object_id": { - "$ref": "#/components/schemas/DataPlaneKeyObjectID" - }, - "key": { - "description": "The data plane key value. Save this key somewhere secure as it isn't saved and is shown only once.", + "engine_version": { + "description": "The version of the App Protect enforcement engine.", "type": "string" }, - "expires_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the data plane key will expire." + "deployments": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NapInstanceAssociation" + } } } }, - "BulkRequestAction": { - "type": "string", - "default": "modify", - "description": "Bulk action to perform:\n * `create` creates a new object given all required elements.\n * `modify` updates one or more elements of an existing object.\n * `delete` removes the existing object.\n", - "enum": [ - "create", - "modify", - "delete" - ], - "x-enum-varnames": [ - "bulk_action_create", - "bulk_action_modify", - "bulk_action_delete" - ] - }, - "DataPlaneKeyBulkRequestData": { + "InstanceDetails": { "type": "object", - "description": "Part of bulk operation on a data plane key, only `delete` is supported.", - "required": [ - "action", - "object_id" + "description": "Detailed information about an NGINX instance.", + "allOf": [ + { + "$ref": "#/components/schemas/Instance" + }, + { + "type": "object", + "properties": { + "certs": { + "description": "An array detailing each certificate's information, including its friendly name, unique identifier, applicable file system paths, subject name, and validity dates. \nIt provides insights into the operational status of each certificate, such as whether it's currently valid, nearing expiration, is not ready to be used, or has already expired.\nThe deployment status indicates whether the latest certs and key managed by NGINX One Console are deployed onto this data plane instance.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/CertAssociation" + } + }, + "os": { + "$ref": "#/components/schemas/OperatingSystem" + }, + "config_sync_group": { + "$ref": "#/components/schemas/ConfigSyncGroupInstanceMeta" + }, + "nginx_app_protect": { + "$ref": "#/components/schemas/NginxAppProtectDetails" + }, + "control_plane": { + "$ref": "#/components/schemas/ControlPlaneBaseInfo" + } + } + } ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/DataPlaneKeyObjectID" + "example": { + "agent_version": "v2.30.3", + "certs": [ + { + "subject_name": "test.com", + "name": "client", + "cert_type": "cert_key", + "not_after": "2024-01-06T00:01:30Z", + "not_before": "2023-12-07T00:01:30Z", + "cert_paths": [ + "/etc/nginx/client.pem" + ], + "cert_status": "expiring", + "deployment_status": "latest", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw" + } + ], + "hostname": "4d116619f106", + "key": "key_wN3IhLCmR3qmwybG_6ptEg", + "control_plane": { + "object_id": "ecp_CO1DdBxZToWmr3pTcaQ8QA", + "name": "nginx-ingress-001", + "product_version": "nginx-ingress-controller-4.0.1", + "created_at": "2023-12-06T22:37:24.120114Z" }, - "action": { - "$ref": "#/components/schemas/BulkRequestAction" - } - }, - "example": { - "object_id": "key_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" - } - }, - "DataPlaneKeyBulkRequest": { - "type": "array", - "items": { - "$ref": "#/components/schemas/DataPlaneKeyBulkRequestData" - }, - "minItems": 1, - "maxItems": 50, - "example": [ - { - "object_id": "key_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" + "last_reported": "2023-12-06T22:37:24.120114Z", + "nginx_build": { + "conf_path": "/etc/nginx/nginx.conf", + "version": "1.25.3" }, - { - "object_id": "key_PL0c1XodRemmzVEjiXSsTg", - "action": "delete" - } - ] + "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", + "os": { + "codename": "jammy", + "id": "ubuntu", + "name": "Ubuntu", + "version": "22.04.3 LTS (Jammy Jellyfish)", + "version_id": "22.04" + }, + "registered_at": "2023-12-06T22:37:24.120114Z", + "status": "unknown", + "system_id": "b2c0b6a8-8b6a-3a8f-a541-17d8899c119a", + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw" + } }, - "ObjectID": { - "description": "A globally unique identifier.", + "ConfigPath": { "type": "string", - "format": "object_id", - "pattern": "^\\w+_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } + "minLength": 1, + "maxLength": 4096, + "description": "The full path to the main NGINX configuration file. This corresponds to the `--conf-path` parameter used in the NGINX binary.\n", + "example": "/etc/nginx/nginx.conf." }, - "BulkRequestObjectStatus": { + "FileDataRequest": { "type": "object", + "description": "Details about a file, name, and content.", "required": [ - "outcome" + "name" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/ObjectID" - }, "name": { "type": "string", - "description": "this is the user facing name of the object." - }, - "outcome": { - "type": "string", - "description": "This is the outcome that corresponds to the action.\n* deleted - the object deletion was processed, and the object was deleted.\n* accepted - the request was accepted, and will be processed.\n* failed - the request failed, see failure_reason for more details.\n* invalid - the request was invalid, see failure_reason for more details.\n", - "enum": [ - "deleted", - "accepted", - "failed", - "invalid" - ], - "x-enum-varnames": [ - "build_request_object_status_deleted", - "build_request_object_status_accepted", - "build_request_object_status_failed", - "build_request_object_status_invalid" - ] + "description": "The file's relative path to the parent directory, absolute path also accepted.", + "minLength": 1, + "maxLength": 4096 }, - "failure_reason": { + "contents": { "type": "string", - "description": "this is the failure reason populated when outcome is 'failed' or 'invalid'." + "format": "byte", + "description": "The base64-encoded contents of the file.", + "maxLength": 3145728 } } }, - "DataPlaneKeyBulkResponse": { - "description": "The data plane key bulk outcome.", - "type": "array", - "items": { - "$ref": "#/components/schemas/BulkRequestObjectStatus" - } - }, - "DataPlaneKeyUpdateRequest": { + "DirectoryRequestWithFileContent": { "type": "object", - "description": "Request structure for updating an existing data plane key.", + "description": "Represents a directory and its contents, detailing the directory's full path, and the files within it.", + "required": [ + "name", + "files" + ], "properties": { "name": { - "description": "Give the data plane key a new name so you can tell it apart from others.", "type": "string", "minLength": 1, - "maxLength": 128 + "description": "The complete path of the directory." }, - "expires_at": { - "type": "string", - "format": "date-time", - "description": "Adjust the expiration date and time for the data plane key in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. \n\nIt's not possible to update the expiration date once the data plane key has expired.\n" + "files": { + "type": "array", + "description": "The list of files in the directory.", + "items": { + "$ref": "#/components/schemas/FileDataRequest" + } } } }, - "FilterNameCertificates": { - "type": "string", - "description": "Keywords for certificates filters.\nWhen filtering on `management`, only the following `filter_values` are supported:\n * managed\n * unmanaged\nWhen filtering on `type`, only the following `filter_values` are supported:\n * cert_key\n * ca_bundle\n * unknown\nWhen filtering on `status`, only the following `filter_values` are supported:\n * valid\n * expiring\n * expired\n * not_ready\n", - "enum": [ - "name", - "management", - "type", - "subject_name", - "status", - "object_id" - ], - "x-enum-varnames": [ - "filter_name_certificates_name", - "filter_name_certificates_management", - "filter_name_certificates_type", - "filter_name_certificates_subject_name", - "filter_name_certificates_status", - "filter_name_certificates_object_id" - ] - }, - "CertificateObjectID": { - "description": "A globally unique identifier for the certificates.", - "type": "string", - "format": "object_id", - "pattern": "^cert_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } - }, - "CertificateManagement": { - "type": "string", - "description": "Management type:\n * `managed` - Certificate managed by NGINX One Console.\n * `unmanaged` - Certificate that only exists on a data plane instance, detected from its NGINX configuration.\n", - "enum": [ - "managed", - "unmanaged" - ], - "x-enum-varnames": [ - "certificate_management_managed", - "certificate_management_unmanaged" - ] - }, - "CertificateType": { - "type": "string", - "description": "Certificate type:\n * `ca_bundle` - This certificate object is a CA bundle.\n * `cert_key` - This certificate object is consisted of public certificates and key.\n * `unmanaged` - This certificate is not managed by NGINX One console and its type is unmanaged.\n", - "enum": [ - "ca_bundle", - "cert_key", - "unmanaged" - ], - "x-enum-varnames": [ - "certificate_type_ca_bundle", - "certificate_type_pem_cert_key", - "certificate_type_unmanaged" - ] - }, - "CertificateObjectMetadata": { + "NginxConfigObjectRequest": { + "type": "object", + "description": "Details of an NGINX configuration, the main configuration path, and the configuration directories.\n", "required": [ - "management", - "type" + "conf_path", + "configs" ], "properties": { - "name": { - "description": "Name of the certificate, optionally specified upon creation", - "type": "string" - }, - "object_id": { - "$ref": "#/components/schemas/CertificateObjectID" + "config_version": { + "type": "string", + "description": "A hash that uniquely identifies the contents of the config object. Can be used to detect change when updating the NginxConfig.\n" }, - "management": { - "$ref": "#/components/schemas/CertificateManagement" + "conf_path": { + "$ref": "#/components/schemas/ConfigPath" }, - "type": { - "$ref": "#/components/schemas/CertificateType" + "configs": { + "type": "array", + "description": "An array of directories containing NGINX configuration files.", + "items": { + "$ref": "#/components/schemas/DirectoryRequestWithFileContent" + } }, - "certs_count": { - "description": "The number of public certificates under this certificate object.", - "type": "integer", - "format": "int64" - } - }, - "example": { - "name": "example-ca-bundle", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", - "management": "managed", - "type": "ca_bundle", - "certs_count": 5 - } - }, - "CertificateStatus": { - "type": "string", - "description": "Status of the certificate:\n * `valid` - The certificate is currently valid and operational.\n * `expiring` - The certificate will expire within the next 30 days. Consider renewing it to maintain uninterrupted service.\n * `expired` - The certificate is no longer valid. Immediate renewal is recommended to ensure secure connections.\n * `not_ready` - The certificate is not ready to be used, based on the start date of its validity period.\n", - "enum": [ - "valid", - "expiring", - "expired", - "not_ready" - ], - "x-enum-varnames": [ - "certificate_status_valid", - "certificate_status_expiring", - "certificate_status_expired", - "certificate_status_not_ready" - ] + "aux": { + "type": "array", + "description": "An array of auxiliary directory contents related to the NGINX configuration. When auxiliary contents are\nprovided, they become the authoritative source of non-NGINX configuration content. Please ensure the\nprovided contents are complete, missing files that are referenced in the NGINX configuration can cause\nNGINX reload failure. When not provided, the previous known auxiliary contents will be used as part of\npublish.\n", + "items": { + "$ref": "#/components/schemas/DirectoryRequestWithFileContent" + } + } + } }, - "CertificateDisplayMetadata": { - "description": "This represents the essential metadata of a public certificate.", + "PayloadObjectID": { + "description": "A globally unique identifier for the valid payload object reference.", + "type": "string", + "format": "object_id", + "pattern": "^(cert|pv)_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "NginxConfigPayload": { "type": "object", + "description": "Details of Aux File Payload that goes with an NGINX configuration. Provide hints for the backend system on \nadditional file contents that should be part of the NGINX Config Publication.\nCan be used to deploy files related to SSL certificates, to a data plane instance.\n", "required": [ - "subject_name", - "status", - "not_before", - "not_after" + "type", + "paths" ], "properties": { - "subject_name": { + "type": { "type": "string", - "example": "www.example.com", - "description": "DNS name that identifies the certificate. If DNS is not present in the SAN extension, this will be the common name.\n" - }, - "status": { - "$ref": "#/components/schemas/CertificateStatus" + "description": "Types of Aux File Payload:\n - inline_secret - indicates the provided content for the payload should be stored in a secret location, and removed after the publication is done.\n - inline_content - indicates the provided content for the payload should be stored, and removed after the publication is done. Note, the contents may end up in the `aux` content if used in this NGINX configuration.\n - unmanaged_certificate - indicates certificate content for an unmanaged certificate detected from a data plane instance through NGINX configurations. Will be filtered and ignored in the payload deployment.\n - managed_certificate - indicates public certificates managed by NGINX One Console.\n - managed_key - indicates a private key managed by NGINX One Console.\n - nap_policy_version - indicates a version of NAP policy managed by NGINX One Console. A valid policy_version object\n", + "enum": [ + "inline_secret", + "inline_content", + "unmanaged_certificate", + "managed_certificate", + "managed_key", + "nap_policy_version" + ], + "x-enum-varnames": [ + "nginx_config_payload_inline_secret", + "nginx_config_payload_inline_content", + "nginx_config_payload_unmanaged_certificate", + "nginx_config_payload_managed_certificate", + "nginx_config_payload_managed_key", + "nginx_config_payload_nap_policy_version" + ] }, - "not_before": { + "contents": { "type": "string", - "format": "date-time", - "example": "2023-06-12T09:12:33.001Z", - "description": "The start of the validity period for the certificate." + "format": "base64", + "description": "The base64-encoded contents of the file.", + "maxLength": 3145728 }, - "not_after": { - "type": "string", - "format": "date-time", - "example": "2029-12-25T09:12:33.001Z", - "description": "The end of the validity period for the certificate." + "object_id": { + "$ref": "#/components/schemas/PayloadObjectID" + }, + "paths": { + "type": "array", + "items": { + "type": "string" + } } }, "example": { - "subject_name": "self_ca_signed", - "status": "valid", - "not_before": "2023-08-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z" + "type": "inline_content", + "contents": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURUVENDQWpXZ0F3SUJBZ0lVVkcycitidUwwRk83U1FVeUtoVkNTN3YyRHZZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05qRVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNUk13RVFZRFZRUUtEQXBPUjBsT1dDQkpibU11TVFzdwpDUVlEVlFRR0V3SlZVekFlRncweU5EQTBNall5TURVeE5ERmFGdzB5TkRBME1qY3lNRFV4TkRGYU1EWXhFakFRCkJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERFVE1CRUdBMVVFQ2d3S1RrZEpUbGdnU1c1akxqRUxNQWtHQTFVRUJoTUMKVlZNd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMyb0FJVU9HMkxGMFVGclpMeQp5aWhZRjBZWjdYTWFYZnZ4dWJMYVZZdUdJNjlYN1FQRUJtUXp2OXdod25aUktDUExDZHVCNG04Y0o3Q3BGenRHCldPYVFMbmNxVVA4RFU1aHlQeFBSbmZUdFFBcUdiMDJRZ1RVQXY1QkpJMFZheGhCcnNaemd0KzgyM3ZoTTZTUHcKMGdSc1NZRlFpKzVDWW9MMWZNSWdhS0N2Ri9zZGl5cHZFQ0JDZVZyTWZFZ0pGSVJBQ1kvdFBzdEsvTkxwKzlmawppZ3hFMlYxcldoSGdvRmhZRm5YYnVqM2RIMHJLai9DVlM5anZMMk9vRTlvenM5MkRVLytySGJ6eFR3QndVQjBzCmVPS2hPY2d2cENyTVlSUWxUUlhmWVJmV0NLN2Q2Mk1JR3kvajcvV1VieDFOYzl4MjJzUitydVRlZkxnRTA2NWgKMldDZkFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFmQmdOVgpIU01FR0RBV2dCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFCNC9VM3lrMFYzMTFNRFQvaEttbFJ4MWRqalRyMlhIQnVEcXZYY3BIRTQKVDJwZ0xnWURwN2tmUTQrdnlHWUt1cndEc0F1VDhEZCtUUUZLZEIraEFGRzMyazlxS1RyY1ZCZ2tNSjIwQitvWQp4T2diWW5zVnpiTDhXL0hOR3BlbDkrbThwYURtMGRXNzhMUit5UnJleDVlY2pjYWlZMDg3b0dHNlJDeWhyUVd4CkpkdkFvNlU1ejl3TnVhNmMyNlY2cy84Yit6SkJWektGZ0tQNVVGL2lIcGJVNW1QcVMwWlk4ckhRLzZPTHRGRjgKZ1J2UUlRZjZLSjRmOXlUOFBYSHBIdGJCMzEzaWh2Z09wWW9la3lIWTZaSmllTWhkd0J4MzB1N3d2Uy9POEluYwpsZWZzTkxUcWFTM2JWdldLeUFaVlZyenFtU043aGh4QWZrc0RZelBFbkF3OAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t", + "paths": [ + "/etc/nginx/ssl/server.crt" + ] } }, - "CertificateOverviewMetadata": { - "description": "Represents an overview of all the public certificates under a single cert object.\nIf multiple public certificates on the same CA chain, including the leaf certificate and key are provided, \nthis includes `status`, `subject_name`, `not_before` and `not_after` for the leaf certificate.\nIf a CA bundle is provided, the above mentioned certificate metadata is for the Certificate Authority that\nexpires the soonest in the bundle.\n", - "type": "object", - "allOf": [ + "NginxConfigPayloads": { + "type": "array", + "description": "An array of payloads that track the file paths of each SSL certificates and key, indicating where to deploy\nthem onto the data plane instance.\n* If the `type` is `managed_certificate` or `managed_key`, you need to specify an `object_id`.\n * The `object_id` must represent a managed certificate object, or a `400 Bad Request` is returned. \n * The `contents` field is optional and is ignored if included.\n* The NGINX One Console manages deployed file paths only for managed certificates and keys. If you don't want \nthem to be managed by NGINX One Console, `inline_content` and `inline_secret` can be used for certificates or \nkeys, respectively. When you retrieve certificate deployment details, only the file paths of managed \ncertificates and keys will be shown.\n* If you use `inline_content` and `inline_secret` in your NGINX configuration, the NGINX One Console \nwill detect them. When they are used as SSL directives of the NGINX configuration \nfor certificates and keys, the certificates will be listed as `unmanaged_certificate` in the certificate \ndeployment details.\n", + "items": { + "$ref": "#/components/schemas/NginxConfigPayload" + }, + "example": [ { - "$ref": "#/components/schemas/CertificateObjectMetadata" + "type": "managed_certificate", + "object_id": "cert_rto8NYiCQputrIasNx2NOA", + "paths": [ + "/etc/nginx/cert.pem" + ] }, { - "$ref": "#/components/schemas/CertificateDisplayMetadata" + "type": "managed_key", + "object_id": "cert_rto8NYiCQputrIasNx2NOA", + "paths": [ + "/etc/nginx/key.pem" + ] + }, + { + "type": "inline_content", + "contents": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURUVENDQWpXZ0F3SUJBZ0lVVkcycitidUwwRk83U1FVeUtoVkNTN3YyRHZZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05qRVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNUk13RVFZRFZRUUtEQXBPUjBsT1dDQkpibU11TVFzdwpDUVlEVlFRR0V3SlZVekFlRncweU5EQTBNall5TURVeE5ERmFGdzB5TkRBME1qY3lNRFV4TkRGYU1EWXhFakFRCkJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERFVE1CRUdBMVVFQ2d3S1RrZEpUbGdnU1c1akxqRUxNQWtHQTFVRUJoTUMKVlZNd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMyb0FJVU9HMkxGMFVGclpMeQp5aWhZRjBZWjdYTWFYZnZ4dWJMYVZZdUdJNjlYN1FQRUJtUXp2OXdod25aUktDUExDZHVCNG04Y0o3Q3BGenRHCldPYVFMbmNxVVA4RFU1aHlQeFBSbmZUdFFBcUdiMDJRZ1RVQXY1QkpJMFZheGhCcnNaemd0KzgyM3ZoTTZTUHcKMGdSc1NZRlFpKzVDWW9MMWZNSWdhS0N2Ri9zZGl5cHZFQ0JDZVZyTWZFZ0pGSVJBQ1kvdFBzdEsvTkxwKzlmawppZ3hFMlYxcldoSGdvRmhZRm5YYnVqM2RIMHJLai9DVlM5anZMMk9vRTlvenM5MkRVLytySGJ6eFR3QndVQjBzCmVPS2hPY2d2cENyTVlSUWxUUlhmWVJmV0NLN2Q2Mk1JR3kvajcvV1VieDFOYzl4MjJzUitydVRlZkxnRTA2NWgKMldDZkFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFmQmdOVgpIU01FR0RBV2dCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFCNC9VM3lrMFYzMTFNRFQvaEttbFJ4MWRqalRyMlhIQnVEcXZYY3BIRTQKVDJwZ0xnWURwN2tmUTQrdnlHWUt1cndEc0F1VDhEZCtUUUZLZEIraEFGRzMyazlxS1RyY1ZCZ2tNSjIwQitvWQp4T2diWW5zVnpiTDhXL0hOR3BlbDkrbThwYURtMGRXNzhMUit5UnJleDVlY2pjYWlZMDg3b0dHNlJDeWhyUVd4CkpkdkFvNlU1ejl3TnVhNmMyNlY2cy84Yit6SkJWektGZ0tQNVVGL2lIcGJVNW1QcVMwWlk4ckhRLzZPTHRGRjgKZ1J2UUlRZjZLSjRmOXlUOFBYSHBIdGJCMzEzaWh2Z09wWW9la3lIWTZaSmllTWhkd0J4MzB1N3d2Uy9POEluYwpsZWZzTkxUcWFTM2JWdldLeUFaVlZyenFtU043aGh4QWZrc0RZelBFbkF3OAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t", + "paths": [ + "/etc/nginx/inline_cert.crt" + ] } - ], - "example": { - "name": "example-ca-bundle", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", - "management": "managed", - "type": "ca_bundle", - "subject_name": "self_ca_signed", - "status": "valid", - "not_before": "2023-08-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z", - "certs_count": 5 - } + ] }, - "CertificateListResponse": { + "NginxConfigRequest": { "allOf": [ { - "$ref": "#/components/schemas/PaginationResponse" + "$ref": "#/components/schemas/NginxConfigObjectRequest" }, { "type": "object", - "description": "List of SSL certificates.", - "required": [ - "items" - ], "properties": { - "items": { - "description": "An array of basic metadata for all the SSL certificates in NGINX One Console. \nFor a CA bundle, an overview with metadata on the first Certificate Authority in the bundle will be displayed.\nOtherwise, an overview with metadata on the leaf certificate will be displayed.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/CertificateOverviewMetadata" - } + "payloads": { + "$ref": "#/components/schemas/NginxConfigPayloads" } } } + ] + }, + "NginxConfigDirectives": { + "type": "array", + "x-go-type": "xp.Directives", + "x-go-type-import": { + "name": "xp", + "path": "github.com/nginxinc/nginx-go-crossplane" + }, + "items": { + "$ref": "#/components/schemas/NginxConfigDirective" + } + }, + "NginxConfigDirective": { + "type": "object", + "x-go-type": "xp.Directive", + "x-go-type-import": { + "name": "xp", + "path": "github.com/nginxinc/nginx-go-crossplane" + }, + "required": [ + "directive", + "line", + "args" ], - "example": { - "total": 10, - "count": 2, - "start_index": 1, - "items_per_page": 100, - "items": [ - { - "name": "example-cert_key", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", - "management": "managed", - "type": "cert_key", - "status": "valid", - "subject_name": "www.example.com", - "not_before": "2023-08-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z", - "certs_count": 1 - }, - { - "name": "example-ca-bundle", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", - "management": "managed", - "type": "ca_bundle", - "subject_name": "self_ca_signed", - "status": "valid", - "not_before": "2023-08-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z", - "certs_count": 5 + "properties": { + "directive": { + "type": "string" + }, + "line": { + "type": "integer" + }, + "args": { + "type": "array", + "items": { + "type": "string" } - ] + }, + "file": { + "type": "string" + }, + "includes": { + "type": "array", + "items": { + "type": "integer" + } + }, + "block": { + "$ref": "#/components/schemas/NginxConfigDirectives" + }, + "comment": { + "type": "string" + } } }, - "CertificateContent": { + "ParsedNginxConfig": { "type": "object", - "description": "Defines the PEM-formatted certificate content which includes the certificates and corresponding private key, all encoded in base64.\n", "required": [ - "public_certs" + "file", + "parsed" ], "properties": { - "public_certs": { + "file": { "type": "string", - "format": "base64", - "maxLength": 3145728, - "description": "Base64-encoded PEM-formatted certificate information. \nThe `public_certs` field can include a leaf certificate along with its full chain of trust or a CA bundle. \nFor leaf certificates, the accompanying `private_key` is required to authenticate the certificate's validity. \nCA bundles contain trusted CA certificates and may consist of certificates from different CA chains. A private\nkey should not be included in a CA bundle.\n" + "description": "NGINX Instance configuration file, corresponds to the conf-path." }, - "private_key": { - "type": "string", - "format": "base64", - "maxLength": 3145728, - "description": "Base64-encoded private key string for the leaf certificate, required only for certificate-key pairs to \nverify the certificate's authenticity.\n" + "parsed": { + "$ref": "#/components/schemas/NginxConfigDirectives" + } + } + }, + "NginxConfigProblem": { + "type": "object", + "description": "Representation of a problem found during NGINX configuration analysis.", + "properties": { + "directive": { + "description": "Directive in the NGINX configuration where the issue is identified.", + "type": "string" + }, + "file": { + "description": "File where the issue is detected.", + "type": "string" + }, + "line": { + "description": "Line number in the configuration where the issue is found.", + "type": "integer" + } + } + }, + "NginxConfigReport": { + "type": "object", + "description": "An analysis of the NGINX configuration, highlighting issues and their severity, and offering recommendations.", + "properties": { + "rule": { + "description": "The name of the configuration rule that was violated.", + "type": "string" + }, + "info": { + "description": "A detailed description of the issue.", + "type": "string" + }, + "severity": { + "description": "The severity level of the issue.", + "type": "string" + }, + "category": { + "description": "Classification category of the issue.", + "type": "string" + }, + "documentation": { + "description": "Links to documentation that can assist in resolving the identified issue.", + "type": "array", + "items": { + "type": "string" + } + }, + "where": { + "description": "Specific locations in the configuration where issues were detected.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxConfigProblem" + } } - }, - "example": { - "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==" } }, - "CertificateRequest": { + "NginxConfigReports": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxConfigReport" + } + }, + "FileData": { "type": "object", - "description": "Request structure for parsing or upserting certificates with an optional private key.\n", + "description": "Details about a file, including its path, content, size, and last modified time.", "required": [ - "content" + "name", + "contents", + "size", + "mtime" ], "properties": { "name": { - "description": "A name for the certificate, making it identifiable among others.", "type": "string", + "description": "The file's relative path to the parent directory.", "minLength": 1, - "maxLength": 128 + "maxLength": 4096 }, - "content": { - "$ref": "#/components/schemas/CertificateContent" - } - }, - "example": { - "name": "example-ca-bundle", - "content": { - "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==", - "private_key": "" + "contents": { + "type": "string", + "format": "byte", + "description": "The base64-encoded contents of the file.", + "maxLength": 3145728 + }, + "size": { + "type": "integer", + "description": "The size of the file, in bytes." + }, + "mtime": { + "type": "string", + "format": "date-time", + "description": "Timestamp of the last modification made to the file." } } }, - "CertificateMetadata": { - "description": "A comprehensive list of all the metadata for a public certificate.", + "DirectoryWithFileContent": { "type": "object", + "description": "Represents a directory and its contents, detailing the directory's full path, assigned permissions, last modified time, and the files within it.", "required": [ - "status", - "serial_number", - "signature_algorithm", - "not_before", - "not_after", - "public_key_type", - "thumbprint" + "name", + "files" ], "properties": { - "status": { - "$ref": "#/components/schemas/CertificateStatus" - }, - "version": { - "type": "integer", - "format": "int64", - "example": 3, - "description": "The version of the certificate, typically 3 for X.509 certificates." - }, - "serial_number": { - "type": "string", - "example": "16469416336579571270", - "description": "A unique identifier for the certificate." - }, - "signature_algorithm": { - "type": "string", - "example": "SHA-256", - "description": "Identifies the algorithm used to sign the certificate." - }, - "issuer": { - "type": "string", - "example": "CN=Example CA, O=Certificate Authority Inc., OU=CA Department, L=City, ST=State, C=Country", - "description": "Identifies the entity who signed and issued the certificate." - }, - "not_before": { + "name": { "type": "string", - "format": "date-time", - "example": "2023-06-12T09:12:33.001Z", - "description": "The start of the validity period for the certificate." + "description": "The complete path of the directory." }, - "not_after": { + "permissions": { "type": "string", - "format": "date-time", - "example": "2029-12-25T09:12:33.001Z", - "description": "The end of the validity period for the certificate." + "description": "The permissions for the directory." }, - "subject": { + "mtime": { "type": "string", - "example": "CN=www.example.com, O=Example Inc., OU=IT Department, L=City, ST=State, C=Country", - "description": "Identifies the primary entity to which the certificate is issued. Typically, it contains information\nsuch as the Common Name (CN), Organization (O), Organizational Unit (OU), Country (C), etc.\n" + "description": "The date and time when the directory was last modified.", + "format": "date-time" }, - "subject_alternative_name": { + "files": { "type": "array", + "description": "The list of files in the directory.", "items": { - "type": "string" - }, - "example": [ - "DNS:www.example.com", - "DNS:example.com", - "email:info@example.com" - ], - "description": "Defines additional identifies bound to the subject of the certificate. \nFor example, the DNS name is used to add additional domain names to a certificate.\n" - }, - "public_key_type": { - "type": "string", - "example": "RSA (2048 Bits)", - "description": "Identifies the encryption algorithm used to create the public key for the certificate." - }, - "common_name": { - "type": "string", - "example": "www.example.com", - "description": "The Common Name (CN) for the certificate, used when DNS name is not present in the SAN extension.\n" - }, - "authority_key_identifier": { - "type": "string", - "example": "2B D0 69 47 94 76 09 FE F4 6B 8D 2E 40 A6 F7 47 4D 7F 08 5E", - "description": "The identifier of the signing authority for the certificate." - }, - "subject_key_identifier": { - "type": "string", - "example": "31 EA 76 A9 23 74 A5 DF D4 FD EE A0 C1 A6 9E C6 11 0E 11 EC", - "description": "A hash value of the SSL certificate that can be used to identify certificates that \ncontain a particular public key.\n" - }, - "thumbprint_algorithm": { - "type": "string", - "example": "SHA-1", - "description": "Defines the algorithm used to hash the certificate." - }, - "thumbprint": { - "type": "string", - "example": "E6 A7 87 96 E0 C7 A3 E5 43 78 35 CA 16 78 5B 48 5A A9 DD C4 5C CD 0A 65 AA 89 33 E3 C3 D0 89 71", - "description": "A hash to ensure that the certificate has not been modified." + "$ref": "#/components/schemas/FileData" + } } - }, - "example": { - "status": "valid", - "version": 3, - "serial_number": "71283929", - "signature_algorithm": "SHA256-RSA", - "issuer": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=eg3bsriq_cert_bundle_CA", - "not_before": "2023-02-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z", - "subject": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=self_ca_signed", - "subject_alternative_name": [], - "public_key_type": "RSA (2048 bit)", - "common_name": "self_ca_signed", - "authority_key_identifier": "3A:79:E0:3E:61:CD:94:29:1D:BB:45:37:0B:E9:78:E9:2F:40:67:CA", - "subject_key_identifier": "93:35:2B:75:09:B9:FF:01:1B:63:F1:0E:50:71:9C:4E:B4:E2:02:BA", - "thumbprint_algorithm": "SHA-256", - "thumbprint": "C1:EB:E8:CE:35:77:63:75:D3:C0:E7:97:5F:02:8C:D3:D8:C4:12:34:40:45:D3:98:67:39:BE:8A:33:CE:1F:B2" } }, - "PrivateKeyMetadata": { + "NginxConfigObject": { "type": "object", - "description": "Metadata for a private key.", + "description": "Details of an NGINX configuration, the main configuration path, and the configuration directories.\n", + "required": [ + "conf_path", + "configs" + ], "properties": { - "key_size": { - "description": "Size of the private key in bits.", - "type": "integer", - "format": "int64" + "config_version": { + "type": "string", + "description": "A hash that uniquely identifies the contents of the config object. Can be used to detect change when updating the NginxConfig.\n" }, - "encryption_algorithm": { - "description": "The encryption algorithm used for the private key.", - "type": "string" + "conf_path": { + "$ref": "#/components/schemas/ConfigPath" + }, + "configs": { + "type": "array", + "description": "An array of directories containing NGINX configuration files.", + "items": { + "$ref": "#/components/schemas/DirectoryWithFileContent" + } + }, + "aux": { + "type": "array", + "description": "An array of auxiliary directory contents related to the NGINX configuration.", + "items": { + "$ref": "#/components/schemas/DirectoryWithFileContent" + } } }, "example": { - "key_size": 512, - "encryption_algorithm": "RSA" + "aux": [], + "conf_path": "/etc/nginx/nginx.conf", + "configs": [ + { + "files": [ + { + "contents": "Cm1hcCAkdXJpICRtYXBwZWRfc2VydmljZSB7CiAgICBkZWZhdWx0IFVOTUFUQ0hFRDsKICAgICJ+Xi9hcGkvdjEvbmFtZXNwYWNlcy9cdysvaW5zdGFuY2VzIiAgICAgICAgaW5zdGFuY2VzLXN2YzsKICAgICJ+Xi9hcGkvdjEvbmFtZXNwYWNlcy9cdysvZGF0YS1wbGFuZS1rZXlzIiAga2V5cy1zdmM7CiAgICAifl4vYXBpL3YxL25hbWVzcGFjZXMvXHcrL21vbml0b3IiICAgICAgICAgIG1vbml0b3Itc3ZjOwp9Cgp1cHN0cmVhbSBpbnN0YW5jZXMtc3ZjIHsKICAgIHNlcnZlciBpbnN0YW5jZXMtc3ZjOjgwODA7Cn0KCnVwc3RyZWFtIGtleXMtc3ZjIHsKICAgIHNlcnZlciBrZXlzLXN2Yzo4MDkwOwp9Cgp1cHN0cmVhbSBkYXRhcGxhbmUtY3RybCB7CiAgICBzZXJ2ZXIgZGF0YXBsYW5lLWN0cmw6ODA4MDsKfQoKdXBzdHJlYW0gbW9uaXRvci1zdmMgewogICAgc2VydmVyIG1vbml0b3Itc3ZjOjgwODA7Cn0KCnVwc3RyZWFtIG1ldHJpY3MtaW5nZXN0IHsKICAgIHNlcnZlciBtZXRyaWNzLWluZ2VzdDo4MDgwOwp9CgpzZXJ2ZXIgewogICAgbGlzdGVuIDg4ODg7CiAgICBzZXJ2ZXJfbmFtZSBfOwogICAgaHR0cDIgb247CgogICAgcHJveHlfcGFzc19yZXF1ZXN0X2hlYWRlcnMgb247CiAgICByZXdyaXRlICJeL2FwaS8obmdpbngvb25lfHYxKS8oLiopJCIgIi9hcGkvdjEvJDIiIGJyZWFrOwogICAgbG9jYXRpb24gL2FwaS92MS8gewogICAgICAgIGlmICgkbWFwcGVkX3NlcnZpY2UgPSAiVU5NQVRDSEVEIikgewogICAgICAgICAgICByZXR1cm4gNDA0ICd7ImVycm9yOiAiTm90IGZvdW5kIn0nOwogICAgICAgIH0KICAgICAgICBwcm94eV9wYXNzX2hlYWRlciBYLVZvbHRlcnJhLUFwaWd3LVRlbmFudDsKICAgICAgICBwcm94eV9wYXNzIGh0dHA6Ly8kbWFwcGVkX3NlcnZpY2U7CiAgICB9CgogICAgIyBnUlBDIHNlcnZpY2UgZm9yIGRhdGFwbGFuZS1jdHJsCiAgICBsb2NhdGlvbiAvZjUubmdpbnguYWdlbnQuc2RrLkNvbW1hbmRlciB7CiAgICAgICAgZ3JwY19zb2NrZXRfa2VlcGFsaXZlIG9uOwogICAgICAgIGdycGNfcmVhZF90aW1lb3V0IDVtOwogICAgICAgIGdycGNfc2VuZF90aW1lb3V0IDVtOwogICAgICAgIGNsaWVudF9ib2R5X3RpbWVvdXQgMTBtOwogICAgICAgIGdycGNfcGFzcyBncnBjOi8vZGF0YXBsYW5lLWN0cmw7CiAgICB9CgogICAgIyBnUlBDIHNlcnZpY2UgZm9yIG1ldHJpY3MgaW5nZXN0aW9uCiAgICBsb2NhdGlvbiAvZjUubmdpbnguYWdlbnQuc2RrLk1ldHJpY3NTZXJ2aWNlIHsKICAgICAgICBncnBjX3NvY2tldF9rZWVwYWxpdmUgb247CiAgICAgICAgZ3JwY19yZWFkX3RpbWVvdXQgNW07CiAgICAgICAgZ3JwY19zZW5kX3RpbWVvdXQgNW07CiAgICAgICAgY2xpZW50X2JvZHlfdGltZW91dCAxMG07CiAgICAgICAgY2xpZW50X21heF9ib2R5X3NpemUgMDsKICAgICAgICBncnBjX3Bhc3MgZ3JwYzovL21ldHJpY3MtaW5nZXN0OwogICAgfQp9CgojIHByb3h5IHRvIHRoZSBtYW5hZ2VtZW50IHNlcnZlcnMKc2VydmVyIHsKICAgIGxpc3RlbiAxNTAwMDsKICAgIHNlcnZlcl9uYW1lIF87CiAgICAjIHVzZSBkb2NrZXIgRE5TCiAgICByZXNvbHZlciAxMjcuMC4wLjExIHZhbGlkPTMwczsKCiAgICAjIG1hdGNoIC88c2VydmljZT4vPG1nbXQgZW5kcG9pbnQ+CiAgICBsb2NhdGlvbiB+Xi8oW14vXSspLyguKykkIHsKICAgICAgICBwcm94eV9wYXNzIGh0dHA6Ly8kMToxNTAwMC8kMjsKICAgIH0KCiAgICBsb2NhdGlvbiAvIHsKICAgICAgICBhZGRfaGVhZGVyICJDb250ZW50LVR5cGUiICJ0ZXh0L2h0bWwiOwogICAgICAgIHJldHVybiAyMDAgIjxwPkFjY2VzcyB0aGUgbWFuYWdlbWVudCBzZXJ2ZXIgb2YgYW55IHNlcnZpY2Ugd2l0aCBVUkxzIGxpa2UgPGNvZGU+aHR0cDovL2xvY2FsaG9zdDoxNTAwMC8mbHQ7U0VSVklDRV9OQU1FJmd0Oy9tZXRyaWNzPC9jb2RlPjwvcD4iOwogICAgfQp9Cg==", + "mtime": "1970-01-01T00:00:00Z", + "name": "default.conf", + "size": 1942 + } + ], + "name": "/etc/nginx/conf.d" + }, + { + "files": [ + { + "contents": "CnVzZXIgIG5naW54Owp3b3JrZXJfcHJvY2Vzc2VzICBhdXRvOwoKZXJyb3JfbG9nICAvdmFyL2xvZy9uZ2lueC9lcnJvci5sb2cgbm90aWNlOwpwaWQgICAgICAgIC92YXIvcnVuL25naW54LnBpZDsKCgpldmVudHMgewogICAgd29ya2VyX2Nvbm5lY3Rpb25zICAxMDI0Owp9CgoKaHR0cCB7CiAgICBpbmNsdWRlICAgICAgIC9ldGMvbmdpbngvbWltZS50eXBlczsKICAgIGRlZmF1bHRfdHlwZSAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtOwoKICAgIGxvZ19mb3JtYXQgIG1haW4gICckcmVtb3RlX2FkZHIgLSAkcmVtb3RlX3VzZXIgWyR0aW1lX2xvY2FsXSAiJHJlcXVlc3QiICcKICAgICAgICAgICAgICAgICAgICAgICckc3RhdHVzICRib2R5X2J5dGVzX3NlbnQgIiRodHRwX3JlZmVyZXIiICcKICAgICAgICAgICAgICAgICAgICAgICciJGh0dHBfdXNlcl9hZ2VudCIgIiRodHRwX3hfZm9yd2FyZGVkX2ZvciInOwoKICAgIGFjY2Vzc19sb2cgIC92YXIvbG9nL25naW54L2FjY2Vzcy5sb2cgIG1haW47CgogICAgc2VuZGZpbGUgICAgICAgIG9uOwogICAgI3RjcF9ub3B1c2ggICAgIG9uOwoKICAgIGtlZXBhbGl2ZV90aW1lb3V0ICA2NTsKCiAgICAjZ3ppcCAgb247CgogICAgaW5jbHVkZSAvZXRjL25naW54L2NvbmYuZC8qLmNvbmY7Cn0K", + "mtime": "1970-01-01T00:00:00Z", + "name": "nginx.conf", + "size": 648 + }, + { + "contents": "CnR5cGVzIHsKICAgIHRleHQvaHRtbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBodG1sIGh0bSBzaHRtbDsKICAgIHRleHQvY3NzICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjc3M7CiAgICB0ZXh0L3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeG1sOwogICAgaW1hZ2UvZ2lmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdpZjsKICAgIGltYWdlL2pwZWcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqcGVnIGpwZzsKICAgIGFwcGxpY2F0aW9uL2phdmFzY3JpcHQgICAgICAgICAgICAgICAgICAgICAgICAgICBqczsKICAgIGFwcGxpY2F0aW9uL2F0b20reG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdG9tOwogICAgYXBwbGljYXRpb24vcnNzK3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJzczsKCiAgICB0ZXh0L21hdGhtbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbW1sOwogICAgdGV4dC9wbGFpbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHR4dDsKICAgIHRleHQvdm5kLnN1bi5qMm1lLmFwcC1kZXNjcmlwdG9yICAgICAgICAgICAgICAgICBqYWQ7CiAgICB0ZXh0L3ZuZC53YXAud21sICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd21sOwogICAgdGV4dC94LWNvbXBvbmVudCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGh0YzsKCiAgICBpbWFnZS9hdmlmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXZpZjsKICAgIGltYWdlL3BuZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwbmc7CiAgICBpbWFnZS9zdmcreG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZnIHN2Z3o7CiAgICBpbWFnZS90aWZmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGlmIHRpZmY7CiAgICBpbWFnZS92bmQud2FwLndibXAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2JtcDsKICAgIGltYWdlL3dlYnAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJwOwogICAgaW1hZ2UveC1pY29uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGljbzsKICAgIGltYWdlL3gtam5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqbmc7CiAgICBpbWFnZS94LW1zLWJtcCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYm1wOwoKICAgIGZvbnQvd29mZiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3b2ZmOwogICAgZm9udC93b2ZmMiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdvZmYyOwoKICAgIGFwcGxpY2F0aW9uL2phdmEtYXJjaGl2ZSAgICAgICAgICAgICAgICAgICAgICAgICBqYXIgd2FyIGVhcjsKICAgIGFwcGxpY2F0aW9uL2pzb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqc29uOwogICAgYXBwbGljYXRpb24vbWFjLWJpbmhleDQwICAgICAgICAgICAgICAgICAgICAgICAgIGhxeDsKICAgIGFwcGxpY2F0aW9uL21zd29yZCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2M7CiAgICBhcHBsaWNhdGlvbi9wZGYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcGRmOwogICAgYXBwbGljYXRpb24vcG9zdHNjcmlwdCAgICAgICAgICAgICAgICAgICAgICAgICAgIHBzIGVwcyBhaTsKICAgIGFwcGxpY2F0aW9uL3J0ZiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBydGY7CiAgICBhcHBsaWNhdGlvbi92bmQuYXBwbGUubXBlZ3VybCAgICAgICAgICAgICAgICAgICAgbTN1ODsKICAgIGFwcGxpY2F0aW9uL3ZuZC5nb29nbGUtZWFydGgua21sK3htbCAgICAgICAgICAgICBrbWw7CiAgICBhcHBsaWNhdGlvbi92bmQuZ29vZ2xlLWVhcnRoLmtteiAgICAgICAgICAgICAgICAga216OwogICAgYXBwbGljYXRpb24vdm5kLm1zLWV4Y2VsICAgICAgICAgICAgICAgICAgICAgICAgIHhsczsKICAgIGFwcGxpY2F0aW9uL3ZuZC5tcy1mb250b2JqZWN0ICAgICAgICAgICAgICAgICAgICBlb3Q7CiAgICBhcHBsaWNhdGlvbi92bmQubXMtcG93ZXJwb2ludCAgICAgICAgICAgICAgICAgICAgcHB0OwogICAgYXBwbGljYXRpb24vdm5kLm9hc2lzLm9wZW5kb2N1bWVudC5ncmFwaGljcyAgICAgIG9kZzsKICAgIGFwcGxpY2F0aW9uL3ZuZC5vYXNpcy5vcGVuZG9jdW1lbnQucHJlc2VudGF0aW9uICBvZHA7CiAgICBhcHBsaWNhdGlvbi92bmQub2FzaXMub3BlbmRvY3VtZW50LnNwcmVhZHNoZWV0ICAgb2RzOwogICAgYXBwbGljYXRpb24vdm5kLm9hc2lzLm9wZW5kb2N1bWVudC50ZXh0ICAgICAgICAgIG9kdDsKICAgIGFwcGxpY2F0aW9uL3ZuZC5vcGVueG1sZm9ybWF0cy1vZmZpY2Vkb2N1bWVudC5wcmVzZW50YXRpb25tbC5wcmVzZW50YXRpb24KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwcHR4OwogICAgYXBwbGljYXRpb24vdm5kLm9wZW54bWxmb3JtYXRzLW9mZmljZWRvY3VtZW50LnNwcmVhZHNoZWV0bWwuc2hlZXQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB4bHN4OwogICAgYXBwbGljYXRpb24vdm5kLm9wZW54bWxmb3JtYXRzLW9mZmljZWRvY3VtZW50LndvcmRwcm9jZXNzaW5nbWwuZG9jdW1lbnQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2N4OwogICAgYXBwbGljYXRpb24vdm5kLndhcC53bWxjICAgICAgICAgICAgICAgICAgICAgICAgIHdtbGM7CiAgICBhcHBsaWNhdGlvbi93YXNtICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2FzbTsKICAgIGFwcGxpY2F0aW9uL3gtN3otY29tcHJlc3NlZCAgICAgICAgICAgICAgICAgICAgICA3ejsKICAgIGFwcGxpY2F0aW9uL3gtY29jb2EgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjY287CiAgICBhcHBsaWNhdGlvbi94LWphdmEtYXJjaGl2ZS1kaWZmICAgICAgICAgICAgICAgICAgamFyZGlmZjsKICAgIGFwcGxpY2F0aW9uL3gtamF2YS1qbmxwLWZpbGUgICAgICAgICAgICAgICAgICAgICBqbmxwOwogICAgYXBwbGljYXRpb24veC1tYWtlc2VsZiAgICAgICAgICAgICAgICAgICAgICAgICAgIHJ1bjsKICAgIGFwcGxpY2F0aW9uL3gtcGVybCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwbCBwbTsKICAgIGFwcGxpY2F0aW9uL3gtcGlsb3QgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwcmMgcGRiOwogICAgYXBwbGljYXRpb24veC1yYXItY29tcHJlc3NlZCAgICAgICAgICAgICAgICAgICAgIHJhcjsKICAgIGFwcGxpY2F0aW9uL3gtcmVkaGF0LXBhY2thZ2UtbWFuYWdlciAgICAgICAgICAgICBycG07CiAgICBhcHBsaWNhdGlvbi94LXNlYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2VhOwogICAgYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2ggICAgICAgICAgICAgICAgICAgIHN3ZjsKICAgIGFwcGxpY2F0aW9uL3gtc3R1ZmZpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBzaXQ7CiAgICBhcHBsaWNhdGlvbi94LXRjbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGNsIHRrOwogICAgYXBwbGljYXRpb24veC14NTA5LWNhLWNlcnQgICAgICAgICAgICAgICAgICAgICAgIGRlciBwZW0gY3J0OwogICAgYXBwbGljYXRpb24veC14cGluc3RhbGwgICAgICAgICAgICAgICAgICAgICAgICAgIHhwaTsKICAgIGFwcGxpY2F0aW9uL3hodG1sK3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICB4aHRtbDsKICAgIGFwcGxpY2F0aW9uL3hzcGYreG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICB4c3BmOwogICAgYXBwbGljYXRpb24vemlwICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHppcDsKCiAgICBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0gICAgICAgICAgICAgICAgICAgICAgICAgYmluIGV4ZSBkbGw7CiAgICBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0gICAgICAgICAgICAgICAgICAgICAgICAgZGViOwogICAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtICAgICAgICAgICAgICAgICAgICAgICAgIGRtZzsKICAgIGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbSAgICAgICAgICAgICAgICAgICAgICAgICBpc28gaW1nOwogICAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtICAgICAgICAgICAgICAgICAgICAgICAgIG1zaSBtc3AgbXNtOwoKICAgIGF1ZGlvL21pZGkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtaWQgbWlkaSBrYXI7CiAgICBhdWRpby9tcGVnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbXAzOwogICAgYXVkaW8vb2dnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9nZzsKICAgIGF1ZGlvL3gtbTRhICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtNGE7CiAgICBhdWRpby94LXJlYWxhdWRpbyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcmE7CgogICAgdmlkZW8vM2dwcCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDNncHAgM2dwOwogICAgdmlkZW8vbXAydCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRzOwogICAgdmlkZW8vbXA0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1wNDsKICAgIHZpZGVvL21wZWcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtcGVnIG1wZzsKICAgIHZpZGVvL3F1aWNrdGltZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtb3Y7CiAgICB2aWRlby93ZWJtICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2VibTsKICAgIHZpZGVvL3gtZmx2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBmbHY7CiAgICB2aWRlby94LW00diAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbTR2OwogICAgdmlkZW8veC1tbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1uZzsKICAgIHZpZGVvL3gtbXMtYXNmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhc3ggYXNmOwogICAgdmlkZW8veC1tcy13bXYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdtdjsKICAgIHZpZGVvL3gtbXN2aWRlbyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdmk7Cn0K", + "mtime": "1970-01-01T00:00:00Z", + "name": "mime.types", + "size": 5349 + } + ], + "name": "/etc/nginx" + } + ] } }, - "CertificateResponse": { - "type": "object", - "description": "Response structure containing details of the created, updated or retrieved SSL certificate. In general, \nthe response should contain:\n * an overview of all the public certificates\n * `warnings` whether any issue is found after parsing the certificates and key\n * `certs`\n * `key_metadata` if key provided in the request body\n * timestamps that represent when this cert object was created or modified\n", + "NginxConfigObjectID": { + "description": "A globally unique identifier for the NGINX Config object.", + "type": "string", + "format": "object_id", + "pattern": "^nc_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "NginxConfig": { + "description": "Details of an NGINX configuration, including its unique identifier, the main configuration path, the \nconfiguration directories, and the NGINX configuration payloads that indicate where managed SSL certificates\nand keys were deployed to on the data plane instance.\n", "allOf": [ { - "$ref": "#/components/schemas/CertificateOverviewMetadata" + "$ref": "#/components/schemas/NginxConfigObject" }, { "type": "object", + "required": [ + "object_id" + ], "properties": { - "warnings": { - "type": "string", - "description": "Warnings indicate whether there are any issues with the stored cert object. Empty when no issues were found.\n" - }, - "certs": { - "description": "An array of metadata for all the public certificates under the cert object.", - "type": "array", - "items": { - "$ref": "#/components/schemas/CertificateMetadata" - } - }, - "key": { - "$ref": "#/components/schemas/PrivateKeyMetadata" - }, - "created_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the SSL certificate was created." + "object_id": { + "$ref": "#/components/schemas/NginxConfigObjectID" }, - "modified_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the SSL certificate was last modified." + "payloads": { + "$ref": "#/components/schemas/NginxConfigPayloads" } } } - ], - "example": { - "name": "example-cert_key", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", - "management": "managed", - "type": "cert_key", - "status": "valid", - "subject_name": "www.example.com", - "not_before": "2023-08-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z", - "warnings": "The provided private key does not match the certificate's signing key.", - "certs_count": 1, - "certs": [ - { - "status": "valid", - "version": 3, - "serial_number": "71283929", - "signature_algorithm": "SHA256-RSA", - "issuer": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=eg3bsriq_cert_A", - "not_before": "2023-02-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z", - "subject": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=eg3bsriq_cert_B", - "subject_alternative_name": [], - "public_key_type": "RSA (2048 bit)", - "common_name": "eg3bsriq_cert_B", - "authority_key_identifier": "3A:79:E0:3E:61:CD:94:29:1D:BB:45:37:0B:E9:78:E9:2F:40:67:CA", - "subject_key_identifier": "93:35:2B:75:09:B9:FF:01:1B:63:F1:0E:50:71:9C:4E:B4:E2:02:BA", - "thumbprint_algorithm": "SHA-256", - "thumbprint": "C1:EB:E8:CE:35:77:63:75:D3:C0:E7:97:5F:02:8C:D3:D8:C4:12:34:40:45:D3:98:67:39:BE:8A:33:CE:1F:B2" - } - ], - "key": { - "key_size": 512, - "encryption_algorithm": "RSA" - }, - "modified_at": "2023-11-01T00:00:00Z", - "created_at": "2023-10-01T00:00:00Z" - } - }, - "PublicationBulkResponse": { - "description": "The publication bulk operation outcome.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/BulkRequestObjectStatus" - } + ] }, - "CertificateUpdateContent": { + "PublicationStatusCause": { + "description": "Cause of the failure, provided only if the status is `failed`.", "type": "object", - "description": "Defines the PEM-formatted certificate content which includes the certificates and corresponding private key, all encoded in base64.\n", "properties": { - "public_certs": { + "cause": { + "description": "Cause of the failure, detailed as follows:\n* `unknown` - The reason for the failure is not known.\n* `timeout` - The publication request reached its time limit without receiving a response from the NGINX Agent.\n* `remote` - The NGINX Agent reported a failure when trying to apply the configuration. See the message for more details.\n* `payload` - The publication was successful, but there were warnings reported by attached payloads, see message for more details.\n", "type": "string", - "format": "base64", - "maxLength": 3145728, - "description": "Base64-encoded PEM-formatted certificate information. \nThis is used for updating an existing certificate object. The schema is the same as `CertificateContent`,\nthe only difference is that both `public_certs` and `private_key` fields are optional. There are three use\ncases for this schema:\n* the below update can be done on either a Cert Key Pair or a CA Bundle:\n * when only `public_certs` is populated, update the public certificates on a certificate object. \n The updated public certificates will be validated against the existing private key.\n* the below update can be done only on a Cert Key Pair:\n * when only `private_key` is populated, update only the private key on a certificate object. \n The updated private key will be validated against the existing public certificates.\n * when both `public_certs` and `private_key` fields are populated, update both of them on a certificate \n object.\n" + "enum": [ + "unknown", + "timeout", + "remote", + "payload" + ], + "x-enum-varnames": [ + "publication_instance_status_cause_unknown", + "publication_instance_status_cause_timeout", + "publication_instance_status_cause_remote", + "publication_instance_status_cause_payload" + ] }, - "private_key": { + "message": { "type": "string", - "format": "base64", - "maxLength": 3145728, - "description": "Base64-encoded private key string for the leaf certificate, required only for certificate-key pairs to \nverify the certificate's authenticity.\n" + "description": "more specific failure message from the agent." } - }, - "example": { - "private_key": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFM295ZHVlT0FOSkhodkwzeXZKZFRwaG9ldjVHTzdnbytCeVlPTy9sNTR1NU8yUHhNZVgrQWpBYjZBeG1xCmxpdkl1aHc9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0t" } }, - "CertificateUpdateRequest": { - "type": "object", - "description": "Request structure for updating a certificate object. If key provided, it will be validated against the \nexisting leaf certificate stored under the certificate object.\n* Update for an unmanaged certificate object:\n * This converts the unmanaged certificate object to managed.\n * `public_certs` should always be provided during the conversion.\n * When key is provided, this certificate object is converted to a managed Cert Key Pair. Otherwise, it is\n converted to a managed CA Bundle.\n", + "PublicationInstance": { + "description": "Details of a publication request for an NGINX instance.", + "required": [ + "status", + "created_at", + "modified_at" + ], "properties": { - "name": { - "description": "A name for the certificate, making it identifiable among others.", + "object_id": { + "$ref": "#/components/schemas/PublicationObjectID" + }, + "config_version": { "type": "string", - "minLength": 1, - "maxLength": 128 + "description": "A hash that uniquely identifies the contents of the config object in the publication.\n" }, - "content": { - "$ref": "#/components/schemas/CertificateUpdateContent" + "status": { + "description": "Publication status for the NGINX instance:\n* `pending` - The publication request has been accepted and is currently processing.\n* `failed` - The publication attempt failed.\n* `succeeded` - The publication was successful.\n* `succeeded_with_warnings` - The publication was successful, but there were warnings.\n", + "type": "string", + "enum": [ + "pending", + "failed", + "succeeded", + "succeeded_with_warnings" + ], + "x-enum-varnames": [ + "publication_instance_status_pending", + "publication_instance_status_failed", + "publication_instance_status_succeeded", + "publication_instance_status_succeeded_with_warnings" + ] + }, + "status_cause": { + "$ref": "#/components/schemas/PublicationStatusCause" + }, + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the publication was created for the instance." + }, + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the publication was last modified for the instance." } }, "example": { - "name": "example-cert-object", - "content": { - "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==" - } + "config_version": "c039fbbd5d7f73d894390fb446bd3690da099ed8862b2527299bc2ba", + "created_at": "2024-05-14T20:36:06.272704Z", + "modified_at": "2024-05-14T20:36:06.272704Z", + "object_id": "pub_vfr5Oqv-AhxGzyqTXW-Ubw", + "status": "pending" } }, - "FilterNameCertificateDeployments": { - "type": "string", - "description": "Keywords for certificate deployment filters.\nWhen filtering on `association_type`, only the following `filter_values` are supported:\n * instance\n * config_sync_group\nWhen filtering on `deployment_status`, only the following `filter_values` are supported:\n * latest\n * stale\n", - "enum": [ - "name", - "association_type", - "deployment_status" - ], - "x-enum-varnames": [ - "filter_name_certificate_deployments_name", - "filter_name_certificate_deployments_association_type", - "filter_name_certificate_deployments_deployment_status" - ] - }, - "DeploymentAssociatedType": { - "type": "string", - "description": "The type of the deployment association, with the following values:\n * `instance`\n * `config_sync_group`\n", - "enum": [ - "instance", - "config_sync_group" - ], - "x-enum-varnames": [ - "deployment_associated_type_instance", - "deployment_associated_type_config_sync_group" - ] - }, - "DeploymentAssociatedName": { - "type": "string", - "description": "Based on deployment type:\n * `instance`\n * `config_sync_group`\n" - }, - "CertificateDeploymentStatus": { - "type": "string", - "description": "Certificate deployment status:\n * `latest` - This certificate deployment is up to date with the latest certificates and key.\n * `stale` - This certificate deployment is outdated and needs to deploy the latest certificates and key.\n * `unmanaged` - This certificate deployment is unmanaged by NGINX One Console.\n", - "enum": [ - "latest", - "stale", - "unmanaged" - ], - "x-enum-varnames": [ - "certificate_deployment_status_latest", - "certificate_deployment_status_stale", - "certificate_deployment_status_unmanaged" - ] - }, - "CertificateDeployment": { + "NginxConfigMeta": { "type": "object", - "description": "Response structure containing certificate deployment details for an SSL certificate, which include\n * `association_type` represents type of the object affected by this certificate deployment, which is either\n an instance or config sync group\n * `object_id` represents the object ID for the associated instance or config sync group\n * `name` for either the host name of an instance or the name of a config sync group\n * `deployment_status`:\n * `latest`: deployment is up to date with the latest updated certificate and key contents\n * `stale`: deployment for either certificates or key is outdated, requires a redeployment with the latest contents\n * `cert_paths` represents the file paths used for deploying public certificates of this certificate object\n * `key_paths` represents the file paths used for deploying the private key of this certificate object, if a\n private key is present\n", + "description": "Meta data of an NGINX configuration, including its unique identifier, the config_version.\n", "required": [ - "association_type", "object_id", - "name", - "deployment_status" + "config_version", + "created_at", + "modified_at", + "config_source" ], "properties": { - "association_type": { - "$ref": "#/components/schemas/DeploymentAssociatedType" - }, "object_id": { - "$ref": "#/components/schemas/ObjectID" - }, - "name": { - "$ref": "#/components/schemas/DeploymentAssociatedName" + "$ref": "#/components/schemas/NginxConfigObjectID" }, - "deployment_status": { - "$ref": "#/components/schemas/CertificateDeploymentStatus" + "config_version": { + "type": "string", + "description": "A hash that uniquely identifies the contents of the config object.\n" }, - "cert_paths": { - "description": "Deployment file paths for public certificates.", - "type": "array", - "items": { - "type": "string" - } + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the NGINX configuration object was created for the instance." }, - "key_paths": { - "description": "Deployment file paths for the private key.", - "type": "array", - "items": { - "type": "string" - } - } - }, - "example": { - "association_type": "instance", - "name": "instance-host-name", - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "deployment_status": "latest", - "cert_paths": [ - "/etc/nginx/example.crt", - "/etc/nginx/certs/cert.crt" - ], - "key_paths": [ - "/etc/nginx/example.key" - ] - } - }, - "CertificateDeploymentListResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the NGINX configuration object was last modified for the instance." }, - { - "type": "object", - "description": "List of certificate deployments for a SSL certificate.", - "required": [ - "items" + "config_source": { + "type": "string", + "enum": [ + "NGINX One", + "Other", + "Unspecified" ], - "properties": { - "items": { - "description": "An array of certificate deployments for an SSL certificate. If this certificate object represents a \nCA bundle, there will be only public certificate file paths in the certificate deployment details.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/CertificateDeployment" - } - } - } + "x-enum-varnames": [ + "config_source_nginx_one", + "config_source_other", + "config_source_unspecified" + ], + "description": "The source from which the config was created:\n- `NGINX One`: The config was created from NGINX One.\n- `Other`: The config was created from data plane.\n- `Unspecified`: The source of the config is unspecified.\n" } - ], + }, "example": { - "total": 10, - "count": 2, - "start_index": 1, - "items_per_page": 100, - "items": [ - { - "association_type": "instance", - "name": "instance-host-name", - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "deployment_status": "latest", - "cert_paths": [ - "/etc/nginx/example.crt", - "/etc/nginx/certs/cert.crt" - ], - "key_paths": [ - "/etc/nginx/example.key" - ] - }, - { - "association_type": "config_sync_group", - "name": "group1", - "object_id": "csg_vfr5Oqv-AhxGzyqTXW-Ubw", - "deployment_status": "stale", - "cert_paths": [ - "/etc/nginx/cert.crt" - ], - "key_paths": [ - "/etc/nginx/server.key" - ] - } - ] + "object_id": "nc_AamgWtYSSb6OWGljx3wNDA", + "config_version": "Cm1hcCAkdXJpICRtYXBwZWRfc2V", + "created_at": "2023-08-10T16:59:15Z", + "modified_at": "2023-08-10T16:59:15Z", + "config_source": "NGINX One" } }, + "FeatureFlagKey": { + "type": "string", + "description": "String representation of a feature flag key." + }, "FilterNameConfigSyncGroups": { "type": "string", "description": "Keywords for config sync groups filters.\nWhen filtering on `config_status`, only the following `filter_values` are supported:\n * in_sync\n * out_of_sync\n * sync_in_progress\n * unknown\n", @@ -6365,66 +11084,6 @@ "filter_name_config_sync_group_object_id" ] }, - "ConfigSyncGroupObjectID": { - "description": "A globally unique identifier for the NGINX config sync group.", - "type": "string", - "format": "object_id", - "pattern": "^csg_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } - }, - "ConfigSyncStatus": { - "type": "string", - "description": "The current config sync status of the NGINX config sync group, with the following possible values:\n* `unknown` - The status cannot be determined at this moment.\n* `in_sync` - All NGINX instances in config sync group have same config as indicated by config_version.\n* `out_of_sync` - Some NGINX instances in config sync group have config different than indicated by config_version.\n* `sync_in_progress` - The operation of applying config_version to all NGINX instances in config sync group is in progress.\n", - "enum": [ - "unknown", - "in_sync", - "out_of_sync", - "sync_in_progress" - ], - "x-enum-varnames": [ - "nginx_config_sync_group_config_status_unknown", - "nginx_config_sync_group_config_status_in_sync", - "nginx_config_sync_group_config_status_out_of_sync", - "nginx_config_sync_group_config_status_in_progress" - ] - }, - "CertificateInstanceSummary": { - "description": "A breakdown and tally of certificates, detailing the total count, number of expired certificates, certificates nearing expiration, and those that are valid.", - "type": "object", - "required": [ - "total", - "expired", - "expiring", - "valid", - "not_ready" - ], - "properties": { - "total": { - "description": "Total count of certificates across the NGINX data plane.", - "type": "integer" - }, - "expired": { - "description": "The number of certificates that have expired and are no longer valid.", - "type": "integer" - }, - "expiring": { - "description": "The number of certificates due to expire in the next 30 days.", - "type": "integer" - }, - "valid": { - "description": "The number of certificates that are valid and in good standing.", - "type": "integer" - }, - "not_ready": { - "description": "The number of certificates that are not ready to be used.", - "type": "integer" - } - } - }, "ListConfigSyncGroupObject": { "type": "object", "description": "Summary information of the NGINX config sync group.", @@ -6580,1237 +11239,1353 @@ "$ref": "#/components/schemas/BulkRequestObjectStatus" } }, - "ConfigSyncGroupMeta": { - "type": "object", - "description": "Meta information of the NGINX config sync group including:\n* NGINX config sync group object ID\n* unique name of the config sync group in the tenant namespace\n* last publication timestamp\n", - "required": [ - "object_id", - "name", - "created_at" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/ConfigSyncGroupObjectID" - }, - "name": { - "description": "Name of the NGINX config sync group.", - "type": "string" - }, - "last_publication": { - "description": "The date and time of the most recent config sync group publication.", - "type": "string", - "format": "date-time" + "ConfigSyncGroupInstance": { + "allOf": [ + { + "$ref": "#/components/schemas/Instance" }, - "created_at": { - "description": "The date and time when the config sync group was created.", - "type": "string", - "format": "date-time" + { + "type": "object", + "required": [ + "config_status", + "config_version" + ], + "properties": { + "config_status": { + "$ref": "#/components/schemas/ConfigSyncStatus" + }, + "config_version": { + "description": "A computed hash of current config on the config sync group.", + "type": "string" + } + } } - }, - "example": { - "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", - "name": "test-config-sync-group", - "last_publication": "2023-12-06T22:37:24.120114Z", - "created_at": "2023-12-05T22:30:20.220114Z" - } + ] }, - "InstanceObjectID": { - "description": "A globally unique identifier for the NGINX instance.", + "ConfigSyncGroupPublicationStatus": { "type": "string", - "format": "object_id", - "pattern": "^inst_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } - }, - "NginxBuild": { - "description": "The build details for the NGINX binary, including its configuration parameters.\n", - "type": "object", - "required": [ - "version" + "description": "The status on the last publication issued on this config sync group:\n* `pending` - The publication request has been accepted and is currently processing.\n* `failed` - The publication attempt failed.\n* `succeeded` - The publication was successful.\n* `partially_succeeded` - The publication attempt had one or more failures.\n", + "enum": [ + "pending", + "failed", + "succeeded", + "partially_succeeded" ], - "properties": { - "version": { - "description": "The version number of the base open-source NGINX.", - "type": "string" - }, - "plus_release": { - "description": "The NGINX Plus release version, if applicable.", - "type": "string" + "x-enum-varnames": [ + "publication_config_sync_group_status_pending", + "publication_config_sync_group_status_failed", + "publication_config_sync_group_status_succeeded", + "publication_config_sync_group_status_partially_succeeded" + ] + }, + "ConfigSyncGroup": { + "allOf": [ + { + "$ref": "#/components/schemas/ConfigSyncGroupMeta" }, - "conf_path": { - "description": "The absolute path to the NGINX configuration, as set by the `--conf-path` option during build time.", - "type": "string" + { + "type": "object", + "description": "Additional information of the NGINX config sync group including:\n* config sync status\n* config checksum\n* instances\n* last known publication status\n* certs associated with this config sync group\n", + "properties": { + "config_status": { + "$ref": "#/components/schemas/ConfigSyncStatus" + }, + "config_version": { + "description": "A computed hash of current config on the config sync group.", + "type": "string" + }, + "instances": { + "description": "An array of Instance objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/ConfigSyncGroupInstance" + } + }, + "last_publication_status": { + "$ref": "#/components/schemas/ConfigSyncGroupPublicationStatus" + }, + "certs": { + "description": "An array detailing each certificate's information, including its friendly name, unique identifier, applicable file system paths, subject name, and validity dates. \nIt provides insights into the operational status of each certificate, such as whether it's currently valid, nearing expiration, is not ready to be used, or has already expired.\nThe deployment status indicates whether the latest certs and key managed by NGINX One Console are deployed onto the data plane instances that are part of this config sync group.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/CertAssociation" + } + }, + "nginx_app_protect": { + "type": "object", + "required": [ + "deployments" + ], + "properties": { + "deployments": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NapAssociation" + } + } + } + } + } } - } - }, - "NginxAppProtectVersions": { - "description": "Version information regarding NGINX App Protect.\n", - "type": "object", - "required": [ - "engine_version" ], - "properties": { - "release_version": { - "description": "The release version of NGINX App Protect.", - "type": "string" - }, - "engine_version": { - "description": "The version of the App Protect enforcement engine.", - "type": "string" - } + "example": { + "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", + "name": "test-config-sync-group", + "created_at": "2023-12-06T22:37:24.120114Z", + "config_status": "in_sync", + "config_version": "uvR3F2TQGm18jnl7bpaGw", + "instances": [ + { + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "hostname": "816e3c194d59", + "system_id": "6066aad2-211e-3718-be5d-fcc01ffc5cc8", + "agent_version": "v2.33.0", + "registered_at": "2024-05-16T18:26:40.556048Z", + "last_reported": "2023-12-06T22:37:24.120114Z", + "status": "unavailable", + "nginx_build": { + "conf_path": "/etc/nginx/nginx.conf", + "version": "1.25.3" + }, + "os_version": "Ubuntu 22.04", + "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", + "config_status": "in_sync", + "config_version": "abc123def456" + } + ], + "certs": [ + { + "subject_name": "test.com", + "name": "client", + "cert_type": "cert_key", + "not_after": "2024-01-06T00:01:30Z", + "not_before": "2023-12-07T00:01:30Z", + "cert_paths": [ + "/etc/nginx/client.pem" + ], + "cert_status": "expiring", + "deployment_status": "latest", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw" + } + ] } }, - "NginxAppProtectDeploymentCounts": { + "ConfigSyncGroupDetails": { "type": "object", - "description": "Summary count of NAP policy version deployment statues.", - "required": [ - "total", - "deployed", - "deploying", - "failed" - ], - "properties": { - "total": { - "description": "Total count of NAP policy versions across the NGINX data plane.", - "type": "integer" - }, - "deployed": { - "description": "The number of NAP policy versions that have deployed.", - "type": "integer" - }, - "deploying": { - "description": "The number of NAP policy versions that are deploying.", - "type": "integer" - }, - "failed": { - "description": "The number of NAP policy versions that have failed deployment.", - "type": "integer" + "description": "Detailed information of the NGINX config sync group.", + "allOf": [ + { + "$ref": "#/components/schemas/ConfigSyncGroup" } - } + ] }, - "NginxAppProtectSummary": { - "description": "Summary information regarding NGINX App Protect.\n", - "type": "object", + "ConfigSyncGroupPublicationStatusReason": { "allOf": [ { - "$ref": "#/components/schemas/NginxAppProtectVersions" + "$ref": "#/components/schemas/PublicationStatusCause" }, { "type": "object", "required": [ - "deployments" + "object_id" ], "properties": { - "deployments": { - "$ref": "#/components/schemas/NginxAppProtectDeploymentCounts" + "object_id": { + "$ref": "#/components/schemas/InstanceObjectID" } } } ] }, - "CveSeverityType": { - "type": "string", - "description": "Severity ratings:\n * `high` - High severity.\n * `medium` - Moderate severity.\n * `low` - Least severe.\n * `none` - Not severe.\n * `other` - Severity that does not fit the other categories.\n", - "enum": [ - "high", - "medium", - "low", - "none", - "other" - ], - "x-enum-varnames": [ - "cve_severity_type_high", - "cve_severity_type_medium", - "cve_severity_type_low", - "cve_severity_type_none", - "cve_severity_type_other" - ] - }, - "CveDetails": { - "description": "CVEs details, including the type and count.\n", - "type": "object", + "ConfigSyncGroupPublication": { + "description": "Details of a publication request for the NGINX config sync group.", "required": [ - "type", - "count" + "status", + "created_at", + "modified_at" ], "properties": { - "type": { - "$ref": "#/components/schemas/CveSeverityType" + "object_id": { + "$ref": "#/components/schemas/PublicationObjectID" }, - "count": { - "description": "The total number of each CVE type.", - "type": "integer" + "status": { + "$ref": "#/components/schemas/ConfigSyncGroupPublicationStatus" + }, + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the publication was created for the instance." + }, + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the publication was last modified for the instance." + }, + "status_reasons": { + "description": "Detailed failure reasons on each instance's publication, when 'status' is in 'failed' or 'partially_succeeded'", + "type": "array", + "items": { + "$ref": "#/components/schemas/ConfigSyncGroupPublicationStatusReason" + } + }, + "config_version": { + "type": "string", + "description": "A hash that uniquely identifies the contents of the config object in the publication.\n" } + }, + "example": { + "config_version": "fc3bb4b50c145b3ca5c5d1342be5ec0718eeb9bb84f8d53c5734b6b8", + "created_at": "2024-05-23T21:57:13.048285Z", + "modified_at": "2024-05-23T21:57:13.048285Z", + "object_id": "pub_UPV8jXFwSgm1vHQJCvLD1w", + "status": "failed", + "status_reasons": [ + { + "cause": "remote", + "message": "Config apply failed (write): error running nginx -t -c /etc/nginx/nginx.conf:\n error running nginx -t -c /etc/nginx/nginx.conf:\nnginx: [emerg] invalid number of arguments in \"worker_processes\" directive in /etc/nginx/nginx.conf:7\nnginx: configuration file /etc/nginx/nginx.conf test failed\n", + "object_id": "inst_QBBobKIAQ_21grAwV83VYw" + } + ] } }, - "RecommendationType": { + "FilterNameCertificates": { "type": "string", - "description": "Types of configuration recommendations:\n * `best_practice` - Suggestions based on established best practices.\n * `security` - Recommendations related to security.\n * `optimization` - Advice for optimizing performance.\n * `other` - Recommendations that do not fit the above categories.\n", + "description": "Keywords for certificates filters.\nWhen filtering on `management`, only the following `filter_values` are supported:\n * managed\n * unmanaged\nWhen filtering on `type`, only the following `filter_values` are supported:\n * cert_key\n * ca_bundle\n * unknown\nWhen filtering on `status`, only the following `filter_values` are supported:\n * valid\n * expiring\n * expired\n * not_ready\n", "enum": [ - "best_practice", - "security", - "optimization", - "other" + "name", + "management", + "type", + "subject_name", + "status", + "object_id" ], "x-enum-varnames": [ - "recommendation_type_best_practice", - "recommendation_type_security", - "recommendation_type_optimization", - "recommendation_type_other" + "filter_name_certificates_name", + "filter_name_certificates_management", + "filter_name_certificates_type", + "filter_name_certificates_subject_name", + "filter_name_certificates_status", + "filter_name_certificates_object_id" ] }, - "IssueDetails": { - "description": "Issue details, including the type and count.\n", - "type": "object", - "required": [ - "type", - "count" - ], - "properties": { - "type": { - "$ref": "#/components/schemas/RecommendationType" - }, - "count": { - "description": "The total number of issues identified for the specific recommendation type.", - "type": "integer" - } - } - }, - "ControlPlaneObjectID": { - "description": "A globally unique identifier for the control plane.", + "CertificateManagement": { "type": "string", - "format": "object_id", - "pattern": "^ecp_.*", - "x-go-type": "objects.ID" + "description": "Management type:\n * `managed` - Certificate managed by NGINX One Console.\n * `unmanaged` - Certificate that only exists on a data plane instance, detected from its NGINX configuration.\n", + "enum": [ + "managed", + "unmanaged" + ], + "x-enum-varnames": [ + "certificate_management_managed", + "certificate_management_unmanaged" + ] }, - "ControlPlaneBaseInfo": { - "type": "object", - "description": "Base information of a control plane, which includes name, product version and optionally an object ID.", + "CertificateObjectMetadata": { "required": [ - "name", - "product_version", - "created_at" + "management", + "type" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/ControlPlaneObjectID" - }, "name": { - "description": "Control plane name.", + "description": "Name of the certificate, optionally specified upon creation", "type": "string" }, - "product_version": { - "description": "Control plane product name and version.", - "type": "string" + "object_id": { + "$ref": "#/components/schemas/CertificateObjectID" + }, + "management": { + "$ref": "#/components/schemas/CertificateManagement" }, - "created_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the control plane was created." + "type": { + "$ref": "#/components/schemas/CertificateType" + }, + "certs_count": { + "description": "The number of public certificates under this certificate object.", + "type": "integer", + "format": "int64" } + }, + "example": { + "name": "example-ca-bundle", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", + "management": "managed", + "type": "ca_bundle", + "certs_count": 5 } }, - "Instance": { + "CertificateDisplayMetadata": { + "description": "This represents the essential metadata of a public certificate.", "type": "object", - "description": "Summary information about a NGINX instance.", "required": [ - "object_id", - "hostname", - "system_id", - "agent_version", - "registered_at", - "last_reported", - "status" + "subject_name", + "status", + "not_before", + "not_after" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/InstanceObjectID" - }, - "hostname": { - "description": "The name of the host system where the NGINX instance is running.", - "type": "string" - }, - "system_id": { - "description": "The unique identifier assigned to the host system by the NGINX Agent.", - "type": "string" - }, - "nginx_id": { - "description": "The unique identifier for the NGINX process on the host system, assigned by the NGINX Agent.", - "type": "string" - }, - "agent_version": { - "description": "The version of the NGINX Agent.", - "type": "string" - }, - "key_object_id": { - "$ref": "#/components/schemas/DataPlaneKeyObjectID" - }, - "nginx_build": { - "$ref": "#/components/schemas/NginxBuild" - }, - "os_version": { - "description": "The operating system's name and its and version or codename.\n", + "subject_name": { "type": "string", - "example": "ubuntu_jammy" - }, - "nginx_app_protect": { - "$ref": "#/components/schemas/NginxAppProtectSummary" + "example": "www.example.com", + "description": "DNS name that identifies the certificate. If DNS is not present in the SAN extension, this will be the common name.\n" }, - "registered_at": { - "description": "The date and time when the NGINX instance first registered with NGINX One.", - "type": "string", - "format": "date-time" + "status": { + "$ref": "#/components/schemas/CertificateStatus" }, - "last_reported": { - "description": "The date and time of the most recent report received from the NGINX Agent.", + "not_before": { "type": "string", - "format": "date-time" + "format": "date-time", + "example": "2023-06-12T09:12:33.001Z", + "description": "The start of the validity period for the certificate." }, - "status": { + "not_after": { "type": "string", - "description": "The current operational status of the NGINX instance, with the following possible values:\n* `unknown` - The status of the NGINX instance cannot be determined at this moment.\n* `unavailable` - The NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n* `offline` - The NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n* `online` - The NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n", - "enum": [ - "unknown", - "unavailable", - "offline", - "online" - ] - }, - "cert_summary": { - "$ref": "#/components/schemas/CertificateInstanceSummary" - }, - "cve_severity": { - "type": "array", - "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", - "items": { - "$ref": "#/components/schemas/CveDetails" - } - }, - "recommendations": { - "type": "array", - "description": "An array summarizing the suggestions from the configuration analysis report.", - "items": { - "$ref": "#/components/schemas/IssueDetails" - } + "format": "date-time", + "example": "2029-12-25T09:12:33.001Z", + "description": "The end of the validity period for the certificate." + } + }, + "example": { + "subject_name": "self_ca_signed", + "status": "valid", + "not_before": "2023-08-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z" + } + }, + "CertificateOverviewMetadata": { + "description": "Represents an overview of all the public certificates under a single cert object.\nIf multiple public certificates on the same CA chain, including the leaf certificate and key are provided, \nthis includes `status`, `subject_name`, `not_before` and `not_after` for the leaf certificate.\nIf a CA bundle is provided, the above mentioned certificate metadata is for the Certificate Authority that\nexpires the soonest in the bundle.\n", + "type": "object", + "allOf": [ + { + "$ref": "#/components/schemas/CertificateObjectMetadata" }, - "control_plane": { - "$ref": "#/components/schemas/ControlPlaneBaseInfo" + { + "$ref": "#/components/schemas/CertificateDisplayMetadata" } + ], + "example": { + "name": "example-ca-bundle", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", + "management": "managed", + "type": "ca_bundle", + "subject_name": "self_ca_signed", + "status": "valid", + "not_before": "2023-08-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z", + "certs_count": 5 } }, - "ConfigSyncGroupInstance": { + "CertificateListResponse": { "allOf": [ { - "$ref": "#/components/schemas/Instance" + "$ref": "#/components/schemas/PaginationResponse" }, { "type": "object", + "description": "List of SSL certificates.", "required": [ - "config_status", - "config_version" + "items" ], "properties": { - "config_status": { - "$ref": "#/components/schemas/ConfigSyncStatus" - }, - "config_version": { - "description": "A computed hash of current config on the config sync group.", - "type": "string" + "items": { + "description": "An array of basic metadata for all the SSL certificates in NGINX One Console. \nFor a CA bundle, an overview with metadata on the first Certificate Authority in the bundle will be displayed.\nOtherwise, an overview with metadata on the leaf certificate will be displayed.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/CertificateOverviewMetadata" + } } } } - ] + ], + "example": { + "total": 10, + "count": 2, + "start_index": 1, + "items_per_page": 100, + "items": [ + { + "name": "example-cert_key", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", + "management": "managed", + "type": "cert_key", + "status": "valid", + "subject_name": "www.example.com", + "not_before": "2023-08-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z", + "certs_count": 1 + }, + { + "name": "example-ca-bundle", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", + "management": "managed", + "type": "ca_bundle", + "subject_name": "self_ca_signed", + "status": "valid", + "not_before": "2023-08-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z", + "certs_count": 5 + } + ] + } }, - "ConfigSyncGroupPublicationStatus": { - "type": "string", - "description": "The status on the last publication issued on this config sync group:\n* `pending` - The publication request has been accepted and is currently processing.\n* `failed` - The publication attempt failed.\n* `succeeded` - The publication was successful.\n* `partially_succeeded` - The publication attempt had one or more failures.\n", - "enum": [ - "pending", - "failed", - "succeeded", - "partially_succeeded" + "CertificateContent": { + "type": "object", + "description": "Defines the PEM-formatted certificate content which includes the certificates and corresponding private key, all encoded in base64.\n", + "required": [ + "public_certs" ], - "x-enum-varnames": [ - "publication_config_sync_group_status_pending", - "publication_config_sync_group_status_failed", - "publication_config_sync_group_status_succeeded", - "publication_config_sync_group_status_partially_succeeded" - ] + "properties": { + "public_certs": { + "type": "string", + "format": "base64", + "maxLength": 3145728, + "description": "Base64-encoded PEM-formatted certificate information. \nThe `public_certs` field can include a leaf certificate along with its full chain of trust or a CA bundle. \nFor leaf certificates, the accompanying `private_key` is required to authenticate the certificate's validity. \nCA bundles contain trusted CA certificates and may consist of certificates from different CA chains. A private\nkey should not be included in a CA bundle.\n" + }, + "private_key": { + "type": "string", + "format": "base64", + "maxLength": 3145728, + "description": "Base64-encoded private key string for the leaf certificate, required only for certificate-key pairs to \nverify the certificate's authenticity.\n" + } + }, + "example": { + "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==" + } + }, + "CertificateRequest": { + "type": "object", + "description": "Request structure for parsing or upserting certificates with an optional private key.\n", + "required": [ + "content" + ], + "properties": { + "name": { + "description": "A name for the certificate, making it identifiable among others.", + "type": "string", + "minLength": 1, + "maxLength": 128 + }, + "content": { + "$ref": "#/components/schemas/CertificateContent" + } + }, + "example": { + "name": "example-ca-bundle", + "content": { + "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==", + "private_key": "" + } + } }, - "CertAssociation": { + "CertificateMetadata": { + "description": "A comprehensive list of all the metadata for a public certificate.", "type": "object", - "description": "Details for a certificate that's associated with an instance or a config sync group.", "required": [ - "name", - "object_id", - "cert_type", - "subject_name", + "status", + "serial_number", + "signature_algorithm", "not_before", "not_after", - "cert_status", - "deployment_status" + "public_key_type", + "thumbprint" ], "properties": { - "name": { - "type": "string", - "description": "A friendly name for the certificate." - }, - "object_id": { - "$ref": "#/components/schemas/CertificateObjectID" - }, - "cert_type": { - "$ref": "#/components/schemas/CertificateType" - }, - "cert_paths": { - "type": "array", - "description": "The list of file system paths where the certificate file is installed. \nSince a single certificate file may be applied in multiple contexts, all relevant paths are included.\n", - "example": [ - "/etc/ssl/cert.pem", - "/etc/ssl/cert.crt" - ], - "items": { - "type": "string" - } + "status": { + "$ref": "#/components/schemas/CertificateStatus" }, - "key_paths": { - "type": "array", - "description": "The list of file system paths where the private key file is installed.\nSince a single key file may be applied in multiple contexts, all relevant paths are included.\n", - "example": [ - "/etc/nginx/key.pem", - "/etc/ssl/server.key" - ], - "items": { - "type": "string" - } + "version": { + "type": "integer", + "format": "int64", + "example": 3, + "description": "The version of the certificate, typically 3 for X.509 certificates." }, - "deployment_status": { - "$ref": "#/components/schemas/CertificateDeploymentStatus" + "serial_number": { + "type": "string", + "example": "16469416336579571270", + "description": "A unique identifier for the certificate." }, - "subject_name": { + "signature_algorithm": { "type": "string", - "description": "Hostname or domain for the certificate. Usually the subject-alt-name (SAN) value for the certificate.\nif SAN is not present, this will be the certificate subject's common name.\n", - "example": "nginx.com" + "example": "SHA-256", + "description": "Identifies the algorithm used to sign the certificate." }, - "cert_status": { - "$ref": "#/components/schemas/CertificateStatus" + "issuer": { + "type": "string", + "example": "CN=Example CA, O=Certificate Authority Inc., OU=CA Department, L=City, ST=State, C=Country", + "description": "Identifies the entity who signed and issued the certificate." }, "not_before": { "type": "string", "format": "date-time", - "description": "the effective date of the certificate." + "example": "2023-06-12T09:12:33.001Z", + "description": "The start of the validity period for the certificate." }, "not_after": { "type": "string", "format": "date-time", - "description": "The expiration date for the certificate." - } - } - }, - "NapPolicyObjectID": { - "description": "A globally unique identifier for the App Protect policy.", - "type": "string", - "format": "object_id", - "pattern": "^pol_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } - }, - "NapPolicyVersionObjectID": { - "description": "A globally unique identifier for the App Protect policy version.", - "type": "string", - "format": "object_id", - "pattern": "^pv_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } - }, - "PublicationObjectID": { - "description": "A globally unique identifier for the publication.", - "type": "string", - "format": "object_id", - "example": "pub_72pGHoGsSICL_THZrs964g", - "pattern": "^pub_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } - }, - "NapPolicyEnforcementMode": { - "description": "The current enforcement mode of the NGINX App Protect policy, with the following possible values:\n* `blocking` - Any illegal or suspicious requests are logged and blocked.\n* `transparent` - Any illegal or suspicious requests are logged but not blocked.\n", - "type": "string", - "enum": [ - "blocking", - "transparent" - ], - "x-enum-varnames": [ - "nap_enforcement_mode_blocking", - "nap_enforcement_mode_transparent" - ] - }, - "NapDeploymentStatus": { - "description": "The current enforcement mode of the NGINX App Protect policy, with the following possible values:\n* `deployed` - The NGINX App Protect policy has been deployed.\n* `not_deployed` - The NGINX App Protect policy has not been deployed.\n* `deploying` - The NGINX App Protect policy is currently being deployed.\n* `failed` - The NGINX App Protect policy failed deploying.\n", - "type": "string", - "enum": [ - "deployed", - "not_deployed", - "deploying", - "failed" - ], - "x-enum-varnames": [ - "nap_deployment_status_deployed", - "nap_deployment_status_not_deployed", - "nap_deployment_status_deploying", - "nap_deployment_status_failed" - ] - }, - "NapAssociation": { - "description": "Details for a NGINX App Protect policy version that's associated with an instance or a config sync group.", - "required": [ - "name", - "version", - "policy_object_id", - "policy_version_object_id", - "paths", - "deployment_status", - "publication_object_id", - "deployed_on", - "enforcement_mode" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the policy at the time of the deployment." + "example": "2029-12-25T09:12:33.001Z", + "description": "The end of the validity period for the certificate." }, - "version": { + "subject": { "type": "string", - "description": "Version of the policy at the time of the deployment." + "example": "CN=www.example.com, O=Example Inc., OU=IT Department, L=City, ST=State, C=Country", + "description": "Identifies the primary entity to which the certificate is issued. Typically, it contains information\nsuch as the Common Name (CN), Organization (O), Organizational Unit (OU), Country (C), etc.\n" }, - "policy_object_id": { - "$ref": "#/components/schemas/NapPolicyObjectID" + "subject_alternative_name": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "DNS:www.example.com", + "DNS:example.com", + "email:info@example.com" + ], + "description": "Defines additional identifies bound to the subject of the certificate. \nFor example, the DNS name is used to add additional domain names to a certificate.\n" }, - "policy_version_object_id": { - "$ref": "#/components/schemas/NapPolicyVersionObjectID" + "public_key_type": { + "type": "string", + "example": "RSA (2048 Bits)", + "description": "Identifies the encryption algorithm used to create the public key for the certificate." }, - "publication_object_id": { - "$ref": "#/components/schemas/PublicationObjectID" + "common_name": { + "type": "string", + "example": "www.example.com", + "description": "The Common Name (CN) for the certificate, used when DNS name is not present in the SAN extension.\n" }, - "enforcement_mode": { - "$ref": "#/components/schemas/NapPolicyEnforcementMode" + "authority_key_identifier": { + "type": "string", + "example": "2B D0 69 47 94 76 09 FE F4 6B 8D 2E 40 A6 F7 47 4D 7F 08 5E", + "description": "The identifier of the signing authority for the certificate." }, - "paths": { - "type": "array", - "description": "The list of file system paths where the compiled NAP policy version bundle file is installed. \nSince a single compiled NAP policy version bundle file may be applied in multiple contexts, all relevant paths are included.\n", - "example": [ - "/etc/nginx/default_policy.tgz", - "/etc/nginx/default_policy_server_2.tgz" - ], - "items": { - "type": "string" - } + "subject_key_identifier": { + "type": "string", + "example": "31 EA 76 A9 23 74 A5 DF D4 FD EE A0 C1 A6 9E C6 11 0E 11 EC", + "description": "A hash value of the SSL certificate that can be used to identify certificates that \ncontain a particular public key.\n" }, - "deployment_status": { - "$ref": "#/components/schemas/NapDeploymentStatus" + "thumbprint_algorithm": { + "type": "string", + "example": "SHA-1", + "description": "Defines the algorithm used to hash the certificate." }, - "deployed_on": { - "description": "Date and time of the deployment.", + "thumbprint": { "type": "string", - "format": "date-time" + "example": "E6 A7 87 96 E0 C7 A3 E5 43 78 35 CA 16 78 5B 48 5A A9 DD C4 5C CD 0A 65 AA 89 33 E3 C3 D0 89 71", + "description": "A hash to ensure that the certificate has not been modified." } }, "example": { - "name": "default_policy", - "version": "2025.05.01", - "policy_object_id": "pol_panEdeY-Sh2rWm365y7wsw", - "policy_version_object_id": "pv_kem7SCosTTOL9mMlNyY2GQ", - "publication_object_id": "pub_72pGHoGsSICL_THZrs964g", - "paths": [ - "/etc/nginx/default_policy.tgz" - ], - "deployment_status": "deployed", - "enforcement_mode": "transparent", - "deployed_on": "2023-12-06T22:37:24.120114Z" + "status": "valid", + "version": 3, + "serial_number": "71283929", + "signature_algorithm": "SHA256-RSA", + "issuer": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=eg3bsriq_cert_bundle_CA", + "not_before": "2023-02-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z", + "subject": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=self_ca_signed", + "subject_alternative_name": [], + "public_key_type": "RSA (2048 bit)", + "common_name": "self_ca_signed", + "authority_key_identifier": "3A:79:E0:3E:61:CD:94:29:1D:BB:45:37:0B:E9:78:E9:2F:40:67:CA", + "subject_key_identifier": "93:35:2B:75:09:B9:FF:01:1B:63:F1:0E:50:71:9C:4E:B4:E2:02:BA", + "thumbprint_algorithm": "SHA-256", + "thumbprint": "C1:EB:E8:CE:35:77:63:75:D3:C0:E7:97:5F:02:8C:D3:D8:C4:12:34:40:45:D3:98:67:39:BE:8A:33:CE:1F:B2" + } + }, + "PrivateKeyMetadata": { + "type": "object", + "description": "Metadata for a private key.", + "properties": { + "key_size": { + "description": "Size of the private key in bits.", + "type": "integer", + "format": "int64" + }, + "encryption_algorithm": { + "description": "The encryption algorithm used for the private key.", + "type": "string" + } + }, + "example": { + "key_size": 512, + "encryption_algorithm": "RSA" } }, - "ConfigSyncGroup": { + "CertificateResponse": { + "type": "object", + "description": "Response structure containing details of the created, updated or retrieved SSL certificate. In general, \nthe response should contain:\n * an overview of all the public certificates\n * `warnings` whether any issue is found after parsing the certificates and key\n * `certs`\n * `key_metadata` if key provided in the request body\n * timestamps that represent when this cert object was created or modified\n", "allOf": [ { - "$ref": "#/components/schemas/ConfigSyncGroupMeta" + "$ref": "#/components/schemas/CertificateOverviewMetadata" }, { "type": "object", - "description": "Additional information of the NGINX config sync group including:\n* config sync status\n* config checksum\n* instances\n* last known publication status\n* certs associated with this config sync group\n", "properties": { - "config_status": { - "$ref": "#/components/schemas/ConfigSyncStatus" - }, - "config_version": { - "description": "A computed hash of current config on the config sync group.", - "type": "string" + "warnings": { + "type": "string", + "description": "Warnings indicate whether there are any issues with the stored cert object. Empty when no issues were found.\n" }, - "instances": { - "description": "An array of Instance objects.", + "certs": { + "description": "An array of metadata for all the public certificates under the cert object.", "type": "array", "items": { - "$ref": "#/components/schemas/ConfigSyncGroupInstance" + "$ref": "#/components/schemas/CertificateMetadata" } }, - "last_publication_status": { - "$ref": "#/components/schemas/ConfigSyncGroupPublicationStatus" + "key": { + "$ref": "#/components/schemas/PrivateKeyMetadata" }, - "certs": { - "description": "An array detailing each certificate's information, including its friendly name, unique identifier, applicable file system paths, subject name, and validity dates. \nIt provides insights into the operational status of each certificate, such as whether it's currently valid, nearing expiration, is not ready to be used, or has already expired.\nThe deployment status indicates whether the latest certs and key managed by NGINX One Console are deployed onto the data plane instances that are part of this config sync group.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/CertAssociation" - } + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the SSL certificate was created." }, - "nginx_app_protect": { - "type": "object", - "required": [ - "deployments" - ], - "properties": { - "deployments": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NapAssociation" - } - } - } + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the SSL certificate was last modified." } } } ], "example": { - "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", - "name": "test-config-sync-group", - "created_at": "2023-12-06T22:37:24.120114Z", - "config_status": "in_sync", - "config_version": "uvR3F2TQGm18jnl7bpaGw", - "instances": [ - { - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "hostname": "816e3c194d59", - "system_id": "6066aad2-211e-3718-be5d-fcc01ffc5cc8", - "agent_version": "v2.33.0", - "registered_at": "2024-05-16T18:26:40.556048Z", - "last_reported": "2023-12-06T22:37:24.120114Z", - "status": "unavailable", - "nginx_build": { - "conf_path": "/etc/nginx/nginx.conf", - "version": "1.25.3" - }, - "os_version": "Ubuntu 22.04", - "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", - "config_status": "in_sync", - "config_version": "abc123def456" - } - ], + "name": "example-cert_key", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", + "management": "managed", + "type": "cert_key", + "status": "valid", + "subject_name": "www.example.com", + "not_before": "2023-08-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z", + "warnings": "The provided private key does not match the certificate's signing key.", + "certs_count": 1, "certs": [ { - "subject_name": "test.com", - "name": "client", - "cert_type": "cert_key", - "not_after": "2024-01-06T00:01:30Z", - "not_before": "2023-12-07T00:01:30Z", - "cert_paths": [ - "/etc/nginx/client.pem" - ], - "cert_status": "expiring", - "deployment_status": "latest", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw" + "status": "valid", + "version": 3, + "serial_number": "71283929", + "signature_algorithm": "SHA256-RSA", + "issuer": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=eg3bsriq_cert_A", + "not_before": "2023-02-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z", + "subject": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=eg3bsriq_cert_B", + "subject_alternative_name": [], + "public_key_type": "RSA (2048 bit)", + "common_name": "eg3bsriq_cert_B", + "authority_key_identifier": "3A:79:E0:3E:61:CD:94:29:1D:BB:45:37:0B:E9:78:E9:2F:40:67:CA", + "subject_key_identifier": "93:35:2B:75:09:B9:FF:01:1B:63:F1:0E:50:71:9C:4E:B4:E2:02:BA", + "thumbprint_algorithm": "SHA-256", + "thumbprint": "C1:EB:E8:CE:35:77:63:75:D3:C0:E7:97:5F:02:8C:D3:D8:C4:12:34:40:45:D3:98:67:39:BE:8A:33:CE:1F:B2" } - ] + ], + "key": { + "key_size": 512, + "encryption_algorithm": "RSA" + }, + "modified_at": "2023-11-01T00:00:00Z", + "created_at": "2023-10-01T00:00:00Z" } }, - "ConfigSyncGroupDetails": { + "CertificateBulkRequestData": { "type": "object", - "description": "Detailed information of the NGINX config sync group.", - "allOf": [ + "description": "Part of bulk operation on a certificate, only `delete` is supported.", + "required": [ + "action", + "object_id" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/CertificateObjectID" + }, + "action": { + "$ref": "#/components/schemas/BulkRequestAction" + } + }, + "example": { + "object_id": "cert_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" + } + }, + "CertificateBulkRequest": { + "type": "array", + "items": { + "$ref": "#/components/schemas/CertificateBulkRequestData" + }, + "minItems": 1, + "maxItems": 50, + "example": [ { - "$ref": "#/components/schemas/ConfigSyncGroup" + "object_id": "cert_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" + }, + { + "object_id": "cert_PL0c1XodRemmzVEjiXSsTg", + "action": "delete" } ] }, - "ConfigPath": { - "type": "string", - "minLength": 1, - "maxLength": 4096, - "description": "The full path to the main NGINX configuration file. This corresponds to the `--conf-path` parameter used in the NGINX binary.\n", - "example": "/etc/nginx/nginx.conf." + "CertificateBulkResponse": { + "description": "The certificate bulk operation outcome.", + "type": "array", + "items": { + "$ref": "#/components/schemas/BulkRequestObjectStatus" + } }, - "FileData": { + "PublicationBulkResponse": { + "description": "The publication bulk operation outcome.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/BulkRequestObjectStatus" + } + }, + "CertificateUpdateContent": { "type": "object", - "description": "Details about a file, including its path, content, size, and last modified time.", - "required": [ - "name", - "contents", - "size", - "mtime" - ], + "description": "Defines the PEM-formatted certificate content which includes the certificates and corresponding private key, all encoded in base64.\n", "properties": { - "name": { + "public_certs": { "type": "string", - "description": "The file's relative path to the parent directory.", - "minLength": 1, - "maxLength": 4096 + "format": "base64", + "maxLength": 3145728, + "description": "Base64-encoded PEM-formatted certificate information. \nThis is used for updating an existing certificate object. The schema is the same as `CertificateContent`,\nthe only difference is that both `public_certs` and `private_key` fields are optional. There are three use\ncases for this schema:\n* the below update can be done on either a Cert Key Pair or a CA Bundle:\n * when only `public_certs` is populated, update the public certificates on a certificate object. \n The updated public certificates will be validated against the existing private key.\n* the below update can be done only on a Cert Key Pair:\n * when only `private_key` is populated, update only the private key on a certificate object. \n The updated private key will be validated against the existing public certificates.\n * when both `public_certs` and `private_key` fields are populated, update both of them on a certificate \n object.\n" }, - "contents": { + "private_key": { "type": "string", - "format": "byte", - "description": "The base64-encoded contents of the file.", - "maxLength": 3145728 - }, - "size": { - "type": "integer", - "description": "The size of the file, in bytes." - }, - "mtime": { + "format": "base64", + "maxLength": 3145728, + "description": "Base64-encoded private key string for the leaf certificate, required only for certificate-key pairs to \nverify the certificate's authenticity.\n" + } + }, + "example": { + "private_key": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFM295ZHVlT0FOSkhodkwzeXZKZFRwaG9ldjVHTzdnbytCeVlPTy9sNTR1NU8yUHhNZVgrQWpBYjZBeG1xCmxpdkl1aHc9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0t" + } + }, + "CertificateUpdateRequest": { + "type": "object", + "description": "Request structure for updating a certificate object. If key provided, it will be validated against the \nexisting leaf certificate stored under the certificate object.\n* Update for an unmanaged certificate object:\n * This converts the unmanaged certificate object to managed.\n * `public_certs` should always be provided during the conversion.\n * When key is provided, this certificate object is converted to a managed Cert Key Pair. Otherwise, it is\n converted to a managed CA Bundle.\n", + "properties": { + "name": { + "description": "A name for the certificate, making it identifiable among others.", "type": "string", - "format": "date-time", - "description": "Timestamp of the last modification made to the file." + "minLength": 1, + "maxLength": 128 + }, + "content": { + "$ref": "#/components/schemas/CertificateUpdateContent" + } + }, + "example": { + "name": "example-cert-object", + "content": { + "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==" } } }, - "DirectoryWithFileContent": { + "FilterNameCertificateDeployments": { + "type": "string", + "description": "Keywords for certificate deployment filters.\nWhen filtering on `association_type`, only the following `filter_values` are supported:\n * instance\n * config_sync_group\nWhen filtering on `deployment_status`, only the following `filter_values` are supported:\n * latest\n * stale\n", + "enum": [ + "name", + "association_type", + "deployment_status" + ], + "x-enum-varnames": [ + "filter_name_certificate_deployments_name", + "filter_name_certificate_deployments_association_type", + "filter_name_certificate_deployments_deployment_status" + ] + }, + "DeploymentAssociatedType": { + "type": "string", + "description": "The type of the deployment association, with the following values:\n * `instance`\n * `config_sync_group`\n", + "enum": [ + "instance", + "config_sync_group" + ], + "x-enum-varnames": [ + "deployment_associated_type_instance", + "deployment_associated_type_config_sync_group" + ] + }, + "DeploymentAssociatedName": { + "type": "string", + "description": "Based on deployment type:\n * `instance`\n * `config_sync_group`\n" + }, + "CertificateDeployment": { "type": "object", - "description": "Represents a directory and its contents, detailing the directory's full path, assigned permissions, last modified time, and the files within it.", + "description": "Response structure containing certificate deployment details for an SSL certificate, which include\n * `association_type` represents type of the object affected by this certificate deployment, which is either\n an instance or config sync group\n * `object_id` represents the object ID for the associated instance or config sync group\n * `name` for either the host name of an instance or the name of a config sync group\n * `deployment_status`:\n * `latest`: deployment is up to date with the latest updated certificate and key contents\n * `stale`: deployment for either certificates or key is outdated, requires a redeployment with the latest contents\n * `cert_paths` represents the file paths used for deploying public certificates of this certificate object\n * `key_paths` represents the file paths used for deploying the private key of this certificate object, if a\n private key is present\n", "required": [ + "association_type", + "object_id", "name", - "files" + "deployment_status" ], "properties": { - "name": { - "type": "string", - "description": "The complete path of the directory." - }, - "permissions": { - "type": "string", - "description": "The permissions for the directory." + "association_type": { + "$ref": "#/components/schemas/DeploymentAssociatedType" }, - "mtime": { - "type": "string", - "description": "The date and time when the directory was last modified.", - "format": "date-time" + "object_id": { + "$ref": "#/components/schemas/ObjectID" }, - "files": { - "type": "array", - "description": "The list of files in the directory.", - "items": { - "$ref": "#/components/schemas/FileData" - } - } - } - }, - "NginxConfigObject": { - "type": "object", - "description": "Details of an NGINX configuration, the main configuration path, and the configuration directories.\n", - "required": [ - "conf_path", - "configs" - ], - "properties": { - "config_version": { - "type": "string", - "description": "A hash that uniquely identifies the contents of the config object. Can be used to detect change when updating the NginxConfig.\n" + "name": { + "$ref": "#/components/schemas/DeploymentAssociatedName" }, - "conf_path": { - "$ref": "#/components/schemas/ConfigPath" + "deployment_status": { + "$ref": "#/components/schemas/CertificateDeploymentStatus" }, - "configs": { + "cert_paths": { + "description": "Deployment file paths for public certificates.", "type": "array", - "description": "An array of directories containing NGINX configuration files.", "items": { - "$ref": "#/components/schemas/DirectoryWithFileContent" + "type": "string" } }, - "aux": { + "key_paths": { + "description": "Deployment file paths for the private key.", "type": "array", - "description": "An array of auxiliary directory contents related to the NGINX configuration.", "items": { - "$ref": "#/components/schemas/DirectoryWithFileContent" + "type": "string" } } }, "example": { - "aux": [], - "conf_path": "/etc/nginx/nginx.conf", - "configs": [ - { - "files": [ - { - "contents": "Cm1hcCAkdXJpICRtYXBwZWRfc2VydmljZSB7CiAgICBkZWZhdWx0IFVOTUFUQ0hFRDsKICAgICJ+Xi9hcGkvdjEvbmFtZXNwYWNlcy9cdysvaW5zdGFuY2VzIiAgICAgICAgaW5zdGFuY2VzLXN2YzsKICAgICJ+Xi9hcGkvdjEvbmFtZXNwYWNlcy9cdysvZGF0YS1wbGFuZS1rZXlzIiAga2V5cy1zdmM7CiAgICAifl4vYXBpL3YxL25hbWVzcGFjZXMvXHcrL21vbml0b3IiICAgICAgICAgIG1vbml0b3Itc3ZjOwp9Cgp1cHN0cmVhbSBpbnN0YW5jZXMtc3ZjIHsKICAgIHNlcnZlciBpbnN0YW5jZXMtc3ZjOjgwODA7Cn0KCnVwc3RyZWFtIGtleXMtc3ZjIHsKICAgIHNlcnZlciBrZXlzLXN2Yzo4MDkwOwp9Cgp1cHN0cmVhbSBkYXRhcGxhbmUtY3RybCB7CiAgICBzZXJ2ZXIgZGF0YXBsYW5lLWN0cmw6ODA4MDsKfQoKdXBzdHJlYW0gbW9uaXRvci1zdmMgewogICAgc2VydmVyIG1vbml0b3Itc3ZjOjgwODA7Cn0KCnVwc3RyZWFtIG1ldHJpY3MtaW5nZXN0IHsKICAgIHNlcnZlciBtZXRyaWNzLWluZ2VzdDo4MDgwOwp9CgpzZXJ2ZXIgewogICAgbGlzdGVuIDg4ODg7CiAgICBzZXJ2ZXJfbmFtZSBfOwogICAgaHR0cDIgb247CgogICAgcHJveHlfcGFzc19yZXF1ZXN0X2hlYWRlcnMgb247CiAgICByZXdyaXRlICJeL2FwaS8obmdpbngvb25lfHYxKS8oLiopJCIgIi9hcGkvdjEvJDIiIGJyZWFrOwogICAgbG9jYXRpb24gL2FwaS92MS8gewogICAgICAgIGlmICgkbWFwcGVkX3NlcnZpY2UgPSAiVU5NQVRDSEVEIikgewogICAgICAgICAgICByZXR1cm4gNDA0ICd7ImVycm9yOiAiTm90IGZvdW5kIn0nOwogICAgICAgIH0KICAgICAgICBwcm94eV9wYXNzX2hlYWRlciBYLVZvbHRlcnJhLUFwaWd3LVRlbmFudDsKICAgICAgICBwcm94eV9wYXNzIGh0dHA6Ly8kbWFwcGVkX3NlcnZpY2U7CiAgICB9CgogICAgIyBnUlBDIHNlcnZpY2UgZm9yIGRhdGFwbGFuZS1jdHJsCiAgICBsb2NhdGlvbiAvZjUubmdpbnguYWdlbnQuc2RrLkNvbW1hbmRlciB7CiAgICAgICAgZ3JwY19zb2NrZXRfa2VlcGFsaXZlIG9uOwogICAgICAgIGdycGNfcmVhZF90aW1lb3V0IDVtOwogICAgICAgIGdycGNfc2VuZF90aW1lb3V0IDVtOwogICAgICAgIGNsaWVudF9ib2R5X3RpbWVvdXQgMTBtOwogICAgICAgIGdycGNfcGFzcyBncnBjOi8vZGF0YXBsYW5lLWN0cmw7CiAgICB9CgogICAgIyBnUlBDIHNlcnZpY2UgZm9yIG1ldHJpY3MgaW5nZXN0aW9uCiAgICBsb2NhdGlvbiAvZjUubmdpbnguYWdlbnQuc2RrLk1ldHJpY3NTZXJ2aWNlIHsKICAgICAgICBncnBjX3NvY2tldF9rZWVwYWxpdmUgb247CiAgICAgICAgZ3JwY19yZWFkX3RpbWVvdXQgNW07CiAgICAgICAgZ3JwY19zZW5kX3RpbWVvdXQgNW07CiAgICAgICAgY2xpZW50X2JvZHlfdGltZW91dCAxMG07CiAgICAgICAgY2xpZW50X21heF9ib2R5X3NpemUgMDsKICAgICAgICBncnBjX3Bhc3MgZ3JwYzovL21ldHJpY3MtaW5nZXN0OwogICAgfQp9CgojIHByb3h5IHRvIHRoZSBtYW5hZ2VtZW50IHNlcnZlcnMKc2VydmVyIHsKICAgIGxpc3RlbiAxNTAwMDsKICAgIHNlcnZlcl9uYW1lIF87CiAgICAjIHVzZSBkb2NrZXIgRE5TCiAgICByZXNvbHZlciAxMjcuMC4wLjExIHZhbGlkPTMwczsKCiAgICAjIG1hdGNoIC88c2VydmljZT4vPG1nbXQgZW5kcG9pbnQ+CiAgICBsb2NhdGlvbiB+Xi8oW14vXSspLyguKykkIHsKICAgICAgICBwcm94eV9wYXNzIGh0dHA6Ly8kMToxNTAwMC8kMjsKICAgIH0KCiAgICBsb2NhdGlvbiAvIHsKICAgICAgICBhZGRfaGVhZGVyICJDb250ZW50LVR5cGUiICJ0ZXh0L2h0bWwiOwogICAgICAgIHJldHVybiAyMDAgIjxwPkFjY2VzcyB0aGUgbWFuYWdlbWVudCBzZXJ2ZXIgb2YgYW55IHNlcnZpY2Ugd2l0aCBVUkxzIGxpa2UgPGNvZGU+aHR0cDovL2xvY2FsaG9zdDoxNTAwMC8mbHQ7U0VSVklDRV9OQU1FJmd0Oy9tZXRyaWNzPC9jb2RlPjwvcD4iOwogICAgfQp9Cg==", - "mtime": "1970-01-01T00:00:00Z", - "name": "default.conf", - "size": 1942 + "association_type": "instance", + "name": "instance-host-name", + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "deployment_status": "latest", + "cert_paths": [ + "/etc/nginx/example.crt", + "/etc/nginx/certs/cert.crt" + ], + "key_paths": [ + "/etc/nginx/example.key" + ] + } + }, + "CertificateDeploymentListResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" + }, + { + "type": "object", + "description": "List of certificate deployments for a SSL certificate.", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of certificate deployments for an SSL certificate. If this certificate object represents a \nCA bundle, there will be only public certificate file paths in the certificate deployment details.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/CertificateDeployment" } + } + } + } + ], + "example": { + "total": 10, + "count": 2, + "start_index": 1, + "items_per_page": 100, + "items": [ + { + "association_type": "instance", + "name": "instance-host-name", + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "deployment_status": "latest", + "cert_paths": [ + "/etc/nginx/example.crt", + "/etc/nginx/certs/cert.crt" ], - "name": "/etc/nginx/conf.d" + "key_paths": [ + "/etc/nginx/example.key" + ] }, { - "files": [ - { - "contents": "CnVzZXIgIG5naW54Owp3b3JrZXJfcHJvY2Vzc2VzICBhdXRvOwoKZXJyb3JfbG9nICAvdmFyL2xvZy9uZ2lueC9lcnJvci5sb2cgbm90aWNlOwpwaWQgICAgICAgIC92YXIvcnVuL25naW54LnBpZDsKCgpldmVudHMgewogICAgd29ya2VyX2Nvbm5lY3Rpb25zICAxMDI0Owp9CgoKaHR0cCB7CiAgICBpbmNsdWRlICAgICAgIC9ldGMvbmdpbngvbWltZS50eXBlczsKICAgIGRlZmF1bHRfdHlwZSAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtOwoKICAgIGxvZ19mb3JtYXQgIG1haW4gICckcmVtb3RlX2FkZHIgLSAkcmVtb3RlX3VzZXIgWyR0aW1lX2xvY2FsXSAiJHJlcXVlc3QiICcKICAgICAgICAgICAgICAgICAgICAgICckc3RhdHVzICRib2R5X2J5dGVzX3NlbnQgIiRodHRwX3JlZmVyZXIiICcKICAgICAgICAgICAgICAgICAgICAgICciJGh0dHBfdXNlcl9hZ2VudCIgIiRodHRwX3hfZm9yd2FyZGVkX2ZvciInOwoKICAgIGFjY2Vzc19sb2cgIC92YXIvbG9nL25naW54L2FjY2Vzcy5sb2cgIG1haW47CgogICAgc2VuZGZpbGUgICAgICAgIG9uOwogICAgI3RjcF9ub3B1c2ggICAgIG9uOwoKICAgIGtlZXBhbGl2ZV90aW1lb3V0ICA2NTsKCiAgICAjZ3ppcCAgb247CgogICAgaW5jbHVkZSAvZXRjL25naW54L2NvbmYuZC8qLmNvbmY7Cn0K", - "mtime": "1970-01-01T00:00:00Z", - "name": "nginx.conf", - "size": 648 - }, - { - "contents": "CnR5cGVzIHsKICAgIHRleHQvaHRtbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBodG1sIGh0bSBzaHRtbDsKICAgIHRleHQvY3NzICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjc3M7CiAgICB0ZXh0L3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeG1sOwogICAgaW1hZ2UvZ2lmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdpZjsKICAgIGltYWdlL2pwZWcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqcGVnIGpwZzsKICAgIGFwcGxpY2F0aW9uL2phdmFzY3JpcHQgICAgICAgICAgICAgICAgICAgICAgICAgICBqczsKICAgIGFwcGxpY2F0aW9uL2F0b20reG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdG9tOwogICAgYXBwbGljYXRpb24vcnNzK3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJzczsKCiAgICB0ZXh0L21hdGhtbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbW1sOwogICAgdGV4dC9wbGFpbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHR4dDsKICAgIHRleHQvdm5kLnN1bi5qMm1lLmFwcC1kZXNjcmlwdG9yICAgICAgICAgICAgICAgICBqYWQ7CiAgICB0ZXh0L3ZuZC53YXAud21sICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd21sOwogICAgdGV4dC94LWNvbXBvbmVudCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGh0YzsKCiAgICBpbWFnZS9hdmlmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXZpZjsKICAgIGltYWdlL3BuZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwbmc7CiAgICBpbWFnZS9zdmcreG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZnIHN2Z3o7CiAgICBpbWFnZS90aWZmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGlmIHRpZmY7CiAgICBpbWFnZS92bmQud2FwLndibXAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2JtcDsKICAgIGltYWdlL3dlYnAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJwOwogICAgaW1hZ2UveC1pY29uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGljbzsKICAgIGltYWdlL3gtam5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqbmc7CiAgICBpbWFnZS94LW1zLWJtcCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYm1wOwoKICAgIGZvbnQvd29mZiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3b2ZmOwogICAgZm9udC93b2ZmMiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdvZmYyOwoKICAgIGFwcGxpY2F0aW9uL2phdmEtYXJjaGl2ZSAgICAgICAgICAgICAgICAgICAgICAgICBqYXIgd2FyIGVhcjsKICAgIGFwcGxpY2F0aW9uL2pzb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqc29uOwogICAgYXBwbGljYXRpb24vbWFjLWJpbmhleDQwICAgICAgICAgICAgICAgICAgICAgICAgIGhxeDsKICAgIGFwcGxpY2F0aW9uL21zd29yZCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2M7CiAgICBhcHBsaWNhdGlvbi9wZGYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcGRmOwogICAgYXBwbGljYXRpb24vcG9zdHNjcmlwdCAgICAgICAgICAgICAgICAgICAgICAgICAgIHBzIGVwcyBhaTsKICAgIGFwcGxpY2F0aW9uL3J0ZiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBydGY7CiAgICBhcHBsaWNhdGlvbi92bmQuYXBwbGUubXBlZ3VybCAgICAgICAgICAgICAgICAgICAgbTN1ODsKICAgIGFwcGxpY2F0aW9uL3ZuZC5nb29nbGUtZWFydGgua21sK3htbCAgICAgICAgICAgICBrbWw7CiAgICBhcHBsaWNhdGlvbi92bmQuZ29vZ2xlLWVhcnRoLmtteiAgICAgICAgICAgICAgICAga216OwogICAgYXBwbGljYXRpb24vdm5kLm1zLWV4Y2VsICAgICAgICAgICAgICAgICAgICAgICAgIHhsczsKICAgIGFwcGxpY2F0aW9uL3ZuZC5tcy1mb250b2JqZWN0ICAgICAgICAgICAgICAgICAgICBlb3Q7CiAgICBhcHBsaWNhdGlvbi92bmQubXMtcG93ZXJwb2ludCAgICAgICAgICAgICAgICAgICAgcHB0OwogICAgYXBwbGljYXRpb24vdm5kLm9hc2lzLm9wZW5kb2N1bWVudC5ncmFwaGljcyAgICAgIG9kZzsKICAgIGFwcGxpY2F0aW9uL3ZuZC5vYXNpcy5vcGVuZG9jdW1lbnQucHJlc2VudGF0aW9uICBvZHA7CiAgICBhcHBsaWNhdGlvbi92bmQub2FzaXMub3BlbmRvY3VtZW50LnNwcmVhZHNoZWV0ICAgb2RzOwogICAgYXBwbGljYXRpb24vdm5kLm9hc2lzLm9wZW5kb2N1bWVudC50ZXh0ICAgICAgICAgIG9kdDsKICAgIGFwcGxpY2F0aW9uL3ZuZC5vcGVueG1sZm9ybWF0cy1vZmZpY2Vkb2N1bWVudC5wcmVzZW50YXRpb25tbC5wcmVzZW50YXRpb24KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwcHR4OwogICAgYXBwbGljYXRpb24vdm5kLm9wZW54bWxmb3JtYXRzLW9mZmljZWRvY3VtZW50LnNwcmVhZHNoZWV0bWwuc2hlZXQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB4bHN4OwogICAgYXBwbGljYXRpb24vdm5kLm9wZW54bWxmb3JtYXRzLW9mZmljZWRvY3VtZW50LndvcmRwcm9jZXNzaW5nbWwuZG9jdW1lbnQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2N4OwogICAgYXBwbGljYXRpb24vdm5kLndhcC53bWxjICAgICAgICAgICAgICAgICAgICAgICAgIHdtbGM7CiAgICBhcHBsaWNhdGlvbi93YXNtICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2FzbTsKICAgIGFwcGxpY2F0aW9uL3gtN3otY29tcHJlc3NlZCAgICAgICAgICAgICAgICAgICAgICA3ejsKICAgIGFwcGxpY2F0aW9uL3gtY29jb2EgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjY287CiAgICBhcHBsaWNhdGlvbi94LWphdmEtYXJjaGl2ZS1kaWZmICAgICAgICAgICAgICAgICAgamFyZGlmZjsKICAgIGFwcGxpY2F0aW9uL3gtamF2YS1qbmxwLWZpbGUgICAgICAgICAgICAgICAgICAgICBqbmxwOwogICAgYXBwbGljYXRpb24veC1tYWtlc2VsZiAgICAgICAgICAgICAgICAgICAgICAgICAgIHJ1bjsKICAgIGFwcGxpY2F0aW9uL3gtcGVybCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwbCBwbTsKICAgIGFwcGxpY2F0aW9uL3gtcGlsb3QgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwcmMgcGRiOwogICAgYXBwbGljYXRpb24veC1yYXItY29tcHJlc3NlZCAgICAgICAgICAgICAgICAgICAgIHJhcjsKICAgIGFwcGxpY2F0aW9uL3gtcmVkaGF0LXBhY2thZ2UtbWFuYWdlciAgICAgICAgICAgICBycG07CiAgICBhcHBsaWNhdGlvbi94LXNlYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2VhOwogICAgYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2ggICAgICAgICAgICAgICAgICAgIHN3ZjsKICAgIGFwcGxpY2F0aW9uL3gtc3R1ZmZpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBzaXQ7CiAgICBhcHBsaWNhdGlvbi94LXRjbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGNsIHRrOwogICAgYXBwbGljYXRpb24veC14NTA5LWNhLWNlcnQgICAgICAgICAgICAgICAgICAgICAgIGRlciBwZW0gY3J0OwogICAgYXBwbGljYXRpb24veC14cGluc3RhbGwgICAgICAgICAgICAgICAgICAgICAgICAgIHhwaTsKICAgIGFwcGxpY2F0aW9uL3hodG1sK3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICB4aHRtbDsKICAgIGFwcGxpY2F0aW9uL3hzcGYreG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICB4c3BmOwogICAgYXBwbGljYXRpb24vemlwICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHppcDsKCiAgICBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0gICAgICAgICAgICAgICAgICAgICAgICAgYmluIGV4ZSBkbGw7CiAgICBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0gICAgICAgICAgICAgICAgICAgICAgICAgZGViOwogICAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtICAgICAgICAgICAgICAgICAgICAgICAgIGRtZzsKICAgIGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbSAgICAgICAgICAgICAgICAgICAgICAgICBpc28gaW1nOwogICAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtICAgICAgICAgICAgICAgICAgICAgICAgIG1zaSBtc3AgbXNtOwoKICAgIGF1ZGlvL21pZGkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtaWQgbWlkaSBrYXI7CiAgICBhdWRpby9tcGVnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbXAzOwogICAgYXVkaW8vb2dnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9nZzsKICAgIGF1ZGlvL3gtbTRhICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtNGE7CiAgICBhdWRpby94LXJlYWxhdWRpbyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcmE7CgogICAgdmlkZW8vM2dwcCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDNncHAgM2dwOwogICAgdmlkZW8vbXAydCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRzOwogICAgdmlkZW8vbXA0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1wNDsKICAgIHZpZGVvL21wZWcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtcGVnIG1wZzsKICAgIHZpZGVvL3F1aWNrdGltZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtb3Y7CiAgICB2aWRlby93ZWJtICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2VibTsKICAgIHZpZGVvL3gtZmx2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBmbHY7CiAgICB2aWRlby94LW00diAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbTR2OwogICAgdmlkZW8veC1tbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1uZzsKICAgIHZpZGVvL3gtbXMtYXNmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhc3ggYXNmOwogICAgdmlkZW8veC1tcy13bXYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdtdjsKICAgIHZpZGVvL3gtbXN2aWRlbyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdmk7Cn0K", - "mtime": "1970-01-01T00:00:00Z", - "name": "mime.types", - "size": 5349 - } + "association_type": "config_sync_group", + "name": "group1", + "object_id": "csg_vfr5Oqv-AhxGzyqTXW-Ubw", + "deployment_status": "stale", + "cert_paths": [ + "/etc/nginx/cert.crt" ], - "name": "/etc/nginx" + "key_paths": [ + "/etc/nginx/server.key" + ] } ] } }, - "NginxConfigObjectID": { - "description": "A globally unique identifier for the NGINX Config object.", - "type": "string", - "format": "object_id", - "pattern": "^nc_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } - }, - "PayloadObjectID": { - "description": "A globally unique identifier for the valid payload object reference.", - "type": "string", - "format": "object_id", - "pattern": "^(cert|pv)_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } - }, - "NginxConfigPayload": { + "NginxCVEObject": { "type": "object", - "description": "Details of Aux File Payload that goes with an NGINX configuration. Provide hints for the backend system on \nadditional file contents that should be part of the NGINX Config Publication.\nCan be used to deploy files related to SSL certificates, to a data plane instance.\n", "required": [ - "type", - "paths" + "id", + "severity", + "info", + "published_at" ], + "description": "Details about a specific NGINX security advisory, including the number of instances impacted by it, its severity, and a brief description.", "properties": { - "type": { - "type": "string", - "description": "Types of Aux File Payload:\n - inline_secret - indicates the provided content for the payload should be stored in a secret location, and removed after the publication is done.\n - inline_content - indicates the provided content for the payload should be stored, and removed after the publication is done. Note, the contents may end up in the `aux` content if used in this NGINX configuration.\n - unmanaged_certificate - indicates certificate content for an unmanaged certificate detected from a data plane instance through NGINX configurations. Will be filtered and ignored in the payload deployment.\n - managed_certificate - indicates public certificates managed by NGINX One Console.\n - managed_key - indicates a private key managed by NGINX One Console.\n - nap_policy_version - indicates a version of NAP policy managed by NGINX One Console. A valid policy_version object\n", - "enum": [ - "inline_secret", - "inline_content", - "unmanaged_certificate", - "managed_certificate", - "managed_key", - "nap_policy_version" - ], - "x-enum-varnames": [ - "nginx_config_payload_inline_secret", - "nginx_config_payload_inline_content", - "nginx_config_payload_unmanaged_certificate", - "nginx_config_payload_managed_certificate", - "nginx_config_payload_managed_key", - "nginx_config_payload_nap_policy_version" - ] - }, - "contents": { - "type": "string", - "format": "base64", - "description": "The base64-encoded contents of the file.", - "maxLength": 3145728 + "id": { + "description": "The security advisory's unique identifier.", + "type": "string" }, - "object_id": { - "$ref": "#/components/schemas/PayloadObjectID" + "severity": { + "$ref": "#/components/schemas/CveSeverityType" }, - "paths": { - "type": "array", - "items": { - "type": "string" - } - } - }, - "example": { - "type": "inline_content", - "contents": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURUVENDQWpXZ0F3SUJBZ0lVVkcycitidUwwRk83U1FVeUtoVkNTN3YyRHZZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05qRVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNUk13RVFZRFZRUUtEQXBPUjBsT1dDQkpibU11TVFzdwpDUVlEVlFRR0V3SlZVekFlRncweU5EQTBNall5TURVeE5ERmFGdzB5TkRBME1qY3lNRFV4TkRGYU1EWXhFakFRCkJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERFVE1CRUdBMVVFQ2d3S1RrZEpUbGdnU1c1akxqRUxNQWtHQTFVRUJoTUMKVlZNd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMyb0FJVU9HMkxGMFVGclpMeQp5aWhZRjBZWjdYTWFYZnZ4dWJMYVZZdUdJNjlYN1FQRUJtUXp2OXdod25aUktDUExDZHVCNG04Y0o3Q3BGenRHCldPYVFMbmNxVVA4RFU1aHlQeFBSbmZUdFFBcUdiMDJRZ1RVQXY1QkpJMFZheGhCcnNaemd0KzgyM3ZoTTZTUHcKMGdSc1NZRlFpKzVDWW9MMWZNSWdhS0N2Ri9zZGl5cHZFQ0JDZVZyTWZFZ0pGSVJBQ1kvdFBzdEsvTkxwKzlmawppZ3hFMlYxcldoSGdvRmhZRm5YYnVqM2RIMHJLai9DVlM5anZMMk9vRTlvenM5MkRVLytySGJ6eFR3QndVQjBzCmVPS2hPY2d2cENyTVlSUWxUUlhmWVJmV0NLN2Q2Mk1JR3kvajcvV1VieDFOYzl4MjJzUitydVRlZkxnRTA2NWgKMldDZkFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFmQmdOVgpIU01FR0RBV2dCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFCNC9VM3lrMFYzMTFNRFQvaEttbFJ4MWRqalRyMlhIQnVEcXZYY3BIRTQKVDJwZ0xnWURwN2tmUTQrdnlHWUt1cndEc0F1VDhEZCtUUUZLZEIraEFGRzMyazlxS1RyY1ZCZ2tNSjIwQitvWQp4T2diWW5zVnpiTDhXL0hOR3BlbDkrbThwYURtMGRXNzhMUit5UnJleDVlY2pjYWlZMDg3b0dHNlJDeWhyUVd4CkpkdkFvNlU1ejl3TnVhNmMyNlY2cy84Yit6SkJWektGZ0tQNVVGL2lIcGJVNW1QcVMwWlk4ckhRLzZPTHRGRjgKZ1J2UUlRZjZLSjRmOXlUOFBYSHBIdGJCMzEzaWh2Z09wWW9la3lIWTZaSmllTWhkd0J4MzB1N3d2Uy9POEluYwpsZWZzTkxUcWFTM2JWdldLeUFaVlZyenFtU043aGh4QWZrc0RZelBFbkF3OAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t", - "paths": [ - "/etc/nginx/ssl/server.crt" - ] - } - }, - "NginxConfigPayloads": { - "type": "array", - "description": "An array of payloads that track the file paths of each SSL certificates and key, indicating where to deploy\nthem onto the data plane instance.\n* If the `type` is `managed_certificate` or `managed_key`, you need to specify an `object_id`.\n * The `object_id` must represent a managed certificate object, or a `400 Bad Request` is returned. \n * The `contents` field is optional and is ignored if included.\n* The NGINX One Console manages deployed file paths only for managed certificates and keys. If you don't want \nthem to be managed by NGINX One Console, `inline_content` and `inline_secret` can be used for certificates or \nkeys, respectively. When you retrieve certificate deployment details, only the file paths of managed \ncertificates and keys will be shown.\n* If you use `inline_content` and `inline_secret` in your NGINX configuration, the NGINX One Console \nwill detect them. When they are used as SSL directives of the NGINX configuration \nfor certificates and keys, the certificates will be listed as `unmanaged_certificate` in the certificate \ndeployment details.\n", - "items": { - "$ref": "#/components/schemas/NginxConfigPayload" - }, - "example": [ - { - "type": "managed_certificate", - "object_id": "cert_rto8NYiCQputrIasNx2NOA", - "paths": [ - "/etc/nginx/cert.pem" - ] + "info": { + "description": "A brief description of security advisory.", + "type": "string" }, - { - "type": "managed_key", - "object_id": "cert_rto8NYiCQputrIasNx2NOA", - "paths": [ - "/etc/nginx/key.pem" - ] + "instances_impacted": { + "description": "Number of instances impacted by the security advisory", + "type": "integer" }, - { - "type": "inline_content", - "contents": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURUVENDQWpXZ0F3SUJBZ0lVVkcycitidUwwRk83U1FVeUtoVkNTN3YyRHZZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05qRVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNUk13RVFZRFZRUUtEQXBPUjBsT1dDQkpibU11TVFzdwpDUVlEVlFRR0V3SlZVekFlRncweU5EQTBNall5TURVeE5ERmFGdzB5TkRBME1qY3lNRFV4TkRGYU1EWXhFakFRCkJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERFVE1CRUdBMVVFQ2d3S1RrZEpUbGdnU1c1akxqRUxNQWtHQTFVRUJoTUMKVlZNd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMyb0FJVU9HMkxGMFVGclpMeQp5aWhZRjBZWjdYTWFYZnZ4dWJMYVZZdUdJNjlYN1FQRUJtUXp2OXdod25aUktDUExDZHVCNG04Y0o3Q3BGenRHCldPYVFMbmNxVVA4RFU1aHlQeFBSbmZUdFFBcUdiMDJRZ1RVQXY1QkpJMFZheGhCcnNaemd0KzgyM3ZoTTZTUHcKMGdSc1NZRlFpKzVDWW9MMWZNSWdhS0N2Ri9zZGl5cHZFQ0JDZVZyTWZFZ0pGSVJBQ1kvdFBzdEsvTkxwKzlmawppZ3hFMlYxcldoSGdvRmhZRm5YYnVqM2RIMHJLai9DVlM5anZMMk9vRTlvenM5MkRVLytySGJ6eFR3QndVQjBzCmVPS2hPY2d2cENyTVlSUWxUUlhmWVJmV0NLN2Q2Mk1JR3kvajcvV1VieDFOYzl4MjJzUitydVRlZkxnRTA2NWgKMldDZkFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFmQmdOVgpIU01FR0RBV2dCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFCNC9VM3lrMFYzMTFNRFQvaEttbFJ4MWRqalRyMlhIQnVEcXZYY3BIRTQKVDJwZ0xnWURwN2tmUTQrdnlHWUt1cndEc0F1VDhEZCtUUUZLZEIraEFGRzMyazlxS1RyY1ZCZ2tNSjIwQitvWQp4T2diWW5zVnpiTDhXL0hOR3BlbDkrbThwYURtMGRXNzhMUit5UnJleDVlY2pjYWlZMDg3b0dHNlJDeWhyUVd4CkpkdkFvNlU1ejl3TnVhNmMyNlY2cy84Yit6SkJWektGZ0tQNVVGL2lIcGJVNW1QcVMwWlk4ckhRLzZPTHRGRjgKZ1J2UUlRZjZLSjRmOXlUOFBYSHBIdGJCMzEzaWh2Z09wWW9la3lIWTZaSmllTWhkd0J4MzB1N3d2Uy9POEluYwpsZWZzTkxUcWFTM2JWdldLeUFaVlZyenFtU043aGh4QWZrc0RZelBFbkF3OAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t", - "paths": [ - "/etc/nginx/inline_cert.crt" - ] + "control_planes_impacted": { + "description": "Number of control planes impacted by the security advisory", + "type": "integer" + }, + "published_at": { + "description": "The date and time when the cve was published", + "type": "string", + "format": "date-time" } - ] + } }, - "NginxConfig": { - "description": "Details of an NGINX configuration, including its unique identifier, the main configuration path, the \nconfiguration directories, and the NGINX configuration payloads that indicate where managed SSL certificates\nand keys were deployed to on the data plane instance.\n", + "CVEListResponse": { "allOf": [ { - "$ref": "#/components/schemas/NginxConfigObject" + "$ref": "#/components/schemas/PaginationResponse" }, { "type": "object", + "description": "List of all CVEs.", "required": [ - "object_id" + "items" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/NginxConfigObjectID" - }, - "payloads": { - "$ref": "#/components/schemas/NginxConfigPayloads" + "items": { + "description": "An array of CVE objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxCVEObject" + } } } } ] }, - "FileDataRequest": { + "NginxProduct": { + "type": "string", + "description": "NGINX product :\n * `noss` - NGINX Open Source.\n * `nplus` - NGINX PLUS.\n * `nic` - NGINX Ingress Controller.\n * `ngf` - NGINX Gateway Fabric.\n", + "enum": [ + "noss", + "nplus", + "nic", + "ngf", + "unknown" + ], + "x-enum-varnames": [ + "nginx_product_noss", + "nginx_product_nplus", + "nginx_product_nic", + "nginx_product_ngf", + "nginx_product_unknown" + ] + }, + "CveImpactedNginxProduct": { "type": "object", - "description": "Details about a file, name, and content.", "required": [ + "versions", "name" ], + "description": "security advisory impacted NGINX product and its version.", "properties": { - "name": { - "type": "string", - "description": "The file's relative path to the parent directory, absolute path also accepted.", - "minLength": 1, - "maxLength": 4096 + "versions": { + "description": "List of impacted NGINX product versions.", + "type": "array", + "items": { + "type": "string" + } }, - "contents": { - "type": "string", - "format": "byte", - "description": "The base64-encoded contents of the file.", - "maxLength": 3145728 + "name": { + "$ref": "#/components/schemas/NginxProduct" } } }, - "DirectoryRequestWithFileContent": { + "NginxCVEDetailsResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/NginxCVEObject" + }, + { + "type": "object", + "required": [ + "detail", + "impacted_products" + ], + "description": "Details about a specific NGINX security advisory, including its severity, detail,\npublished date and time, description and impacted products.\n", + "properties": { + "impacted_products": { + "type": "array", + "items": { + "$ref": "#/components/schemas/CveImpactedNginxProduct" + } + }, + "detail": { + "description": "the details about security advisory", + "type": "string" + } + }, + "example": { + "detail": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-ID", + "id": "CVE-ID", + "impacted_products": [ + { + "name": "nplus", + "versions": [ + "r1", + "r2" + ] + }, + { + "name": "noss", + "versions": [ + "1.11.1", + "1.20.2", + "1.19.9" + ] + }, + { + "name": "nic", + "versions": [ + "1.0.0", + "2.1.0" + ] + }, + { + "name": "ngf", + "versions": [ + "1.6.2", + "2.0.1" + ] + } + ], + "info": "Memory disclosure in the ngx_http_mp4_module", + "published_at": "2022-10-19T00:00:00Z", + "severity": "medium" + } + } + ] + }, + "NginxProductInfo": { "type": "object", - "description": "Represents a directory and its contents, detailing the directory's full path, and the files within it.", + "description": "Information about an NGINX product type and its version", "required": [ "name", - "files" + "version" ], "properties": { "name": { - "type": "string", - "minLength": 1, - "description": "The complete path of the directory." + "$ref": "#/components/schemas/NginxProduct" }, - "files": { - "type": "array", - "description": "The list of files in the directory.", - "items": { - "$ref": "#/components/schemas/FileDataRequest" - } + "version": { + "description": "version of the NGINX product installed on the instance.", + "type": "string" } } }, - "NginxConfigObjectRequest": { + "CVEImpactedInstance": { "type": "object", - "description": "Details of an NGINX configuration, the main configuration path, and the configuration directories.\n", + "description": "Summary information about a NGINX instance.", "required": [ - "conf_path", - "configs" + "object_id", + "hostname", + "status" ], "properties": { - "config_version": { - "type": "string", - "description": "A hash that uniquely identifies the contents of the config object. Can be used to detect change when updating the NginxConfig.\n" + "object_id": { + "$ref": "#/components/schemas/InstanceObjectID" }, - "conf_path": { - "$ref": "#/components/schemas/ConfigPath" + "hostname": { + "description": "The name of the host system where the NGINX instance is running.", + "type": "string" }, - "configs": { + "products": { + "description": "List of NGINX products in the instance", "type": "array", - "description": "An array of directories containing NGINX configuration files.", "items": { - "$ref": "#/components/schemas/DirectoryRequestWithFileContent" + "$ref": "#/components/schemas/NginxProductInfo" } }, - "aux": { - "type": "array", - "description": "An array of auxiliary directory contents related to the NGINX configuration. When auxiliary contents are\nprovided, they become the authoritative source of non-NGINX configuration content. Please ensure the\nprovided contents are complete, missing files that are referenced in the NGINX configuration can cause\nNGINX reload failure. When not provided, the previous known auxiliary contents will be used as part of\npublish.\n", - "items": { - "$ref": "#/components/schemas/DirectoryRequestWithFileContent" - } + "status": { + "type": "string", + "description": "The current operational status of the NGINX instance, with the following possible values:\n* `unknown` - The status of the NGINX instance cannot be determined at this moment.\n* `unavailable` - The NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n* `offline` - The NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n* `online` - The NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n", + "enum": [ + "unknown", + "unavailable", + "offline", + "online" + ] } } }, - "NginxConfigRequest": { + "CVEImpactedInstancesListResponse": { "allOf": [ { - "$ref": "#/components/schemas/NginxConfigObjectRequest" + "$ref": "#/components/schemas/PaginationResponse" }, { "type": "object", + "description": "List of instances affected by a CVE.", + "required": [ + "items" + ], "properties": { - "payloads": { - "$ref": "#/components/schemas/NginxConfigPayloads" + "items": { + "description": "An array of Instance objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/CVEImpactedInstance" + } } + }, + "example": { + "total": 10, + "count": 1, + "start_index": 1, + "items_per_page": 100, + "items": [ + { + "object_id": "inst_8Iwn7dT7RF-PRLxkSt5EYQ", + "hostname": "4d116619f106", + "products": [ + { + "name": "noss", + "version": "1.18.0" + } + ], + "status": "unknown" + } + ] } } ] }, - "PublicationStatusCause": { - "description": "Cause of the failure, provided only if the status is `failed`.", - "type": "object", - "properties": { - "cause": { - "description": "Cause of the failure, detailed as follows:\n* `unknown` - The reason for the failure is not known.\n* `timeout` - The publication request reached its time limit without receiving a response from the NGINX Agent.\n* `remote` - The NGINX Agent reported a failure when trying to apply the configuration. See the message for more details.\n", - "type": "string", - "enum": [ - "unknown", - "timeout", - "remote" - ], - "x-enum-varnames": [ - "publication_instance_status_cause_unknown", - "publication_instance_status_cause_timeout", - "publication_instance_status_cause_remote" - ] - }, - "message": { - "type": "string", - "description": "more specific failure message from the agent." - } - } - }, - "ConfigSyncGroupPublicationStatusReason": { + "CVEImpactedControlPlanesListResponse": { "allOf": [ { - "$ref": "#/components/schemas/PublicationStatusCause" + "$ref": "#/components/schemas/PaginationResponse" }, { "type": "object", + "description": "List of control planes affected by a CVE.", "required": [ - "object_id" + "items" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/InstanceObjectID" + "items": { + "description": "An array of Control Plane objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/ControlPlaneBaseInfo" + } } + }, + "example": { + "total": 10, + "count": 1, + "start_index": 1, + "items_per_page": 100, + "items": [ + { + "object_id": "ecp_tgfVM3KQTxCyiDXgV38G7A", + "name": "nginx-ingress-001", + "product_version": "nginx-ingress-controller-4.0.1", + "created_at": "2023-08-10T16:59:15Z" + } + ] } } ] }, - "ConfigSyncGroupPublication": { - "description": "Details of a publication request for the NGINX config sync group.", - "required": [ - "status", - "created_at", - "modified_at" + "FilterNameEvents": { + "type": "string", + "description": "Keywords for events filters.\n", + "enum": [ + "object_id" ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/PublicationObjectID" - }, - "status": { - "$ref": "#/components/schemas/ConfigSyncGroupPublicationStatus" - }, - "created_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the publication was created for the instance." - }, - "modified_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the publication was last modified for the instance." - }, - "status_reasons": { - "description": "Detailed failure reasons on each instance's publication, when 'status' is in 'failed' or 'partially_succeeded'", - "type": "array", - "items": { - "$ref": "#/components/schemas/ConfigSyncGroupPublicationStatusReason" - } - }, - "config_version": { - "type": "string", - "description": "A hash that uniquely identifies the contents of the config object in the publication.\n" - } - }, - "example": { - "config_version": "fc3bb4b50c145b3ca5c5d1342be5ec0718eeb9bb84f8d53c5734b6b8", - "created_at": "2024-05-23T21:57:13.048285Z", - "modified_at": "2024-05-23T21:57:13.048285Z", - "object_id": "pub_UPV8jXFwSgm1vHQJCvLD1w", - "status": "failed", - "status_reasons": [ - { - "cause": "remote", - "message": "Config apply failed (write): error running nginx -t -c /etc/nginx/nginx.conf:\n error running nginx -t -c /etc/nginx/nginx.conf:\nnginx: [emerg] invalid number of arguments in \"worker_processes\" directive in /etc/nginx/nginx.conf:7\nnginx: configuration file /etc/nginx/nginx.conf test failed\n", - "object_id": "inst_QBBobKIAQ_21grAwV83VYw" - } - ] + "x-enum-varnames": [ + "filter_name_events_object_id" + ] + }, + "EventObjectID": { + "description": "A globally unique identifier for a NGINX One system event.", + "type": "string", + "format": "object_id", + "pattern": "^event_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "PublicationInstance": { - "description": "Details of a publication request for an NGINX instance.", + "Event": { + "type": "object", + "description": "An Event is a system message.", "required": [ - "status", - "created_at", - "modified_at" + "type", + "timestamp", + "object_id", + "message" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/PublicationObjectID" - }, - "config_version": { + "timestamp": { + "description": "time of the event", "type": "string", - "description": "A hash that uniquely identifies the contents of the config object in the publication.\n" + "format": "date-time", + "example": "2019-08-07T09:57:36.088757764Z" }, - "status": { - "description": "Publication status for the NGINX instance:\n* `pending` - The publication request has been accepted and is currently processing.\n* `failed` - The publication attempt failed.\n* `succeeded` - The publication was successful.\n", + "type": { "type": "string", + "description": "type of event, indication for affected object type.", "enum": [ - "pending", - "failed", - "succeeded" + "instance_cleanup", + "certificates", + "publications", + "nap_compilation_jobs" ], "x-enum-varnames": [ - "publication_instance_status_pending", - "publication_instance_status_failed", - "publication_instance_status_succeeded" + "event_type_instance_cleanup", + "event_type_certificates", + "event_type_publications", + "event_type_nap_compilation_jobs" ] }, - "status_cause": { - "$ref": "#/components/schemas/PublicationStatusCause" + "object_id": { + "$ref": "#/components/schemas/EventObjectID" }, - "created_at": { + "affected_object_id": { + "$ref": "#/components/schemas/ObjectID" + }, + "hostname": { "type": "string", - "format": "date-time", - "description": "The date and time when the publication was created for the instance." + "description": "hostname of the affected instance, if any." }, - "modified_at": { + "message": { "type": "string", - "format": "date-time", - "description": "The date and time when the publication was last modified for the instance." + "description": "Details regarding the event.", + "example": "Instance \"demo-1\" deleted by instance cleanup after \"unavailable\" for 25 hours." } }, "example": { - "config_version": "c039fbbd5d7f73d894390fb446bd3690da099ed8862b2527299bc2ba", - "created_at": "2024-05-14T20:36:06.272704Z", - "modified_at": "2024-05-14T20:36:06.272704Z", - "object_id": "pub_vfr5Oqv-AhxGzyqTXW-Ubw", - "status": "pending" + "timestamp": "2024-02-04T09:57:36.088757764Z", + "type": "instance_cleanup", + "object_id": "event_-uvR3F2TQGm18jnl7bpaGw", + "affected_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "message": "ip-170.0.1 deleted after age out period of 3 hours, last seen 2023-08-07T09:57:36.088757764Z" } }, - "NginxConfigProblem": { - "type": "object", - "description": "Representation of a problem found during NGINX configuration analysis.", - "properties": { - "directive": { - "description": "Directive in the NGINX configuration where the issue is identified.", - "type": "string" - }, - "file": { - "description": "File where the issue is detected.", - "type": "string" + "EventsListResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" }, - "line": { - "description": "Line number in the configuration where the issue is found.", - "type": "integer" + { + "type": "object", + "description": "List of Events.", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of Event objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/Event" + } + } + } } + ] + }, + "FilterStagedConfigs": { + "type": "string", + "description": "Keywords for staged configs filters.\n", + "enum": [ + "name", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_staged_config_name", + "filter_name_staged_config_object_id" + ] + }, + "StagedConfigObjectID": { + "description": "A globally unique identifier for the NGINX staged config.", + "type": "string", + "format": "object_id", + "pattern": "^sc_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "NginxConfigReport": { + "StagedConfigCertificateSummary": { "type": "object", - "description": "An analysis of the NGINX configuration, highlighting issues and their severity, and offering recommendations.", + "description": "Provides a summary of the current status of certificates used in NGINX configurations. It includes the total number of certificates, as well as the counts of expired certificates, those nearing expiration, valid certificates, certificates that are not found, and those that are not ready for use.", + "required": [ + "total", + "expired", + "expiring", + "valid", + "not_found", + "not_ready" + ], "properties": { - "rule": { - "description": "The name of the configuration rule that was violated.", - "type": "string" + "total": { + "description": "Total count of certificates used as `payloads` in NGINX config.", + "type": "integer" }, - "info": { - "description": "A detailed description of the issue.", - "type": "string" + "expired": { + "description": "The number of certificates that have expired and are no longer valid.", + "type": "integer" }, - "severity": { - "description": "The severity level of the issue.", - "type": "string" + "expiring": { + "description": "The number of certificates due to expire in the next 30 days.", + "type": "integer" }, - "category": { - "description": "Classification category of the issue.", - "type": "string" + "valid": { + "description": "The number of certificates that are valid and in good standing.", + "type": "integer" }, - "documentation": { - "description": "Links to documentation that can assist in resolving the identified issue.", - "type": "array", - "items": { - "type": "string" - } + "not_found": { + "description": "The number of certificates that are not found on NGINX One Console.", + "type": "integer" }, - "where": { - "description": "Specific locations in the configuration where issues were detected.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NginxConfigProblem" - } + "not_ready": { + "description": "The number of certificates that are not ready to be used.", + "type": "integer" } } }, - "NginxConfigReports": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NginxConfigReport" - } - }, - "NginxConfigMeta": { + "StagedConfigMeta": { "type": "object", - "description": "Meta data of an NGINX configuration, including its unique identifier, the config_version.\n", + "description": "Summary information of the NGINX staged config.", "required": [ "object_id", - "config_version", + "name", "created_at", - "modified_at", - "config_source" + "modified_at" ], "properties": { "object_id": { - "$ref": "#/components/schemas/NginxConfigObjectID" + "$ref": "#/components/schemas/StagedConfigObjectID" }, - "config_version": { - "type": "string", - "description": "A hash that uniquely identifies the contents of the config object.\n" + "name": { + "description": "Name of the NGINX staged config", + "type": "string" }, "created_at": { "type": "string", @@ -7822,96 +12597,28 @@ "format": "date-time", "description": "The date and time when the NGINX configuration object was last modified for the instance." }, - "config_source": { - "type": "string", - "enum": [ - "NGINX One", - "Other", - "Unspecified" - ], - "x-enum-varnames": [ - "config_source_nginx_one", - "config_source_other", - "config_source_unspecified" - ], - "description": "The source from which the config was created:\n- `NGINX One`: The config was created from NGINX One.\n- `Other`: The config was created from data plane.\n- `Unspecified`: The source of the config is unspecified.\n" + "cert_summary": { + "$ref": "#/components/schemas/StagedConfigCertificateSummary" } - }, - "example": { - "object_id": "nc_AamgWtYSSb6OWGljx3wNDA", - "config_version": "Cm1hcCAkdXJpICRtYXBwZWRfc2V", - "created_at": "2023-08-10T16:59:15Z", - "modified_at": "2023-08-10T16:59:15Z", - "config_source": "NGINX One" } }, - "FilterNameControlPlanes": { - "type": "string", - "description": "Keywords for control plane filters.\nWhen filtering on `product`, only the following `filter_values` are supported:\n * nic\n", - "enum": [ - "name", - "product_version", - "object_id" - ], - "x-enum-varnames": [ - "filter_name_control_plane_name", - "filter_name_control_plane_product_version", - "filter_name_control_plane_object_id" - ] - }, - "ListControlPlaneObject": { - "allOf": [ - { - "$ref": "#/components/schemas/ControlPlaneBaseInfo" - }, - { - "type": "object", - "description": "Summary information about a control plane.", - "required": [ - "object_id", - "instances_count", - "online_instances_count" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/ControlPlaneObjectID" - }, - "instances_count": { - "description": "Total number of instances in the control plane.", - "type": "integer" - }, - "online_instances_count": { - "description": "Total number of online instances in the control plane.", - "type": "integer" - }, - "cve_severity": { - "type": "array", - "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX control plane.", - "items": { - "$ref": "#/components/schemas/CveDetails" - } - } - } - } - ] - }, - "ControlPlaneListResponse": { + "StagedConfigListResponse": { "allOf": [ { "$ref": "#/components/schemas/PaginationResponse" }, { "type": "object", - "description": "List of control planes.", + "description": "List of NGINX staged configs.", "required": [ "items" ], "properties": { "items": { - "description": "An array of control plane objects.", + "description": "An array of Staged Config objects.", "type": "array", "items": { - "$ref": "#/components/schemas/ListControlPlaneObject" + "$ref": "#/components/schemas/StagedConfigMeta" } } } @@ -7924,1302 +12631,1452 @@ "items_per_page": 100, "items": [ { - "object_id": "ecp_tgfVM3KQTxCyiDXgV38G7A", - "name": "nginx-ingress-001", - "product_version": "nginx-ingress-controller-4.0.1", - "created_at": "2023-12-06T22:37:24.120114Z", - "instances_count": 5, - "online_instances_count": 3, - "cve_severity": [ - { - "count": 6, - "type": "medium" - }, - { - "count": 1, - "type": "high" - } - ] - }, - { - "object_id": "ecp_-bRQlhscTKmbUIdJaYhGJA", - "name": "nginx-ingress-002", - "created_at": "2023-12-06T22:37:24.120114Z", - "product_version": "nginx-ingress-controller-4.0.1", - "instances_count": 3, - "online_instances_count": 1, - "cve_severity": [ - { - "count": 2, - "type": "medium" - }, - { - "count": 3, - "type": "high" - } - ] + "object_id": "sc_Tet21AeYTHCj7taOwVfzyw", + "name": "my-nginx-staged-config", + "created_at": "2023-08-10T16:59:15Z", + "modified_at": "2023-08-10T16:59:15Z" } ] } }, - "StatusSummary": { - "description": "An overview of the status for each NGINX instance, indicating availability.", - "type": "object", + "StagedConfigName": { + "type": "string", + "description": "A name to identify the NGINX staged config.", + "minLength": 1, + "maxLength": 256, + "pattern": "^[^\\s]+$" + }, + "StagedConfigCreateRequest": { + "description": "Body to create a NGINX staged config. A staged config can be empty; config payload is optional.", "required": [ - "online", - "offline", - "unavailable" + "name" ], "properties": { - "online": { - "description": "The number of NGINX instances reporting as `online`.\nThe NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n", - "type": "integer" - }, - "offline": { - "description": "The number of NGINX instances reporting as `offline`.\nThe NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n", - "type": "integer" + "name": { + "$ref": "#/components/schemas/StagedConfigName" }, - "unavailable": { - "description": "The number of NGINX instances reporting as `unavailable`.\nThe NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n", - "type": "integer" + "config": { + "$ref": "#/components/schemas/NginxConfigRequest" + } + }, + "example": { + "name": "my-nginx-staged-config", + "config": { + "aux": [], + "conf_path": "/etc/nginx/nginx.conf", + "configs": [ + { + "files": [ + { + "contents": "string", + "name": "default.conf" + } + ], + "name": "/etc/nginx/conf.d" + } + ] } } }, - "ControlPlane": { - "type": "object", - "description": "Information on control plane including:\n* Control plane object ID\n* Cluster UUID\n* Deployment UUID\n* Kubernetes namespace\n* Data plane key object ID\n* Certificate summary\n* Instance status summary\n", + "StagedConfigCreateResponse": { + "description": "Response to a create NGINX staged config request.", "required": [ "object_id", - "cluster_uuid", - "deployment_uuid", - "kubernetes_namespace" + "name" ], "properties": { "object_id": { - "$ref": "#/components/schemas/ControlPlaneObjectID" - }, - "cluster_uuid": { - "description": "The Kubernetes UID assigned to the cluster that the product is running in.", - "type": "string" - }, - "deployment_uuid": { - "description": "The Kubernetes UID assigned to the control plane.", - "type": "string" - }, - "key_object_id": { - "$ref": "#/components/schemas/DataPlaneKeyObjectID" + "$ref": "#/components/schemas/StagedConfigObjectID" }, - "kubernetes_namespace": { - "description": "The kubernetes namespace that the product is running in.", + "name": { + "description": "Name of the NGINX staged config.", "type": "string" - }, - "cert_summary": { - "$ref": "#/components/schemas/CertificateInstanceSummary" - }, - "statuses": { - "$ref": "#/components/schemas/StatusSummary" - } - } - }, - "ControlPlaneDetails": { - "type": "object", - "description": "Detailed information of control plane.", - "allOf": [ - { - "$ref": "#/components/schemas/ControlPlaneBaseInfo" - }, - { - "$ref": "#/components/schemas/ControlPlane" } - ], + }, "example": { - "name": "foo", - "object_id": "ecp_-uvR3F2TQGm18jnl7bpaGw", - "product_version": "nginx-ingress-controller-1.0.0", - "cluster_uuid": "d1ced6c7-8980-467e-a1db-dcdfec16b1f7", - "deployment_uuid": "b9b00e37-5ee4-4361-8c61-1329f3828dd3", - "key_object_id": "key_6AT9LXyUQHyhC8kF7bVMgg", - "kubernetes_namespace": "nginx-ingress-controller", - "created_at": "2023-12-06T22:37:24.120114Z", - "cert_summary": { - "total": 9, - "valid": 1, - "expired": 5, - "expiring": 3, - "not_ready": 0 - }, - "statuses": { - "offline": 0, - "online": 3, - "unavailable": 0 - } + "name": "my-nginx-staged-config", + "object_id": "sc_Tet21AeYTHCj7taOwVfzyw" } }, - "SummaryDisplayCount": { - "description": "The name, the total count, and an optional user-friendly display name of the resource being summarized.", + "StagedConfigBulkRequestData": { "type": "object", + "description": "Part of bulk operation on a staged config, only `delete` is supported.", "required": [ - "name", - "count" + "action", + "object_id" ], "properties": { - "name": { - "description": "Identifies the category of data being reported, such as an operating system, NGINX version, or another type.", - "type": "string" - }, - "count": { - "description": "The number of resources matching the given type.", - "type": "integer" + "object_id": { + "$ref": "#/components/schemas/StagedConfigObjectID" }, - "display": { - "description": "A user-friendly label for the category count, intended for display purposes where a more descriptive or readable format is preferred.", - "type": "string" + "action": { + "$ref": "#/components/schemas/BulkRequestAction" } + }, + "example": { + "object_id": "sc_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" } }, - "ControlPlaneProductVersionSummary": { - "description": "An array of control plane product names/versions.", + "StagedConfigBulkRequest": { "type": "array", "items": { - "$ref": "#/components/schemas/SummaryDisplayCount" + "$ref": "#/components/schemas/StagedConfigBulkRequestData" + }, + "minItems": 1, + "maxItems": 50, + "example": [ + { + "object_id": "sc_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" + }, + { + "object_id": "sc_PL0c1XodRemmzVEjiXSsTg", + "action": "delete" + } + ] + }, + "StagedConfigBulkResponse": { + "description": "The staged config bulk outcome.", + "type": "array", + "items": { + "$ref": "#/components/schemas/BulkRequestObjectStatus" } }, - "CveControlPlaneSummary": { - "description": "A summary of Common Vulnerabilities and Exposures (CVEs) across the NGINX control plane.", - "type": "object", + "StagedConfigResponse": { + "description": "Get an NGINX staged config.", "required": [ - "severity", - "count", - "affected_control_planes" + "name" ], "properties": { - "severity": { - "$ref": "#/components/schemas/CveSeverityType" + "name": { + "type": "string", + "description": "Name of the NGINX staged config." }, - "count": { - "description": "The number of CVEs at each severity level.", - "type": "integer" + "config": { + "$ref": "#/components/schemas/NginxConfig" + } + } + }, + "StagedConfigUpdateRequest": { + "description": "Body to update a NGINX staged config name and config contents.", + "required": [ + "name", + "config" + ], + "properties": { + "name": { + "$ref": "#/components/schemas/StagedConfigName" }, - "affected_control_planes": { - "description": "The number of control planes affected by each CVE.", - "type": "integer" + "config": { + "$ref": "#/components/schemas/NginxConfigRequest" + } + }, + "example": { + "name": "my-nginx-staged-config", + "config": { + "aux": [], + "conf_path": "/etc/nginx/nginx.conf", + "config_version": "c039fbbd5d7f73d894390fb446bd3690da099ed8862b2527299bc2ba", + "configs": [ + { + "files": [ + { + "contents": "string", + "name": "default.conf" + } + ], + "name": "/etc/nginx/conf.d" + } + ] } } }, - "ControlPlaneSummary": { - "description": "A summary of control planes including their product names/version details.", - "type": "object", + "StagedConfigChangeRequest": { + "description": "Update an NGINX staged config.", "properties": { - "product_versions": { - "$ref": "#/components/schemas/ControlPlaneProductVersionSummary" + "name": { + "$ref": "#/components/schemas/StagedConfigName" }, - "cves": { - "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX control plane.", - "type": "array", - "items": { - "$ref": "#/components/schemas/CveControlPlaneSummary" - } + "config": { + "$ref": "#/components/schemas/NginxConfigRequest" } }, "example": { - "product_versions": [ - { - "count": 10, - "name": "nginx-ingress-controller-1.0.0" - } - ], - "cves": [ - { - "affected_control_planes": 3, - "count": 13, - "severity": "medium" - }, - { - "affected_control_planes": 2, - "count": 2, - "severity": "high" - } - ] + "config": { + "aux": [], + "conf_path": "/etc/nginx/nginx.conf", + "config_version": "c039fbbd5d7f73d894390fb446bd3690da099ed8862b2527299bc2ba", + "configs": [ + { + "files": [ + { + "contents": "string", + "name": "default.conf" + } + ], + "name": "/etc/nginx/conf.d" + } + ] + } } }, - "NginxCVEObject": { + "StagedConfigImportRequest": { "type": "object", + "description": "Body to import a NGINX staged config", "required": [ - "id", - "severity", - "info", - "published_at" + "name", + "file", + "conf_path" ], - "description": "Details about a specific NGINX security advisory, including the number of instances impacted by it, its severity, and a brief description.", "properties": { - "id": { - "description": "The security advisory's unique identifier.", - "type": "string" - }, - "severity": { - "$ref": "#/components/schemas/CveSeverityType" - }, - "info": { - "description": "A brief description of security advisory.", - "type": "string" - }, - "instances_impacted": { - "description": "Number of instances impacted by the security advisory", - "type": "integer" - }, - "control_planes_impacted": { - "description": "Number of control planes impacted by the security advisory", - "type": "integer" + "name": { + "$ref": "#/components/schemas/StagedConfigName" }, - "published_at": { - "description": "The date and time when the cve was published", + "file": { "type": "string", - "format": "date-time" + "format": "binary", + "example": "my-staged-config.tar.gz", + "maxLength": 5242880 + }, + "conf_path": { + "$ref": "#/components/schemas/ConfigPath" } + }, + "example": { + "name": "my-nginx-config", + "file": "my-staged-config.tar.gz", + "conf_path": "/etc/nginx/nginx.conf", + "parse_only": true } }, - "CVEListResponse": { + "FilterNameControlPlanes": { + "type": "string", + "description": "Keywords for control plane filters.\n", + "enum": [ + "name", + "product_version", + "object_id", + "cve_severity" + ], + "x-enum-varnames": [ + "filter_name_control_plane_name", + "filter_name_control_plane_product_version", + "filter_name_control_plane_object_id", + "filter_name_control_plane_cve_severity" + ] + }, + "ListControlPlaneObject": { "allOf": [ { - "$ref": "#/components/schemas/PaginationResponse" + "$ref": "#/components/schemas/ControlPlaneBaseInfo" }, { "type": "object", - "description": "List of all CVEs.", + "description": "Summary information about a control plane.", "required": [ - "items" + "object_id", + "instances_count", + "online_instances_count" ], "properties": { - "items": { - "description": "An array of CVE objects.", + "object_id": { + "$ref": "#/components/schemas/ControlPlaneObjectID" + }, + "instances_count": { + "description": "Total number of instances in the control plane.", + "type": "integer" + }, + "online_instances_count": { + "description": "Total number of online instances in the control plane.", + "type": "integer" + }, + "cve_severity": { "type": "array", + "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX control plane.", "items": { - "$ref": "#/components/schemas/NginxCVEObject" - } - } - } - } - ] - }, - "NginxProduct": { - "type": "string", - "description": "NGINX product :\n * `noss` - NGINX Open Source.\n * `nplus` - NGINX PLUS.\n * `nic` - NGINX Ingress Controller.\n", - "enum": [ - "noss", - "nplus", - "nic", - "unknown" - ], - "x-enum-varnames": [ - "nginx_product_noss", - "nginx_product_nplus", - "nginx_product_nic", - "nginx_product_unknown" - ] - }, - "CveImpactedNginxProduct": { - "type": "object", - "required": [ - "versions", - "name" - ], - "description": "security advisory impacted NGINX product and its version.", - "properties": { - "versions": { - "description": "List of impacted NGINX product versions.", - "type": "array", - "items": { - "type": "string" + "$ref": "#/components/schemas/CveDetails" + } + } } - }, - "name": { - "$ref": "#/components/schemas/NginxProduct" } - } + ] }, - "NginxCVEDetailsResponse": { + "ControlPlaneListResponse": { "allOf": [ { - "$ref": "#/components/schemas/NginxCVEObject" + "$ref": "#/components/schemas/PaginationResponse" }, { "type": "object", + "description": "List of control planes.", "required": [ - "detail", - "impacted_products" + "items" ], - "description": "Details about a specific NGINX security advisory, including its severity, detail,\npublished date and time, description and impacted products.\n", "properties": { - "impacted_products": { + "items": { + "description": "An array of control plane objects.", "type": "array", "items": { - "$ref": "#/components/schemas/CveImpactedNginxProduct" + "$ref": "#/components/schemas/ListControlPlaneObject" } - }, - "detail": { - "description": "the details about security advisory", - "type": "string" } - }, - "example": { - "detail": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-ID", - "id": "CVE-ID", - "impacted_products": [ + } + } + ], + "example": { + "total": 10, + "count": 1, + "start_index": 1, + "items_per_page": 100, + "items": [ + { + "object_id": "ecp_tgfVM3KQTxCyiDXgV38G7A", + "name": "nginx-ingress-001", + "product_version": "nginx-ingress-controller-4.0.1", + "created_at": "2023-12-06T22:37:24.120114Z", + "instances_count": 5, + "online_instances_count": 3, + "cve_severity": [ { - "name": "nplus", - "versions": [ - "r1", - "r2" - ] + "count": 6, + "type": "medium" }, { - "name": "noss", - "versions": [ - "1.11.1", - "1.20.2", - "1.19.9" - ] + "count": 1, + "type": "high" + } + ] + }, + { + "object_id": "ecp_-bRQlhscTKmbUIdJaYhGJA", + "name": "ngf-deployment", + "created_at": "2023-12-06T22:37:24.120114Z", + "product_version": "nginx-gateway-fabric-2.0.1", + "instances_count": 3, + "online_instances_count": 1, + "cve_severity": [ + { + "count": 2, + "type": "medium" }, { - "name": "nic", - "versions": [ - "1.0.0", - "2.1.0" - ] + "count": 3, + "type": "high" } - ], - "info": "Memory disclosure in the ngx_http_mp4_module", - "published_at": "2022-10-19T00:00:00Z", - "severity": "medium" + ] } - } - ] + ] + } }, - "NginxProductInfo": { + "ControlPlaneProductVersionSummary": { + "description": "An array of control plane product names/versions.", + "type": "array", + "items": { + "$ref": "#/components/schemas/SummaryDisplayCount" + } + }, + "CveControlPlaneSummary": { + "description": "A summary of Common Vulnerabilities and Exposures (CVEs) across the NGINX control plane.", "type": "object", - "description": "Information about an NGINX product type and its version", "required": [ - "name", - "version" + "severity", + "count", + "affected_control_planes" ], "properties": { - "name": { - "$ref": "#/components/schemas/NginxProduct" + "severity": { + "$ref": "#/components/schemas/CveSeverityType" }, - "version": { - "description": "version of the NGINX product installed on the instance.", - "type": "string" + "count": { + "description": "The number of CVEs at each severity level.", + "type": "integer" + }, + "affected_control_planes": { + "description": "The number of control planes affected by each CVE.", + "type": "integer" } } }, - "CVEImpactedInstance": { + "ControlPlaneSummary": { + "description": "A summary of control planes including their product names/version details.", "type": "object", - "description": "Summary information about a NGINX instance.", + "properties": { + "product_versions": { + "$ref": "#/components/schemas/ControlPlaneProductVersionSummary" + }, + "cves": { + "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX control plane.", + "type": "array", + "items": { + "$ref": "#/components/schemas/CveControlPlaneSummary" + } + } + }, + "example": { + "product_versions": [ + { + "count": 10, + "name": "nginx-ingress-controller-1.0.0" + } + ], + "cves": [ + { + "affected_control_planes": 3, + "count": 13, + "severity": "medium" + }, + { + "affected_control_planes": 2, + "count": 2, + "severity": "high" + } + ] + } + }, + "ControlPlane": { + "type": "object", + "description": "Information on control plane including:\n* Control plane object ID\n* Cluster UUID\n* Deployment UUID\n* Kubernetes namespace\n* Data plane key object ID\n* Certificate summary\n* Instance status summary\n", "required": [ "object_id", - "hostname", - "status" + "cluster_uuid", + "deployment_uuid", + "kubernetes_namespace" ], "properties": { "object_id": { - "$ref": "#/components/schemas/InstanceObjectID" + "$ref": "#/components/schemas/ControlPlaneObjectID" }, - "hostname": { - "description": "The name of the host system where the NGINX instance is running.", + "cluster_uuid": { + "description": "The Kubernetes UID assigned to the cluster that the product is running in.", "type": "string" }, - "products": { - "description": "List of NGINX products in the instance", - "type": "array", - "items": { - "$ref": "#/components/schemas/NginxProductInfo" - } + "deployment_uuid": { + "description": "The Kubernetes UID assigned to the control plane.", + "type": "string" }, - "status": { - "type": "string", - "description": "The current operational status of the NGINX instance, with the following possible values:\n* `unknown` - The status of the NGINX instance cannot be determined at this moment.\n* `unavailable` - The NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n* `offline` - The NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n* `online` - The NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n", - "enum": [ - "unknown", - "unavailable", - "offline", - "online" - ] + "key_object_id": { + "$ref": "#/components/schemas/DataPlaneKeyObjectID" + }, + "kubernetes_namespace": { + "description": "The kubernetes namespace that the product is running in.", + "type": "string" + }, + "cert_summary": { + "$ref": "#/components/schemas/CertificateInstanceSummary" + }, + "statuses": { + "$ref": "#/components/schemas/StatusSummary" } } }, - "CVEImpactedInstancesListResponse": { + "ControlPlaneDetails": { + "type": "object", + "description": "Detailed information of control plane.", "allOf": [ { - "$ref": "#/components/schemas/PaginationResponse" + "$ref": "#/components/schemas/ControlPlaneBaseInfo" }, { - "type": "object", - "description": "List of instances affected by a CVE.", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of Instance objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/CVEImpactedInstance" - } - } - }, - "example": { - "total": 10, - "count": 1, - "start_index": 1, - "items_per_page": 100, - "items": [ - { - "object_id": "inst_8Iwn7dT7RF-PRLxkSt5EYQ", - "hostname": "4d116619f106", - "products": [ - { - "name": "noss", - "version": "1.18.0" - } - ], - "status": "unknown" - } - ] - } + "$ref": "#/components/schemas/ControlPlane" + } + ], + "example": { + "name": "foo", + "object_id": "ecp_-uvR3F2TQGm18jnl7bpaGw", + "product_version": "nginx-ingress-controller-1.0.0", + "cluster_uuid": "d1ced6c7-8980-467e-a1db-dcdfec16b1f7", + "deployment_uuid": "b9b00e37-5ee4-4361-8c61-1329f3828dd3", + "key_object_id": "key_6AT9LXyUQHyhC8kF7bVMgg", + "kubernetes_namespace": "nginx-ingress-controller", + "created_at": "2023-12-06T22:37:24.120114Z", + "cert_summary": { + "total": 9, + "valid": 1, + "expired": 5, + "expiring": 3, + "not_ready": 0 + }, + "statuses": { + "offline": 0, + "online": 3, + "unavailable": 0 } - ] - }, - "FilterNameEvents": { - "type": "string", - "description": "Keywords for events filters.\n", - "enum": [ - "object_id" - ], - "x-enum-varnames": [ - "filter_name_events_object_id" - ] - }, - "EventObjectID": { - "description": "A globally unique identifier for a NGINX One system event.", - "type": "string", - "format": "object_id", - "pattern": "^event_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "Event": { + "MetricQueryResultEx": { "type": "object", - "description": "An Event is a system message.", "required": [ - "type", - "timestamp", - "object_id", - "message" + "query_metadata", + "metrics" ], "properties": { - "timestamp": { - "description": "time of the event", + "query_metadata": { + "$ref": "#/components/schemas/MetricQueryMetadata" + }, + "metrics": { + "description": "An array of Metric objects, each including the name of the metric resource, aggregate function, and series details.", + "type": "array", + "items": { + "$ref": "#/components/schemas/MetricEx" + } + } + } + }, + "MetricQueryMetadata": { + "description": "This object includes details about the time period and resolution (granularity) used in the metrics query.\n", + "type": "object", + "properties": { + "start_time": { + "description": "The beginning of the time period for the metrics query (inclusive).", "type": "string", "format": "date-time", "example": "2019-08-07T09:57:36.088757764Z" }, - "type": { - "type": "string", - "description": "type of event, indication for affected object type.", - "enum": [ - "instance_cleanup", - "certificates", - "publications", - "nap_compilation_jobs" - ], - "x-enum-varnames": [ - "event_type_instance_cleanup", - "event_type_certificates", - "event_type_publications", - "event_type_nap_compilation_jobs" - ] - }, - "object_id": { - "$ref": "#/components/schemas/EventObjectID" - }, - "affected_object_id": { - "$ref": "#/components/schemas/ObjectID" - }, - "hostname": { + "end_time": { + "description": "The end point for the time period for the metrics query (non-inclusive).", "type": "string", - "description": "hostname of the affected instance, if any." + "format": "date-time", + "example": "2019-08-07T09:57:36.088757764Z" }, - "message": { + "resolution": { + "description": "The level of granularity for the time series data.", "type": "string", - "description": "Details regarding the event.", - "example": "Instance \"demo-1\" deleted by instance cleanup after \"unavailable\" for 25 hours." + "example": "30m" } - }, - "example": { - "timestamp": "2024-02-04T09:57:36.088757764Z", - "type": "instance_cleanup", - "object_id": "event_-uvR3F2TQGm18jnl7bpaGw", - "affected_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "message": "ip-170.0.1 deleted after age out period of 3 hours, last seen 2023-08-07T09:57:36.088757764Z" } }, - "EventsListResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" + "MetricEx": { + "type": "object", + "required": [ + "metric", + "series" + ], + "description": "This object represents a metric, including the name of the metric resource, aggregate function, and series details.\n", + "properties": { + "metric": { + "$ref": "#/components/schemas/MetricName" }, - { - "type": "object", - "description": "List of Events.", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of Event objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/Event" - } + "aggregate": { + "$ref": "#/components/schemas/MetricAggregation" + }, + "series": { + "description": "An array of data points aligned along one or more dimensions from the Dimensions Catalog.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/SeriesEx" + }, + "example": [ + { + "dimensions": { + "nginx_id": "some-instance-obj-1", + "parent_hostname": "hostname-for-instance-1" + }, + "data": [ + { + "timestamp": "2019-08-07T09:57:30Z", + "value": 10 + } + ] + }, + { + "dimensions": { + "nginx_id": "some-instance-obj-2", + "parent_hostname": "hostname-for-instance-2" + }, + "data": [ + { + "timestamp": "2019-08-07T09:58:30Z", + "value": 5 + } + ] } - } + ] } - ] + } }, - "FilterNameInstances": { - "type": "string", - "description": "Keywords for instance filters.\n\nWhen filtering on `instance_status`, only the following `filter_values` are supported:\n * online\n * offline\n * unavailable\n * unknown\nWhen filtering base on `cert_status`, only the following `filter_values` are supported:\n * valid\n * expiring\n * expired\n * not_ready\n", - "enum": [ - "hostname", - "nginx_version", - "os_version", - "instance_status", - "cert_status", - "cve_severity", - "config_recommendation", - "key_object_id", - "system_id", - "object_id" + "SeriesEx": { + "description": "This object represents a set of data points aligned along one or more dimensions from the Dimensions Catalog.", + "type": "object", + "required": [ + "dimensions", + "data" ], - "x-enum-varnames": [ - "filter_name_instances_hostname", - "filter_name_instances_nginx_version", - "filter_name_instances_os_version", - "filter_name_instances_instance_status", - "filter_name_instances_cert_status", - "filter_name_instances_cve_severity", - "filter_name_instances_config_recommendation", - "filter_name_instances_key_object_id", - "filter_name_instances_system_id", - "filter_name_instances_object_id" - ] - }, - "InstanceListResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" - }, - { + "properties": { + "dimensions": { + "description": "This object represents a set of data points aligned along one or more dimensions.\n", "type": "object", - "description": "List of data plane instances.", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of Instance objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/Instance" - } - } - } - } - ], - "example": { - "total": 10, - "count": 1, - "start_index": 1, - "items_per_page": 100, - "items": [ - { - "agent_version": "v2.30.3", - "hostname": "4d116619f106", - "key": "key_Tet21AeYTHCj7taOwVfzyw", - "last_reported": "2023-12-06T22:37:24.120114Z", - "nginx_build": { - "conf_path": "/etc/nginx/nginx.conf", - "version": "1.25.3" - }, - "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", - "registered_at": "2023-12-06T22:37:24.120114Z", - "status": "unknown", - "system_id": "b2c0b6a8-8b6a-3a8f-a541-17d8899c119a", - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw" + "additionalProperties": { + "description": "The name(s) of the dimensions used in the metrics query.\n", + "type": "string" + }, + "example": { + "nginx_id": "some-instance-object-id", + "parent_hostname": "hostname-for-instance" } - ] + }, + "data": { + "description": "Array of data points for a metric.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/MetricData" + }, + "example": [ + { + "timestamp": "2019-08-07T09:57:30Z", + "value": 10 + } + ] + } } }, - "InstanceBulkRequestData": { + "MetricData": { "type": "object", - "description": "Part of bulk operation on a NGINX instance, only `delete` is supported.", "required": [ - "action" + "timestamp", + "value" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/InstanceObjectID" + "timestamp": { + "type": "string", + "description": "A date-time string that represent when the data point in the series was recorded.\n", + "format": "date-time" }, - "action": { - "$ref": "#/components/schemas/BulkRequestAction" + "value": { + "type": "number", + "format": "double", + "nullable": true, + "description": "A value for the data, where `null` indicates a gap.\n" } - }, - "example": { - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" } }, - "InstanceBulkRequest": { + "StartTime": { + "description": "Sets the beginning of the time period for your metrics query (inclusive).\n\nUsage:\n* `start_time` is required if `end_time` is specified.\n* If `start_time` isn't provided, the API returns the latest metrics.\n* `start_time` is required for aggregated metrics in order to calculate the `resolution` (granularity).\n\nTime can be specified in two ways:\n* Using ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and the appropriate time unit. The time unit can can be `y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds). \nExample of an offset: \"now-3h\" (3 hours before now).\n", + "type": "string", + "example": "2019-08-07T09:57:36.088757764Z" + }, + "EndTime": { + "description": "Sets the end point for the time period for your metrics query (non-inclusive).\n\nUsage:\n* Must be greater than `start_time`.\n* If `start_time` is specified and `end_time` is not, `end_time` defaults to the current time.\n\nTime can be specified in two ways:\n* Using ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and the appropriate time unit. The time unit can can be `y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds). \nExample of an offset: \"now-3h\" (3 hours before now).\n", + "type": "string", + "example": "2019-08-07T09:57:36.088757764Z" + }, + "MetricAggregation": { + "type": "string", + "description": "Static list of aggregation functions that can be applied to a compatible metric.\n * min\n * max\n * sum\n * avg\n * rate\n", + "enum": [ + "min", + "max", + "sum", + "avg", + "rate" + ], + "x-enum-varnames": [ + "metric_aggregation_min", + "metric_aggregation_max", + "metric_aggregation_sum", + "metric_aggregation_avg", + "metric_aggregation_rate" + ] + }, + "MetricDimensions": { "type": "array", + "description": "List the dimensions to include in the response for each metric series.\n\nUsage:\n\n* Specify the list of dimensions. Dimensions not specified in this parameter will be hidden in the results.\n* If you specify dimensions in `group_by`, you don't need to list them again in `dimensions`. \nHowever, if you are using `group_by`, then any dimensions you list in `dimensions` must also be included in `group_by`.\n * To return a single series, specify the metric name with aggregation (for example, `{ \"name\": \"agent.cpu.system\", \"aggregate\": \"avg\" }`) and leave the `dimensions` parameter empty.\n", "items": { - "$ref": "#/components/schemas/InstanceBulkRequestData" - }, - "maxItems": 50, - "example": [ - { - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" - }, - { - "object_id": "inst_PL0c1XodRemmzVEjiXSsTg", - "action": "delete" - } - ] + "$ref": "#/components/schemas/MetricDimension" + } }, - "InstanceBulkResponse": { - "description": "The NGINX instance bulk outcome.", + "GroupByDimensions": { "type": "array", + "description": "Group the query results by the specified dimension(s).\n\nUsage:\n* Specify the list of dimensions.\n* For `group_by` to work, all metrics in the `names` parameter must be aggregated.\n", "items": { - "$ref": "#/components/schemas/BulkRequestObjectStatus" + "$ref": "#/components/schemas/MetricDimension" } }, - "OperatingSystem": { - "description": "Release details for the operating system.", + "TopXMetricDimensions": { + "type": "array", + "description": "List additional dimensions to include in the response for each metric series. The dimension specified by `group_series_by` will be included by default.\n", + "items": { + "$ref": "#/components/schemas/MetricDimension" + } + }, + "MetricDimension": { + "type": "string", + "default": "display_name", + "description": "Static list of all metric dimensions.\n * `display_name` - The display name of the NGINX instance.\n * `file_path` - Path to a desired file.\n * `parent_hostname` - The hostname of the NGINX Plus instance.\n * `instance_object_id` - Instance Object ID is the unique identifier for an Instance registered with NGINX One Console.\n * `location_zone` - The name of an HTTP location zone.\n * `mount_point` - A filesystem mount point.\n * `namespace` - The Namespace associated with the metric data.\n * `network_interface` - A server network interface.\n * `nginx_id` - The unique identifier of an nginx instance running on the data plane.\n * `server_zone` - The name of an HTTP or Stream server zone.\n * `system_id` - The unique identifier of the the operating system where nginx-agent is running.\n * `tenant` - The Tenant associated with the metric data.\n * `csg_object_id` - Config Sync Group Object ID is the unique identifier for a Config Sync Group registered with NGINX One Console.\n * `mode` - Variant value associated with metric `system.cpu.utilization`.\n * `state` - Variant value associated with metrics `system.filesystem.usage`, `system.memory.usage`.\n * `io_direction` - Variant value associated with metric `system.network.io`.\n * `status_range` - Variant value associated with metric `nginx.http.response.count`.\n * `logical_number` - Variant value associated with metrics that result in a processor number.\n * `outcome` - Variant value associated with metrics that result in an outcome .\n", + "enum": [ + "display_name", + "file_path", + "parent_hostname", + "instance_object_id", + "location_zone", + "mount_point", + "namespace", + "network_interface", + "nginx_id", + "server_zone", + "system_id", + "tenant", + "csg_object_id", + "mode", + "state", + "io_direction", + "status_range", + "logical_number", + "outcome" + ], + "x-enum-varnames": [ + "metric_dimension_display_name", + "metric_dimension_file_path", + "metric_dimension_hostname", + "metric_dimension_instance_object_id", + "metric_dimension_location_zone", + "metric_dimension_mount_point", + "metric_dimension_namespace", + "metric_dimension_network_interface", + "metric_dimension_nginx_id", + "metric_dimension_server_zone", + "metric_dimension_system_id", + "metric_dimension_tenant", + "metric_dimension_csg_object_id", + "metric_dimension_mode", + "metric_dimension_state", + "metric_dimension_io_direction", + "metric_dimension_status_range", + "metric_dimension_logical_number", + "metric_dimension_outcome" + ] + }, + "BaseMetricQueryRequest": { "type": "object", "required": [ - "name", - "id", - "codename", - "version", - "version_id" + "metrics", + "start_time", + "resolution" ], "properties": { - "name": { - "description": "The official name of the operating system release.", - "type": "string" + "metrics": { + "$ref": "#/components/schemas/MetricNames" }, - "id": { - "description": "The distinctive identifier for the operating system release.", - "type": "string" + "filter": { + "$ref": "#/components/schemas/MetricFilters" }, - "codename": { - "description": "The codename assigned to the operating system release.", - "type": "string" + "start_time": { + "$ref": "#/components/schemas/StartTime" }, - "version": { - "description": "The version label for the operating system, which may include the name and version number or codename.", - "type": "string" + "end_time": { + "$ref": "#/components/schemas/EndTime" }, - "version_id": { - "description": "The specific version number of the operating system release.", - "type": "string" + "resolution": { + "type": "string", + "description": "Specifies the level of granularity for time series data in your results. Applicable only for endpoints that return time series data.\n\nUsage: \n* Specify as a string with a number followed by a unit of time, such as `y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes) or `s` (seconds).\n* Metrics in `names` must be aggregated.\n* `start_time` is required.\n* If `resolution` is not set, the API returns the maximum resolution (`end_time` - `start_time`).\n", + "example": "30s" } - }, - "example": { - "name": "Ubuntu", - "id": "ubuntu", - "codename": "bionic", - "version": "18.04.5 LTS (Bionic Beaver)", - "version_id": "18.04" } }, - "ConfigSyncGroupInstanceMeta": { - "allOf": [ - { - "$ref": "#/components/schemas/ConfigSyncGroupMeta" - }, - { - "type": "object", - "description": "Additional details on instance in the NGINX config sync group including:\n* config sync status\n", - "properties": { - "instance_config_status": { - "$ref": "#/components/schemas/ConfigSyncStatus" - } - } - } - ] - }, - "NapSignatureVersion": { - "description": "The version of the NGINX App Protect resource.", - "type": "string", - "example": "2023.12.06" - }, - "NapInstanceAssociation": { + "MetricQueryRequest": { + "type": "object", "allOf": [ { - "$ref": "#/components/schemas/NapAssociation" + "$ref": "#/components/schemas/BaseMetricQueryRequest" }, { "type": "object", - "required": [ - "threat_campaign_version", - "attack_signature_version", - "bot_signature_version" - ], "properties": { - "threat_campaign_version": { - "$ref": "#/components/schemas/NapSignatureVersion" + "dimensions": { + "$ref": "#/components/schemas/MetricDimensions" }, - "attack_signature_version": { - "$ref": "#/components/schemas/NapSignatureVersion" + "group_by": { + "$ref": "#/components/schemas/GroupByDimensions" }, - "bot_signature_version": { - "$ref": "#/components/schemas/NapSignatureVersion" - } - } - } - ], - "example": { - "name": "default_policy", - "version": "2025.05.01", - "policy_object_id": "pol_panEdeY-Sh2rWm365y7wsw", - "policy_version_object_id": "pv_kem7SCosTTOL9mMlNyY2GQ", - "publication_object_id": "pub_72pGHoGsSICL_THZrs964g", - "paths": [ - "/etc/nginx/default_policy.tgz" - ], - "deployment_status": "deployed", - "enforcement_mode": "transparent", - "deployed_on": "2023-12-06T22:37:24.120114Z", - "threat_campaign_version": "2025.01.23", - "attack_signature_version": "2025.01.19", - "bot_signature_version": "2025.01.19" - } - }, - "NginxAppProtectDetails": { - "description": "Information regarding NGINX App Protect. Includes version and deployments.\n", - "type": "object", - "required": [ - "engine_version", - "deployments" - ], - "properties": { - "release_version": { - "description": "The release version of NGINX App Protect.", - "type": "string" - }, - "engine_version": { - "description": "The version of the App Protect enforcement engine.", - "type": "string" - }, - "deployments": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NapInstanceAssociation" + "order_by": { + "description": "List the order by for dimension(s).\n\nUsage:\n\n* Must be a dimension included by `dimensions` or `group_by`.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/OrderBy" + } + } } } - } + ] }, - "InstanceDetails": { + "MetricTopXQueryRequest": { "type": "object", - "description": "Detailed information about an NGINX instance.", "allOf": [ { - "$ref": "#/components/schemas/Instance" + "$ref": "#/components/schemas/BaseMetricQueryRequest" }, { "type": "object", + "required": [ + "series_limit", + "group_series_by" + ], "properties": { - "certs": { - "description": "An array detailing each certificate's information, including its friendly name, unique identifier, applicable file system paths, subject name, and validity dates. \nIt provides insights into the operational status of each certificate, such as whether it's currently valid, nearing expiration, is not ready to be used, or has already expired.\nThe deployment status indicates whether the latest certs and key managed by NGINX One Console are deployed onto this data plane instance.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/CertAssociation" - } - }, - "os": { - "$ref": "#/components/schemas/OperatingSystem" + "dimensions": { + "$ref": "#/components/schemas/TopXMetricDimensions" }, - "config_sync_group": { - "$ref": "#/components/schemas/ConfigSyncGroupInstanceMeta" + "series_limit": { + "type": "integer", + "example": 25, + "description": "Sets the maximum number of series that can be returned. \n\nNotes:\n* Always returns an additional series with a dimension named `all`, aggregating the values of all metrics included in the results.\n* A series with a dimension named `other` may be returned, aggregating the values of metrics not included in the results.\n" }, - "nginx_app_protect": { - "$ref": "#/components/schemas/NginxAppProtectDetails" + "group_series_by": { + "$ref": "#/components/schemas/MetricDimension" }, - "control_plane": { - "$ref": "#/components/schemas/ControlPlaneBaseInfo" + "order_series_by": { + "$ref": "#/components/schemas/OrderSeriesBy" } } } + ] + }, + "MetricNames": { + "type": "array", + "description": "Specify the metrics you want details for.\n\nUsage: \n* List multiple metrics as json objects.\n * You can aggregate metrics with `avg`, `sum`, `min`, `max`, `rate`.\n* Metrics with aggregates require a `start_time`.\n* If you combine aggregated and non-aggregated metrics in a single query, any `group_by` clause applies only to the aggregated metrics.\n", + "items": { + "$ref": "#/components/schemas/MetricQuery" + }, + "example": [ + { + "name": "system.cpu.utilization", + "aggregate": "avg", + "filter": [ + { + "filterSet": [ + { + "dimension": "mode", + "operator": "=", + "values": [ + "system" + ] + } + ] + } + ] + } + ] + }, + "MetricQuery": { + "type": "object", + "required": [ + "name" ], - "example": { - "agent_version": "v2.30.3", - "certs": [ - { - "subject_name": "test.com", - "name": "client", - "cert_type": "cert_key", - "not_after": "2024-01-06T00:01:30Z", - "not_before": "2023-12-07T00:01:30Z", - "cert_paths": [ - "/etc/nginx/client.pem" - ], - "cert_status": "expiring", - "deployment_status": "latest", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw" - } - ], - "hostname": "4d116619f106", - "key": "key_wN3IhLCmR3qmwybG_6ptEg", - "control_plane": { - "object_id": "ecp_CO1DdBxZToWmr3pTcaQ8QA", - "name": "nginx-ingress-001", - "product_version": "nginx-ingress-controller-4.0.1", - "created_at": "2023-12-06T22:37:24.120114Z" - }, - "last_reported": "2023-12-06T22:37:24.120114Z", - "nginx_build": { - "conf_path": "/etc/nginx/nginx.conf", - "version": "1.25.3" - }, - "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", - "os": { - "codename": "jammy", - "id": "ubuntu", - "name": "Ubuntu", - "version": "22.04.3 LTS (Jammy Jellyfish)", - "version_id": "22.04" + "properties": { + "name": { + "$ref": "#/components/schemas/MetricName" }, - "registered_at": "2023-12-06T22:37:24.120114Z", - "status": "unknown", - "system_id": "b2c0b6a8-8b6a-3a8f-a541-17d8899c119a", - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw" + "aggregate": { + "$ref": "#/components/schemas/MetricAggregation" + } } }, - "NginxSecurityAdvisory": { + "MetricFilterPredicate": { + "type": "string", + "enum": [ + "AND", + "OR" + ], + "x-enum-varnames": [ + "metric_filter_predicate_and", + "metric_filter_predicate_or" + ] + }, + "MetricFilters": { + "type": "array", + "description": "Filter results based on dimension operations against one or more values.\n\nUsage:\n* Format as one or more predicates by providing all required elements.\n * `dimension`: The dimension name you want to filter on.\n * `operator`: The possible operators (`=`, `!=`, `<`, `<=`, `>`, `>=`, `in`, `not`) you can use for comparison or condition checking.\n * `value`: Case sensitive value of the dimension to filter against.\n\nFor more complex filtering:\n\n* Specify a `predicate` for logical expressions (`AND`,`OR`). \n* Use a wildcard `*` in the `value` for matching partial values.\n", + "items": { + "$ref": "#/components/schemas/MetricFilterSet" + }, + "example": [ + { + "filterSet": [ + { + "dimension": "server_zone", + "operator": "!=", + "values": [ + "server_zone_1" + ] + }, + { + "predicate": "OR", + "dimension": "server_zone", + "operator": "=", + "values": [ + "server_zone_2" + ] + } + ] + }, + { + "predicate": "AND", + "filterSet": [ + { + "dimension": "nginx_id", + "operator": "in", + "values": [ + "id1", + "id2" + ] + } + ] + } + ] + }, + "MetricFilterSet": { "type": "object", - "description": "Details about a specific NGINX security advisory, including its severity, a link to more information, and a brief description.", + "description": "Encapsulates one or more `MetricFilter` object(s) to be grouped together.\n", "required": [ - "id", - "severity", - "advisory", - "info" + "filterSet" ], "properties": { - "id": { - "description": "The security advisory's unique identifier.", - "type": "string" - }, - "severity": { - "$ref": "#/components/schemas/CveSeverityType" - }, - "advisory": { - "description": "The URL to detailed information about the security advisory.", - "type": "string" + "predicate": { + "$ref": "#/components/schemas/MetricFilterPredicate" }, - "info": { - "description": "A brief description of security advisory.", - "type": "string" + "filterSet": { + "type": "array", + "items": { + "$ref": "#/components/schemas/MetricFilter" + } } } }, - "CertificateSummaryItem": { - "description": "summary information for certificate with certain status.", + "MetricFilter": { "type": "object", "required": [ - "status", - "count", - "affected_instances" + "dimension", + "operator", + "values" ], "properties": { - "status": { - "$ref": "#/components/schemas/CertificateStatus" + "dimension": { + "$ref": "#/components/schemas/MetricDimension" }, - "count": { - "description": "The total number of SSL certificates for each status category.", - "type": "integer" + "operator": { + "type": "string", + "description": "Static list of all operations supported by filtering\n\n* The `=`, `!=` only use the first element of the `values` array. Wildcards for partial matching is supported.\n* The `in` and `not` both use all elements in the `values` array. Wildcards for partial matching is NOT supported.\n", + "enum": [ + "=", + "!=", + "in", + "not" + ], + "x-enum-varnames": [ + "metric_filter_equal", + "metric_filter_not_equal", + "metric_filter_in", + "metric_filter_not" + ] }, - "affected_instances": { - "description": "Indicates the total number of SSL/TLS certificates corresponding to the status provided.", - "type": "integer" + "values": { + "type": "array", + "description": "Single value used for all operators except `in` and `not`.", + "items": { + "type": "string" + } + }, + "predicate": { + "$ref": "#/components/schemas/MetricFilterPredicate" } } }, - "OperatingSystemVersionSummary": { - "description": "An array of operating systems and their versions on the NGINX data plane.", - "type": "array", - "items": { - "$ref": "#/components/schemas/SummaryDisplayCount" - } - }, - "NGINXVersionSummary": { - "description": "An array of NGINX versions installed across the NGINX data plane.", - "type": "array", - "items": { - "$ref": "#/components/schemas/SummaryDisplayCount" - } + "OrderDirection": { + "type": "string", + "enum": [ + "asc", + "desc" + ], + "x-enum-varnames": [ + "order_by_asc", + "order_by_desc" + ], + "default": "desc" }, - "CveSummary": { - "description": "A summary of Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", + "OrderBy": { "type": "object", + "description": "Sort order of the metric series in your results.\n\nUsage:\n* Provide all required elements. \n * `direction`: The sorting direction either `desc` or `asc`.\n * `dimension`: The dimension for ordering.\n", "required": [ - "severity", - "count", - "affected_instances" + "direction", + "dimension" ], "properties": { - "severity": { - "$ref": "#/components/schemas/CveSeverityType" - }, - "count": { - "description": "The number of CVEs at each severity level.", - "type": "integer" + "direction": { + "$ref": "#/components/schemas/OrderDirection" }, - "affected_instances": { - "description": "The number of NGINX instances affected by each CVE.", - "type": "integer" + "dimension": { + "$ref": "#/components/schemas/MetricDimension" } } }, - "IssueSummary": { - "description": "A summary of issue details from the configuration analysis report.", + "OrderSeriesBy": { "type": "object", + "description": "Sort order of the metric series in your results.\n\nUsage:\n* Provide all required elements. \n * `direction`: The sorting direction either `desc` or `asc`.\n * `aggregate`: The aggregating function.\n", "required": [ - "type", - "count", - "affected_instances" + "direction", + "aggregate" ], "properties": { - "type": { - "$ref": "#/components/schemas/RecommendationType" - }, - "count": { - "description": "The number of times this recommendation appears in the configuration analysis report.", - "type": "integer" + "direction": { + "$ref": "#/components/schemas/OrderDirection" }, - "affected_instances": { - "description": "The number of instances affected by this issue.", - "type": "integer" + "aggregate": { + "$ref": "#/components/schemas/MetricAggregation", + "default": "sum" } } }, - "InstanceSummary": { - "description": "A summary of NGINX instances, including certificates, OS versions, NGINX versions, and status details.", - "type": "object", - "properties": { - "certs": { - "description": "An array detailing each certificate's status across all NGINX instances.", - "type": "array", - "items": { - "$ref": "#/components/schemas/CertificateSummaryItem" - } + "MetricName": { + "type": "string", + "description": "Metric names available for querying.\n", + "example": "nginx.http.request.count", + "oneOf": [ + { + "$ref": "#/components/schemas/MetricSystemCpuUtilization" }, - "os": { - "$ref": "#/components/schemas/OperatingSystemVersionSummary" + { + "$ref": "#/components/schemas/MetricSystemFilesystemUsage" }, - "nginx_versions": { - "$ref": "#/components/schemas/NGINXVersionSummary" + { + "$ref": "#/components/schemas/MetricSystemMemoryUsage" }, - "statuses": { - "$ref": "#/components/schemas/StatusSummary" + { + "$ref": "#/components/schemas/MetricSystemCpuLogicalCount" }, - "cves": { - "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", - "type": "array", - "items": { - "$ref": "#/components/schemas/CveSummary" - } + { + "$ref": "#/components/schemas/MetricSystemNetworkIo" }, - "recommendations": { - "description": "An array summarizing the suggestions from the configuration analysis report.", - "type": "array", - "items": { - "$ref": "#/components/schemas/IssueSummary" - } + { + "$ref": "#/components/schemas/MetricNginxHttpRequestCount" + }, + { + "$ref": "#/components/schemas/MetricNginxHttpResponseCount" + }, + { + "$ref": "#/components/schemas/MetricNginxHttpConnectionCount" } - } + ] }, - "FilterStagedConfigs": { + "MetricSystemCpuUtilization": { "type": "string", - "description": "Keywords for staged configs filters.\n", + "description": "Total system CPU utilization for 'system' or 'user', percentage. A filter differentiator is needed for specific mode(s).\n\nReplacement for depreciated variant(s):\n * system.cpu.system\n * system.cpu.user\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * mode (applicable filter values: 'system', 'user')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * logical_number\n", "enum": [ - "name", - "object_id" - ], - "x-enum-varnames": [ - "filter_name_staged_config_name", - "filter_name_staged_config_object_id" + "system.cpu.utilization" ] }, - "StagedConfigObjectID": { - "description": "A globally unique identifier for the NGINX staged config.", + "MetricSystemFilesystemUsage": { "type": "string", - "format": "object_id", - "pattern": "^sc_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + "description": "System disk usage statistic, percentage. A filter differentiator is needed for specific state(s).\n\nReplacement for depreciated variant(s):\n * system.disk.in_use\n * system.disk.total\n * system.disk.used\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * state (applicable filter values: 'used', 'free', 'in_use')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * mount_point\n", + "enum": [ + "system.filesystem.usage" + ] + }, + "MetricSystemMemoryUsage": { + "type": "string", + "description": "Total available statistic about system memory usage, bytes. A filter differentiator is needed for specific state(s).\n\nReplacement for depreciated variant(s):\n * system.mem.pct_used\n * system.mem.total\n * system.mem.used\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate \n\nCatalog dimension filter differentiator:\n * state (applicable filter values: 'used', 'free', 'total', 'pct_used')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n", + "enum": [ + "system.memory.usage" + ] + }, + "MetricSystemCpuLogicalCount": { + "type": "string", + "description": "Number of logical (virtual) processor cores created by the operating system.\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate \n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n", + "enum": [ + "system.cpu.logical.count" + ] + }, + "MetricNginxHttpConnectionCount": { + "type": "string", + "description": "Number of connections group by outcome (such as 'ACCEPTED', 'DROPPED', 'ACTIVE', 'IDLE').\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * outcome\n", + "enum": [ + "nginx.http.connection.count" + ] + }, + "MetricSystemNetworkIo": { + "type": "string", + "description": "Network I/O statistics. Number of bytes sent or received per network interface. A filter differentiator is needed for specific I/O direction(s).\n\nReplacement for depreciated variant(s):\n * system.net.bytes_rcvd\n * system.net.bytes_sent\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * io_direction (applicable filter values: 'transmit', 'receive')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * network_interface\n", + "enum": [ + "system.network.io" + ] + }, + "MetricNginxHttpRequestCount": { + "type": "string", + "description": "The current number of client requests received from clients.\n\nReplacement for depreciated variant(s):\n * nginx.http.request.count\n * plus.http.request.count\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * server_zone\n * location_zone\n", + "enum": [ + "nginx.http.request.count" + ] + }, + "MetricNginxHttpResponseCount": { + "type": "string", + "description": "The current number of responses, grouped by status code range. A filter differentiator is needed for specific status range(s).\n\nReplacement for depreciated variant(s):\n * nginx.http.status.4xx\n * plus.http.status.4xx\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * status_range (applicable filter values: '4xx', '5xx')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id \n * server_zone\n * location_zone\n", + "enum": [ + "nginx.http.response.count" + ] + }, + "SettingsInstanceCleanup": { + "type": "object", + "description": "Preferences for automatic cleanup of stale NGINX One Instances.", + "required": [ + "age_out_duration" + ], + "properties": { + "age_out_duration": { + "type": "integer", + "format": "int32", + "description": "Specify the age of `unavailable` NGINX instances for clean up. NGINX instances older than this value in hours will be deleted automatically. Events related to automatically deleted NGINX instances will show up in `/events` API. '0' value disables the automatic clean up of `unavailable` NGINX instances.", + "default": 3, + "minimum": 0, + "maximum": 720 + } + }, + "example": { + "age_out_duration": 3 } }, - "StagedConfigCertificateSummary": { + "SettingsACMEIntegration": { "type": "object", - "description": "Provides a summary of the current status of certificates used in NGINX configurations. It includes the total number of certificates, as well as the counts of expired certificates, those nearing expiration, valid certificates, certificates that are not found, and those that are not ready for use.", + "description": "ACME Integration to provision SSL certificates", "required": [ - "total", - "expired", - "expiring", - "valid", - "not_found", - "not_ready" + "tos_accepted" ], "properties": { - "total": { - "description": "Total count of certificates used as `payloads` in NGINX config.", - "type": "integer" + "tos_accepted": { + "type": "boolean", + "description": "Accept or deny terms of service for ACME server \n* true - Registers ACME account with the associated server\n* false - Deletes registered ACME account with the associated server\n", + "default": false }, - "expired": { - "description": "The number of certificates that have expired and are no longer valid.", - "type": "integer" + "server": { + "type": "string", + "description": "Name of ACME server to get SSL certificates from\n* `LE` - Let's Encrypt\n", + "enum": [ + "LE" + ], + "x-enum-varnames": [ + "acme_integration_server_lets_encrypt" + ] + } + } + }, + "NginxUsageDeployment": { + "type": "object", + "required": [ + "integration" + ], + "properties": { + "integration": { + "type": "string", + "description": "Type of integration for NGINX Instance", + "enum": [ + "nic", + "ngf" + ], + "x-enum-varnames": [ + "integration_type_nic", + "integration_type_ngf" + ] }, - "expiring": { - "description": "The number of certificates due to expire in the next 30 days.", - "type": "integer" + "cluster_id": { + "description": "UUID of the Kubernetes cluster where NGINX Instance is deployed", + "type": "string", + "format": "uuid" + }, + "cluster_node_count": { + "type": "integer", + "description": "Number of nodes in the cluster where NGINX Instance is deployed", + "minimum": 0 + }, + "installation_id": { + "type": "string", + "description": "UUID of the individual NIC/NGF deployment relationship", + "format": "uuid" + } + } + }, + "HttpUsage": { + "type": "object", + "properties": { + "client": { + "allOf": [ + { + "$ref": "#/components/schemas/UsageMetrics" + }, + { + "type": "object", + "properties": { + "requests": { + "type": "integer", + "description": "Total requests handled by an NGINX Instance", + "minimum": 0 + } + } + } + ] + }, + "upstream": { + "$ref": "#/components/schemas/UsageMetrics" + } + } + }, + "StreamUsage": { + "type": "object", + "properties": { + "client": { + "$ref": "#/components/schemas/UsageMetrics" }, - "valid": { - "description": "The number of certificates that are valid and in good standing.", - "type": "integer" + "upstream": { + "$ref": "#/components/schemas/UsageMetrics" + } + } + }, + "UsageMetrics": { + "type": "object", + "properties": { + "received": { + "type": "integer", + "description": "Total bytes received by an NGINX Instance from clients/upstreams", + "minimum": 0 }, - "not_found": { - "description": "The number of certificates that are not found on NGINX One Console.", - "type": "integer" + "sent": { + "type": "integer", + "description": "Total bytes sent by the NGINX Instance to clients/upstreams", + "minimum": 0 }, - "not_ready": { - "description": "The number of certificates that are not ready to be used.", - "type": "integer" + "connections": { + "type": "integer", + "description": "Total connections of the NGINX Instance with clients/upstreams", + "minimum": 0 } } }, - "StagedConfigMeta": { + "NginxUsageHttp": { + "$ref": "#/components/schemas/HttpUsage" + }, + "NginxUsageStream": { + "$ref": "#/components/schemas/StreamUsage" + }, + "NginxUsageTrackingRequest": { "type": "object", - "description": "Summary information of the NGINX staged config.", + "description": "Request structure for sending usage information.", "required": [ - "object_id", - "name", - "created_at", - "modified_at" + "version", + "uuid", + "nap", + "start_time", + "end_time" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/StagedConfigObjectID" + "version": { + "type": "string", + "description": "Version of the NGINX instance.", + "minLength": 2, + "maxLength": 100 }, - "name": { - "description": "Name of the NGINX staged config", - "type": "string" + "hostname": { + "type": "string", + "description": "Hostname of the NGINX instance.", + "minLength": 3, + "maxLength": 255 }, - "created_at": { + "uuid": { "type": "string", - "format": "date-time", - "description": "The date and time when the NGINX configuration object was created for the instance." + "description": "UID of the NGINX instance, can be in hyphenated or non-hyphenated format.", + "maxLength": 38 }, - "modified_at": { + "nap": { "type": "string", - "format": "date-time", - "description": "The date and time when the NGINX configuration object was last modified for the instance." + "description": "NAP status of the NGINX instance.", + "enum": [ + "inactive", + "active" + ], + "x-enum-varnames": [ + "nap_status_inactive", + "nap_status_active" + ] }, - "cert_summary": { - "$ref": "#/components/schemas/StagedConfigCertificateSummary" - } - } - }, - "StagedConfigListResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" + "http": { + "$ref": "#/components/schemas/NginxUsageHttp" }, - { - "type": "object", - "description": "List of NGINX staged configs.", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of Staged Config objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/StagedConfigMeta" - } - } - } + "stream": { + "$ref": "#/components/schemas/NginxUsageStream" + }, + "deployment": { + "$ref": "#/components/schemas/NginxUsageDeployment" + }, + "start_time": { + "type": "integer", + "description": "Usage collection start time (Unix epoch).", + "minimum": 0 + }, + "end_time": { + "type": "integer", + "description": "Usage collection end time (Unix epoch).", + "minimum": 0 + }, + "workers": { + "type": "integer", + "description": "Number of workers running on the NGINX Instance", + "minimum": 0 + }, + "uptime": { + "type": "integer", + "description": "Number of seconds the NGINX Instance has been continuously running", + "minimum": 0 + }, + "reloads": { + "type": "integer", + "description": "Number of times the instance was reloaded during uptime", + "minimum": 0 } - ], - "example": { - "total": 10, - "count": 1, - "start_index": 1, - "items_per_page": 100, - "items": [ - { - "object_id": "sc_Tet21AeYTHCj7taOwVfzyw", - "name": "my-nginx-staged-config", - "created_at": "2023-08-10T16:59:15Z", - "modified_at": "2023-08-10T16:59:15Z" - } - ] } }, - "StagedConfigName": { - "type": "string", - "description": "A name to identify the NGINX staged config.", - "minLength": 1, - "maxLength": 256, - "pattern": "^[^\\s]+$" - }, - "StagedConfigCreateRequest": { - "description": "Body to create a NGINX staged config. A staged config can be empty; config payload is optional.", - "required": [ - "name" - ], + "ChatbotMessage": { + "type": "object", + "description": "A singular message representing the actual content to be sent to AI Gateway.", "properties": { - "name": { - "$ref": "#/components/schemas/StagedConfigName" + "role": { + "description": "The persona sending the prompt. Can be 'user' or 'assistant'.", + "type": "string", + "enum": [ + "user", + "assistant" + ], + "x-enum-varnames": [ + "chatbot_role_user", + "chatbot_role_assistant" + ] }, - "config": { - "$ref": "#/components/schemas/NginxConfigRequest" + "content": { + "description": "The prompt to be sent.", + "type": "string", + "maxLength": 7000 } }, - "example": { - "name": "my-nginx-staged-config", - "config": { - "aux": [], - "conf_path": "/etc/nginx/nginx.conf", - "configs": [ - { - "files": [ - { - "contents": "string", - "name": "default.conf" - } - ], - "name": "/etc/nginx/conf.d" - } - ] - } - } + "required": [ + "role", + "content" + ] }, - "StagedConfigCreateResponse": { - "description": "Response to a create NGINX staged config request.", + "ChatbotRequest": { + "type": "object", + "description": "Request structure for sending a prompt to the AI Gateway LLM.", + "properties": { + "messages": { + "type": "array", + "items": { + "$ref": "#/components/schemas/ChatbotMessage" + } + } + }, "required": [ - "object_id", - "name" - ], + "messages" + ] + }, + "ChatbotResponseChoice": { + "type": "object", + "description": "An individual completion option in response to the prompt.", "properties": { - "object_id": { - "$ref": "#/components/schemas/StagedConfigObjectID" + "index": { + "description": "The index of the value in the array of completions.", + "type": "integer", + "format": "int16" }, - "name": { - "description": "Name of the NGINX staged config.", + "text": { + "description": "The text of completion.", "type": "string" } - }, - "example": { - "name": "my-nginx-staged-config", - "object_id": "sc_Tet21AeYTHCj7taOwVfzyw" } }, - "StagedConfigResponse": { - "description": "Get an NGINX staged config.", + "ChatbotResponse": { + "type": "object", + "description": "Response structure containing details of the LLM's response to the prompt.", "required": [ - "name" + "id", + "created", + "choices", + "object" ], "properties": { - "name": { + "id": { + "description": "The identifier for the response generated by the AI Gateway.", + "type": "string" + }, + "created": { + "description": "The time when the response was created.", "type": "string", - "description": "Name of the NGINX staged config." + "format": "date-time" }, - "config": { - "$ref": "#/components/schemas/NginxConfig" + "choices": { + "description": "An array of possible completions in response to the prompt given by the 'user' persona.", + "type": "array", + "items": { + "$ref": "#/components/schemas/ChatbotResponseChoice" + } + }, + "object": { + "description": "The type of the object that the JSON is describing - will be 'text_completion'", + "type": "string" } } }, - "StagedConfigUpdateRequest": { - "description": "Body to update a NGINX staged config name and config contents.", + "ChatbotFeedbackTags": { + "type": "object", + "description": "Tags representing chatbot feedback (i.e. \"Inaccurate Data\", \"Unhelpful Answer\")\n", "required": [ - "name", - "config" + "inaccurate", + "unhelpful", + "formatting", + "time", + "other" ], "properties": { - "name": { - "$ref": "#/components/schemas/StagedConfigName" + "inaccurate": { + "description": "Boolean representing whether the user thought the response from the LLM was inaccurate.", + "type": "boolean" }, - "config": { - "$ref": "#/components/schemas/NginxConfigRequest" - } - }, - "example": { - "name": "my-nginx-staged-config", - "config": { - "aux": [], - "conf_path": "/etc/nginx/nginx.conf", - "config_version": "c039fbbd5d7f73d894390fb446bd3690da099ed8862b2527299bc2ba", - "configs": [ - { - "files": [ - { - "contents": "string", - "name": "default.conf" - } - ], - "name": "/etc/nginx/conf.d" - } - ] + "unhelpful": { + "description": "Boolean representing whether the user thought the response from the LLM was unhelpful.", + "type": "boolean" + }, + "formatting": { + "description": "Boolean representing whether the user thought the response from the LLM was poorly formatted.", + "type": "boolean" + }, + "time": { + "description": "Boolean representing whether the user thought the response time was too lengthy.", + "type": "boolean" + }, + "other": { + "description": "Boolean representing whether the user wishes to provide any other feedback.", + "type": "boolean" } } }, - "StagedConfigChangeRequest": { - "description": "Update an NGINX staged config.", + "ChatbotFeedback": { + "type": "object", + "description": "Response structure containing user provided feedback for a specific response from the LLM", + "required": [ + "response_id", + "is_positive" + ], "properties": { - "name": { - "$ref": "#/components/schemas/StagedConfigName" + "response_id": { + "description": "The identifier for the response which the user is providing feedback on. It can be found in the response headers \"X-Request-ID\" property in a request to the AI Assistant", + "type": "string" + }, + "is_positive": { + "description": "A boolean property representing whether the user found the AI Assistant's response helpful", + "type": "boolean" }, - "config": { - "$ref": "#/components/schemas/NginxConfigRequest" - } - }, - "example": { - "config": { - "aux": [], - "conf_path": "/etc/nginx/nginx.conf", - "config_version": "c039fbbd5d7f73d894390fb446bd3690da099ed8862b2527299bc2ba", - "configs": [ - { - "files": [ - { - "contents": "string", - "name": "default.conf" - } - ], - "name": "/etc/nginx/conf.d" - } - ] + "message": { + "description": "Freeform feedback from the user regarding a specific response from the LLM", + "type": "string", + "maxLength": 512 + }, + "tags": { + "$ref": "#/components/schemas/ChatbotFeedbackTags" } } }, - "MetricQueryResultEx": { + "InventoryResponse": { "type": "object", "required": [ "query_metadata", @@ -9227,29 +14084,29 @@ ], "properties": { "query_metadata": { - "$ref": "#/components/schemas/MetricQueryMetadata" + "$ref": "#/components/schemas/InventoryMetricQueryMetadata" }, "metrics": { - "description": "An array of Metric objects, each including the name of the metric resource, aggregate function, and series details.", + "description": "An array of collected metrics, which includes the name of the resource, aggregate function, and series details.", "type": "array", "items": { - "$ref": "#/components/schemas/MetricEx" + "$ref": "#/components/schemas/Metric" } } } }, - "MetricQueryMetadata": { - "description": "This object includes details about the time period and resolution (granularity) used in the metrics query.\n", + "InventoryMetricQueryMetadata": { + "description": "Includes details about the time period and resolution of the metrics query.\n", "type": "object", "properties": { "start_time": { - "description": "The beginning of the time period for the metrics query (inclusive).", + "description": "The start time of your metrics query.", "type": "string", "format": "date-time", "example": "2019-08-07T09:57:36.088757764Z" }, "end_time": { - "description": "The end point for the time period for the metrics query (non-inclusive).", + "description": "The end time of your metrics query.", "type": "string", "format": "date-time", "example": "2019-08-07T09:57:36.088757764Z" @@ -9257,11 +14114,11 @@ "resolution": { "description": "The level of granularity for the time series data.", "type": "string", - "example": "30m" + "example": "1h" } } }, - "MetricEx": { + "Metric": { "type": "object", "required": [ "metric", @@ -9270,38 +14127,30 @@ "description": "This object represents a metric, including the name of the metric resource, aggregate function, and series details.\n", "properties": { "metric": { - "$ref": "#/components/schemas/MetricName" + "$ref": "#/components/schemas/InventoryMetricName" }, "aggregate": { - "$ref": "#/components/schemas/MetricAggregation" + "$ref": "#/components/schemas/InventoryMetricAggregation" }, "series": { - "description": "An array of data points aligned along one or more dimensions from the Dimensions Catalog.\n", + "description": "An array of data points.\n", "type": "array", "items": { - "$ref": "#/components/schemas/SeriesEx" + "$ref": "#/components/schemas/Series" }, "example": [ { - "dimensions": { - "nginx_id": "some-instance-obj-1", - "parent_hostname": "hostname-for-instance-1" - }, "data": [ { - "timestamp": "2019-08-07T09:57:30Z", + "timestamp": "2019-08-07T09:00:00Z", "value": 10 } ] }, { - "dimensions": { - "nginx_id": "some-instance-obj-2", - "parent_hostname": "hostname-for-instance-2" - }, "data": [ { - "timestamp": "2019-08-07T09:58:30Z", + "timestamp": "2019-08-07T10:00:00Z", "value": 5 } ] @@ -9310,26 +14159,13 @@ } } }, - "SeriesEx": { - "description": "This object represents a set of data points aligned along one or more dimensions from the Dimensions Catalog.", + "Series": { + "description": "This object represents a set of data points.", "type": "object", "required": [ - "dimensions", "data" ], "properties": { - "dimensions": { - "description": "This object represents a set of data points aligned along one or more dimensions.\n", - "type": "object", - "additionalProperties": { - "description": "The name(s) of the dimensions used in the metrics query.\n", - "type": "string" - }, - "example": { - "nginx_id": "some-instance-object-id", - "parent_hostname": "hostname-for-instance" - } - }, "data": { "description": "Array of data points for a metric.\n", "type": "array", @@ -9338,982 +14174,1324 @@ }, "example": [ { - "timestamp": "2019-08-07T09:57:30Z", + "timestamp": "2019-08-07T09:00:00Z", "value": 10 } ] } } }, - "MetricData": { - "type": "object", - "required": [ - "timestamp", - "value" - ], - "properties": { - "timestamp": { - "type": "string", - "description": "A date-time string that represent when the data point in the series was recorded.\n", - "format": "date-time" - }, - "value": { - "type": "number", - "format": "double", - "nullable": true, - "description": "A value for the data, where `null` indicates a gap.\n" - } - } - }, - "StartTime": { - "description": "Sets the beginning of the time period for your metrics query (inclusive).\n\nUsage:\n* `start_time` is required if `end_time` is specified.\n* If `start_time` isn't provided, the API returns the latest metrics.\n* `start_time` is required for aggregated metrics in order to calculate the `resolution` (granularity).\n\nTime can be specified in two ways:\n* Using ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and the appropriate time unit. The time unit can can be `y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds). \nExample of an offset: \"now-3h\" (3 hours before now).\n", + "MetricStartTime": { + "description": "The start time of your metrics query.\n\nUsage:\n* `start_time` is required if `end_time` is specified.\n* If `start_time` and `end_time` isn't provided, the API returns metrics from the current time to the month before the current time.\n* The `start_time` cannot be older than 120 days before the current time.\n\nYou can set the `start_time` in these ways:\n* In ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and unit [`y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds)]. \n* Example of an offset: \"now-3h\" (3 hours before now).\n", "type": "string", "example": "2019-08-07T09:57:36.088757764Z" }, - "EndTime": { - "description": "Sets the end point for the time period for your metrics query (non-inclusive).\n\nUsage:\n* Must be greater than `start_time`.\n* If `start_time` is specified and `end_time` is not, `end_time` defaults to the current time.\n\nTime can be specified in two ways:\n* Using ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and the appropriate time unit. The time unit can can be `y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds). \nExample of an offset: \"now-3h\" (3 hours before now).\n", + "MetricEndTime": { + "description": "The end time of your metrics query.\n\nUsage:\n* Must be greater than `start_time`.\n* The time difference between `start_time` and `end_time` should be greater than an hour.\n* The default `end_time` is the current time.\n* The `end_time` cannot be older than 120 days before the current time.\n\nYou can set the `end_time` in these ways:\n* In ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and unit [`y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds)]. \n* Example of an offset: \"now-3h\" (3 hours before now).\n", "type": "string", "example": "2019-08-07T09:57:36.088757764Z" }, - "MetricAggregation": { + "InventoryMetricAggregation": { "type": "string", - "description": "Static list of aggregation functions that can be applied to a compatible metric.\n * min\n * max\n * sum\n * avg\n * rate\n", + "description": "Static list of aggregation functions that can be applied to a compatible metric.\n * count\n * sum\n * avg\n * min\n * max\n", "enum": [ - "min", - "max", + "count", "sum", "avg", - "rate" + "min", + "max" ], "x-enum-varnames": [ - "metric_aggregation_min", - "metric_aggregation_max", + "metric_aggregation_count", "metric_aggregation_sum", "metric_aggregation_avg", - "metric_aggregation_rate" + "metric_aggregation_min", + "metric_aggregation_max" ] }, - "MetricDimensions": { - "type": "array", - "description": "List the dimensions to include in the response for each metric series.\n\nUsage:\n\n* Specify the list of dimensions. Dimensions not specified in this parameter will be hidden in the results.\n* If you specify dimensions in `group_by`, you don't need to list them again in `dimensions`. \nHowever, if you are using `group_by`, then any dimensions you list in `dimensions` must also be included in `group_by`.\n * To return a single series, specify the metric name with aggregation (for example, `{ \"name\": \"agent.cpu.system\", \"aggregate\": \"avg\" }`) and leave the `dimensions` parameter empty.\n", - "items": { - "$ref": "#/components/schemas/MetricDimension" + "BaseInventoryQueryRequest": { + "type": "object", + "required": [ + "metrics" + ], + "properties": { + "metrics": { + "$ref": "#/components/schemas/InventoryMetricNames" + }, + "start_time": { + "$ref": "#/components/schemas/MetricStartTime" + }, + "end_time": { + "$ref": "#/components/schemas/MetricEndTime" + } } }, - "GroupByDimensions": { - "type": "array", - "description": "Group the query results by the specified dimension(s).\n\nUsage:\n* Specify the list of dimensions.\n* For `group_by` to work, all metrics in the `names` parameter must be aggregated.\n", - "items": { - "$ref": "#/components/schemas/MetricDimension" - } + "InventoryMetricQueryRequest": { + "type": "object", + "allOf": [ + { + "$ref": "#/components/schemas/BaseInventoryQueryRequest" + } + ] }, - "TopXMetricDimensions": { + "InventoryMetricNames": { "type": "array", - "description": "List additional dimensions to include in the response for each metric series. The dimension specified by `group_series_by` will be included by default.\n", + "description": "Specify the metrics to collect.\n\nUsage: \n* List multiple metrics as JSON objects.\n* You can aggregate metrics with `count`, `sum`, `avg`, `min`, `max`.\n", "items": { - "$ref": "#/components/schemas/MetricDimension" + "$ref": "#/components/schemas/InventoryMetricQuery" + }, + "example": [ + { + "name": "nginx.plus.instances", + "aggregate": [ + "count" + ] + } + ] + }, + "InventoryMetricQuery": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "$ref": "#/components/schemas/InventoryMetricName" + }, + "aggregate": { + "type": "array", + "items": { + "$ref": "#/components/schemas/InventoryMetricAggregation" + } + } } }, - "MetricDimension": { + "InventoryMetricName": { "type": "string", - "default": "display_name", - "description": "Static list of all metric dimensions.\n * `display_name` - The display name of the NGINX instance.\n * `file_path` - Path to a desired file.\n * `parent_hostname` - The hostname of the NGINX Plus instance.\n * `instance_object_id` - Instance Object ID is the unique identifier for an Instance registered with NGINX One Console.\n * `location_zone` - The name of an HTTP location zone.\n * `mount_point` - A filesystem mount point.\n * `namespace` - The Namespace associated with the metric data.\n * `network_interface` - A server network interface.\n * `nginx_id` - The unique identifier of an nginx instance running on the data plane.\n * `server_zone` - The name of an HTTP or Stream server zone.\n * `system_id` - The unique identifier of the the operating system where nginx-agent is running.\n * `tenant` - The Tenant associated with the metric data.\n * `csg_object_id` - Config Sync Group Object ID is the unique identifier for a Config Sync Group registered with NGINX One Console.\n * `mode` - Variant value associated with metric `system.cpu.utilization`.\n * `state` - Variant value associated with metrics `system.filesystem.usage`, `system.memory.usage`.\n * `io_direction` - Variant value associated with metric `system.network.io`.\n * `status_range` - Variant value associated with metric `nginx.http.response.count`.\n", + "description": "Metric names available for querying.\n", + "example": "nginx.plus.instances", + "oneOf": [ + { + "$ref": "#/components/schemas/MetricNginxInstancesPlus" + }, + { + "$ref": "#/components/schemas/MetricK8sClusterNodes" + } + ] + }, + "MetricNginxInstancesPlus": { + "type": "string", + "description": "Total number of nginx plus instances.\n\nAggregation(s) supported:\n * count\n * sum\n * avg\n * min\n * max\n", "enum": [ - "display_name", - "file_path", - "parent_hostname", - "instance_object_id", - "location_zone", - "mount_point", - "namespace", - "network_interface", - "nginx_id", - "server_zone", - "system_id", - "tenant", - "csg_object_id", - "mode", - "state", - "io_direction", - "status_range" + "nginx.plus.instances" + ] + }, + "MetricK8sClusterNodes": { + "type": "string", + "description": "Sum of the Kubernetes worker nodes where nginx plus instances are deployed in a Kubernetes cluster.\n\nAggregation(s) supported:\n * count\n * sum\n * avg\n * min\n * max\n", + "enum": [ + "k8s.cluster.nodes" + ] + }, + "FilterNameNapSignatures": { + "type": "string", + "description": "Keywords for NGINX App Protect signature filters.\nWhen filtering on `accuracy`, only the following `filter_values` are supported:\n * high\n * medium\n * low\nWhen filtering on `risk`, only the following `filter_values` are supported:\n * high\n * medium\n * low\nWhen filtering on `signature_type`, only the following `filter_values` are supported:\n * request\n * response\n", + "enum": [ + "accuracy", + "risk", + "signature_type" ], "x-enum-varnames": [ - "metric_dimension_display_name", - "metric_dimension_file_path", - "metric_dimension_hostname", - "metric_dimension_instance_object_id", - "metric_dimension_location_zone", - "metric_dimension_mount_point", - "metric_dimension_namespace", - "metric_dimension_network_interface", - "metric_dimension_nginx_id", - "metric_dimension_server_zone", - "metric_dimension_system_id", - "metric_dimension_tenant", - "metric_dimension_csg_object_id", - "metric_dimension_mode", - "metric_dimension_state", - "metric_dimension_io_direction", - "metric_dimension_status_range" + "filter_name_nap_signature_accuracy", + "filter_name_nap_signature_risk", + "filter_name_nap_signature_signature_type" + ] + }, + "FilterNameNapSignatureSets": { + "type": "string", + "description": "Keywords for NGINX App Protect signature set filters.\nWhen filtering on `type`, only the following `filter_values` are supported:\n * filter-based\n * manual\n", + "enum": [ + "type", + "name" + ], + "x-enum-varnames": [ + "filter_name_nap_signature_set_type", + "filter_name_nap_signature_set_name" ] }, - "BaseMetricQueryRequest": { + "NapSignatureID": { + "description": "An unique identifier for the NGINX App Protect signature.", + "type": "integer", + "pattern": "^\\d{9}" + }, + "NapSignatureSetObjectID": { + "description": "A globally unique identifier for the NGINX App Protect signature set.", + "type": "string", + "format": "object_id", + "pattern": "^sigset_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "VersionsList": { + "type": "object", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of versions.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapSignatureVersion" + } + } + } + }, + "NapVersion": { + "description": "A collection of NGINX App Protect release and associated engine versions.", "type": "object", "required": [ - "metrics" + "release", + "engine" ], "properties": { - "metrics": { - "$ref": "#/components/schemas/MetricNames" - }, - "filter": { - "$ref": "#/components/schemas/MetricFilters" - }, - "start_time": { - "$ref": "#/components/schemas/StartTime" - }, - "end_time": { - "$ref": "#/components/schemas/EndTime" + "release": { + "description": "The version of the NGINX App Protect release.", + "type": "string" }, - "resolution": { - "type": "string", - "description": "Specifies the level of granularity for time series data in your results. Applicable only for endpoints that return time series data.\n\nUsage: \n* Specify as a string with a number followed by a unit of time, such as `y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes) or `s` (seconds).\n* Metrics in `names` must be aggregated.\n* `start_time` is required.\n* If `resolution` is not set, the API returns the maximum resolution (`end_time` - `start_time`).\n", - "example": "30s" + "engine": { + "description": "The version of the NGINX App Protect engine.", + "type": "string" } } }, - "MetricQueryRequest": { + "ThreatCampaignVersionsListResponse": { + "$ref": "#/components/schemas/VersionsList" + }, + "AttackSignatureVersionsListResponse": { + "$ref": "#/components/schemas/VersionsList" + }, + "BotSignatureVersionsListResponse": { + "$ref": "#/components/schemas/VersionsList" + }, + "NapVersionsListResponse": { + "description": "List of NGINX App Protect versions.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapVersion" + } + }, + "NapPolicy": { + "description": "The base64-encoded contents of the NGINX App Protect policy.", "type": "object", + "required": [ + "policy" + ], + "properties": { + "policy": { + "type": "string", + "format": "base64", + "maxLength": 3145728 + } + } + }, + "NapPolicyObject": { "allOf": [ { - "$ref": "#/components/schemas/BaseMetricQueryRequest" + "$ref": "#/components/schemas/NapPolicyMetadata" }, { - "type": "object", - "properties": { - "dimensions": { - "$ref": "#/components/schemas/MetricDimensions" - }, - "group_by": { - "$ref": "#/components/schemas/GroupByDimensions" - }, - "order_by": { - "description": "List the order by for dimension(s).\n\nUsage:\n\n* Must be a dimension included by `dimensions` or `group_by`.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/OrderBy" - } - } - } + "$ref": "#/components/schemas/NapPolicyDeployments" } ] }, - "MetricTopXQueryRequest": { + "NapPolicyMetadata": { + "description": "Summary information about NGINX App Protect policy.", "type": "object", + "required": [ + "object_id", + "name", + "latest" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/NapPolicyObjectID" + }, + "name": { + "description": "The name of the NGINX App Protect policy.", + "type": "string" + }, + "description": { + "type": "string", + "description": "Some detail on the NGINX App Protect policy." + }, + "latest": { + "$ref": "#/components/schemas/NapPolicyVersionMetadata" + } + } + }, + "NapPolicyListResponse": { + "description": "List of all NGINX App Protect policies.", "allOf": [ { - "$ref": "#/components/schemas/BaseMetricQueryRequest" + "$ref": "#/components/schemas/PaginationResponse" }, { + "description": "List of NGINX App Protect policies.", "type": "object", "required": [ - "series_limit", - "group_series_by" + "items" ], "properties": { - "dimensions": { - "$ref": "#/components/schemas/TopXMetricDimensions" - }, - "series_limit": { - "type": "integer", - "example": 25, - "description": "Sets the maximum number of series that can be returned. \n\nNotes:\n* Always returns an additional series with a dimension named `all`, aggregating the values of all metrics included in the results.\n* A series with a dimension named `other` may be returned, aggregating the values of metrics not included in the results.\n" - }, - "group_series_by": { - "$ref": "#/components/schemas/MetricDimension" - }, - "order_series_by": { - "$ref": "#/components/schemas/OrderSeriesBy" + "items": { + "description": "An array of NGINX App Protect policy objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapPolicyObject" + } } + }, + "example": { + "items": [ + { + "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", + "name": "test-policy", + "description": "test policy", + "deployments": [ + { + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "enforcement_mode": "blocking", + "policy_version": "2023-12-06 22:37:24", + "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw", + "deployed_on": "2023-12-06T22:37:24.120114Z" + } + ], + "latest": { + "object_id": "pv_-uvR3F2TQGm18jnl7bpaGw", + "version": "2023-12-06 22:37:24", + "created_at": "2023-12-06T22:37:24.120114Z", + "deployment_status": "deployed", + "enforcement_mode": "blocking" + } + } + ] } } ] }, - "MetricNames": { - "type": "array", - "description": "Specify the metrics you want details for.\n\nUsage: \n* List multiple metrics as json objects.\n * You can aggregate metrics with `avg`, `sum`, `min`, `max`, `rate`.\n* Metrics with aggregates require a `start_time`.\n* If you combine aggregated and non-aggregated metrics in a single query, any `group_by` clause applies only to the aggregated metrics.\n", - "items": { - "$ref": "#/components/schemas/MetricQuery" - }, - "example": [ - { - "name": "system.cpu.utilization", - "aggregate": "avg", - "filter": [ - { - "filterSet": [ - { - "dimension": "mode", - "operator": "=", - "values": [ - "system" - ] - } - ] - } - ] + "NapPolicyVersionDeployments": { + "type": "object", + "properties": { + "deployments": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NapPolicyVersionDeployment" + } } - ] + } }, - "MetricQuery": { + "NapDeploymentAssociation": { "type": "object", "required": [ - "name" + "associated_type", + "associated_object_id", + "associated_name" ], "properties": { - "name": { - "$ref": "#/components/schemas/MetricName" + "associated_type": { + "$ref": "#/components/schemas/DeploymentAssociatedType" }, - "aggregate": { - "$ref": "#/components/schemas/MetricAggregation" + "associated_object_id": { + "$ref": "#/components/schemas/ObjectID" + }, + "associated_name": { + "$ref": "#/components/schemas/DeploymentAssociatedName" } } }, - "MetricFilterPredicate": { - "type": "string", - "enum": [ - "AND", - "OR" - ], - "x-enum-varnames": [ - "metric_filter_predicate_and", - "metric_filter_predicate_or" - ] - }, - "MetricFilters": { - "type": "array", - "description": "Filter results based on dimension operations against one or more values.\n\nUsage:\n* Format as one or more predicates by providing all required elements.\n * `dimension`: The dimension name you want to filter on.\n * `operator`: The possible operators (`=`, `!=`, `<`, `<=`, `>`, `>=`, `in`, `not`) you can use for comparison or condition checking.\n * `value`: Case sensitive value of the dimension to filter against.\n\nFor more complex filtering:\n\n* Specify a `predicate` for logical expressions (`AND`,`OR`). \n* Use a wildcard `*` in the `value` for matching partial values.\n", - "items": { - "$ref": "#/components/schemas/MetricFilterSet" - }, - "example": [ - { - "filterSet": [ - { - "dimension": "server_zone", - "operator": "!=", - "values": [ - "server_zone_1" - ] - }, - { - "predicate": "OR", - "dimension": "server_zone", - "operator": "=", - "values": [ - "server_zone_2" - ] - } - ] - }, + "NapPolicyVersionDeployment": { + "allOf": [ { - "predicate": "AND", - "filterSet": [ - { - "dimension": "nginx_id", - "operator": "in", - "values": [ - "id1", - "id2" - ] + "$ref": "#/components/schemas/NapDeploymentAssociation" + }, + { + "type": "object", + "description": "Information about a NGINX App Protect policy deployment.\n", + "required": [ + "publication_object_id", + "status", + "deployed_on" + ], + "properties": { + "publication_object_id": { + "$ref": "#/components/schemas/PublicationObjectID" + }, + "status": { + "$ref": "#/components/schemas/NapDeploymentStatus" + }, + "deployed_on": { + "description": "Date and time of the deployment.", + "type": "string", + "format": "date-time" } - ] + }, + "example": { + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "deployed_on": "2023-12-06T22:37:24.120114Z" + } } ] }, - "MetricFilterSet": { + "NapPolicyDeployments": { "type": "object", - "description": "Encapsulates one or more `MetricFilter` object(s) to be grouped together.\n", "required": [ - "filterSet" + "deployments" ], "properties": { - "predicate": { - "$ref": "#/components/schemas/MetricFilterPredicate" - }, - "filterSet": { + "deployments": { "type": "array", "items": { - "$ref": "#/components/schemas/MetricFilter" + "$ref": "#/components/schemas/NapPolicyDeployment" } } } }, - "MetricFilter": { + "NapPolicyDeployment": { + "description": "detailed information about a NGINX App Protect policy deployment.", "type": "object", "required": [ - "dimension", - "operator", - "values" + "publication_object_id", + "associated_object_id", + "associated_name", + "associated_type", + "enforcement_mode", + "status", + "policy_version", + "policy_version_object_id", + "deployed_on" ], - "properties": { - "dimension": { - "$ref": "#/components/schemas/MetricDimension" + "allOf": [ + { + "$ref": "#/components/schemas/NapPolicyVersionDeployment" }, - "operator": { - "type": "string", - "description": "Static list of all operations supported by filtering\n\n* The `=`, `!=` only use the first element of the `values` array. Wildcards for partial matching is supported.\n* The `in` and `not` both use all elements in the `values` array. Wildcards for partial matching is NOT supported.\n", - "enum": [ - "=", - "!=", - "in", - "not" + { + "type": "object", + "required": [ + "enforcement_mode", + "policy_version", + "policy_version_object_id" ], - "x-enum-varnames": [ - "metric_filter_equal", - "metric_filter_not_equal", - "metric_filter_in", - "metric_filter_not" - ] - }, - "values": { - "type": "array", - "description": "Single value used for all operators except `in` and `not`.", - "items": { - "type": "string" + "properties": { + "enforcement_mode": { + "$ref": "#/components/schemas/NapPolicyEnforcementMode" + }, + "policy_version": { + "description": "The version associated with the NGINX App Protect policy.", + "type": "string" + }, + "policy_version_object_id": { + "$ref": "#/components/schemas/NapPolicyVersionObjectID" + } } - }, - "predicate": { - "$ref": "#/components/schemas/MetricFilterPredicate" } - } - }, - "OrderDirection": { - "type": "string", - "enum": [ - "asc", - "desc" - ], - "x-enum-varnames": [ - "order_by_asc", - "order_by_desc" - ], - "default": "desc" - }, - "OrderBy": { - "type": "object", - "description": "Sort order of the metric series in your results.\n\nUsage:\n* Provide all required elements. \n * `direction`: The sorting direction either `desc` or `asc`.\n * `dimension`: The dimension for ordering.\n", - "required": [ - "direction", - "dimension" ], - "properties": { - "direction": { - "$ref": "#/components/schemas/OrderDirection" - }, - "dimension": { - "$ref": "#/components/schemas/MetricDimension" - } + "example": { + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "deployed_on": "2023-12-06T22:37:24.120114Z", + "enforcement_mode": "blocking", + "policy_version": "2023-12-06 22:37:24", + "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw" } }, - "OrderSeriesBy": { + "NapPolicyDeploymentDetails": { "type": "object", - "description": "Sort order of the metric series in your results.\n\nUsage:\n* Provide all required elements. \n * `direction`: The sorting direction either `desc` or `asc`.\n * `aggregate`: The aggregating function.\n", "required": [ - "direction", - "aggregate" + "publication_object_id", + "associated_object_id", + "associated_name", + "associated_type", + "enforcement_mode", + "status", + "policy_version", + "policy_version_object_id", + "deployed_on", + "threat_campaign_version", + "attack_signature_version", + "bot_signature_version" ], - "properties": { - "direction": { - "$ref": "#/components/schemas/OrderDirection" - }, - "aggregate": { - "$ref": "#/components/schemas/MetricAggregation", - "default": "sum" - } - } - }, - "MetricName": { - "type": "string", - "description": "Metric names available for querying.\n", - "example": "nginx.http.request.count", - "oneOf": [ - { - "$ref": "#/components/schemas/MetricSystemCpuUtilization" - }, - { - "$ref": "#/components/schemas/MetricSystemFilesystemUsage" - }, - { - "$ref": "#/components/schemas/MetricSystemMemoryUsage" - }, - { - "$ref": "#/components/schemas/MetricSystemCpuLogicalCount" - }, - { - "$ref": "#/components/schemas/MetricSystemNetworkIo" - }, + "allOf": [ { - "$ref": "#/components/schemas/MetricNginxHttpRequestCount" + "$ref": "#/components/schemas/NapPolicyDeployment" }, { - "$ref": "#/components/schemas/MetricNginxHttpResponseCount" - } - ] - }, - "MetricSystemCpuUtilization": { - "type": "string", - "description": "Total system CPU utilization for 'system' or 'user', percentage. A filter differentiator is needed for specific mode(s).\n\nReplacement for depreciated variant(s):\n * system.cpu.system\n * system.cpu.user\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * mode (applicable filter values: 'system', 'user')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n", - "enum": [ - "system.cpu.utilization" - ] - }, - "MetricSystemFilesystemUsage": { - "type": "string", - "description": "System disk usage statistic, percentage. A filter differentiator is needed for specific state(s).\n\nReplacement for depreciated variant(s):\n * system.disk.in_use\n * system.disk.total\n * system.disk.used\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * state (applicable filter values: 'used', 'free', 'in_use')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * mount_point\n", - "enum": [ - "system.filesystem.usage" - ] - }, - "MetricSystemMemoryUsage": { - "type": "string", - "description": "Total available statistic about system memory usage, bytes. A filter differentiator is needed for specific state(s).\n\nReplacement for depreciated variant(s):\n * system.mem.pct_used\n * system.mem.total\n * system.mem.used\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate \n\nCatalog dimension filter differentiator:\n * state (applicable filter values: 'used', 'free', 'total', 'pct_used')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n", - "enum": [ - "system.memory.usage" - ] - }, - "MetricSystemCpuLogicalCount": { - "type": "string", - "description": "Number of logical (virtual) processor cores created by the operating system.\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate \n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n", - "enum": [ - "system.cpu.logical.count" - ] - }, - "MetricSystemNetworkIo": { - "type": "string", - "description": "Network I/O statistics. Number of bytes sent or received per network interface. A filter differentiator is needed for specific I/O direction(s).\n\nReplacement for depreciated variant(s):\n * system.net.bytes_rcvd\n * system.net.bytes_sent\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * io_direction (applicable filter values: 'transmit', 'receive')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * network_interface\n", - "enum": [ - "system.network.io" - ] - }, - "MetricNginxHttpRequestCount": { - "type": "string", - "description": "The current number of client requests received from clients.\n\nReplacement for depreciated variant(s):\n * nginx.http.request.count\n * plus.http.request.count\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * server_zone\n * location_zone\n", - "enum": [ - "nginx.http.request.count" - ] - }, - "MetricNginxHttpResponseCount": { - "type": "string", - "description": "The current number of responses, grouped by status code range. A filter differentiator is needed for specific status range(s).\n\nReplacement for depreciated variant(s):\n * nginx.http.status.4xx\n * plus.http.status.4xx\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * status_range (applicable filter values: '4xx', '5xx')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id \n * server_zone\n * location_zone\n", - "enum": [ - "nginx.http.response.count" - ] - }, - "SettingsInstanceCleanup": { - "type": "object", - "description": "Preferences for automatic cleanup of stale NGINX One Instances.", - "required": [ - "age_out_duration" - ], - "properties": { - "age_out_duration": { - "type": "integer", - "format": "int32", - "description": "Specify the age of `unavailable` NGINX instances for clean up. NGINX instances older than this value in hours will be deleted automatically. Events related to automatically deleted NGINX instances will show up in `/events` API. '0' value disables the automatic clean up of `unavailable` NGINX instances.", - "default": 3, - "minimum": 0, - "maximum": 720 + "type": "object", + "properties": { + "threat_campaign_version": { + "$ref": "#/components/schemas/NapSignatureVersion" + }, + "attack_signature_version": { + "$ref": "#/components/schemas/NapSignatureVersion" + }, + "bot_signature_version": { + "$ref": "#/components/schemas/NapSignatureVersion" + } + } } - }, + ], "example": { - "age_out_duration": 3 + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "policy_version": "2023-12-06 22:37:24", + "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw", + "deployed_on": "2023-12-06T22:37:24.120114Z", + "enforcement_mode": "blocking", + "threat_campaign_version": "2023.12.06", + "attack_signature_version": "2023.12.06", + "bot_signature_version": "2023.12.06" } }, - "HttpUsage": { - "type": "object", - "properties": { - "client": { - "allOf": [ - { - "$ref": "#/components/schemas/UsageMetrics" - }, - { - "type": "object", - "properties": { - "requests": { - "type": "integer", - "description": "Total requests handled by an NGINX Instance", - "minimum": 0 - } + "NapPolicyDeploymentsListResponse": { + "description": "List of all NGINX App Protect deployments.", + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" + }, + { + "type": "object", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of NGINX App Protect deployments.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapPolicyDeploymentDetails" } } - ] - }, - "upstream": { - "$ref": "#/components/schemas/UsageMetrics" + }, + "example": { + "items": [ + { + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "policy_version": "2023-12-06 22:37:24", + "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw", + "deployed_on": "2023-12-06T22:37:24.120114Z", + "enforcement_mode": "blocking", + "threat_campaign_version": "2023.12.06", + "attack_signature_version": "2023.12.06", + "bot_signature_version": "2023.12.06" + } + ] + } } - } + ] }, - "StreamUsage": { + "NapPolicyVersionMetadata": { "type": "object", + "description": "Summary information about the specific NGINX App Protect policy version.", + "required": [ + "object_id", + "version", + "enforcement_mode", + "created_at" + ], "properties": { - "client": { - "$ref": "#/components/schemas/UsageMetrics" + "object_id": { + "$ref": "#/components/schemas/NapPolicyVersionObjectID" }, - "upstream": { - "$ref": "#/components/schemas/UsageMetrics" + "version": { + "$ref": "#/components/schemas/NapSignatureVersion" + }, + "enforcement_mode": { + "$ref": "#/components/schemas/NapPolicyEnforcementMode" + }, + "created_at": { + "description": "The date and time when the NGINX App Protect policy version was created.", + "type": "string", + "format": "date-time" } } }, - "UsageMetrics": { + "NapPolicyVersionDetails": { + "description": "Detailed information about NGINX App Protect policy version.", "type": "object", - "properties": { - "received": { - "type": "integer", - "description": "Total bytes received by an NGINX Instance from clients/upstreams", - "minimum": 0 + "required": [ + "policy", + "object_id", + "version", + "enforcement_mode", + "created_at" + ], + "allOf": [ + { + "$ref": "#/components/schemas/NapPolicyVersionMetadata" }, - "sent": { - "type": "integer", - "description": "Total bytes sent by the NGINX Instance to clients/upstreams", - "minimum": 0 + { + "$ref": "#/components/schemas/NapPolicy" }, - "connections": { - "type": "integer", - "description": "Total connections of the NGINX Instance with clients/upstreams", - "minimum": 0 + { + "$ref": "#/components/schemas/NapPolicyVersionDeployments" } - } - }, - "NginxUsageHttp": { - "$ref": "#/components/schemas/HttpUsage" - }, - "NginxUsageStream": { - "$ref": "#/components/schemas/StreamUsage" - }, - "MetricStartTime": { - "description": "The start time of your metrics query.\n\nUsage:\n* `start_time` is required if `end_time` is specified.\n* If `start_time` and `end_time` isn't provided, the API returns metrics from the current time to the month before the current time.\n* The `start_time` cannot be older than 120 days before the current time.\n\nYou can set the `start_time` in these ways:\n* In ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and unit [`y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds)]. \n* Example of an offset: \"now-3h\" (3 hours before now).\n", - "type": "string", - "example": "2019-08-07T09:57:36.088757764Z" - }, - "MetricEndTime": { - "description": "The end time of your metrics query.\n\nUsage:\n* Must be greater than `start_time`.\n* The time difference between `start_time` and `end_time` should be greater than an hour.\n* The default `end_time` is the current time.\n* The `end_time` cannot be older than 120 days before the current time.\n\nYou can set the `end_time` in these ways:\n* In ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and unit [`y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds)]. \n* Example of an offset: \"now-3h\" (3 hours before now).\n", - "type": "string", - "example": "2019-08-07T09:57:36.088757764Z" + ] }, - "InventoryMetricAggregation": { - "type": "string", - "description": "Static list of aggregation functions that can be applied to a compatible metric.\n * count\n * sum\n * avg\n * min\n * max\n", - "enum": [ - "count", - "sum", - "avg", - "min", - "max" - ], - "x-enum-varnames": [ - "metric_aggregation_count", - "metric_aggregation_sum", - "metric_aggregation_avg", - "metric_aggregation_min", - "metric_aggregation_max" + "NapPolicyVersionObject": { + "description": "Summary information about NGINX App Protect policy version.", + "allOf": [ + { + "$ref": "#/components/schemas/NapPolicyVersionMetadata" + }, + { + "$ref": "#/components/schemas/NapPolicyVersionDeployments" + }, + { + "type": "object", + "required": [ + "latest" + ], + "properties": { + "latest": { + "description": "Indicates whether the NGINX App Protect policy version is latest. Default (`false`) returns the current policy. \nWhen set to `true`, returns the latest policy.\n", + "type": "boolean", + "default": false + } + } + } ] }, - "BaseInventoryQueryRequest": { - "type": "object", - "required": [ - "metrics" - ], - "properties": { - "metrics": { - "$ref": "#/components/schemas/InventoryMetricNames" + "NapPolicyVersionsListResponse": { + "description": "List of all NGINX App Protect versions.", + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" }, - "start_time": { - "$ref": "#/components/schemas/MetricStartTime" + { + "type": "object", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of NGINX App Protect version objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapPolicyVersionObject" + } + } + }, + "example": { + "items": [ + { + "version": "2023-12-06 22:37:24", + "object_id": "pv_-uvR3F2TQGm18jnl7bpaGw", + "created_at": "2023-12-06T22:37:24.120114Z", + "enforcement_mode": "blocking", + "latest": false + } + ] + } + } + ] + }, + "NapLogProfileListResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" }, - "end_time": { - "$ref": "#/components/schemas/MetricEndTime" + { + "type": "object", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of NGINX App Protect log profiles.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapLogProfileMetadata" + } + } + } } - } + ] }, - "InventoryMetricQueryRequest": { - "type": "object", + "NapLogProfileGetResponse": { "allOf": [ { - "$ref": "#/components/schemas/BaseInventoryQueryRequest" - } - ] - }, - "InventoryMetricNames": { - "type": "array", - "description": "Specify the metrics to collect.\n\nUsage: \n* List multiple metrics as JSON objects.\n* You can aggregate metrics with `count`, `sum`, `avg`, `min`, `max`.\n", - "items": { - "$ref": "#/components/schemas/InventoryMetricQuery" - }, - "example": [ + "$ref": "#/components/schemas/NapLogProfileMetadata" + }, { - "name": "nginx.plus.instances", - "aggregate": [ - "count" - ] + "type": "object", + "required": [ + "config" + ], + "properties": { + "config": { + "description": "The NGINX App Protect log profile configuration.", + "type": "string" + } + } } ] }, - "InventoryMetricQuery": { + "NapLogProfileMetadata": { "type": "object", "required": [ - "name" + "name", + "object_id" ], "properties": { "name": { - "$ref": "#/components/schemas/InventoryMetricName" + "type": "string", + "description": "The name of the NGINX App Protect log profile." }, - "aggregate": { - "type": "array", - "items": { - "$ref": "#/components/schemas/InventoryMetricAggregation" - } + "object_id": { + "$ref": "#/components/schemas/NapLogProfileObjectID" + }, + "description": { + "description": "Optional field to describe the NGINX App Protect log profile.", + "type": "string", + "minLength": 5, + "maxLength": 256 } } }, - "InventoryMetricName": { - "type": "string", - "description": "Metric names available for querying.\n", - "example": "nginx.plus.instances", - "oneOf": [ + "NapGlobalSettingsListResponse": { + "allOf": [ { - "$ref": "#/components/schemas/MetricNginxInstancesPlus" + "$ref": "#/components/schemas/PaginationResponse" }, { - "$ref": "#/components/schemas/MetricK8sClusterNodes" + "type": "object", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of NGINX App Protect global settings.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapGlobalSettingMetadata" + } + } + } } ] }, - "MetricNginxInstancesPlus": { - "type": "string", - "description": "Total number of nginx plus instances.\n\nAggregation(s) supported:\n * count\n * sum\n * avg\n * min\n * max\n", - "enum": [ - "nginx.plus.instances" - ] - }, - "MetricK8sClusterNodes": { - "type": "string", - "description": "Sum of the Kubernetes worker nodes where nginx plus instances are deployed in a Kubernetes cluster.\n\nAggregation(s) supported:\n * count\n * sum\n * avg\n * min\n * max\n", - "enum": [ - "k8s.cluster.nodes" + "NapGlobalSettingGetResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/NapGlobalSettingMetadata" + }, + { + "type": "object", + "required": [ + "config" + ], + "properties": { + "config": { + "description": "The NGINX App Protect global setting configuration.", + "type": "string" + } + } + } ] }, - "VersionsList": { + "NapGlobalSettingMetadata": { "type": "object", "required": [ - "items" + "name", + "object_id" ], "properties": { - "items": { - "description": "An array of versions.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NapSignatureVersion" - } + "name": { + "type": "string", + "description": "The name of the NGINX App Protect global setting object." + }, + "description": { + "description": "Optional field to describe the NGINX App Protect global setting object.", + "type": "string", + "minLength": 5, + "maxLength": 256 + }, + "object_id": { + "$ref": "#/components/schemas/NapGlobalSettingObjectID" } } }, - "ThreatCampaignVersionsListResponse": { - "$ref": "#/components/schemas/VersionsList" - }, - "AttackSignatureVersionsListResponse": { - "$ref": "#/components/schemas/VersionsList" - }, - "BotSignatureVersionsListResponse": { - "$ref": "#/components/schemas/VersionsList" - }, - "NapPolicy": { - "description": "The base64-encoded contents of the NGINX App Protect policy.", + "NapGlobalSettingCreateRequest": { + "description": "Create NGINX App Protect global setting object.", "type": "object", "required": [ - "policy" + "name", + "config" ], "properties": { - "policy": { + "name": { + "description": "The name of the NGINX App Protect global setting object.", + "type": "string", + "minLength": 3, + "maxLength": 32 + }, + "description": { + "description": "Optional field to describe the NGINX App Protect global setting object.", + "type": "string", + "minLength": 5, + "maxLength": 256 + }, + "config": { + "description": "The NGINX App Protect global setting configuration.", "type": "string", "format": "base64", "maxLength": 3145728 } } }, - "NapPolicyObject": { - "allOf": [ - { - "$ref": "#/components/schemas/NapPolicyMetadata" - }, - { - "$ref": "#/components/schemas/NapPolicyDeployments" - } - ] - }, - "NapPolicyMetadata": { - "description": "Summary information about NGINX App Protect policy.", + "NapGlobalSettingUpdateRequest": { + "description": "Update NGINX App Protect global setting object.", "type": "object", "required": [ - "object_id", - "name", - "latest" + "config" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/NapPolicyObjectID" - }, - "name": { - "description": "The name of the NGINX App Protect policy.", - "type": "string" - }, "description": { + "description": "Optional field to describe the NGINX App Protect global setting object.", "type": "string", - "description": "Some detail on the NGINX App Protect policy." + "minLength": 5, + "maxLength": 256 }, - "latest": { - "$ref": "#/components/schemas/NapPolicyVersionMetadata" + "config": { + "description": "The NGINX App Protect global setting configuration.", + "type": "string", + "format": "base64", + "maxLength": 3145728 } } }, - "NapPolicyListResponse": { - "description": "List of all NGINX App Protect policies.", - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" - }, - { - "description": "List of NGINX App Protect policies.", - "type": "object", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of NGINX App Protect policy objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NapPolicyObject" - } - } - }, - "example": { - "items": [ - { - "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", - "name": "test-policy", - "description": "test policy", - "deployments": [ - { - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "enforcement_mode": "blocking", - "policy_version": "2023-12-06 22:37:24", - "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw", - "deployed_on": "2023-12-06T22:37:24.120114Z" - } - ], - "latest": { - "object_id": "pv_-uvR3F2TQGm18jnl7bpaGw", - "version": "2023-12-06 22:37:24", - "created_at": "2023-12-06T22:37:24.120114Z", - "deployment_status": "deployed", - "enforcement_mode": "blocking" - } - } - ] - } - } - ] - }, - "NapPolicyVersionDeployments": { + "NapLogProfileCreateRequest": { + "description": "Create NGINX App Protect log profile.", "type": "object", + "required": [ + "name", + "config" + ], "properties": { - "deployments": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NapPolicyVersionDeployment" - } + "name": { + "description": "The name of the NGINX App Protect log profile.", + "type": "string", + "minLength": 5, + "maxLength": 32 + }, + "description": { + "description": "Optional field to describe the NGINX App Protect log profile.", + "type": "string", + "minLength": 5, + "maxLength": 256 + }, + "config": { + "description": "The NGINX App Protect log profile configuration.", + "type": "string", + "format": "base64", + "maxLength": 3145728 } } }, - "NapDeploymentAssociation": { + "NapLogProfileUpdateRequest": { + "description": "Update NGINX App Protect log profile.", "type": "object", "required": [ - "associated_type", - "associated_object_id", - "associated_name" + "config" ], "properties": { - "associated_type": { - "$ref": "#/components/schemas/DeploymentAssociatedType" - }, - "associated_object_id": { - "$ref": "#/components/schemas/ObjectID" + "description": { + "description": "Optional field to describe describing the NGINX App Protect log profile.", + "type": "string", + "minLength": 5, + "maxLength": 256 }, - "associated_name": { - "$ref": "#/components/schemas/DeploymentAssociatedName" + "config": { + "description": "The NGINX App Protect log profile configuration.", + "type": "string", + "format": "base64", + "maxLength": 3145728 } } }, - "NapPolicyVersionDeployment": { - "allOf": [ + "NapPolicyBulkRequest": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NapPolicyBulkRequestData" + }, + "minItems": 1, + "maxItems": 50, + "example": [ { - "$ref": "#/components/schemas/NapDeploymentAssociation" + "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" }, { - "type": "object", - "description": "Information about a NGINX App Protect policy deployment.\n", - "required": [ - "publication_object_id", - "status", - "deployed_on" - ], - "properties": { - "publication_object_id": { - "$ref": "#/components/schemas/PublicationObjectID" - }, - "status": { - "$ref": "#/components/schemas/NapDeploymentStatus" - }, - "deployed_on": { - "description": "Date and time of the deployment.", - "type": "string", - "format": "date-time" - } - }, - "example": { - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "deployed_on": "2023-12-06T22:37:24.120114Z" - } + "object_id": "pol_PL0c1XodRemmzVEjiXSsTg", + "action": "delete" } ] }, - "NapPolicyDeployments": { + "NapPolicyBulkRequestData": { "type": "object", + "description": "Part of bulk operation on a Nap policy, only `delete` is supported.", "required": [ - "deployments" + "action", + "object_id" ], "properties": { - "deployments": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NapPolicyDeployment" - } + "object_id": { + "$ref": "#/components/schemas/NapPolicyObjectID" + }, + "action": { + "$ref": "#/components/schemas/BulkRequestAction" } + }, + "example": { + "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" } }, - "NapPolicyDeployment": { - "description": "detailed information about a NGINX App Protect policy deployment.", - "type": "object", + "NapBulkResponse": { + "description": "The Nap policy bulk outcome.", + "type": "array", + "items": { + "$ref": "#/components/schemas/BulkRequestObjectStatus" + } + }, + "NapSignatureMeta": { "required": [ - "publication_object_id", - "associated_object_id", - "associated_name", - "associated_type", - "enforcement_mode", - "status", - "policy_version", - "policy_version_object_id", - "deployed_on" + "signature_id", + "name", + "attack_type" ], + "properties": { + "name": { + "type": "string" + }, + "signature_id": { + "type": "integer" + }, + "attack_type": { + "type": "string" + } + } + }, + "NapSignature": { "allOf": [ { - "$ref": "#/components/schemas/NapPolicyVersionDeployment" + "$ref": "#/components/schemas/NapSignatureMeta" }, { "type": "object", "required": [ - "enforcement_mode", - "policy_version", - "policy_version_object_id" + "description", + "signature_type", + "risk", + "accuracy", + "has_cve", + "modified_at", + "systems" ], "properties": { - "enforcement_mode": { - "$ref": "#/components/schemas/NapPolicyEnforcementMode" + "accuracy": { + "default": "low", + "enum": [ + "high", + "low", + "medium" + ], + "x-enum-varnames": [ + "nap_signature_accuracy_high", + "nap_signature_accuracy_low", + "nap_signature_accuracy_medium" + ], + "type": "string" }, - "policy_version": { - "description": "The version associated with the NGINX App Protect policy.", + "description": { "type": "string" }, - "policy_version_object_id": { - "$ref": "#/components/schemas/NapPolicyVersionObjectID" + "has_cve": { + "default": false, + "type": "boolean" + }, + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the signature was last modified." + }, + "references": { + "items": { + "required": [ + "type", + "value" + ], + "properties": { + "type": { + "default": "nessus", + "enum": [ + "bugtraq", + "cve", + "nessus", + "url" + ], + "x-enum-varnames": [ + "nap_signature_references_type_bugtrag", + "nap_signature_references_type_cve", + "nap_signature_references_type_nessus", + "nap_signature_references_type_url" + ], + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "risk": { + "default": "low", + "enum": [ + "high", + "low", + "medium" + ], + "x-enum-varnames": [ + "nap_signature_risk_high", + "nap_signature_risk_low", + "nap_signature_risk_medium" + ], + "type": "string" + }, + "signature_type": { + "default": "request", + "enum": [ + "request", + "response" + ], + "type": "string", + "x-enum-varnames": [ + "nap_signature_signature_type_request", + "nap_signature_signature_type_response" + ] + }, + "systems": { + "items": { + "type": "string" + }, + "type": "array" } } } ], "example": { - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "deployed_on": "2023-12-06T22:37:24.120114Z", - "enforcement_mode": "blocking", - "policy_version": "2023-12-06 22:37:24", - "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw" + "signature_id": 123456789, + "name": "Example Signature", + "description": "This is an example signature.", + "signature_type": "request", + "attack_type": "SQL Injection", + "risk": "high", + "accuracy": "medium", + "has_cve": true, + "modified_at": "2023-10-01T12:00:00Z", + "references": [ + { + "type": "cve", + "value": "CVE-2023-12345" + } + ], + "systems": [ + "System A" + ] } }, - "NapPolicyDeploymentDetails": { + "NapSignatureSet": { "type": "object", "required": [ - "publication_object_id", - "associated_object_id", - "associated_name", - "associated_type", - "enforcement_mode", - "status", - "policy_version", - "policy_version_object_id", - "deployed_on", - "threat_campaign_version", - "attack_signature_version", - "bot_signature_version" + "id", + "name", + "signature_count", + "default_alarm", + "default_block", + "default_learn", + "modified_at" ], + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "signature_count": { + "type": "integer" + }, + "assign_to_policy_by_default": { + "default": false, + "type": "boolean" + }, + "category": { + "default": "User-defined", + "type": "string" + }, + "default_alarm": { + "default": true, + "type": "boolean" + }, + "default_block": { + "default": true, + "type": "boolean" + }, + "default_learn": { + "default": true, + "type": "boolean" + }, + "filter": { + "properties": { + "accuracy_filter": { + "default": "ge", + "enum": [ + "all", + "eq", + "ge", + "le" + ], + "x-enum-varnames": [ + "nap_signature_set_accuracy_filter_all", + "nap_signature_set_accuracy_filter_eq", + "nap_signature_set_accuracy_filter_ge", + "nap_signature_set_accuracy_filter_le" + ], + "type": "string" + }, + "accuracy_value": { + "default": "all", + "enum": [ + "all", + "high", + "low", + "medium" + ], + "x-enum-varnames": [ + "nap_signature_set_accuracy_value_all", + "nap_signature_set_accuracy_value_high", + "nap_signature_set_accuracy_value_low", + "nap_signature_set_accuracy_value_medium" + ], + "type": "string" + }, + "attack_type": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "has_cve": { + "default": "all", + "enum": [ + "all", + "no", + "yes" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_have_cve_all", + "nap_signature_set_filter_have_cve_no", + "nap_signature_set_filter_have_cve_yes" + ], + "type": "string" + }, + "modified_at_filter": { + "default": "all", + "enum": [ + "after", + "all", + "before" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_modified_at_filter_after", + "nap_signature_set_filter_modified_at_filter_all", + "nap_signature_set_filter_modified_at_filter_before" + ], + "type": "string" + }, + "modified_at_value": { + "default": "1970-01-01", + "type": "string" + }, + "risk_filter": { + "default": "eq", + "enum": [ + "all", + "eq", + "ge", + "le" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_risk_filter_all", + "nap_signature_set_filter_risk_filter_eq", + "nap_signature_set_filter_risk_filter_ge", + "nap_signature_set_filter_risk_filter_le" + ], + "type": "string" + }, + "risk_value": { + "default": "low", + "enum": [ + "all", + "high", + "low", + "medium" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_risk_value_all", + "nap_signature_set_filter_risk_value_high", + "nap_signature_set_filter_risk_value_low", + "nap_signature_set_filter_risk_value_medium" + ], + "type": "string" + }, + "signature_type": { + "default": "request", + "enum": [ + "all", + "request", + "response" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_signature_type_all", + "nap_signature_set_filter_signature_type_request", + "nap_signature_set_filter_signature_type_response" + ], + "type": "string" + }, + "user_defined_filter": { + "default": "all", + "enum": [ + "all", + "no", + "yes" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_user_defined_filter_all", + "nap_signature_set_filter_user_defined_filter_no", + "nap_signature_set_filter_user_defined_filter_yes" + ], + "type": "string" + } + }, + "type": "object" + }, + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the signature-set was last modified." + }, + "systems": { + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string" + } + } + }, + "type": "array" + }, + "type": { + "default": "filter-based", + "enum": [ + "filter-based", + "manual" + ], + "x-enum-varnames": [ + "nap_signature_set_type_filter_based", + "nap_signature_set_type_manual" + ], + "type": "string" + } + }, + "example": { + "default_block": true, + "default_learn": true, + "signature_count": 0, + "filter": { + "accuracy_value": "all", + "accuracy_filter": "all", + "attack_type": { + "name": "XML External Entities (XXE)" + }, + "risk_filter": "all", + "has_cve": "all", + "user_defined_filter": "all", + "risk_value": "all", + "modified_at_filter": "all", + "signature_type": "request" + }, + "assign_to_policy_by_default": false, + "default_alarm": true, + "type": "filter-based", + "name": "XML External Entities (XXE) Signatures", + "id": "sigset_-ZMshmi83MBL97dr5d0a9w", + "category": "User-defined", + "modified_at": "2023-08-10T16:59:15Z", + "systems": [] + } + }, + "NapSignatureListResponse": { "allOf": [ { - "$ref": "#/components/schemas/NapPolicyDeployment" + "$ref": "#/components/schemas/PaginationResponse" }, { "type": "object", + "required": [ + "items" + ], "properties": { - "threat_campaign_version": { - "$ref": "#/components/schemas/NapSignatureVersion" - }, - "attack_signature_version": { - "$ref": "#/components/schemas/NapSignatureVersion" - }, - "bot_signature_version": { - "$ref": "#/components/schemas/NapSignatureVersion" + "items": { + "description": "An array of NGINX App Protect signatures.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapSignature" + } } } } - ], - "example": { - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "policy_version": "2023-12-06 22:37:24", - "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw", - "deployed_on": "2023-12-06T22:37:24.120114Z", - "enforcement_mode": "blocking", - "threat_campaign_version": "2023.12.06", - "attack_signature_version": "2023.12.06", - "bot_signature_version": "2023.12.06" - } + ] }, - "NapPolicyDeploymentsListResponse": { - "description": "List of all NGINX App Protect deployments.", + "NapSignatureSetListResponse": { "allOf": [ { "$ref": "#/components/schemas/PaginationResponse" @@ -10325,382 +15503,662 @@ ], "properties": { "items": { - "description": "An array of NGINX App Protect deployments.", + "description": "An array of NGINX App Protect signature sets.", "type": "array", "items": { - "$ref": "#/components/schemas/NapPolicyDeploymentDetails" + "$ref": "#/components/schemas/NapSignatureSet" } } - }, - "example": { - "items": [ - { - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "policy_version": "2023-12-06 22:37:24", - "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw", - "deployed_on": "2023-12-06T22:37:24.120114Z", - "enforcement_mode": "blocking", - "threat_campaign_version": "2023.12.06", - "attack_signature_version": "2023.12.06", - "bot_signature_version": "2023.12.06" - } - ] } } ] }, - "NapPolicyVersionMetadata": { - "type": "object", - "description": "Summary information about the specific NGINX App Protect policy version.", - "required": [ + "FilterNameNapPolicy": { + "type": "string", + "description": "Keywords for NGINX App Protect policy filters.\nWhen filtering on `enforcement_mode`, only the following `filter_values` are supported:\n * blocking\n * transparent\nWhen filtering on `object_id`, both NAP Policy and NAP Policy version object id prefixes are supported.\n", + "enum": [ + "name", + "enforcement_mode", "object_id", - "version", + "deployment_enforcement_mode", + "deployment_status" + ], + "x-enum-varnames": [ + "filter_name_nap_policy_name", + "filter_name_nap_policy_enforcement_mode", + "filter_name_nap_policy_object_id", + "filter_name_nap_policy_deployment_enforcement_mode", + "filter_name_nap_policy_deployment_status" + ] + }, + "FilterNameNapPolicyVersion": { + "type": "string", + "description": "Keywords for NGINX App Protect policy version filters.\nWhen filtering on `deployment_status`, only the following `filter_values` are supported:\n * deployed\n * not_deployed\n * deploying\n * failed\nWhen filtering on `enforcement_mode`, only the following `filter_values` are supported:\n * blocking\n * transparent\n", + "enum": [ + "deployment_status", "enforcement_mode", - "created_at" + "object_id" ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/NapPolicyVersionObjectID" - }, - "version": { - "$ref": "#/components/schemas/NapSignatureVersion" - }, - "enforcement_mode": { - "$ref": "#/components/schemas/NapPolicyEnforcementMode" - }, - "created_at": { - "description": "The date and time when the NGINX App Protect policy version was created.", - "type": "string", - "format": "date-time" - } + "x-enum-varnames": [ + "filter_name_nap_policy_version_deployment_status", + "filter_name_nap_policy_version_enforcement_mode", + "filter_name_nap_policy_version_object_id" + ] + }, + "FilterNameNapPolicyDeployment": { + "type": "string", + "description": "Keywords for NGINX App Protect deployment filters.\nWhen filtering on `type`, only the following `filter_values` are supported:\n * instance\n * config_sync_group\nWhen filtering on `status`, only the following `filter_values` are supported:\n * deployed\n * deploying\n * failed\n", + "enum": [ + "name", + "type", + "policy_version", + "status", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_nap_deployment_name", + "filter_name_nap_deployment_type", + "filter_name_nap_deployment_policy_version", + "filter_name_nap_deployment_status", + "filter_name_nap_deployment_object_id" + ] + }, + "FilterNameNapLogProfile": { + "type": "string", + "description": "Keywords for NGINX App Protect log profile filters.\n", + "enum": [ + "name", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_nap_log_profile_name", + "filter_name_nap_log_profile_object_id" + ] + }, + "NapLogProfileObjectID": { + "description": "A globally unique identifier for the App Protect log profile.", + "type": "string", + "format": "object_id", + "pattern": "^lp_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "NapPolicyVersionDetails": { - "description": "Detailed information about NGINX App Protect policy version.", + "FilterNameNapGlobalSettings": { + "type": "string", + "description": "Keywords for NGINX App Protect global settings filters.\n", + "enum": [ + "name", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_nap_global_setting_name", + "filter_name_nap_global_setting_object_id" + ] + }, + "NapGlobalSettingObjectID": { + "description": "A globally unique identifier for the App Protect global settings object.", + "type": "string", + "format": "object_id", + "pattern": "^gs_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "DeploymentName": { + "type": "string", + "description": "Name of an NGINXaaS resource.", + "minLength": 3, + "maxLength": 30, + "pattern": "^[a-z][a-z0-9-]*[a-z0-9]$", + "example": "mydeployment" + }, + "DeploymentCloudName": { + "type": "string", + "description": "Name of the cloud where deployment resources are provisioned.", + "enum": [ + "google" + ] + }, + "DeploymentCloudInfo": { + "type": "object", + "description": "Cloud-specific deployment info.", + "oneOf": [ + { + "$ref": "#/components/schemas/GoogleDeploymentInfo" + } + ] + }, + "DeploymentScale": { "type": "object", + "description": "NaaS deployment scale info.", "required": [ - "policy", - "object_id", - "version", - "enforcement_mode", - "created_at" + "capacity" ], - "allOf": [ - { - "$ref": "#/components/schemas/NapPolicyVersionMetadata" - }, - { - "$ref": "#/components/schemas/NapPolicy" - }, + "properties": { + "capacity": { + "type": "integer", + "description": "The number of desired NCUs for a NaaS deployment. Must be >= 10 and a multiple of 10.\n", + "minimum": 10 + } + } + }, + "CreateDeploymentCloudInfo": { + "type": "object", + "description": "Cloud-specific create info.", + "oneOf": [ { - "$ref": "#/components/schemas/NapPolicyVersionDeployments" + "$ref": "#/components/schemas/CreateGoogleDeploymentInfo" } ] }, - "NapPolicyVersionObject": { - "description": "Summary information about NGINX App Protect policy version.", - "allOf": [ + "UpdateDeploymentCloudInfo": { + "type": "object", + "description": "Cloud-specific Patch info.", + "oneOf": [ { - "$ref": "#/components/schemas/NapPolicyVersionMetadata" + "$ref": "#/components/schemas/UpdateGoogleDeploymentInfo" + } + ] + }, + "GoogleDeploymentInfo": { + "type": "object", + "description": "Google deployment info.", + "required": [ + "region", + "network_attachment" + ], + "properties": { + "region": { + "$ref": "#/components/schemas/GoogleRegion" }, - { - "$ref": "#/components/schemas/NapPolicyVersionDeployments" + "network_attachment": { + "$ref": "#/components/schemas/GoogleNetworkAttachment" }, - { - "type": "object", - "required": [ - "latest" - ], - "properties": { - "latest": { - "description": "Indicates whether the NGINX App Protect policy version is latest. Default (`false`) returns the current policy. \nWhen set to `true`, returns the latest policy.\n", - "type": "boolean", - "default": false + "service_attachment": { + "$ref": "#/components/schemas/GoogleServiceAttachment" + }, + "service_attachment_accept_list": { + "type": "array", + "description": "List of google networkURls or project ids that should connect to the service attachment. The list must contain either all network urls or all project ids but not both simultaneously. An empty list indicates all connections to the service attachment should be accepted.\n", + "items": { + "$ref": "#/components/schemas/GoogleServiceAttachmentAcceptListItem" + } + }, + "log_project_id": { + "description": "The Google Cloud project ID where NGINX logs will be exported.", + "allOf": [ + { + "$ref": "#/components/schemas/GoogleProjectID" } + ] + }, + "metric_project_id": { + "description": "The Google Cloud project ID where NGINXaaS metrics will be exported.", + "allOf": [ + { + "$ref": "#/components/schemas/GoogleProjectID" + } + ] + }, + "identity": { + "$ref": "#/components/schemas/GoogleIdentity" + } + } + }, + "CreateGoogleDeploymentInfo": { + "type": "object", + "description": "Google deployment information used in create request.", + "required": [ + "region", + "network_attachment" + ], + "properties": { + "region": { + "$ref": "#/components/schemas/GoogleRegion" + }, + "network_attachment": { + "$ref": "#/components/schemas/GoogleNetworkAttachment" + }, + "service_attachment_accept_list": { + "type": "array", + "items": { + "$ref": "#/components/schemas/GoogleServiceAttachmentAcceptListItem" } + }, + "log_project_id": { + "description": "The Google Cloud project ID where NGINX logs will be exported. Omit the field to disable log exporting.\n", + "allOf": [ + { + "$ref": "#/components/schemas/GoogleProjectID" + } + ] + }, + "metric_project_id": { + "description": "The Google Cloud project ID where NGINXaaS metrics will be exported. Omit the field to disable metric exporting.\n", + "allOf": [ + { + "$ref": "#/components/schemas/GoogleProjectID" + } + ] + }, + "identity": { + "$ref": "#/components/schemas/CreateOrUpdateGoogleIdentity" } - ] + } }, - "NapPolicyVersionsListResponse": { - "description": "List of all NGINX App Protect versions.", - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" + "UpdateGoogleDeploymentInfo": { + "type": "object", + "description": "Patch info for a Google-based deployment", + "properties": { + "network_attachment": { + "$ref": "#/components/schemas/GoogleNetworkAttachment" }, - { - "type": "object", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of NGINX App Protect version objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NapPolicyVersionObject" - } - } - }, - "example": { - "items": [ - { - "version": "2023-12-06 22:37:24", - "object_id": "pv_-uvR3F2TQGm18jnl7bpaGw", - "created_at": "2023-12-06T22:37:24.120114Z", - "enforcement_mode": "blocking", - "latest": false - } - ] + "service_attachment_accept_list": { + "type": "array", + "items": { + "$ref": "#/components/schemas/GoogleServiceAttachmentAcceptListItem" } + }, + "log_project_id": { + "description": "The Google Cloud project ID where NGINX logs will be exported. Set to an empty string to disable log exporting.\n", + "allOf": [ + { + "$ref": "#/components/schemas/GoogleProjectID" + } + ] + }, + "metric_project_id": { + "description": "The Google Cloud project ID where NGINXaaS metrics will be exported. Set to an empty string to disable metric exporting.\n", + "allOf": [ + { + "$ref": "#/components/schemas/GoogleProjectID" + } + ] + }, + "identity": { + "$ref": "#/components/schemas/CreateOrUpdateGoogleIdentity" } - ] + } }, - "NapLogProfileListResponse": { - "allOf": [ + "GoogleResourceName": { + "type": "string", + "minLength": 1, + "maxLength": 63, + "pattern": "^[a-z]([-a-z0-9]*[a-z0-9])?" + }, + "GoogleRegion": { + "description": "Google region.", + "$ref": "#/components/schemas/GoogleResourceName" + }, + "GoogleNetworkAttachment": { + "type": "string", + "description": "Google network attachment.", + "pattern": "projects/[a-z]([-a-z0-9]*[a-z0-9])?/regions/[a-z]([-a-z0-9]*[a-z0-9])?/networkAttachments/[a-z]([-a-z0-9]*[a-z0-9])?" + }, + "GoogleServiceAttachment": { + "type": "string", + "description": "Google service attachment.", + "pattern": "projects/[a-z]([-a-z0-9]*[a-z0-9])?/regions/[a-z]([-a-z0-9]*[a-z0-9])?/serviceAttachments/[a-z]([-a-z0-9]*[a-z0-9])?" + }, + "GoogleServiceAttachmentAcceptListItem": { + "type": "string", + "oneOf": [ { - "$ref": "#/components/schemas/PaginationResponse" + "$ref": "#/components/schemas/GoogleServiceAttachmentAcceptNetworkItem" }, { - "type": "object", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of NGINX App Protect log profiles.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NapLogProfileMetadata" - } - } - } + "$ref": "#/components/schemas/GoogleProjectID" } ] }, - "NapLogProfileGetResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/NapLogProfileMetadata" + "GoogleServiceAttachmentAcceptNetworkItem": { + "type": "string", + "pattern": "^(.*/networks/.*)" + }, + "GoogleProjectID": { + "type": "string", + "pattern": "^(|((\\d+)|([a-z][a-z0-9\\-]{5,29})))$" + }, + "GoogleWorkloadIdentityPoolProviderName": { + "type": "string", + "description": "The resource name of the Google workload identity pool provider", + "pattern": "^projects/([0-9]+)/locations/([a-z0-9\\-]+)/workloadIdentityPools/([a-zA-Z0-9_\\-]+)/providers/([a-zA-Z0-9_\\-]+)$" + }, + "GoogleServiceAccountUniqueID": { + "type": "string", + "description": "The unique numeric ID of the Google service account", + "pattern": "^[0-9]+$" + }, + "GoogleIdentity": { + "type": "object", + "description": "Identity info for a Google-based deployment", + "properties": { + "workload_identity_pool_provider_name": { + "$ref": "#/components/schemas/GoogleWorkloadIdentityPoolProviderName" }, - { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "description": "The NGINX App Protect log profile configuration.", - "type": "string" + "nginxaas_service_account_unique_id": { + "description": "The unique numeric ID of the Google service account created by NGINXaaS", + "readOnly": true, + "allOf": [ + { + "$ref": "#/components/schemas/GoogleServiceAccountUniqueID" } - } + ] } - ] + } }, - "NapLogProfileMetadata": { + "CreateOrUpdateGoogleIdentity": { + "type": "object", + "description": "Identity info for a Google-based deployment used in a create or update request", + "properties": { + "workload_identity_pool_provider_name": { + "$ref": "#/components/schemas/GoogleWorkloadIdentityPoolProviderName" + } + } + }, + "Deployment": { "type": "object", + "description": "Deployment specification.", "required": [ + "id", + "account_id", "name", - "object_id" + "description", + "cloud", + "cloud_info", + "nginx_config_id", + "nginx_config_version_id", + "status", + "created_at", + "modified_at", + "scale" ], "properties": { + "id": { + "$ref": "#/components/schemas/DeploymentObjectID" + }, + "account_id": { + "$ref": "#/components/schemas/NginxaasAccountID" + }, "name": { + "$ref": "#/components/schemas/DeploymentName" + }, + "description": { + "$ref": "#/components/schemas/NginxaasDescription" + }, + "cloud": { + "$ref": "#/components/schemas/DeploymentCloudName" + }, + "cloud_info": { + "$ref": "#/components/schemas/DeploymentCloudInfo" + }, + "status": { + "$ref": "#/components/schemas/DeploymentStatus" + }, + "nginx_config_id": { + "$ref": "#/components/schemas/NginxaasNginxConfigObjectID" + }, + "nginx_config_version_id": { + "$ref": "#/components/schemas/NginxaasNginxConfigVersionObjectID" + }, + "created_at": { "type": "string", - "description": "The name of the NGINX App Protect log profile." + "description": "Datetime when request to create deployment was received.", + "format": "date-time" }, - "object_id": { - "$ref": "#/components/schemas/NapLogProfileObjectID" + "modified_at": { + "type": "string", + "description": "Datetime when deployment was last modified.", + "format": "date-time" }, - "description": { - "description": "Optional field to describe the NGINX App Protect log profile.", + "deleted_at": { "type": "string", - "minLength": 5, - "maxLength": 256 - } - } - }, - "NapGlobalSettingsListResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" + "description": "Datetime when request to delete deployment was received.", + "format": "date-time" }, - { - "type": "object", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of NGINX App Protect global settings.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NapGlobalSettingMetadata" - } - } - } + "scale": { + "$ref": "#/components/schemas/DeploymentScale" } - ] + } }, - "NapGlobalSettingGetResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/NapGlobalSettingMetadata" + "DeploymentStatus": { + "type": "object", + "description": "Deployment status info.", + "required": [ + "provisioning_state", + "config_state" + ], + "properties": { + "provisioning_state": { + "$ref": "#/components/schemas/DeploymentProvisioningState" }, - { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "description": "The NGINX App Protect global setting configuration.", - "type": "string" - } - } + "config_state": { + "$ref": "#/components/schemas/DeploymentConfigState" } - ] + } }, - "NapGlobalSettingMetadata": { + "DeploymentState": { "type": "object", + "description": "Deployment state info", "required": [ - "name", - "object_id" + "state", + "modified_at" ], "properties": { - "name": { + "state": { "type": "string", - "description": "The name of the NGINX App Protect global setting object." + "description": "State name/value.", + "enum": [ + "deleting", + "failed", + "pending", + "ready" + ] }, - "description": { - "description": "Optional field to describe the NGINX App Protect global setting object.", + "details": { "type": "string", - "minLength": 5, + "description": "State details.", "maxLength": 256 }, - "object_id": { - "$ref": "#/components/schemas/NapGlobalSettingObjectID" + "modified_at": { + "type": "string", + "description": "Datetime of last state change.", + "format": "date-time" } } }, - "NapPolicyBulkRequest": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NapPolicyBulkRequestData" - }, - "minItems": 1, - "maxItems": 50, - "example": [ - { - "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" + "DeploymentProvisioningState": { + "$ref": "#/components/schemas/DeploymentState" + }, + "DeploymentConfigState": { + "$ref": "#/components/schemas/DeploymentState" + }, + "DeploymentListResponse": { + "type": "object", + "description": "List of deployments.", + "required": [ + "count", + "items" + ], + "properties": { + "count": { + "description": "The total number of deployments returned.", + "type": "integer" }, - { - "object_id": "pol_PL0c1XodRemmzVEjiXSsTg", - "action": "delete" + "items": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Deployment" + } } - ] + } }, - "NapPolicyBulkRequestData": { + "DeploymentCreateRequest": { "type": "object", - "description": "Part of bulk operation on a Nap policy, only `delete` is supported.", + "description": "Request spec for creating a deployment.", "required": [ - "action", - "object_id" + "name", + "cloud", + "cloud_info", + "nginx_config_id", + "nginx_config_version_id", + "scale" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/NapPolicyObjectID" + "name": { + "$ref": "#/components/schemas/DeploymentName" + }, + "description": { + "$ref": "#/components/schemas/NginxaasDescription" + }, + "cloud": { + "$ref": "#/components/schemas/DeploymentCloudName" }, - "action": { - "$ref": "#/components/schemas/BulkRequestAction" + "cloud_info": { + "$ref": "#/components/schemas/CreateDeploymentCloudInfo" + }, + "nginx_config_id": { + "$ref": "#/components/schemas/NginxaasNginxConfigObjectID" + }, + "nginx_config_version_id": { + "$ref": "#/components/schemas/NginxaasNginxConfigVersionObjectID" + }, + "scale": { + "$ref": "#/components/schemas/DeploymentScale" } - }, - "example": { - "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" } }, - "NapBulkResponse": { - "description": "The Nap policy bulk outcome.", - "type": "array", - "items": { - "$ref": "#/components/schemas/BulkRequestObjectStatus" + "DeploymentUpdateRequest": { + "type": "object", + "description": "Request spec for updating a deployment.", + "properties": { + "name": { + "$ref": "#/components/schemas/DeploymentName" + }, + "description": { + "$ref": "#/components/schemas/NginxaasDescription" + }, + "cloud_info": { + "$ref": "#/components/schemas/UpdateDeploymentCloudInfo" + }, + "nginx_config_id": { + "$ref": "#/components/schemas/NginxaasNginxConfigObjectID" + }, + "nginx_config_version_id": { + "$ref": "#/components/schemas/NginxaasNginxConfigVersionObjectID" + }, + "scale": { + "$ref": "#/components/schemas/DeploymentScale" + } } }, - "FilterNameNapPolicy": { + "DeploymentObjectID": { "type": "string", - "description": "Keywords for NGINX App Protect policy filters.\nWhen filtering on `enforcement_mode`, only the following `filter_values` are supported:\n * blocking\n * transparent\nWhen filtering on `object_id`, both NAP Policy and NAP Policy version object id prefixes are supported.\n", - "enum": [ - "name", - "enforcement_mode", - "object_id", - "deployment_enforcement_mode", - "deployment_status" - ], - "x-enum-varnames": [ - "filter_name_nap_policy_name", - "filter_name_nap_policy_enforcement_mode", - "filter_name_nap_policy_object_id", - "filter_name_nap_policy_deployment_enforcement_mode", - "filter_name_nap_policy_deployment_status" - ] + "description": "A globally unique identifier for the deployment.", + "format": "object_id", + "pattern": "^depl_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } }, - "FilterNameNapPolicyDeployment": { + "NginxaasAccountID": { "type": "string", - "description": "Keywords for NGINX App Protect deployment filters.\nWhen filtering on `type`, only the following `filter_values` are supported:\n * instance\n * config_sync_group\nWhen filtering on `status`, only the following `filter_values` are supported:\n * deployed\n * deploying\n * failed\n", - "enum": [ - "name", - "type", - "policy_version", - "status", - "object_id" - ], - "x-enum-varnames": [ - "filter_name_nap_deployment_name", - "filter_name_nap_deployment_type", - "filter_name_nap_deployment_policy_version", - "filter_name_nap_deployment_status", - "filter_name_nap_deployment_object_id" - ] + "description": "NGINXaaS account id", + "format": "object_id", + "pattern": "^acc_.*", + "example": "acc_FsFgfeDtScOjGbQJDaVNiQ", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } }, - "FilterNameNapPolicyVersion": { + "NginxaasDescription": { "type": "string", - "description": "Keywords for NGINX App Protect policy version filters.\nWhen filtering on `deployment_status`, only the following `filter_values` are supported:\n * deployed\n * not_deployed\n * deploying\n * failed\nWhen filtering on `enforcement_mode`, only the following `filter_values` are supported:\n * blocking\n * transparent\n", - "enum": [ - "deployment_status", - "enforcement_mode", - "object_id" - ], - "x-enum-varnames": [ - "filter_name_nap_policy_version_deployment_status", - "filter_name_nap_policy_version_enforcement_mode", - "filter_name_nap_policy_version_object_id" - ] + "description": "Description of a resource.", + "maxLength": 256, + "example": "My example description" }, - "NapLogProfileObjectID": { - "description": "A globally unique identifier for the App Protect log profile.", + "NginxaasNginxConfigObjectID": { "type": "string", + "description": "A globally unique identifier for the NGINX config.", "format": "object_id", - "pattern": "^lp_.*", + "pattern": "^cfg_.*", + "example": "cfg_6zYc64JKR0uxnoEcLH1gGA", "x-go-type": "objects.ID", "x-go-type-import": { "name": "objects", "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "NapGlobalSettingObjectID": { - "description": "A globally unique identifier for the App Protect global settings object.", + "NginxaasNginxConfigVersionObjectID": { "type": "string", + "description": "NGINX config version object id", "format": "object_id", - "pattern": "^gs_.*", + "pattern": "^cv_.*", + "example": "cv_DrRnpntTRpGOxaroQ6aOFg", "x-go-type": "objects.ID", "x-go-type-import": { "name": "objects", "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } + }, + "ObservabilityMetricsRequest": { + "type": "object", + "required": [ + "metrics" + ], + "properties": { + "metrics": { + "description": "Array of observed metrics.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/ObservedMetric" + } + } + } + }, + "ObservedMetric": { + "description": "Details for a single observed metric.", + "type": "object", + "required": [ + "name", + "timestamp", + "unit", + "value" + ], + "properties": { + "name": { + "type": "string", + "example": "cpuUsage" + }, + "timestamp": { + "type": "string", + "format": "date-time", + "example": "2019-08-07T09:57:36.088757764Z" + }, + "unit": { + "type": "string", + "example": "%" + }, + "value": { + "type": "number", + "example": 80 + } + }, + "example": { + "name": "cpuUsage", + "timestamp": "2019-08-07T09:57:30Z", + "unit": "%", + "value": 80 + } } }, "examples": { @@ -10802,6 +16260,371 @@ } ] } + }, + "NginxUsageTrackingRequest": { + "value": { + "version": "1.25.3", + "hostname": "nginx-plus-r30", + "uuid": "cef61b72-2a6b-4bb8-ae2b-c6cb9f44a487", + "nap": "inactive", + "http": { + "client": { + "received": 0, + "sent": 0, + "connections": 0, + "requests": 0 + }, + "upstream": { + "received": 0, + "sent": 0, + "connections": 0 + } + }, + "stream": { + "client": { + "received": 0, + "sent": 0, + "connections": 0 + }, + "upstream": { + "received": 0, + "sent": 0, + "connections": 0 + } + }, + "deployment": { + "integration": "nic", + "cluster_id": "b5db8897-86db-4cd2-8c61-4a915db93d6d", + "cluster_node_count": 5, + "installation_id": "238efb5a-2a59-48c5-96cf-7d195b8af044" + }, + "workers": 2, + "uptime": 120, + "reloads": 0, + "start_time": 0, + "end_time": 0 + } + }, + "ChatbotRequest": { + "value": { + "messages": [ + { + "role": "user", + "content": "What is a dog and a cat?" + } + ] + } + }, + "ChatbotResponse": { + "value": { + "id": "cmpl-8a17ba557d904b2287bbf4e1ae22433b", + "object": "text_completion", + "created": "2023-10-01T00:00:00Z", + "choices": [ + { + "index": 0, + "text": "\n\nA dog is a domesticated mammal, a member of the species Canis lupus familiaris. Dogs are often referred to as \"man's best friend\" due to their long history of companionship with humans. They are highly social animals and thrive on interaction with their human families and other dogs. Dogs come in a wide range of sizes, shapes, and breeds, each with its unique characteristics and needs.\n\nA cat is a domesticated mammal, a member of the Felidae family. Cats are often independent and self-sufficient animals, but they also enjoy companionship with their human families and other cats. They are agile and graceful animals, known for their ability to jump high and climb trees. Cats come in a wide range of sizes, shapes, and breeds, each with its unique characteristics and needs.\n\nBoth dogs and cats have been domesticated for thousands of years and have become beloved companions for many people around the world. They each have their unique personalities and needs, and choosing between a dog and a cat ultimately comes down to personal preference and lifestyle." + } + ] + } + }, + "ChatbotFeedback": { + "value": { + "response_id": "chatcmpl-123", + "is_positive": false, + "message": "freeform evaluation", + "tags": { + "inaccurate": false, + "unhelpful": true, + "formatting": false, + "time": true, + "other": false + } + } + }, + "DeploymentListResponse": { + "value": { + "count": 3, + "items": [ + { + "id": "depl_6zYc64JKR0uxnoEcLH1gGA", + "account_id": "acc_FsFgfeDtScOjGbQJDaVNiQ", + "name": "tst-foo", + "description": "", + "cloud": "google", + "cloud_info": { + "region": "us-east1", + "network_attachment": "projects/foo/regions/us-east1/networkAttachments/foo", + "service_attachment": "projects/foo/regions/us-east1/serviceAttachments/foo", + "service_attachment_accept_list": [] + }, + "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", + "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", + "scale": { + "capacity": 10 + }, + "status": { + "provisioning_state": { + "state": "ready", + "details": "", + "modified_at": "2025-03-31T10:05:00Z" + }, + "config_state": { + "state": "ready", + "details": "", + "modified_at": "2025-03-31T10:05:00Z" + } + }, + "created_at": "2025-03-31T10:00:00Z", + "modified_at": "2025-03-31T10:05:00Z" + }, + { + "id": "depl_DrRnpntTRpGOxaroQ6aOFg", + "account_id": "acc_FsFgfeDtScOjGbQJDaVNiQ", + "name": "tst-bar", + "description": "test w/ network attachment from project bar", + "cloud": "google", + "cloud_info": { + "region": "eu-west-1", + "network_attachment": "projects/bar/regions/us-east1/networkAttachments/bar", + "service_attachment_accept_list": [ + "project-id1", + "project-id2" + ] + }, + "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", + "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", + "scale": { + "capacity": 20 + }, + "status": { + "provisioning_state": { + "state": "failed", + "details": "network attachment 'bar' not found", + "modified_at": "2025-03-31T11:03:00Z" + }, + "config_state": { + "state": "ready", + "details": "", + "modified_at": "2025-03-31T10:05:00Z" + } + }, + "created_at": "2025-03-31T11:00:00Z", + "modified_at": "2025-03-31T11:03:00Z" + }, + { + "id": "depl_4zYc35JKR0uxnoBcLH1gGA", + "account_id": "acc_AxFgfeDtScOjGbQJDaRHiQ", + "name": "tst-max", + "description": "", + "cloud": "google", + "cloud_info": { + "region": "us-east1", + "network_attachment": "projects/foo/regions/us-east1/networkAttachments/foo", + "service_attachment": "projects/foo/regions/us-east1/serviceAttachments/foo", + "service_attachment_accept_list": [ + "projects/project-1/networks/vpc-net1", + "projects/project-2/networks/vpc-net2" + ] + }, + "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", + "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", + "scale": { + "capacity": 100 + }, + "status": { + "provisioning_state": { + "state": "ready", + "details": "", + "modified_at": "2025-03-31T10:05:00Z" + }, + "config_state": { + "state": "pending", + "details": "", + "modified_at": "2025-03-31T10:05:00Z" + } + }, + "created_at": "2025-03-31T10:00:00Z", + "modified_at": "2025-03-31T10:05:00Z" + } + ] + } + }, + "DeploymentCreateRequest": { + "value": { + "name": "tst-foo", + "description": "", + "cloud": "google", + "cloud_info": { + "region": "us-east1", + "network_attachment": "projects/foo/regions/us-east1/networkAttachments/foo", + "service_attachment_accept_list": [ + "project-foo", + "project-bar" + ] + }, + "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", + "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", + "scale": { + "capacity": 10 + } + } + }, + "DeploymentCreateResponse": { + "value": { + "id": "depl_6zYc64JKR0uxnoEcLH1gGA", + "account_id": "acc_FsFgfeDtScOjGbQJDaVNiQ", + "name": "tst-foo", + "description": "", + "cloud": "google", + "cloud_info": { + "region": "us-east1", + "network_attachment": "projects/foo/regions/us-east1/networkAttachments/foo", + "service_attachment_accept_list": [ + "project-foo", + "project-bar" + ] + }, + "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", + "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", + "status": { + "provisioning_state": { + "state": "pending", + "details": "", + "modified_at": "2025-03-31T10:05:00Z" + }, + "config_state": { + "state": "pending", + "details": "", + "modified_at": "2025-03-31T10:05:00Z" + } + }, + "scale": { + "capacity": 10 + }, + "created_at": "2025-03-31T10:05:00Z", + "modified_at": "2025-03-31T10:05:00Z" + } + }, + "DeploymentGetResponse": { + "value": { + "id": "depl_6zYc64JKR0uxnoEcLH1gGA", + "account_id": "acc_FsFgfeDtScOjGbQJDaVNiQ", + "name": "tst-foo", + "description": "", + "cloud": "google", + "cloud_info": { + "region": "us-east1", + "network_attachment": "projects/foo/regions/us-east1/networkAttachments/foo", + "service_attachment": "projects/foo/regions/us-east1/serviceAttachments/foo", + "service_attachment_accept_list": [ + "projects/project-foo/networks/vpc-foo", + "projects/project-bar/networks/vpc-bar" + ] + }, + "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", + "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", + "scale": { + "capacity": 10 + }, + "status": { + "provisioning_state": { + "state": "ready", + "details": "", + "modified_at": "2025-03-31T10:05:00Z" + }, + "config_state": { + "state": "pending", + "details": "", + "modified_at": "2025-03-31T10:05:00Z" + } + }, + "created_at": "2025-03-31T10:00:00Z", + "modified_at": "2025-03-31T10:05:00Z" + } + }, + "DeploymentUpdateRequest": { + "value": { + "name": "poc-foo", + "description": "test deployment for project foo", + "cloud_info": { + "service_attachment_accept_list": [] + }, + "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", + "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA" + } + }, + "DeploymentUpdateResponse": { + "value": { + "id": "depl_6zYc64JKR0uxnoEcLH1gGA", + "account_id": "acc_FsFgfeDtScOjGbQJDaVNiQ", + "name": "poc-foo", + "description": "test deployment for project foo", + "cloud": "google", + "cloud_info": { + "region": "us-east1", + "network_attachment": "projects/foo/regions/us-east1/networkAttachments/foo", + "service_attachment": "projects/foo/regions/us-east1/serviceAttachments/foo", + "service_attachment_accept_list": [] + }, + "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", + "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", + "scale": { + "capacity": 10 + }, + "status": { + "provisioning_state": { + "state": "ready", + "details": "", + "modified_at": "2025-03-31T10:05:00Z" + }, + "config_state": { + "state": "pending", + "details": "", + "modified_at": "2025-03-31T10:05:00Z" + } + }, + "created_at": "2025-03-31T10:00:00Z", + "modified_at": "2025-03-31T10:05:00Z" + } + }, + "DeploymentDeleteResponse": { + "value": { + "id": "depl_6zYc64JKR0uxnoEcLH1gGA", + "account_id": "acc_FsFgfeDtScOjGbQJDaVNiQ", + "name": "poc-foo", + "description": "test deployment for project foo", + "cloud": "google", + "cloud_info": { + "region": "us-east1", + "network_attachment": "projects/foo/regions/us-east1/networkAttachments/foo", + "service_attachment": "projects/foo/regions/us-east1/serviceAttachments/foo", + "service_attachment_accept_list": [ + "projects/project-foo/networks/vpc-foo", + "projects/project-bar/networks/vpc-bar" + ] + }, + "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", + "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", + "scale": { + "capacity": 10 + }, + "status": { + "provisioning_state": { + "state": "deleting", + "details": "", + "modified_at": "2025-03-31T10:15:00Z" + }, + "config_state": { + "state": "ready", + "details": "", + "modified_at": "2025-03-31T10:05:00Z" + } + }, + "created_at": "2025-03-31T10:00:00Z", + "modified_at": "2025-03-31T10:05:00Z", + "deleted_at": "2025-03-31T10:15:00Z" + } } }, "responses": { @@ -10844,6 +16667,16 @@ } } } + }, + "Conflict": { + "description": "Requested operation cannot be performed at this time.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } } }, "securitySchemes": { @@ -10865,6 +16698,7 @@ "name": "Manage NGINX Instances", "tags": [ "Instances", + "Feature Flags", "Config Sync Groups", "Certificates", "CVEs", @@ -10885,11 +16719,41 @@ "Settings" ] }, + { + "name": "NGINX Usage API", + "tags": [ + "Usage" + ] + }, + { + "name": "Chatbot API", + "tags": [ + "Chatbot" + ] + }, + { + "name": "NGINX Plus Usage Inventory", + "tags": [ + "Inventory" + ] + }, { "name": "NGINX One App Protect", "tags": [ "NGINX App Protect" ] + }, + { + "name": "Manage NAAS deployments", + "tags": [ + "Deployments" + ] + }, + { + "name": "Load Test API", + "tags": [ + "Load Test" + ] } ] } \ No newline at end of file From 8fe57ddcd5cb9048a1809912863d51c31fc6cec3 Mon Sep 17 00:00:00 2001 From: Mike Jang <3287976+mjang@users.noreply.github.com> Date: Tue, 19 Aug 2025 10:11:50 -0700 Subject: [PATCH 2/3] update --- static/nginx-one/api/one.json | 18328 +++++++++++--------------------- 1 file changed, 6476 insertions(+), 11852 deletions(-) diff --git a/static/nginx-one/api/one.json b/static/nginx-one/api/one.json index d983c8513..b142af24d 100644 --- a/static/nginx-one/api/one.json +++ b/static/nginx-one/api/one.json @@ -16,12 +16,6 @@ "description": "The `Instance` object represents an active NGINX installation. \nYou can access detailed information about each NGINX instance, including its configuration analysis, security advisories, and operational status.\n", "x-displayName": "Instances" }, - { - "name": "Feature Flags", - "x-nodoc": true, - "description": "Get details about which feature flags are enabled in the NGINX One console. \nFeature flags are used to toggle the availability of application features or modules without changing code.\n", - "x-displayName": "Feature Flags" - }, { "name": "Config Sync Groups", "description": "The `ConfigSyncGroups` object represents a NGINX config sync group where `Instances` are grouped to have same configuration. \nYou can access detailed information about each NGINX config sync group, including its configuration analysis and operational status.\n", @@ -54,8 +48,6 @@ }, { "name": "Metrics", - "x-nodoc": true, - "description": "Get system metrics for your NGINX data plane instances. These metrics are collected by the NGINX Agent and reported to NGINX One.\n", "x-displayName": "Metrics" }, { @@ -63,54 +55,15 @@ "description": "Configuration option for different aspect of NGINX One service.\nYou can set NGINX Instance cleanup preferences.\n", "x-displayName": "Settings" }, - { - "name": "Usage", - "x-nodoc": true, - "description": "Usage information", - "x-displayName": "Usage" - }, - { - "name": "Chatbot", - "x-nodoc": true, - "description": "This API allows you to interact with the chatbot assistant", - "x-displayName": "Chatbot" - }, - { - "name": "Inventory", - "x-nodoc": true, - "description": "Get tenant usage information for NGINX Plus data plane instances. These metrics are collected by the NGINX data plane instances and reported to NGINX One Console.\n", - "x-displayName": "Inventory" - }, { "name": "NGINX App Protect", "description": "Manage and publish security policies on your NGINX data plane instances.\n", "x-displayName": "NGINX App Protect" - }, - { - "name": "Deployments", - "description": "Manage NAAS deployments.", - "x-displayName": "Deployments" - }, - { - "name": "Load Test", - "x-nodoc": true, - "description": "Load Test actions", - "x-displayName": "Load Test" } ], "paths": { "/data-plane-keys": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], + "servers": [], "get": { "tags": [ "Data Plane Key" @@ -176,48 +129,38 @@ } } }, - "post": { + "patch": { + "x-nginx-one-action": "bulk", + "x-nginx-one-entity": "data plane key", "tags": [ "Data Plane Key" ], - "x-nginx-one-action": "create", - "x-nginx-one-entity": "data plane key", - "summary": "Create a data plane key", - "description": "Creates a unique data plane key that you can use to register NGINX instances with NGINX One.\n\n**IMPORTANT**: Save the data plane key somewhere secure for reference. The key is displayed only once and cannot be retrieved again.\n", - "operationId": "createDataPlaneKey", + "summary": "Bulk operation on multiple data plane keys", + "operationId": "BulkDataPlaneKeys", + "description": "Performs bulk operation on one or more data plane keys, only delete is supported.", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DataPlaneKeyCreateRequest" - }, - "examples": { - "DataPlaneKeyCreateRequest": { - "$ref": "#/components/examples/DataPlaneKeyRequest" - } + "$ref": "#/components/schemas/DataPlaneKeyBulkRequest" } } } }, "responses": { "200": { - "description": "Successfully created the data plane key.", + "description": "Batch request completed.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DataPlaneKeyResponse" - }, - "examples": { - "DataPlaneKeyResponse": { - "$ref": "#/components/examples/DataPlaneKeyResponse" - } + "$ref": "#/components/schemas/DataPlaneKeyBulkResponse" } } } }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -238,38 +181,48 @@ } } }, - "patch": { - "x-nginx-one-action": "bulk", - "x-nginx-one-entity": "data plane key", + "post": { "tags": [ "Data Plane Key" ], - "summary": "Bulk operation on multiple data plane keys", - "operationId": "BulkDataPlaneKeys", - "description": "Performs bulk operation on one or more data plane keys, only delete is supported.", + "x-nginx-one-action": "create", + "x-nginx-one-entity": "data plane key", + "summary": "Create a data plane key", + "description": "Creates a unique data plane key that you can use to register NGINX instances with NGINX One.\n\n**IMPORTANT**: Save the data plane key somewhere secure for reference. The key is displayed only once and cannot be retrieved again.\n", + "operationId": "createDataPlaneKey", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DataPlaneKeyBulkRequest" + "$ref": "#/components/schemas/DataPlaneKeyCreateRequest" + }, + "examples": { + "DataPlaneKeyCreateRequest": { + "$ref": "#/components/examples/DataPlaneKeyRequest" + } } } } }, "responses": { "200": { - "description": "Batch request completed.", + "description": "Successfully created the data plane key.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DataPlaneKeyBulkResponse" + "$ref": "#/components/schemas/DataPlaneKeyResponse" + }, + "examples": { + "DataPlaneKeyResponse": { + "$ref": "#/components/examples/DataPlaneKeyResponse" + } } } } }, - "401": { - "description": "Access denied.", + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { "application/json": { "schema": { @@ -292,47 +245,37 @@ } }, "/data-plane-keys/{data_plane_key_id}": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { + "servers": [], + "delete": { "tags": [ "Data Plane Key" ], - "summary": "Retrieve a data plane key", - "description": "Retrieves the details for an existing data plane key.\n", - "operationId": "getDataPlaneKey", + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "data plane key", + "summary": "Delete a data plane key", + "description": "Deletes a data plane key.\n", + "operationId": "deleteDataPlaneKey", "parameters": [ { "$ref": "#/components/parameters/DataPlaneKeyParamObjectID" } ], "responses": { - "200": { - "description": "Successfully retrieved the details of the data plane key.", + "204": { + "description": "Successfully deleted the data plane key." + }, + "404": { + "description": "The data plane key with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DataPlaneKey" - }, - "examples": { - "DataPlaneKeys": { - "$ref": "#/components/examples/DataPlaneKey" - } + "$ref": "#/components/schemas/Error" } } } }, - "401": { - "description": "Access denied.", + "409": { + "description": "Cannot delete an active data plane key. Revoke the key first, then try deleting it again.", "content": { "application/json": { "schema": { @@ -353,36 +296,36 @@ } } }, - "delete": { + "get": { "tags": [ "Data Plane Key" ], - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "data plane key", - "summary": "Delete a data plane key", - "description": "Deletes a data plane key.\n", - "operationId": "deleteDataPlaneKey", + "summary": "Retrieve a data plane key", + "description": "Retrieves the details for an existing data plane key.\n", + "operationId": "getDataPlaneKey", "parameters": [ { "$ref": "#/components/parameters/DataPlaneKeyParamObjectID" } ], "responses": { - "204": { - "description": "Successfully deleted the data plane key." - }, - "404": { - "description": "The data plane key with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "200": { + "description": "Successfully retrieved the details of the data plane key.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/DataPlaneKey" + }, + "examples": { + "DataPlaneKeys": { + "$ref": "#/components/examples/DataPlaneKey" + } } } } }, - "409": { - "description": "Cannot delete an active data plane key. Revoke the key first, then try deleting it again.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -482,17 +425,7 @@ } }, "/data-plane-keys/{data_plane_key_id}/revoke": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], + "servers": [], "put": { "tags": [ "Data Plane Key" @@ -546,78 +479,14 @@ } } }, - "/instances/summary": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { - "tags": [ - "Instances" - ], - "summary": "Retrieve a summary for all instances", - "description": "Retrieves a comprehensive summary for all NGINX instances, which includes details such as:\n * Certificate status and associations\n * Operating system details\n * Version of the NGINX Agent\n * Overall system status\n", - "operationId": "listSummary", - "responses": { - "200": { - "description": "Successfully retrieved the summary of NGINX instances.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/InstanceSummary" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - } - }, - "/instances": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], + "/certificates": { + "servers": [], "get": { "tags": [ - "Instances" + "Certificates" ], - "summary": "List all instances", - "operationId": "listInstances", - "description": "Returns a list of all NGINX instances, providing details such as:\n * Unique identifiers for each instance\n * Timestamps for key actions (like registration and last report)\n * Information about the NGINX build\n * Version of the NGINX Agent\n", + "summary": "List all SSL certificates", + "description": "Returns a paginated list showing metadata for every SSL certificate.\n", "parameters": [ { "$ref": "#/components/parameters/Paginated" @@ -629,7 +498,7 @@ "$ref": "#/components/parameters/Offset" }, { - "$ref": "#/components/parameters/FilterFieldInstances" + "$ref": "#/components/parameters/FilterFieldCertificates" }, { "$ref": "#/components/parameters/FilterOperands" @@ -641,16 +510,17 @@ "$ref": "#/components/parameters/SortDirection" }, { - "$ref": "#/components/parameters/SortNameInstances" + "$ref": "#/components/parameters/SortNameCertificates" } ], + "operationId": "listCertificates", "responses": { "200": { - "description": "Successfully retrieved the list of instances.", + "description": "Successfully retrieved the list of SSL certificates.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/InstanceListResponse" + "$ref": "#/components/schemas/CertificateListResponse" } } } @@ -677,32 +547,42 @@ } } }, - "patch": { - "x-nginx-one-action": "bulk", - "x-nginx-one-entity": "NGINX instance", + "post": { + "x-nginx-one-action": "create", + "x-nginx-one-entity": "NGINX certificate", "tags": [ - "Instances" + "Certificates" ], - "summary": "Bulk operation on multiple instances", - "operationId": "BulkInstances", - "description": "Performs bulk operation on one or more NGINX instances, only delete is supported.", + "summary": "Create an SSL certificate", + "operationId": "createCertificate", + "description": "Creates a new SSL certificate with an optional name. \nYou must supply the certificate's content in base64-encoded PEM format.\nAny warnings will be displayed only upon creation of the certificate object, and\nis not retrievable after it is created.\n", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/InstanceBulkRequest" + "$ref": "#/components/schemas/CertificateRequest" } } } }, "responses": { "200": { - "description": "Batch request completed.", + "description": "Successfully created the SSL certificate.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/InstanceBulkResponse" + "$ref": "#/components/schemas/CertificateResponse" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" } } } @@ -730,66 +610,38 @@ } } }, - "/instances/{instanceObjectID}/cves": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { - "tags": [ - "Instances" + "/certificates/{certificateObjectID}": { + "servers": [], + "delete": { + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "NGINX certificate", + "tags": [ + "Certificates" ], - "summary": "Retrieve an instance's security advisories (CVEs)", - "description": "Retrieves a list of the security advisories (CVEs) for an NGINX instance.", - "operationId": "listInstanceSecurityAdvisories", + "summary": "Delete an SSL certificate", + "operationId": "deleteCertificate", + "description": "* Deletes a managed SSL certificate from the NGINX One console. This operation is disabled for unmanaged certificates, as they get cleaned up automatically when they are not used in any NGINX configuration. \n* An optional flag `deleteFromDataPlanes` when set to true, can be used to remove the certificate from data plane instances to where it was deployed.\n * Deleting from data planes triggers publications on either instances or Config Sync Groups. After the managed cert object is deleted from NGINX One Console, a `PublicationBulkResponse` is returned along with status code 202, indicating whether an error occurred while issuing a publication to a data plane target.\n * If this cert is not associated with any data plane, status code 204 is returned when `deleteFromDataPlanes` set to true.\n", "parameters": [ { - "$ref": "#/components/parameters/InstanceParamObjectID" + "$ref": "#/components/parameters/DeleteFromDataPlanesParamFlag" } ], "responses": { - "200": { - "description": "Successfully retrieved the list of security advisories (CVEs).", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NginxSecurityAdvisory" - } - } - } - } - }, - "401": { - "description": "Access denied.", + "202": { + "description": "Successfully deleted the SSL certificate. Handling deletion of certificate from data planes in the background.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/PublicationBulkResponse" } } } }, - "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "204": { + "description": "Successfully deleted the SSL certificate." }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { "application/json": { "schema": { @@ -797,44 +649,6 @@ } } } - } - } - } - }, - "/instances/{instanceObjectID}": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { - "tags": [ - "Instances" - ], - "summary": "Retrieve an instance", - "description": "Retrieves the details for an NGINX instance, including\n* Hostname\n* System status\n* Timestamps of key actions (registration, last reported, etc.)\n* NGINX build information\n* Certificate data\n* Operating system version\n* NGINX Agent version\n* Config Sync Group membership details\n* Control plane object ID, name, product and version\n", - "operationId": "getInstance", - "parameters": [ - { - "$ref": "#/components/parameters/InstanceParamObjectID" - } - ], - "responses": { - "200": { - "description": "Successfully retrieved the details of the NGINX instance.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/InstanceDetails" - } - } - } }, "401": { "description": "Access denied.", @@ -847,7 +661,7 @@ } }, "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -868,23 +682,23 @@ } } }, - "delete": { + "get": { "tags": [ - "Instances" - ], - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "NGINX instance", - "summary": "Delete an instance", - "description": "Deletes an NGINX instance. Associations with certificates will be cleaned up.\n", - "operationId": "deleteInstance", - "parameters": [ - { - "$ref": "#/components/parameters/InstanceParamObjectID" - } + "Certificates" ], + "summary": "Retrieve an SSL certificate", + "operationId": "getCertificate", + "description": "Retrieves the details for an SSL certificate, including:\n* Object ID that uniquely identifies this certificate object\n* SSL certificate type (managed or unmanaged by NGINX One Console)\n* Certificate type (whether it is a CA bundle or a certificate-key pair)\n* Subject name of the leaf certificate, or the soonest-expiring CA in a bundle\n * This subject name will be the DNS name in the SAN extension of the certificate. If not present, it will be the certificate's common name\n* Status of the certificate (valid, expiring, expired)\n* Validity period, if applicable to multiple certificates\n* Metadata for each public certificate if multiples are provided\n* Private key metadata, if available\n", "responses": { - "204": { - "description": "Successfully deleted the NGINX instance." + "200": { + "description": "Successfully retrieved the details of the SSL certificate.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CertificateResponse" + } + } + } }, "401": { "description": "Access denied.", @@ -897,7 +711,7 @@ } }, "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -917,46 +731,38 @@ } } } - } - }, - "/instances/parse-nginx-config": { - "servers": [ + }, + "parameters": [ { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true + "$ref": "#/components/parameters/CertificateParamObjectID" } ], - "put": { + "patch": { + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX certificate", "tags": [ - "Instances" + "Certificates" ], - "x-nginx-one-action": "parse", - "x-nginx-one-entity": "NGINX instance configuration", - "summary": "Generate a crossplane representation of provided NGINX configuration.", - "description": "Returns a crossplane representation of provided NGINX config.", - "operationId": "parseNginxConfig", + "summary": "Update an SSL certificate", + "operationId": "updateCertificate", + "description": "Updates public certificates, private keys, or both. \nThis endpoint can also be used to update a Certificate Authority (CA) bundle.\n", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" + "$ref": "#/components/schemas/CertificateUpdateRequest" } } } }, "responses": { "200": { - "description": "Successfully parsed the provided NGINX configuration.", + "description": "Successfully updated the specified SSL certificate.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ParsedNginxConfig" + "$ref": "#/components/schemas/CertificateResponse" } } } @@ -981,6 +787,16 @@ } } }, + "404": { + "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -994,46 +810,67 @@ } } }, - "/instances/{instanceObjectID}/config-report": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "parameters": [ - { - "$ref": "#/components/parameters/InstanceParamObjectID" - } - ], + "/certificates/{certificateObjectID}/deployments": { + "servers": [], "get": { "tags": [ - "Instances" + "Certificates" ], - "summary": "Retrieve an analysis report for an instance's configuration", - "description": "Analyzes the configuration of an NGINX instance and returns a detailed report.\nThe report includes insights, identified issues, and recommendations for optimizing and troubleshooting.\n", - "operationId": "getInstanceConfigReport", + "summary": "List SSL certificate deployments", + "description": "Returns a paginated list showing all the deployments for a SSL certificate and assigned file path(s).\n", + "parameters": [ + { + "$ref": "#/components/parameters/CertificateParamObjectID" + }, + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/FilterFieldCertificateDeployments" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameCertificateDeployments" + } + ], + "operationId": "listCertificateDeployments", "responses": { "200": { - "description": "Successfully retrieved the NGINX configuration analysis for the specified instance.", + "description": "Successfully retrieved the list of SSL certificate deployments.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigReports" + "$ref": "#/components/schemas/CertificateDeploymentListResponse" } } } }, - "204": { - "description": "The requested instance exists, but analysis of the NGINX configuration is not yet completed. Please retry the request at a later time to retrieve the report." + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } }, "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -1053,33 +890,36 @@ } } } - }, - "put": { + } + }, + "/certificates/parse": { + "servers": [], + "post": { + "x-nginx-one-action": "validate", + "x-nginx-one-entity": "NGINX certificate", "tags": [ - "Instances" + "Certificates" ], - "x-nginx-one-action": "analyze", - "x-nginx-one-entity": "NGINX instance configuration", - "summary": "Generate an analysis report for the provided configuration", - "description": "Returns an analysis report for the provided NGINX configuration. This report includes insights, identified issues, and recommendations for optimizing and troubleshooting. Note that this operation is for analysis purposes only and does not apply any changes to the configuration. The report is not stored and is provided only in the API response. To publish the configuration, use the `PUT /instances/{instanceObjectID}/config` endpoint.", - "operationId": "analyzeInstanceConfig", + "summary": "Parse and validate an SSL certificate", + "operationId": "parseCertificate", + "description": "Parses and validates an SSL certificate. \nIt checks the provided PEM files and verifies that the public certificates follow the correct X.509 format. \nIf the certificate cannot be parsed, an error will be returned. \nOtherwise, as long as the certificate is parsable, a `200 OK` status will be returned even if there are issues \nsuch as mismatched private keys or expired certificates. Details of any issues found will be shown in the \"warnings\" field of the response.\n", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" + "$ref": "#/components/schemas/CertificateRequest" } } } }, "responses": { "200": { - "description": "Successfully analyzed the provided NGINX configuration.", + "description": "Successfully parsed and validated the SSL certificate.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigReports" + "$ref": "#/components/schemas/CertificateResponse" } } } @@ -1104,16 +944,6 @@ } } }, - "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -1125,43 +955,53 @@ } } } - }, - "patch": { + } + }, + "/config-report": { + "servers": [] + }, + "/config-sync-groups": { + "servers": [], + "get": { "tags": [ - "Instances" + "Config Sync Groups" ], - "x-nginx-one-action": "analyze", - "x-nginx-one-entity": "NGINX instance configuration", - "summary": "Generate an analysis report for the provided modified configuration", - "description": "Analyzes the provided partial updates to an existing NGINX configuration and generates a report detailing potential issues along with optimization suggestions. \nThis analysis accounts for additive updates made to `NginxConfig`. To delete files, omit the `file.contents` field. \nThis method compares the provided `config_version` with the current NGINX instance configuration to detect conflicts, which may arise if the `config_version` does not match due to an out-of-band update. \nNote that this operation is for analysis purposes only and does not apply any changes to the configuration. \nThe report is not stored and is provided only in the API response.\nTo publish the configuration, use the `PATCH /instances/{instanceObjectID}/config` endpoint.\n", - "operationId": "analyzeInstanceConfigWithModify", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" - } - } + "summary": "List all config sync groups", + "operationId": "listConfigSyncGroups", + "description": "Returns a list of all NGINX config sync groups, providing details such as:\n * Name of the config sync group\n * List of instance with details\n * Version of the NGINX configuration that's expected to be on all listed instances\n * Status of apply configuration operation \n * Timestamp of last reported action\n", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/FilterFieldConfigSyncGroups" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameConfigSyncGroups" } - }, + ], "responses": { "200": { - "description": "Successfully analyzed the provided NGINX configuration.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfigReports" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "description": "Successfully retrieved the list of NGINX config sync groups.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/ConfigSyncGroupListResponse" } } } @@ -1176,16 +1016,6 @@ } } }, - "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -1197,39 +1027,33 @@ } } } - } - }, - "/instances/{instanceObjectID}/config": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "parameters": [ - { - "$ref": "#/components/parameters/InstanceParamObjectID" - } - ], - "get": { + }, + "patch": { + "x-nginx-one-action": "bulk", + "x-nginx-one-entity": "config sync group", "tags": [ - "Instances" + "Config Sync Groups" ], - "summary": "Retrieve an instance's configuration details", - "description": "Returns the configuration details for an NGINX instance, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Details about deployed payloads of managed SSL certificates and keys\n* Unique identifiers\n", - "operationId": "getInstanceConfig", + "summary": "Bulk operation on multiple config sync groups", + "operationId": "BulkConfigSyncGroups", + "description": "Performs bulk operation on one or more config sync groups, only delete is supported.", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ConfigSyncGroupBulkRequest" + } + } + } + }, "responses": { "200": { - "description": "Successfully retrieved the configuration details for the specified NGINX instance.", + "description": "Batch request completed.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfig" + "$ref": "#/components/schemas/ConfigSyncGroupBulkResponse" } } } @@ -1244,16 +1068,6 @@ } } }, - "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -1266,48 +1080,38 @@ } } }, - "put": { + "post": { + "x-nginx-one-action": "create", + "x-nginx-one-entity": "NGINX config sync group", "tags": [ - "Instances" + "Config Sync Groups" ], - "x-nginx-one-action": "create", - "x-nginx-one-entity": "NGINX instance configuration", - "summary": "Publish a configuration to an instance", - "description": "Publishes a new or updated NGINX configuration to the specified instance.\nIn the specified `configs`, empty files are not allowed in the directory.\nIf no existing configuration is found, a new one is created; otherwise, the current configuration is overwritten. \nBefore publishing, use the `PUT /instances/{instanceObjectID}/config-report` endpoint to generate an analysis report for the provided configuration.\nYou can specify `payloads` in the request to deploy managed certificates and keys to the dataplane. Include file paths\nfor each payload component.\n", - "operationId": "publishInstanceConfig", + "summary": "Create an NGINX config sync group", + "operationId": "createConfigSyncGroup", + "description": "Create NGINX config sync group with a unique name to identify it within the tenant namespace.\n", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" + "$ref": "#/components/schemas/ConfigSyncGroupCreateRequest" } } } }, "responses": { - "202": { - "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /instances/{instanceObjectID}/publications.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PublicationInstance" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "200": { + "description": "Successfully created NGINX config sync group", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/ConfigSyncGroupCreateResponse" } } } }, "401": { - "description": "Access denied.", + "description": "Access denied", "content": { "application/json": { "schema": { @@ -1316,8 +1120,8 @@ } } }, - "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "409": { + "description": "The NGINX config sync group can't be created because the name is already in use", "content": { "application/json": { "schema": { @@ -1337,49 +1141,25 @@ } } } - }, - "patch": { + } + }, + "/config-sync-groups/{configSyncGroupObjectID}": { + "servers": [], + "delete": { + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "NGINX config sync group", "tags": [ - "Instances" + "Config Sync Groups" ], - "x-nginx-one-action": "update", - "x-nginx-one-entity": "NGINX instance configuration", - "summary": "Apply partial updates to an instance's configuration", - "description": "Applies the specified partial updates to an existing NGINX configuration. \nThis endpoint accepts additive updates to `NginxConfig`. \nTo delete files, omit the `file.contents` field. \nThis method compares the provided config_version with the current NGINX instance configuration to detect conflicts, which may arise if the config_version does not match due to an out-of-band update. \nBefore publishing, use the `PATCH /instances/{instanceObjectID}/config-report` endpoint to generate an analysis report for the modified configuration.\n", - "operationId": "publishInstanceConfigWithModify", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" - } - } - } - }, + "summary": "Delete an NGINX config sync group", + "description": "Delete a NGINX config sync group from the NGINX One console. You can delete a config sync group, only if it contains no NGINX instances.\n", + "operationId": "deleteConfigSyncGroup", "responses": { - "202": { - "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /instances/{instanceObjectID}/publications.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PublicationInstance" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "204": { + "description": "Successfully deleted the NGINX config sync group" }, "401": { - "description": "Access denied.", + "description": "Access denied", "content": { "application/json": { "schema": { @@ -1389,7 +1169,7 @@ } }, "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -1409,48 +1189,32 @@ } } } - } - }, - "/instances/{instanceObjectID}/configs": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "parameters": [ - { - "$ref": "#/components/parameters/InstanceParamObjectID" - } - ], + }, "get": { "tags": [ - "Instances" + "Config Sync Groups" ], - "summary": "Retrieves the stored NGINX configurations for an instance", - "description": "Returns a list of all configurations for a NGINX instance. Only the last 10 are kept on the NGINX One Console for a NGINX instance.", - "operationId": "listInstanceConfigurations", + "summary": "Retrieve an NGINX config sync group", + "description": "Retrieve the details for an NGINX config sync group, including:\n* name\n* Instances and details of each instance\n* Timestamp of last reported action\n* NGINX config version on the config sync group\n* Certificate summary referenced by config sync group members\n* NGINX config sync operation status\n* Last config sync group publication operation status\n", + "operationId": "getConfigSyncGroup", "responses": { "200": { - "description": "Successfully retrieved the list of NGINX configurations for the specified NGINX instance.", + "description": "Successfully retrieved the details of the NGINX config sync group.", "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NginxConfigMeta" + "$ref": "#/components/schemas/ConfigSyncGroupDetails" + }, + "examples": { + "ConfigSyncGroupDetails": { + "$ref": "#/components/examples/ConfigSyncGroupDetails" } } } } }, "401": { - "description": "Access denied.", + "description": "Access denied", "content": { "application/json": { "schema": { @@ -1460,7 +1224,7 @@ } }, "404": { - "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -1480,38 +1244,25 @@ } } } - } - }, - "/instances/{instanceObjectID}/configs/{instanceConfigurationObjectID}": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], + }, "parameters": [ { - "$ref": "#/components/parameters/InstanceParamObjectID" - }, - { - "$ref": "#/components/parameters/InstanceConfigurationParamObjectID" + "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" } - ], - "get": { + ] + }, + "/config-sync-groups/{configSyncGroupObjectID}/config": { + "servers": [], + "get": { "tags": [ - "Instances" + "Config Sync Groups" ], - "summary": "Retrieve an instance's configuration details", - "description": "Returns the configuration details for an NGINX instance, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Unique identifiers\n", - "operationId": "getInstanceConfigWithObjectID", + "summary": "Retrieve a config sync group's configuration details", + "description": "Returns the configuration details for a NGINX config sync group, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Unique identifiers\n", + "operationId": "getConfigSyncGroupConfig", "responses": { "200": { - "description": "Successfully retrieved the configuration details for the specified NGINX instance and NGINX configuration.", + "description": "Successfully retrieved the configuration details for the specified NGINX config sync group.", "content": { "application/json": { "schema": { @@ -1531,7 +1282,7 @@ } }, "404": { - "description": "The NGINX instance or NGINX configuration with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -1551,48 +1302,74 @@ } } } - } - }, - "/instances/{instanceObjectID}/publications": { - "servers": [ + }, + "parameters": [ { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true + "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" } ], - "get": { + "patch": { "tags": [ - "Instances" + "Config Sync Groups" ], - "summary": "Retrieve the publications for an instance", - "description": "Returns a list of all publications for a NGINX instance.", - "operationId": "listInstancePublications", - "parameters": [ - { - "$ref": "#/components/parameters/InstanceParamObjectID" + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX config sync group configuration", + "summary": "Apply partial updates to config sync group's configuration", + "description": "Applies the specified partial updates to an existing NGINX configuration. Details:\n * This endpoint accepts additive updates to `NginxConfig`. \n * To delete files, omit the `file.contents` field. \n * This method compares the provided config_version with the current NGINX config sync group configuration to detect conflicts, which may arise if the config_version does not match due to an out-of-band update.\n", + "operationId": "patchConfigSyncGroupConfig", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NginxConfigRequest" + } + } } - ], + }, "responses": { "200": { - "description": "Successfully retrieved the list of all publications for the specified NGINX instance.", + "description": "Successfully stored the configuration of the NGINX config sync group", "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/PublicationInstance" - } + "$ref": "#/components/schemas/NginxConfig" + } + } + } + }, + "202": { + "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /config-sync-groups/{configSyncGroupObjectID}/publications.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PublicationInstance" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" } } } }, "401": { - "description": "Access denied.", + "description": "Access denied", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "404": { + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -1612,48 +1389,59 @@ } } } - } - }, - "/instances/{instanceObjectID}/publications/{publicationObjectID}": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { + }, + "put": { "tags": [ - "Instances" + "Config Sync Groups" ], - "summary": "Retrieve a publication for an NGINX instance.", - "description": "Returns a specific publication for an NGINX instance. Only 5 previous entries of Publication are kept for each NGINX instance.", - "operationId": "getInstancePublication", - "parameters": [ - { - "$ref": "#/components/parameters/InstanceParamObjectID" - }, - { - "$ref": "#/components/parameters/PublicationParamObjectID" + "x-nginx-one-action": "create", + "x-nginx-one-entity": "NGINX config sync group configuration", + "summary": "Publish a configuration to NGINX config sync group", + "description": "Publishes a new or updated NGINX configuration to the specified config sync group. \nIf no existing configuration is found, a new one is created; otherwise, the current configuration is overwritten.\n", + "operationId": "publishConfigSyncGroupConfig", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NginxConfigRequest" + } + } } - ], + }, "responses": { "200": { - "description": "Successfully retrieved the specific Publication for the specified NGINX instance.", + "description": "Successfully stored the configuration of the NGINX config sync group.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PublicationInstance" + "$ref": "#/components/schemas/NginxConfig" + } + } + } + }, + "202": { + "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /config-sync-groups/{configSyncGroupObjectID}/publications.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ConfigSyncGroupPublication" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" } } } }, "401": { - "description": "Access denied.", + "description": "Access denied", "content": { "application/json": { "schema": { @@ -1663,7 +1451,7 @@ } }, "404": { - "description": "The NGINX instance or Publication with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -1685,42 +1473,31 @@ } } }, - "/features": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], + "/config-sync-groups/{configSyncGroupObjectID}/config-report": { + "servers": [], "get": { - "x-nodoc": true, "tags": [ - "Feature Flags" + "Config Sync Groups" ], - "summary": "List all enabled feature flags", - "description": "Returns a list of all the enabled feature flags in the NGINX One console.", - "operationId": "getEnabledFeatureFlags", + "summary": "Retrieve an analysis report for the configuration of an NGINX config sync group", + "description": "Analyzes the configuration of an NGINX config sync group and returns a detailed report.\nThe report includes insights, identified issues, and recommendations for optimizing and troubleshooting.\n", + "operationId": "getConfigSyncGroupConfigReport", "responses": { "200": { - "description": "Successfully retrieved the list of enabled feature flags.", + "description": "Successfully retrieved the NGINX configuration analysis for the specified config sync group.", "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FeatureFlagKey" - } + "$ref": "#/components/schemas/NginxConfigReports" } } } }, - "401": { - "description": "Access denied.", + "204": { + "description": "The requested config sync group exists, but analysis of the NGINX configuration is not yet completed. Please retry the request at a later time to retrieve the report." + }, + "404": { + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -1740,46 +1517,48 @@ } } } - } - }, - "/config-sync-groups": { - "servers": [ + }, + "parameters": [ { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true + "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" } ], - "post": { - "x-nginx-one-action": "create", - "x-nginx-one-entity": "NGINX config sync group", + "patch": { + "x-nginx-one-action": "analyze", + "x-nginx-one-entity": "NGINX config sync group configuration", "tags": [ "Config Sync Groups" ], - "summary": "Create an NGINX config sync group", - "operationId": "createConfigSyncGroup", - "description": "Create NGINX config sync group with a unique name to identify it within the tenant namespace.\n", + "summary": "Generate an analysis report for the configuration of the modified NGINX config sync group", + "description": "Analyzes the provided partial updates merging with an existing configuration of an NGINX config sync group. Generates a report detailing potential issues along with optimization suggestions. \nThis analysis accounts for additive updates made to NGINX configuration. To delete files, omit the `file.contents` field. \nThis method compares the provided `config_version` with the current NGINX config sync group's configuration to detect conflicts, which may arise if the `config_version` does not match due to an out-of-band update. \nNote that this operation is for analysis purposes only and does not apply any changes to the configuration. \nThe report is not stored and is provided only in the API response.\nTo publish the configuration, use the `PATCH /config-sync-groups/{configSyncGroupObjectID}/config` endpoint.\n", + "operationId": "analyzeConfigSyncGroupConfigPatch", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupCreateRequest" + "$ref": "#/components/schemas/NginxConfigRequest" } } } }, "responses": { "200": { - "description": "Successfully created NGINX config sync group", + "description": "Successfully analyzed the provided NGINX configuration", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupCreateResponse" + "$ref": "#/components/schemas/NginxConfigReports" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" } } } @@ -1794,8 +1573,8 @@ } } }, - "409": { - "description": "The NGINX config sync group can't be created because the name is already in use", + "404": { + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -1816,52 +1595,38 @@ } } }, - "get": { + "put": { + "x-nginx-one-action": "analyze", + "x-nginx-one-entity": "NGINX config sync group configuration", "tags": [ "Config Sync Groups" ], - "summary": "List all config sync groups", - "operationId": "listConfigSyncGroups", - "description": "Returns a list of all NGINX config sync groups, providing details such as:\n * Name of the config sync group\n * List of instance with details\n * Version of the NGINX configuration that's expected to be on all listed instances\n * Status of apply configuration operation \n * Timestamp of last reported action\n", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" + "summary": "Generate an analysis report for the configuration of the NGINX config sync group", + "description": "Returns an analysis report for the configuration of the NGINX config sync group. This report includes insights, identified issues, and recommendations for optimizing and troubleshooting. Note that this operation is for analysis purposes only and does not apply any changes to the configuration. The report is not stored and is provided only in the API response. To publish the configuration, use the `PUT /config-sync-groups/{configSyncGroupObjectID}/config` endpoint.", + "operationId": "analyzeConfigSyncGroupConfig", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NginxConfigRequest" + } + } + } + }, + "responses": { + "200": { + "description": "Successfully analyzed the provided NGINX configuration.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NginxConfigReports" + } + } + } }, - { - "$ref": "#/components/parameters/FilterFieldConfigSyncGroups" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameConfigSyncGroups" - } - ], - "responses": { - "200": { - "description": "Successfully retrieved the list of NGINX config sync groups.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupListResponse" - } - } - } - }, - "401": { - "description": "Access denied.", + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { "application/json": { "schema": { @@ -1870,8 +1635,8 @@ } } }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", + "401": { + "description": "Access denied", "content": { "application/json": { "schema": { @@ -1879,41 +1644,9 @@ } } } - } - } - }, - "patch": { - "x-nginx-one-action": "bulk", - "x-nginx-one-entity": "config sync group", - "tags": [ - "Config Sync Groups" - ], - "summary": "Bulk operation on multiple config sync groups", - "operationId": "BulkConfigSyncGroups", - "description": "Performs bulk operation on one or more config sync groups, only delete is supported.", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupBulkRequest" - } - } - } - }, - "responses": { - "200": { - "description": "Batch request completed.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupBulkResponse" - } - } - } }, - "401": { - "description": "Access denied.", + "404": { + "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -1935,42 +1668,22 @@ } } }, - "/config-sync-groups/{configSyncGroupObjectID}": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "parameters": [ - { - "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" - } - ], + "/config-sync-groups/{configSyncGroupObjectID}/config/{configSyncGroupConfigurationObjectID}": { + "servers": [], "get": { "tags": [ "Config Sync Groups" ], - "summary": "Retrieve an NGINX config sync group", - "description": "Retrieve the details for an NGINX config sync group, including:\n* name\n* Instances and details of each instance\n* Timestamp of last reported action\n* NGINX config version on the config sync group\n* Certificate summary referenced by config sync group members\n* NGINX config sync operation status\n* Last config sync group publication operation status\n", - "operationId": "getConfigSyncGroup", + "summary": "Retrieve details the NGINX config sync group", + "description": "Returns the configuration details for an NGINX config sync group, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Unique identifiers\n", + "operationId": "getConfigSyncGroupConfigWithObjectID", "responses": { "200": { - "description": "Successfully retrieved the details of the NGINX config sync group.", + "description": "Successfully retrieved the configuration details for the specified NGINX config sync group and NGINX configuration.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupDetails" - }, - "examples": { - "ConfigSyncGroupDetails": { - "$ref": "#/components/examples/ConfigSyncGroupDetails" - } + "$ref": "#/components/schemas/NginxConfig" } } } @@ -1986,7 +1699,7 @@ } }, "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX config sync group or NGINX configuration with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -2007,18 +1720,37 @@ } } }, - "delete": { - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "NGINX config sync group", + "parameters": [ + { + "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" + }, + { + "$ref": "#/components/parameters/ConfigSyncGroupConfigurationParamObjectID" + } + ] + }, + "/config-sync-groups/{configSyncGroupObjectID}/configs": { + "servers": [], + "get": { "tags": [ "Config Sync Groups" ], - "summary": "Delete an NGINX config sync group", - "description": "Delete a NGINX config sync group from the NGINX One console. You can delete a config sync group, only if it contains no NGINX instances.\n", - "operationId": "deleteConfigSyncGroup", + "summary": "Retrieves stored NGINX configurations for a NGINX config sync group", + "description": "Returns a list of all configurations for a NGINX config sync group. Only the last 10 are kept on the NGINX One Console for a NGINX config sync group.", + "operationId": "listConfigSyncGroupConfigurations", "responses": { - "204": { - "description": "Successfully deleted the NGINX config sync group" + "200": { + "description": "Successfully retrieved the list of NGINX configurations for the specified NGINX config sync group.", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxConfigMeta" + } + } + } + } }, "401": { "description": "Access denied", @@ -2051,45 +1783,38 @@ } } } - } - }, - "/config-sync-groups/{configSyncGroupObjectID}/config": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], + }, "parameters": [ { "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" } - ], + ] + }, + "/config-sync-groups/{configSyncGroupObjectID}/publications": { + "servers": [], "get": { "tags": [ "Config Sync Groups" ], - "summary": "Retrieve a config sync group's configuration details", - "description": "Returns the configuration details for a NGINX config sync group, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Unique identifiers\n", - "operationId": "getConfigSyncGroupConfig", + "summary": "Retrieve the publications for the NGINX config sync group", + "description": "Returns a list of publications for a NGINX config sync group, providing details such as:\n * Current status along with reason(s) including the target instance object, cause and relevant message\n * Configuration version\n", + "operationId": "listConfigSyncGroupPublications", "responses": { "200": { - "description": "Successfully retrieved the configuration details for the specified NGINX config sync group.", + "description": "Successfully retrieved the list of all publications for the specified NGINX config sync group.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfig" + "type": "array", + "items": { + "$ref": "#/components/schemas/ConfigSyncGroupPublication" + } } } } }, "401": { - "description": "Access denied.", + "description": "Access denied", "content": { "application/json": { "schema": { @@ -2120,38 +1845,24 @@ } } }, - "put": { + "parameters": [ + { + "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" + } + ] + }, + "/config-sync-groups/{configSyncGroupObjectID}/publications/{publicationObjectID}": { + "servers": [], + "get": { "tags": [ "Config Sync Groups" ], - "x-nginx-one-action": "create", - "x-nginx-one-entity": "NGINX config sync group configuration", - "summary": "Publish a configuration to NGINX config sync group", - "description": "Publishes a new or updated NGINX configuration to the specified config sync group. \nIf no existing configuration is found, a new one is created; otherwise, the current configuration is overwritten.\n", - "operationId": "publishConfigSyncGroupConfig", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" - } - } - } - }, + "summary": "Retrieve the publications for the NGINX config sync group, providing details such as:\n * Current status along with reason(s) including the target instance object, cause and relevant message\n * Configuration version\n", + "description": "Returns a publication for a NGINX config sync group.", + "operationId": "getConfigSyncGroupPublication", "responses": { "200": { - "description": "Successfully stored the configuration of the NGINX config sync group.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfig" - } - } - } - }, - "202": { - "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /config-sync-groups/{configSyncGroupObjectID}/publications.", + "description": "Successfully retrieved the publication for the specified NGINX config sync group.", "content": { "application/json": { "schema": { @@ -2160,16 +1871,6 @@ } } }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, "401": { "description": "Access denied", "content": { @@ -2202,68 +1903,199 @@ } } }, - "patch": { + "parameters": [ + { + "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" + }, + { + "$ref": "#/components/parameters/PublicationParamObjectID" + } + ] + }, + "/control-planes": { + "servers": [], + "get": { "tags": [ - "Config Sync Groups" + "Control Planes" ], - "x-nginx-one-action": "update", - "x-nginx-one-entity": "NGINX config sync group configuration", - "summary": "Apply partial updates to config sync group's configuration", - "description": "Applies the specified partial updates to an existing NGINX configuration. Details:\n * This endpoint accepts additive updates to `NginxConfig`. \n * To delete files, omit the `file.contents` field. \n * This method compares the provided config_version with the current NGINX config sync group configuration to detect conflicts, which may arise if the config_version does not match due to an out-of-band update.\n", - "operationId": "patchConfigSyncGroupConfig", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" - } - } - } - }, - "responses": { - "200": { - "description": "Successfully stored the configuration of the NGINX config sync group", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfig" - } - } - } + "summary": "List control planes", + "operationId": "listControlPlanes", + "description": "Returns a paginated list of control planes.\n", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" }, - "202": { - "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /config-sync-groups/{configSyncGroupObjectID}/publications.", + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameControlPlanes" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldControlPlanes" + } + ], + "responses": { + "200": { + "description": "Successfully retrieved the list of control planes.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PublicationInstance" + "$ref": "#/components/schemas/ControlPlaneListResponse" } } } }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/control-planes/{controlPlaneObjectID}": { + "servers": [], + "delete": { + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "Control Plane", + "tags": [ + "Control Planes" + ], + "summary": "Delete a control plane", + "description": "Delete a control plane from the NGINX One Console. You can delete a control plane, only if it contains no NGINX instances.\n", + "operationId": "deleteControlPlane", + "responses": { + "204": { + "description": "Successfully deleted the control plane" + }, + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + }, + "get": { + "tags": [ + "Control Planes" + ], + "summary": "Retrieve a control plane", + "description": "Retrieve the details for a control plane, including:\n* Object ID\n* Product name and version\n* Cluster UUID\n* Kubernetes namespace\n* Deployment UUID\n* Data plane key\n* Certificate summary referenced by control plane instances\n* Instance status summary\n", + "operationId": "getControlPlane", + "responses": { + "200": { + "description": "Successfully retrieved the details of the control plane.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/ControlPlaneDetails" } } } }, "401": { - "description": "Access denied", + "$ref": "#/components/responses/Unauthorized" + }, + "404": { + "$ref": "#/components/responses/NotFound" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + }, + "parameters": [ + { + "$ref": "#/components/parameters/ControlPlaneParamObjectID" + } + ] + }, + "/control-planes/summary": { + "servers": [], + "get": { + "tags": [ + "Control Planes" + ], + "summary": "Retrieve a summary for all Control Planes.", + "description": "Retrieves details for all control planes, including:\n * Number of control planes for each product name/version\n", + "operationId": "getControlPlaneSummary", + "responses": { + "200": { + "description": "Successfully retrieved the summary of control planes.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/ControlPlaneSummary" } } } }, - "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "401": { + "$ref": "#/components/responses/Unauthorized" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/cves": { + "servers": [], + "get": { + "tags": [ + "CVEs" + ], + "summary": "List of all CVEs affecting any instance/control plane", + "operationId": "listNginxCVEs", + "description": "Returns a list of all CVEs that affect an instance/control plane under the tenant\n", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameCVEs" + } + ], + "responses": { + "200": { + "description": "Successfully retrieved the list of CVEs.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CVEListResponse" + } + } + } + }, + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -2285,46 +2117,33 @@ } } }, - "/config-sync-groups/{configSyncGroupObjectID}/configs": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "parameters": [ - { - "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" - } - ], + "/cves/{nginxCVEID}": { + "servers": [], "get": { "tags": [ - "Config Sync Groups" + "CVEs" + ], + "summary": "Retrieve NGINX CVE details", + "operationId": "GetNginxCVEDetails", + "description": "Retrieve CVE details\n", + "parameters": [ + { + "$ref": "#/components/parameters/NginxCVEParamID" + } ], - "summary": "Retrieves stored NGINX configurations for a NGINX config sync group", - "description": "Returns a list of all configurations for a NGINX config sync group. Only the last 10 are kept on the NGINX One Console for a NGINX config sync group.", - "operationId": "listConfigSyncGroupConfigurations", "responses": { "200": { - "description": "Successfully retrieved the list of NGINX configurations for the specified NGINX config sync group.", + "description": "Successfully retrieved NGINX CVE details.", "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NginxConfigMeta" - } + "$ref": "#/components/schemas/NginxCVEDetailsResponse" } } } }, "401": { - "description": "Access denied", + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -2334,7 +2153,7 @@ } }, "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "CVE with the specified nginxCVEID was not found. Check that the nginxCVEID provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -2356,46 +2175,48 @@ } } }, - "/config-sync-groups/{configSyncGroupObjectID}/config/{configSyncGroupConfigurationObjectID}": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "parameters": [ - { - "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" - }, - { - "$ref": "#/components/parameters/ConfigSyncGroupConfigurationParamObjectID" - } - ], + "/cves/{nginxCVEID}/impacted_instances": { + "servers": [], "get": { "tags": [ - "Config Sync Groups" + "CVEs" + ], + "summary": "Retrieve the instances impacted by a CVE", + "description": "Retrieves a list of the instances impacted by a security advisory.", + "operationId": "listCVEImpactedInstances", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameCVEImpactedInstances" + }, + { + "$ref": "#/components/parameters/NginxCVEParamID" + } ], - "summary": "Retrieve details the NGINX config sync group", - "description": "Returns the configuration details for an NGINX config sync group, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Unique identifiers\n", - "operationId": "getConfigSyncGroupConfigWithObjectID", "responses": { "200": { - "description": "Successfully retrieved the configuration details for the specified NGINX config sync group and NGINX configuration.", + "description": "Successfully retrieved the list of instances affected by the CVE.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfig" + "$ref": "#/components/schemas/CVEImpactedInstancesListResponse" } } } }, "401": { - "description": "Access denied", + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -2405,7 +2226,7 @@ } }, "404": { - "description": "The NGINX config sync group or NGINX configuration with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The CVE with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing CVE.", "content": { "application/json": { "schema": { @@ -2427,56 +2248,48 @@ } } }, - "/config-sync-groups/{configSyncGroupObjectID}/publications": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "parameters": [ - { - "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" - } - ], + "/events": { + "servers": [], "get": { "tags": [ - "Config Sync Groups" + "Events" + ], + "summary": "Retrieve system events.", + "description": "Retrieves a list of the system events.", + "operationId": "listEvents", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/FilterFieldEvents" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + } ], - "summary": "Retrieve the publications for the NGINX config sync group", - "description": "Returns a list of publications for a NGINX config sync group, providing details such as:\n * Current status along with reason(s) including the target instance object, cause and relevant message\n * Configuration version\n", - "operationId": "listConfigSyncGroupPublications", "responses": { "200": { - "description": "Successfully retrieved the list of all publications for the specified NGINX config sync group.", + "description": "Successfully retrieved the list of events.", "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/ConfigSyncGroupPublication" - } + "$ref": "#/components/schemas/EventsListResponse" } } } }, "401": { - "description": "Access denied", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -2498,46 +2311,33 @@ } } }, - "/config-sync-groups/{configSyncGroupObjectID}/publications/{publicationObjectID}": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "parameters": [ - { - "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" - }, - { - "$ref": "#/components/parameters/PublicationParamObjectID" - } - ], + "/events/{eventObjectID}": { + "servers": [], "get": { "tags": [ - "Config Sync Groups" + "Events" + ], + "operationId": "getEvent", + "summary": "Retrieve specific event.", + "description": "Retrieve a specific event using the event object_id.", + "parameters": [ + { + "$ref": "#/components/parameters/EventParamObjectID" + } ], - "summary": "Retrieve the publications for the NGINX config sync group, providing details such as:\n * Current status along with reason(s) including the target instance object, cause and relevant message\n * Configuration version\n", - "description": "Returns a publication for a NGINX config sync group.", - "operationId": "getConfigSyncGroupPublication", "responses": { "200": { - "description": "Successfully retrieved the publication for the specified NGINX config sync group.", + "description": "Successfully retrieved the details of the event.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupPublication" + "$ref": "#/components/schemas/Event" } } } }, "401": { - "description": "Access denied", + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -2547,7 +2347,7 @@ } }, "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The Event with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -2569,46 +2369,54 @@ } } }, - "/config-sync-groups/{configSyncGroupObjectID}/config-report": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "parameters": [ - { - "$ref": "#/components/parameters/ConfigSyncGroupParamObjectID" - } - ], + "/instances": { + "servers": [], "get": { "tags": [ - "Config Sync Groups" + "Instances" + ], + "summary": "List all instances", + "operationId": "listInstances", + "description": "Returns a list of all NGINX instances, providing details such as:\n * Unique identifiers for each instance\n * Timestamps for key actions (like registration and last report)\n * Information about the NGINX build\n * Version of the NGINX Agent\n", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/FilterFieldInstances" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameInstances" + } ], - "summary": "Retrieve an analysis report for the configuration of an NGINX config sync group", - "description": "Analyzes the configuration of an NGINX config sync group and returns a detailed report.\nThe report includes insights, identified issues, and recommendations for optimizing and troubleshooting.\n", - "operationId": "getConfigSyncGroupConfigReport", "responses": { "200": { - "description": "Successfully retrieved the NGINX configuration analysis for the specified config sync group.", + "description": "Successfully retrieved the list of instances.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigReports" + "$ref": "#/components/schemas/InstanceListResponse" } } } }, - "204": { - "description": "The requested config sync group exists, but analysis of the NGINX configuration is not yet completed. Please retry the request at a later time to retrieve the report." - }, - "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -2629,38 +2437,48 @@ } } }, - "put": { - "x-nginx-one-action": "analyze", - "x-nginx-one-entity": "NGINX config sync group configuration", + "patch": { + "x-nginx-one-action": "bulk", + "x-nginx-one-entity": "NGINX instance", "tags": [ - "Config Sync Groups" + "Instances" ], - "summary": "Generate an analysis report for the configuration of the NGINX config sync group", - "description": "Returns an analysis report for the configuration of the NGINX config sync group. This report includes insights, identified issues, and recommendations for optimizing and troubleshooting. Note that this operation is for analysis purposes only and does not apply any changes to the configuration. The report is not stored and is provided only in the API response. To publish the configuration, use the `PUT /config-sync-groups/{configSyncGroupObjectID}/config` endpoint.", - "operationId": "analyzeConfigSyncGroupConfig", + "summary": "Bulk operation on multiple instances", + "operationId": "BulkInstances", + "description": "Performs bulk operation on one or more NGINX instances, only delete is supported.", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" + "$ref": "#/components/schemas/InstanceBulkRequest" } } } }, "responses": { "200": { - "description": "Successfully analyzed the provided NGINX configuration.", + "description": "Batch request completed.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigReports" + "$ref": "#/components/schemas/InstanceBulkResponse" } } } }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { + "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { "application/json": { "schema": { @@ -2668,9 +2486,32 @@ } } } + } + } + } + }, + "/instances/{instanceObjectID}": { + "servers": [], + "delete": { + "tags": [ + "Instances" + ], + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "NGINX instance", + "summary": "Delete an instance", + "description": "Deletes an NGINX instance. Associations with certificates will be cleaned up.\n", + "operationId": "deleteInstance", + "parameters": [ + { + "$ref": "#/components/parameters/InstanceParamObjectID" + } + ], + "responses": { + "204": { + "description": "Successfully deleted the NGINX instance." }, "401": { - "description": "Access denied", + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -2680,7 +2521,7 @@ } }, "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -2701,48 +2542,31 @@ } } }, - "patch": { - "x-nginx-one-action": "analyze", - "x-nginx-one-entity": "NGINX config sync group configuration", + "get": { "tags": [ - "Config Sync Groups" + "Instances" ], - "summary": "Generate an analysis report for the configuration of the modified NGINX config sync group", - "description": "Analyzes the provided partial updates merging with an existing configuration of an NGINX config sync group. Generates a report detailing potential issues along with optimization suggestions. \nThis analysis accounts for additive updates made to NGINX configuration. To delete files, omit the `file.contents` field. \nThis method compares the provided `config_version` with the current NGINX config sync group's configuration to detect conflicts, which may arise if the `config_version` does not match due to an out-of-band update. \nNote that this operation is for analysis purposes only and does not apply any changes to the configuration. \nThe report is not stored and is provided only in the API response.\nTo publish the configuration, use the `PATCH /config-sync-groups/{configSyncGroupObjectID}/config` endpoint.\n", - "operationId": "analyzeConfigSyncGroupConfigPatch", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" - } - } + "summary": "Retrieve an instance", + "description": "Retrieves the details for an NGINX instance, including\n* Hostname\n* System status\n* Timestamps of key actions (registration, last reported, etc.)\n* NGINX build information\n* Certificate data\n* Operating system version\n* NGINX Agent version\n* Config Sync Group membership details\n* Control plane object ID, name, product and version\n", + "operationId": "getInstance", + "parameters": [ + { + "$ref": "#/components/parameters/InstanceParamObjectID" } - }, + ], "responses": { "200": { - "description": "Successfully analyzed the provided NGINX configuration", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfigReports" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "description": "Successfully retrieved the details of the NGINX instance.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/InstanceDetails" } } } }, "401": { - "description": "Access denied", + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -2752,7 +2576,7 @@ } }, "404": { - "description": "The NGINX config sync group with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -2774,58 +2598,22 @@ } } }, - "/certificates": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], + "/instances/{instanceObjectID}/config": { + "servers": [], "get": { "tags": [ - "Certificates" + "Instances" ], - "summary": "List all SSL certificates", - "description": "Returns a paginated list showing metadata for every SSL certificate.\n", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/FilterFieldCertificates" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameCertificates" - } - ], - "operationId": "listCertificates", + "summary": "Retrieve an instance's configuration details", + "description": "Returns the configuration details for an NGINX instance, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Details about deployed payloads of managed SSL certificates and keys\n* Unique identifiers\n", + "operationId": "getInstanceConfig", "responses": { "200": { - "description": "Successfully retrieved the list of SSL certificates.", + "description": "Successfully retrieved the configuration details for the specified NGINX instance.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateListResponse" + "$ref": "#/components/schemas/NginxConfig" } } } @@ -2840,6 +2628,16 @@ } } }, + "404": { + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -2852,32 +2650,37 @@ } } }, - "post": { - "x-nginx-one-action": "create", - "x-nginx-one-entity": "NGINX certificate", + "parameters": [ + { + "$ref": "#/components/parameters/InstanceParamObjectID" + } + ], + "patch": { "tags": [ - "Certificates" + "Instances" ], - "summary": "Create an SSL certificate", - "operationId": "createCertificate", - "description": "Creates a new SSL certificate with an optional name. \nYou must supply the certificate's content in base64-encoded PEM format.\nAny warnings will be displayed only upon creation of the certificate object, and\nis not retrievable after it is created.\n", + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX instance configuration", + "summary": "Apply partial updates to an instance's configuration", + "description": "Applies the specified partial updates to an existing NGINX configuration. \nThis endpoint accepts additive updates to `NginxConfig`. \nTo delete files, omit the `file.contents` field. \nThis method compares the provided config_version with the current NGINX instance configuration to detect conflicts, which may arise if the config_version does not match due to an out-of-band update. \nBefore publishing, use the `PATCH /instances/{instanceObjectID}/config-report` endpoint to generate an analysis report for the modified configuration.\n", + "operationId": "publishInstanceConfigWithModify", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateRequest" + "$ref": "#/components/schemas/NginxConfigRequest" } } } }, "responses": { - "200": { - "description": "Successfully created the SSL certificate.", + "202": { + "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /instances/{instanceObjectID}/publications.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateResponse" + "$ref": "#/components/schemas/PublicationInstance" } } } @@ -2902,52 +2705,8 @@ } } }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - }, - "patch": { - "x-nginx-one-action": "bulk", - "x-nginx-one-entity": "NGINX certificate", - "x-feature-flag": "cert-api-bulk", - "x-nodoc": true, - "tags": [ - "Certificates" - ], - "summary": "Bulk operation on multiple managed certificates", - "operationId": "bulkCertificates", - "description": "Performs bulk operation on one or more managed certificates, only delete is supported.", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CertificateBulkRequest" - } - } - } - }, - "responses": { - "200": { - "description": "Batch request completed.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CertificateBulkResponse" - } - } - } - }, - "401": { - "description": "Access denied.", + "404": { + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -2967,46 +2726,33 @@ } } } - } - }, - "/certificates/parse": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "post": { - "x-nginx-one-action": "validate", - "x-nginx-one-entity": "NGINX certificate", + }, + "put": { "tags": [ - "Certificates" + "Instances" ], - "summary": "Parse and validate an SSL certificate", - "operationId": "parseCertificate", - "description": "Parses and validates an SSL certificate. \nIt checks the provided PEM files and verifies that the public certificates follow the correct X.509 format. \nIf the certificate cannot be parsed, an error will be returned. \nOtherwise, as long as the certificate is parsable, a `200 OK` status will be returned even if there are issues \nsuch as mismatched private keys or expired certificates. Details of any issues found will be shown in the \"warnings\" field of the response.\n", + "x-nginx-one-action": "create", + "x-nginx-one-entity": "NGINX instance configuration", + "summary": "Publish a configuration to an instance", + "description": "Publishes a new or updated NGINX configuration to the specified instance.\nIn the specified `configs`, empty files are not allowed in the directory.\nIf no existing configuration is found, a new one is created; otherwise, the current configuration is overwritten. \nBefore publishing, use the `PUT /instances/{instanceObjectID}/config-report` endpoint to generate an analysis report for the provided configuration.\nYou can specify `payloads` in the request to deploy managed certificates and keys to the dataplane. Include file paths\nfor each payload component.\n", + "operationId": "publishInstanceConfig", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateRequest" + "$ref": "#/components/schemas/NginxConfigRequest" } } } }, "responses": { - "200": { - "description": "Successfully parsed and validated the SSL certificate.", + "202": { + "description": "The request to publish the configuration has been accepted and is being processed. To check the publication status, make a GET request to /instances/{instanceObjectID}/publications.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateResponse" + "$ref": "#/components/schemas/PublicationInstance" } } } @@ -3031,6 +2777,16 @@ } } }, + "404": { + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -3044,53 +2800,31 @@ } } }, - "/certificates/{certificateObjectID}": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "parameters": [ - { - "$ref": "#/components/parameters/CertificateParamObjectID" - } - ], + "/instances/{instanceObjectID}/config-report": { + "servers": [], "get": { "tags": [ - "Certificates" + "Instances" ], - "summary": "Retrieve an SSL certificate", - "operationId": "getCertificate", - "description": "Retrieves the details for an SSL certificate, including:\n* Object ID that uniquely identifies this certificate object\n* SSL certificate type (managed or unmanaged by NGINX One Console)\n* Certificate type (whether it is a CA bundle or a certificate-key pair)\n* Subject name of the leaf certificate, or the soonest-expiring CA in a bundle\n * This subject name will be the DNS name in the SAN extension of the certificate. If not present, it will be the certificate's common name\n* Status of the certificate (valid, expiring, expired)\n* Validity period, if applicable to multiple certificates\n* Metadata for each public certificate if multiples are provided\n* Private key metadata, if available\n", + "summary": "Retrieve an analysis report for an instance's configuration", + "description": "Analyzes the configuration of an NGINX instance and returns a detailed report.\nThe report includes insights, identified issues, and recommendations for optimizing and troubleshooting.\n", + "operationId": "getInstanceConfigReport", "responses": { "200": { - "description": "Successfully retrieved the details of the SSL certificate.", + "description": "Successfully retrieved the NGINX configuration analysis for the specified instance.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateResponse" + "$ref": "#/components/schemas/NginxConfigReports" } } } }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } + "204": { + "description": "The requested instance exists, but analysis of the NGINX configuration is not yet completed. Please retry the request at a later time to retrieve the report." }, "404": { - "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -3111,32 +2845,37 @@ } } }, + "parameters": [ + { + "$ref": "#/components/parameters/InstanceParamObjectID" + } + ], "patch": { - "x-nginx-one-action": "update", - "x-nginx-one-entity": "NGINX certificate", "tags": [ - "Certificates" + "Instances" ], - "summary": "Update an SSL certificate", - "operationId": "updateCertificate", - "description": "Updates public certificates, private keys, or both. \nThis endpoint can also be used to update a Certificate Authority (CA) bundle.\n", + "x-nginx-one-action": "analyze", + "x-nginx-one-entity": "NGINX instance configuration", + "summary": "Generate an analysis report for the provided modified configuration", + "description": "Analyzes the provided partial updates to an existing NGINX configuration and generates a report detailing potential issues along with optimization suggestions. \nThis analysis accounts for additive updates made to `NginxConfig`. To delete files, omit the `file.contents` field. \nThis method compares the provided `config_version` with the current NGINX instance configuration to detect conflicts, which may arise if the `config_version` does not match due to an out-of-band update. \nNote that this operation is for analysis purposes only and does not apply any changes to the configuration. \nThe report is not stored and is provided only in the API response.\nTo publish the configuration, use the `PATCH /instances/{instanceObjectID}/config` endpoint.\n", + "operationId": "analyzeInstanceConfigWithModify", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateUpdateRequest" + "$ref": "#/components/schemas/NginxConfigRequest" } } } }, "responses": { "200": { - "description": "Successfully updated the specified SSL certificate.", + "description": "Successfully analyzed the provided NGINX configuration.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateResponse" + "$ref": "#/components/schemas/NginxConfigReports" } } } @@ -3162,7 +2901,7 @@ } }, "404": { - "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -3183,34 +2922,36 @@ } } }, - "delete": { - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "NGINX certificate", + "put": { "tags": [ - "Certificates" + "Instances" ], - "summary": "Delete an SSL certificate", - "operationId": "deleteCertificate", - "description": "* Deletes a managed SSL certificate from the NGINX One console. This operation is disabled for unmanaged certificates, as they get cleaned up automatically when they are not used in any NGINX configuration. \n* An optional flag `deleteFromDataPlanes` when set to true, can be used to remove the certificate from data plane instances to where it was deployed.\n * Deleting from data planes triggers publications on either instances or Config Sync Groups. After the managed cert object is deleted from NGINX One Console, a `PublicationBulkResponse` is returned along with status code 202, indicating whether an error occurred while issuing a publication to a data plane target.\n * If this cert is not associated with any data plane, status code 204 is returned when `deleteFromDataPlanes` set to true.\n", - "parameters": [ - { - "$ref": "#/components/parameters/DeleteFromDataPlanesParamFlag" + "x-nginx-one-action": "analyze", + "x-nginx-one-entity": "NGINX instance configuration", + "summary": "Generate an analysis report for the provided configuration", + "description": "Returns an analysis report for the provided NGINX configuration. This report includes insights, identified issues, and recommendations for optimizing and troubleshooting. Note that this operation is for analysis purposes only and does not apply any changes to the configuration. The report is not stored and is provided only in the API response. To publish the configuration, use the `PUT /instances/{instanceObjectID}/config` endpoint.", + "operationId": "analyzeInstanceConfig", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NginxConfigRequest" + } + } } - ], + }, "responses": { - "202": { - "description": "Successfully deleted the SSL certificate. Handling deletion of certificate from data planes in the background.", + "200": { + "description": "Successfully analyzed the provided NGINX configuration.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PublicationBulkResponse" + "$ref": "#/components/schemas/NginxConfigReports" } } } }, - "204": { - "description": "Successfully deleted the SSL certificate." - }, "400": { "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { @@ -3232,7 +2973,7 @@ } }, "404": { - "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -3254,61 +2995,25 @@ } } }, - "/certificates/{certificateObjectID}/deployments": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], + "/instances/{instanceObjectID}/configs": { + "servers": [], "get": { "tags": [ - "Certificates" - ], - "summary": "List SSL certificate deployments", - "description": "Returns a paginated list showing all the deployments for a SSL certificate and assigned file path(s).\n", - "parameters": [ - { - "$ref": "#/components/parameters/CertificateParamObjectID" - }, - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/FilterFieldCertificateDeployments" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameCertificateDeployments" - } + "Instances" ], - "operationId": "listCertificateDeployments", + "summary": "Retrieves the stored NGINX configurations for an instance", + "description": "Returns a list of all configurations for a NGINX instance. Only the last 10 are kept on the NGINX One Console for a NGINX instance.", + "operationId": "listInstanceConfigurations", "responses": { "200": { - "description": "Successfully retrieved the list of SSL certificate deployments.", + "description": "Successfully retrieved the list of NGINX configurations for the specified NGINX instance.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CertificateDeploymentListResponse" + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxConfigMeta" + } } } } @@ -3324,7 +3029,7 @@ } }, "404": { - "description": "The SSL certificate with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -3344,51 +3049,29 @@ } } } - } - }, - "/cves": { - "servers": [ + }, + "parameters": [ { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true + "$ref": "#/components/parameters/InstanceParamObjectID" } - ], + ] + }, + "/instances/{instanceObjectID}/configs/{instanceConfigurationObjectID}": { + "servers": [], "get": { "tags": [ - "CVEs" - ], - "summary": "List of all CVEs affecting any instance/control plane", - "operationId": "listNginxCVEs", - "description": "Returns a list of all CVEs that affect an instance/control plane under the tenant\n", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameCVEs" - } + "Instances" ], + "summary": "Retrieve an instance's configuration details", + "description": "Returns the configuration details for an NGINX instance, including: \n* Main configuration path\n* Details about configuration files\n* Details about auxiliary files\n* Unique identifiers\n", + "operationId": "getInstanceConfigWithObjectID", "responses": { "200": { - "description": "Successfully retrieved the list of CVEs.", + "description": "Successfully retrieved the configuration details for the specified NGINX instance and NGINX configuration.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CVEListResponse" + "$ref": "#/components/schemas/NginxConfig" } } } @@ -3403,6 +3086,16 @@ } } }, + "404": { + "description": "The NGINX instance or NGINX configuration with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -3414,39 +3107,40 @@ } } } - } - }, - "/cves/{nginxCVEID}": { - "servers": [ + }, + "parameters": [ { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true + "$ref": "#/components/parameters/InstanceParamObjectID" + }, + { + "$ref": "#/components/parameters/InstanceConfigurationParamObjectID" } - ], + ] + }, + "/instances/{instanceObjectID}/cves": { + "servers": [], "get": { "tags": [ - "CVEs" + "Instances" ], - "summary": "Retrieve NGINX CVE details", - "operationId": "GetNginxCVEDetails", - "description": "Retrieve CVE details\n", + "summary": "Retrieve an instance's security advisories (CVEs)", + "description": "Retrieves a list of the security advisories (CVEs) for an NGINX instance.", + "operationId": "listInstanceSecurityAdvisories", "parameters": [ { - "$ref": "#/components/parameters/NginxCVEParamID" + "$ref": "#/components/parameters/InstanceParamObjectID" } ], "responses": { "200": { - "description": "Successfully retrieved NGINX CVE details.", + "description": "Successfully retrieved the list of security advisories (CVEs).", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxCVEDetailsResponse" + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxSecurityAdvisory" + } } } } @@ -3462,7 +3156,7 @@ } }, "404": { - "description": "CVE with the specified nginxCVEID was not found. Check that the nginxCVEID provided is correct and corresponds to an existing resource.", + "description": "The NGINX instance with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -3484,52 +3178,30 @@ } } }, - "/cves/{nginxCVEID}/impacted_instances": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], + "/instances/{instanceObjectID}/publications": { + "servers": [], "get": { "tags": [ - "CVEs" + "Instances" ], - "summary": "Retrieve the instances impacted by a CVE", - "description": "Retrieves a list of the instances impacted by a security advisory.", - "operationId": "listCVEImpactedInstances", + "summary": "Retrieve the publications for an instance", + "description": "Returns a list of all publications for a NGINX instance.", + "operationId": "listInstancePublications", "parameters": [ { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameCVEImpactedInstances" - }, - { - "$ref": "#/components/parameters/NginxCVEParamID" + "$ref": "#/components/parameters/InstanceParamObjectID" } ], "responses": { "200": { - "description": "Successfully retrieved the list of instances affected by the CVE.", + "description": "Successfully retrieved the list of all publications for the specified NGINX instance.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CVEImpactedInstancesListResponse" + "type": "array", + "items": { + "$ref": "#/components/schemas/PublicationInstance" + } } } } @@ -3544,16 +3216,6 @@ } } }, - "404": { - "description": "The CVE with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing CVE.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -3567,53 +3229,30 @@ } } }, - "/cves/{nginxCVEID}/control-planes": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], + "/instances/{instanceObjectID}/publications/{publicationObjectID}": { + "servers": [], "get": { - "x-feature-flag": "control-planes-m2", "tags": [ - "CVEs" + "Instances" ], - "summary": "Retrieve the control planes impacted by a CVE", - "description": "Retrieves a list of the control planes impacted by a security advisory.", - "operationId": "listCVEImpactedControlPlanes", + "summary": "Retrieve a publication for an NGINX instance.", + "description": "Returns a specific publication for an NGINX instance. Only 5 previous entries of Publication are kept for each NGINX instance.", + "operationId": "getInstancePublication", "parameters": [ { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameCVEImpactedControlPlanes" + "$ref": "#/components/parameters/InstanceParamObjectID" }, { - "$ref": "#/components/parameters/NginxCVEParamID" + "$ref": "#/components/parameters/PublicationParamObjectID" } ], "responses": { "200": { - "description": "Successfully retrieved the list of control planes affected by the CVE.", + "description": "Successfully retrieved the specific Publication for the specified NGINX instance.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CVEImpactedControlPlanesListResponse" + "$ref": "#/components/schemas/PublicationInstance" } } } @@ -3629,7 +3268,7 @@ } }, "404": { - "description": "The CVE with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing CVE.", + "description": "The NGINX instance or Publication with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -3651,52 +3290,22 @@ } } }, - "/events": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], + "/instances/summary": { + "servers": [], "get": { "tags": [ - "Events" - ], - "summary": "Retrieve system events.", - "description": "Retrieves a list of the system events.", - "operationId": "listEvents", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/FilterFieldEvents" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - } + "Instances" ], + "summary": "Retrieve a summary for all instances", + "description": "Retrieves a comprehensive summary for all NGINX instances, which includes details such as:\n * Certificate status and associations\n * Operating system details\n * Version of the NGINX Agent\n * Overall system status\n", + "operationId": "listSummary", "responses": { "200": { - "description": "Successfully retrieved the list of events.", + "description": "Successfully retrieved the summary of NGINX instances.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/EventsListResponse" + "$ref": "#/components/schemas/InstanceSummary" } } } @@ -3724,37 +3333,49 @@ } } }, - "/events/{eventObjectID}": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], + "/staged-configs": { + "servers": [], "get": { + "x-feature-flag": "staged-configs", "tags": [ - "Events" + "Staged Configs" ], - "operationId": "getEvent", - "summary": "Retrieve specific event.", - "description": "Retrieve a specific event using the event object_id.", + "summary": "List all staged configs", + "operationId": "listStagedConfigs", + "description": "Returns a list of all NGINX staged configs, providing details such as:\n * Name and object_id of staged config\n * Created and modified timestamps\n", "parameters": [ { - "$ref": "#/components/parameters/EventParamObjectID" + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/FilterFieldStagedConfigs" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameStagedConfigs" } ], "responses": { "200": { - "description": "Successfully retrieved the details of the event.", + "description": "Successfully retrieved the list of NGINX staged configs.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Event" + "$ref": "#/components/schemas/StagedConfigListResponse" } } } @@ -3769,16 +3390,6 @@ } } }, - "404": { - "description": "The Event with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -3790,20 +3401,7 @@ } } } - } - }, - "/staged-configs": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], + }, "post": { "x-feature-flag": "staged-configs", "x-nginx-one-action": "create", @@ -3866,51 +3464,26 @@ } } } - }, - "patch": { - "x-nginx-one-action": "bulk", - "x-nginx-one-entity": "NGINX staged configs", - "x-feature-flag": "staged-configs-phase-2", - "x-nodoc": true, + } + }, + "/staged-configs/{stagedConfigObjectID}": { + "servers": [], + "delete": { + "x-feature-flag": "staged-configs", + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "NGINX staged config", "tags": [ "Staged Configs" ], - "summary": "Bulk operation on multiple staged configs", - "operationId": "bulkStagedConfigs", - "description": "Performs bulk operation on one or more staged configs, only delete is supported.", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/StagedConfigBulkRequest" - } - } - } - }, + "summary": "Delete an NGINX staged config", + "description": "Delete a NGINX staged config from the NGINX One console.\n", + "operationId": "deleteStagedConfig", "responses": { - "200": { - "description": "Batch request completed.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/StagedConfigBulkResponse" - } - } - } + "204": { + "description": "Successfully deleted the NGINX staged configs" }, "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", + "description": "Access denied", "content": { "application/json": { "schema": { @@ -3918,56 +3491,9 @@ } } } - } - } - }, - "get": { - "x-feature-flag": "staged-configs", - "tags": [ - "Staged Configs" - ], - "summary": "List all staged configs", - "operationId": "listStagedConfigs", - "description": "Returns a list of all NGINX staged configs, providing details such as:\n * Name and object_id of staged config\n * Created and modified timestamps\n", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/FilterFieldStagedConfigs" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameStagedConfigs" - } - ], - "responses": { - "200": { - "description": "Successfully retrieved the list of NGINX staged configs.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/StagedConfigListResponse" - } - } - } }, - "401": { - "description": "Access denied.", + "404": { + "description": "The NGINX staged config with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -3987,25 +3513,7 @@ } } } - } - }, - "/staged-configs/{stagedConfigObjectID}": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "parameters": [ - { - "$ref": "#/components/parameters/StagedConfigParamObjectID" - } - ], + }, "get": { "x-feature-flag": "staged-configs", "tags": [ @@ -4057,19 +3565,32 @@ } } }, - "delete": { - "x-feature-flag": "staged-configs", - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "NGINX staged config", + "parameters": [ + { + "$ref": "#/components/parameters/StagedConfigParamObjectID" + } + ] + }, + "/staged-configs/{stagedConfigObjectID}/config": { + "servers": [], + "get": { "tags": [ "Staged Configs" ], - "summary": "Delete an NGINX staged config", - "description": "Delete a NGINX staged config from the NGINX One console.\n", - "operationId": "deleteStagedConfig", + "x-feature-flag": "staged-configs", + "summary": "Retrieve an NGINX staged config", + "description": "Retrieve the details for an NGINX staged config.\n", + "operationId": "getStagedConfig", "responses": { - "204": { - "description": "Successfully deleted the NGINX staged configs" + "200": { + "description": "Successfully retrieved the details of the NGINX staged config.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/StagedConfigResponse" + } + } + } }, "401": { "description": "Access denied", @@ -4102,40 +3623,49 @@ } } } - } - }, - "/staged-configs/{stagedConfigObjectID}/config": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], + }, "parameters": [ { "$ref": "#/components/parameters/StagedConfigParamObjectID" } ], - "get": { + "patch": { "tags": [ "Staged Configs" ], "x-feature-flag": "staged-configs", - "summary": "Retrieve an NGINX staged config", - "description": "Retrieve the details for an NGINX staged config.\n", - "operationId": "getStagedConfig", + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX staged config", + "summary": "Apply partial updates to staged config", + "description": "Applies the specified partial updates to an existing NGINX staged config Details:\n * This endpoint accepts additive updates to `NginxConfig`. Base `nginx.conf` file must always be provided along with additives.\n * To delete files, omit the `file.contents` field.\n * `config_version` is used to ensure the requested patch is applied against the same version.\n", + "operationId": "patchStagedConfig", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/StagedConfigChangeRequest" + } + } + } + }, "responses": { "200": { - "description": "Successfully retrieved the details of the NGINX staged config.", + "description": "Successfully stored the NGINX staged configuration.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/StagedConfigResponse" + "$ref": "#/components/schemas/StagedConfigMeta" + } + } + } + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" } } } @@ -4160,6 +3690,16 @@ } } }, + "409": { + "description": "NGINX config version mismatch. Provided config_version does not match recent config_version for the NGINX staged config, possible conflict.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { @@ -4244,109 +3784,11 @@ } } } - }, - "patch": { - "tags": [ - "Staged Configs" - ], - "x-feature-flag": "staged-configs", - "x-nginx-one-action": "update", - "x-nginx-one-entity": "NGINX staged config", - "summary": "Apply partial updates to staged config", - "description": "Applies the specified partial updates to an existing NGINX staged config Details:\n * This endpoint accepts additive updates to `NginxConfig`. Base `nginx.conf` file must always be provided along with additives.\n * To delete files, omit the `file.contents` field.\n * `config_version` is used to ensure the requested patch is applied against the same version.\n", - "operationId": "patchStagedConfig", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/StagedConfigChangeRequest" - } - } - } - }, - "responses": { - "200": { - "description": "Successfully stored the NGINX staged configuration.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/StagedConfigMeta" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "401": { - "description": "Access denied", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "404": { - "description": "The NGINX staged config with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "409": { - "description": "NGINX config version mismatch. Provided config_version does not match recent config_version for the NGINX staged config, possible conflict.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - } - }, - "/staged-configs/{stagedConfigObjectID}/config-report": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "parameters": [ - { - "$ref": "#/components/parameters/StagedConfigParamObjectID" - } - ], - "get": { + } + }, + "/staged-configs/{stagedConfigObjectID}/config-report": { + "servers": [], + "get": { "tags": [ "Staged Configs" ], @@ -4390,6 +3832,11 @@ } } }, + "parameters": [ + { + "$ref": "#/components/parameters/StagedConfigParamObjectID" + } + ], "patch": { "x-feature-flag": "staged-configs", "x-nginx-one-action": "analyze", @@ -4464,48 +3911,50 @@ } } }, - "/staged-configs/{stagedConfigObjectID}/export": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { - "parameters": [ - { - "$ref": "#/components/parameters/StagedConfigParamObjectID" - } - ], + "/monitor/metrics_query_topx": { + "servers": [], + "post": { "tags": [ - "Staged Configs" + "Metrics" ], - "x-feature-flag": "staged-configs-phase-2", - "x-nginx-one-action": "export", - "x-nginx-one-entity": "NGINX staged config", - "summary": "Export staged configuration", - "description": "Exports staged configuration as a gzipped tar archive. Does not include sensitive data such as SSL certificates. [Learn more](https://docs.nginx.com/nginx-one/how-to/staged-configs/import-export-staged-config/).\n", - "operationId": "exportStagedConfig", + "summary": "Retrieve system metrics for instances with series limit", + "operationId": "queryMetricsInputTopX", + "description": "Returns (up to 10,000) system metrics for NGINX instances with series limit based on query parameters.\n\nYou can filter metrics by name and timestamp, aggregate metrics over a configurable period of time, and group metrics by dimension.\n", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/MetricTopXQueryRequest" + }, + "example": { + "start_time": "now-1h", + "end_time": "now", + "resolution": "1m", + "metrics": [ + { + "aggregate": "sum", + "name": "nginx.http.request.count" + } + ], + "series_limit": 1, + "group_series_by": "instance_object_id" + } + } + } + }, "responses": { "200": { - "description": "Successfully exported the staged configuration.", + "description": "Successfully retrieved system metrics.", "content": { - "application/gzip": { + "application/json": { "schema": { - "type": "string", - "format": "binary", - "example": "my-staged-config-2025-01-01T20_25_03.tar.gz" + "$ref": "#/components/schemas/MetricQueryResultEx" } } } }, - "401": { - "description": "Access denied", + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { "application/json": { "schema": { @@ -4515,7 +3964,7 @@ } }, "404": { - "description": "The NGINX staged config with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The requested metric resource was not found. Check that the resource name provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -4537,65 +3986,112 @@ } } }, - "/staged-configs/import": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" + "/settings/instance-cleanup": { + "servers": [], + "get": { + "tags": [ + "Settings" + ], + "summary": "Retrieve settings", + "description": "Retrieves settings for NGINX Instance cleanup\n", + "operationId": "getSettingInstanceCleanup", + "responses": { + "200": { + "description": "Successfully retrieved the setting for NGINX Instance cleanup.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SettingsInstanceCleanup" + } + } } }, - "x-nodoc": true + "400": { + "$ref": "#/components/responses/InvalidRequest" + }, + "500": { + "$ref": "#/components/responses/InternalServerErr" + } } - ], - "post": { + }, + "put": { + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX Instance Cleanup Setting", "tags": [ - "Staged Configs" - ], - "x-feature-flag": "staged-configs-phase-2", - "x-nginx-one-action": "import", - "x-nginx-one-entity": "NGINX staged config", - "summary": "Import staged configuration\n", - "description": "Imports a gzipped tar archive (.tar.gz) containing configuration and aux files into NGINX One. \nOnly non-hidden files are included in the import.\n\nMaximum compressed archive size: **5 MB**\nMaximum uncompressed individual file size: **10 MB**\n\nIf `parse_only` is set to `true`, the configuration is only validated and not staged.\nBy default, validation is performed and a staged configuration is created upon success.\n", - "parameters": [ - { - "$ref": "#/components/parameters/StagedConfigImportParseOnly" - } + "Settings" ], - "operationId": "importStagedConfig", + "summary": "Update settings", + "description": "Update settings for NGINX Instance cleanup\n", + "operationId": "updateSettingInstanceCleanup", "requestBody": { "required": true, "content": { - "multipart/form-data": { + "application/json": { "schema": { - "$ref": "#/components/schemas/StagedConfigImportRequest" - }, - "encoding": { - "file": { - "contentType": "application/gzip, application/x-gzip" - } + "$ref": "#/components/schemas/SettingsInstanceCleanup" } } } }, "responses": { "200": { - "description": "Return if `parse_only` is `true`: Returns data matching `StagedConfigCreateRequest` that can be used to create the staged config later. \n", + "description": "Successfully updated settings for NGINX Instance cleanup.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/StagedConfigCreateRequest" + "$ref": "#/components/schemas/SettingsInstanceCleanup" } } } }, - "201": { - "description": "Return if `parse_only` is `false` or omitted: Confirms the import parsed successfully and the staged config was created.\n", + "500": { + "$ref": "#/components/responses/InternalServerErr" + } + } + } + }, + "/app-protect/policies": { + "servers": [], + "get": { + "tags": [ + "NGINX App Protect" + ], + "summary": "List NGINX App Protect policies", + "description": "Returns a list of NGINX App Protect policies along with deployment details.", + "operationId": "listNapPolicies", + "parameters": [ + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameNapPolicies" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldNapPolicy" + } + ], + "responses": { + "200": { + "description": "Successfully returned NGINX App Protect policies.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/StagedConfigCreateResponse" + "$ref": "#/components/schemas/NapPolicyListResponse" } } } @@ -4611,7 +4107,7 @@ } }, "401": { - "description": "Access denied", + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -4631,58 +4127,33 @@ } } } - } - }, - "/config-report": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "post": { - "x-nodoc": true, - "x-feature-flag": "staged-configs", - "x-nginx-one-action": "analyze", - "x-nginx-one-entity": "NGINX configuration", + }, + "patch": { + "x-nginx-one-action": "bulk", + "x-nginx-one-entity": "NGINX App Protect Policies", "tags": [ - "Staged Configs" + "NGINX App Protect" ], - "summary": "Generate an analysis report for the provided NGINX configuration", - "operationId": "analyzeNginxConfig", - "description": "Returns an analysis report for the provided NGINX configuration. This report includes insights, identified issues, and recommendations for optimizing and troubleshooting. Note that this operation is for analysis purposes only and does not affect any resources. The report is not stored and is provided only in the API response.\n", + "summary": "Bulk operation on multiple Nap policy", + "operationId": "bulkNAPPolicy", + "description": "Performs bulk operation on one or more Nap policy, only delete is supported.", "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NginxConfigRequest" + "$ref": "#/components/schemas/NapPolicyBulkRequest" } } } }, "responses": { "200": { - "description": "Successfully analyzed the provided NGINX configuration.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxConfigReports" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "description": "Batch request completed.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Error" + "$ref": "#/components/schemas/NapBulkResponse" } } } @@ -4708,218 +4179,96 @@ } } } - } - }, - "/control-planes": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { + }, + "post": { + "x-nginx-one-action": "create", + "x-nginx-one-entity": "NGINX App Protect Policies", "tags": [ - "Control Planes" + "NGINX App Protect" ], - "summary": "List control planes", - "operationId": "listControlPlanes", - "description": "Returns a paginated list of control planes.\n", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameControlPlanes" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/FilterFieldControlPlanes" + "summary": "Create NGINX App Protect policy", + "description": "Creates NGINX App Protect policy.", + "operationId": "createNapPolicy", + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapPolicy" + } + } } - ], + }, "responses": { - "200": { - "description": "Successfully retrieved the list of control planes.", + "201": { + "description": "Successfully created NGINX App Protect policy.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ControlPlaneListResponse" + "$ref": "#/components/schemas/NapPolicyMetadata" } } } }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/control-planes/summary": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { - "tags": [ - "Control Planes" - ], - "summary": "Retrieve a summary for all Control Planes.", - "description": "Retrieves details for all control planes, including:\n * Number of control planes for each product name/version\n", - "operationId": "getControlPlaneSummary", - "responses": { - "200": { - "description": "Successfully retrieved the summary of control planes.", + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ControlPlaneSummary" + "$ref": "#/components/schemas/Error" } } } }, "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/control-planes/{controlPlaneObjectID}": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "parameters": [ - { - "$ref": "#/components/parameters/ControlPlaneParamObjectID" - } - ], - "get": { - "tags": [ - "Control Planes" - ], - "summary": "Retrieve a control plane", - "description": "Retrieve the details for a control plane, including:\n* Object ID\n* Product name and version\n* Cluster UUID\n* Kubernetes namespace\n* Deployment UUID\n* Data plane key\n* Certificate summary referenced by control plane instances\n* Instance status summary\n", - "operationId": "getControlPlane", - "responses": { - "200": { - "description": "Successfully retrieved the details of the control plane.", + "description": "Access denied.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ControlPlaneDetails" + "$ref": "#/components/schemas/Error" } } } }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "404": { - "$ref": "#/components/responses/NotFound" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - }, - "delete": { - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "Control Plane", - "tags": [ - "Control Planes" - ], - "summary": "Delete a control plane", - "description": "Delete a control plane from the NGINX One Console. You can delete a control plane, only if it contains no NGINX instances.\n", - "operationId": "deleteControlPlane", - "responses": { - "204": { - "description": "Successfully deleted the control plane" - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "404": { - "$ref": "#/components/responses/NotFound" - }, "500": { - "$ref": "#/components/responses/InternalServerErr" + "description": "An unexpected error occurred on the server. Please try the request again later.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } } } } }, - "/control-planes/{controlPlaneObjectID}/cves": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { - "x-feature-flag": "control-planes-m2", + "/app-protect/policies/{nap_policy_object_id}": { + "servers": [], + "delete": { "tags": [ - "Control Planes" + "NGINX App Protect" ], - "summary": "Retrieve a control plane's security advisories (CVEs)", - "description": "Retrieves a list of the security advisories (CVEs) for an NGINX control plane.", - "operationId": "listControlPlaneSecurityAdvisories", + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "NGINX App Protect Policies", + "summary": "Delete NGINX App Protect policy", + "description": "Deletes NGINX App Protect policy.", + "operationId": "deleteNapPolicy", "parameters": [ { - "$ref": "#/components/parameters/ControlPlaneParamObjectID" + "$ref": "#/components/parameters/NapPolicyParamObjectID" } ], "responses": { - "200": { - "description": "Successfully retrieved the list of security advisories (CVEs).", + "204": { + "description": "Successfully deleted NGINX App Protect policy." + }, + "400": { + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NginxSecurityAdvisory" - } + "$ref": "#/components/schemas/Error" } } } @@ -4935,7 +4284,7 @@ } }, "404": { - "description": "The NGINX control plane with the specified object_id was not found. Check that the object_id provided is correct and corresponds to an existing resource.", + "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -4955,60 +4304,26 @@ } } } - } - }, - "/monitor/metrics_query": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "post": { + }, + "get": { "tags": [ - "Metrics" + "NGINX App Protect" ], - "summary": "Retrieve system metrics for instances", - "operationId": "queryMetricsInput", - "description": "Returns (up to 10,000) system metrics for NGINX instances based on query parameters.\n\nYou can filter metrics by name and timestamp, aggregate metrics over a configurable period of time, and group metrics by dimension.\n", - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/MetricQueryRequest" - }, - "example": { - "start_time": "now-1h", - "end_time": "now", - "resolution": "5m", - "metrics": [ - { - "name": "nginx.http.request.count", - "aggregate": "sum" - } - ], - "order_by": [ - { - "direction": "asc", - "dimension": "instance_object_id" - } - ] - } - } + "summary": "Get NGINX App Protect policy details", + "description": "Returns NGINX App Protect policy summary.", + "operationId": "getNapPolicy", + "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" } - }, + ], "responses": { "200": { - "description": "Successfully retrieved system metrics.", + "description": "Successfully returned NGINX App Protect policy details.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/MetricQueryResultEx" + "$ref": "#/components/schemas/NapPolicyObject" } } } @@ -5023,8 +4338,8 @@ } } }, - "404": { - "description": "The requested metric resource was not found. Check that the resource name provided is correct and corresponds to an existing resource.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -5033,7 +4348,17 @@ } } }, - "500": { + "404": { + "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, + "500": { "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { "application/json": { @@ -5044,56 +4369,38 @@ } } } - } - }, - "/monitor/metrics_query_topx": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "post": { + }, + "put": { "tags": [ - "Metrics" + "NGINX App Protect" + ], + "x-nginx-one-action": "update", + "x-nginx-one-entity": "NGINX App Protect Policies", + "summary": "Update NGINX App Protect policy details", + "description": "Update NGINX App Protect policy details.", + "operationId": "updateNapPolicy", + "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + } ], - "summary": "Retrieve system metrics for instances with series limit", - "operationId": "queryMetricsInputTopX", - "description": "Returns (up to 10,000) system metrics for NGINX instances with series limit based on query parameters.\n\nYou can filter metrics by name and timestamp, aggregate metrics over a configurable period of time, and group metrics by dimension.\n", "requestBody": { + "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/MetricTopXQueryRequest" - }, - "example": { - "start_time": "now-1h", - "end_time": "now", - "resolution": "1m", - "metrics": [ - { - "aggregate": "sum", - "name": "nginx.http.request.count" - } - ], - "series_limit": 1, - "group_series_by": "instance_object_id" + "$ref": "#/components/schemas/NapPolicy" } } } }, "responses": { - "200": { - "description": "Successfully retrieved system metrics.", + "201": { + "description": "Successfully created an NGINX App Protect policy version.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/MetricQueryResultEx" + "$ref": "#/components/schemas/NapPolicyMetadata" } } } @@ -5108,8 +4415,18 @@ } } }, + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } + } + }, "404": { - "description": "The requested metric resource was not found. Check that the resource name provided is correct and corresponds to an existing resource.", + "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -5131,199 +4448,125 @@ } } }, - "/settings/instance-cleanup": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], + "/app-protect/policies/{nap_policy_object_id}/deployments": { + "servers": [], "get": { "tags": [ - "Settings" + "NGINX App Protect" + ], + "summary": "List NGINX App Protect deployments", + "description": "Returns NGINX App Protect deployments, providing details such as:\n * Target of the deployment\n * Time of deployment\n * Enforcement mode\n * Policy version\n * Threat campaign\n * Attack signature\n * Bot signature\n", + "operationId": "listNapPolicyDeployments", + "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + }, + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameNapPolicyDeployments" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldNapPolicyDeployment" + } ], - "summary": "Retrieve settings", - "description": "Retrieves settings for NGINX Instance cleanup\n", - "operationId": "getSettingInstanceCleanup", "responses": { "200": { - "description": "Successfully retrieved the setting for NGINX Instance cleanup.", + "description": "Successfully returned NGINX App Protect deployments.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/SettingsInstanceCleanup" + "$ref": "#/components/schemas/NapPolicyDeploymentsListResponse" } } } }, "400": { - "$ref": "#/components/responses/InvalidRequest" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - }, - "put": { - "x-nginx-one-action": "update", - "x-nginx-one-entity": "NGINX Instance Cleanup Setting", - "tags": [ - "Settings" - ], - "summary": "Update settings", - "description": "Update settings for NGINX Instance cleanup\n", - "operationId": "updateSettingInstanceCleanup", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/SettingsInstanceCleanup" - } - } - } - }, - "responses": { - "200": { - "description": "Successfully updated settings for NGINX Instance cleanup.", + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/SettingsInstanceCleanup" + "$ref": "#/components/schemas/Error" } } } }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/settings/acme": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" + "401": { + "description": "Access denied.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + } + } } }, - "x-nodoc": true - } - ], - "get": { - "x-feature-flag": "acme-cert", - "x-nodoc": true, - "tags": [ - "Settings" - ], - "summary": "Retrieve settings", - "description": "Retrieves settings for ACME Integration to provision SSL certificates\n", - "operationId": "getSettingACME", - "responses": { - "200": { - "description": "Successfully retrieved the setting for ACME integration.", + "404": { + "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/SettingsACMEIntegration" + "$ref": "#/components/schemas/Error" } } } }, - "400": { - "$ref": "#/components/responses/InvalidRequest" - }, "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - }, - "put": { - "x-nodoc": true, - "x-feature-flag": "acme-cert", - "x-nginx-one-action": "update", - "x-nginx-one-entity": "NGINX ACME Integrations Setting", - "tags": [ - "Settings" - ], - "summary": "Update settings", - "description": "Update settings for ACME Integration to provision SSL certificates\n", - "operationId": "updateSettingACME", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/SettingsACMEIntegration" - } - } - } - }, - "responses": { - "200": { - "description": "Successfully updated settings for ACME integration.", + "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/SettingsACMEIntegration" + "$ref": "#/components/schemas/Error" } } } - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" } } } }, - "/nginx-usage": { - "servers": [ - { - "url": "/api", - "x-nodoc": true - } - ], - "post": { + "/app-protect/policies/{nap_policy_object_id}/version": { + "servers": [], + "get": { "tags": [ - "Usage" + "NGINX App Protect" ], - "x-feature-flag": "entitlement", - "summary": "Use http POST on this API to register NGINX instances", - "description": "Creates a usage entry from NGINX instance", - "operationId": "postUsageTracking", - "security": [ + "summary": "Get the latest NGINX App Protect policy version details", + "description": "Returns the latest NGINX App Protect policy version details.", + "operationId": "getLatestNapPolicyVersion", + "parameters": [ { - "BearerAuth": [] + "$ref": "#/components/parameters/NapPolicyParamObjectID" } ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NginxUsageTrackingRequest" - }, - "examples": { - "nginxUsageTrackingRequest": { - "$ref": "#/components/examples/NginxUsageTrackingRequest" + "responses": { + "200": { + "description": "Successfully returned NGINX App Protect policy version details.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/NapPolicyVersionDetails" } } } - } - }, - "responses": { - "204": { - "description": "Successfully created the usage entry." }, - "400": { - "description": "Missing or bad data in request.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -5332,8 +4575,8 @@ } } }, - "401": { - "description": "Access denied.", + "404": { + "description": "The NGINX App Protect policy version with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -5355,62 +4598,57 @@ } } }, - "/chatbot/message": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "post": { - "x-nginx-one-action": "query", - "x-nginx-one-entity": "NGINX One AI Assistant", - "x-nodoc": true, + "/app-protect/policies/{nap_policy_object_id}/versions": { + "servers": [], + "get": { "tags": [ - "Chatbot" + "NGINX App Protect" ], - "summary": "Send a prompt to the AI Gateway", - "description": "This endpoint sends a prompt as a specified persona to the AI Gateway.", - "operationId": "sendChatbotMessage", - "requestBody": { - "description": "The request body contains the message you want to send to the chatbot", - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ChatbotRequest" - }, - "examples": { - "ChatbotRequest": { - "$ref": "#/components/examples/ChatbotRequest" - } - } - } + "summary": "List NGINX App Protect policy versions", + "description": "Returns NGINX App Protect policy versions.", + "operationId": "listNapPolicyVersions", + "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + }, + { + "$ref": "#/components/parameters/Paginated" + }, + { + "$ref": "#/components/parameters/Limit" + }, + { + "$ref": "#/components/parameters/Offset" + }, + { + "$ref": "#/components/parameters/SortDirection" + }, + { + "$ref": "#/components/parameters/SortNameNapPolicyVersions" + }, + { + "$ref": "#/components/parameters/FilterOperands" + }, + { + "$ref": "#/components/parameters/FilterValues" + }, + { + "$ref": "#/components/parameters/FilterFieldNapPolicyVersion" } - }, + ], "responses": { "200": { - "description": "The message was sent successfully.", + "description": "Successfully returned the NGINX App Protect policy versions.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ChatbotResponse" - }, - "examples": { - "ChatbotResponse": { - "$ref": "#/components/examples/ChatbotResponse" - } + "$ref": "#/components/schemas/NapPolicyVersionsListResponse" } } } }, "400": { - "description": "The request is missing data or contains bad data.", + "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", "content": { "application/json": { "schema": { @@ -5420,7 +4658,7 @@ } }, "401": { - "description": "Access is denied.", + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -5429,8 +4667,8 @@ } } }, - "422": { - "description": "Prompt cannot be answered due to a policy violation.", + "404": { + "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", "content": { "application/json": { "schema": { @@ -5440,7 +4678,7 @@ } }, "500": { - "description": "A server error occurred. Please try again later.", + "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { "application/json": { "schema": { @@ -5452,51 +4690,31 @@ } } }, - "/chatbot/feedback": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "post": { - "x-nginx-one-action": "create", - "x-nginx-one-entity": "NGINX One AI Assistant", - "x-nodoc": true, + "/app-protect/policies/{nap_policy_object_id}/versions/{nap_policy_version_object_id}": { + "servers": [], + "delete": { + "x-nginx-one-action": "delete", + "x-nginx-one-entity": "NGINX App Protect Policy Version", "tags": [ - "Chatbot" + "NGINX App Protect" ], - "summary": "Record feedback for a specific response from the AI Assistant", - "description": "This endpoint records feedback for a specific response from the AI Assistant which is then stored in an s3 bucket", - "operationId": "saveChatbotFeedback", - "requestBody": { - "description": "The request body contains the feedback for a specific response from the AI Assistant", - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ChatbotFeedback" - }, - "examples": { - "ChatbotRequest": { - "$ref": "#/components/examples/ChatbotFeedback" - } - } - } + "summary": "Delete NGINX App Protect policy version", + "description": "Deletes the NGINX App Protect policy version.", + "operationId": "deleteNapPolicyVersion", + "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + }, + { + "$ref": "#/components/parameters/NapPolicyVersionParamObjectID" } - }, + ], "responses": { - "200": { - "description": "The feedback was sent successfully.", - "content": {} + "204": { + "description": "Successfully deleted the NGINX App Protect policy version." }, - "400": { - "description": "The request is missing data or contains bad data.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -5505,8 +4723,8 @@ } } }, - "401": { - "description": "Access is denied.", + "404": { + "description": "The NGINX App Protect policy version with the specified nap_policy_version_object_id and nap_policy_version_object_id was not found. Check that the object IDs provided are correct and corresponds to existing resources.", "content": { "application/json": { "schema": { @@ -5516,7 +4734,7 @@ } }, "500": { - "description": "A server error occurred. Please try again later.", + "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { "application/json": { "schema": { @@ -5526,76 +4744,35 @@ } } } - } - }, - "/inventory": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "post": { - "x-feature-flag": "inventory", + }, + "get": { "tags": [ - "Inventory" + "NGINX App Protect" ], - "summary": "NGINX Plus: Retrieve tenant usage information", - "operationId": "getInventory", - "description": "Based on query parameters.\n\nYou can filter and aggregate metrics by name and `start_time` through `end_time`.\n", - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/InventoryMetricQueryRequest" - }, - "example": { - "start_time": "now-1d", - "end_time": "now", - "metrics": [ - { - "name": "nginx.plus.instances", - "aggregate": [ - "count", - "sum", - "avg", - "min", - "max" - ] - }, - { - "name": "k8s.cluster.nodes", - "aggregate": [ - "count", - "sum", - "avg", - "min", - "max" - ] - } - ] - } - } + "summary": "Get the specified NGINX App Protect policy version details", + "description": "Returns the specified NGINX App Protect policy version details.", + "operationId": "getNapPolicyVersion", + "parameters": [ + { + "$ref": "#/components/parameters/NapPolicyParamObjectID" + }, + { + "$ref": "#/components/parameters/NapPolicyVersionParamObjectID" } - }, + ], "responses": { "200": { - "description": "Successfully retrieved tenant usage information.", + "description": "Successfully returned NGINX App Protect policy version details.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/InventoryResponse" + "$ref": "#/components/schemas/NapPolicyVersionDetails" } } } }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", + "401": { + "description": "Access denied.", "content": { "application/json": { "schema": { @@ -5604,8 +4781,8 @@ } } }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", + "404": { + "description": "The NGINX App Protect policy version with the specified nap_policy_version_object_id and nap_policy_version_object_id was not found. Check that the object IDs provided are correct and corresponds to existing resources.", "content": { "application/json": { "schema": { @@ -5613,5529 +4790,1101 @@ } } } - } - } - } - }, - "/app-protect/signatures": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { - "x-feature-flag": "nap-waf-m3", - "tags": [ - "NGINX App Protect" - ], - "summary": "List Signatures", - "description": "Returns signatures. A signature is a predefined detection rule that identifies specific attack patterns or\ncharacteristics commonly associated with web application security threats.\n", - "operationId": "listSignatures", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameNapSignatures" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/FilterFieldNapSignatures" - } - ], - "responses": { - "200": { - "description": "Successfully returned list of signatures.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapSignatureListResponse" - } - } - } - }, - "401": { - "$ref": "#/components/responses/Unauthorized" }, "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/app-protect/signatures/{signatureID}": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { - "x-feature-flag": "nap-waf-m3", - "tags": [ - "NGINX App Protect" - ], - "summary": "Retrieve a NGINX App Protect signature.", - "description": "A signature is a predefined detection rule that identifies specific attack patterns or characteristics commonly \nassociated with web application security threats.\n", - "parameters": [ - { - "$ref": "#/components/parameters/NapSignatureID" - } - ], - "operationId": "getSignature", - "responses": { - "200": { - "description": "Successfully returned the specified signature.", + "description": "An unexpected error occurred on the server. Please try the request again later.", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/NapSignature" + "$ref": "#/components/schemas/Error" } } } - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" } } } - }, - "/app-protect/signature-sets": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { - "x-feature-flag": "nap-waf-m3", - "tags": [ - "NGINX App Protect" - ], - "summary": "List NGINX App Protect signature sets", - "description": "Returns NGINX App Protect signature sets. Signature sets are predefined or user-defined groups of detection mechanisms (signatures) \nthat identify specific attack types, such as SQL injection, Cross-Site Scripting (XSS), or other web-based threats.\n", - "operationId": "listSignatureSets", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameNapSignatureSets" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/FilterFieldNapSignatureSets" - } - ], - "responses": { - "200": { - "description": "Successfully returned signature sets.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapSignatureSetListResponse" - } - } - } - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/app-protect/signature-sets/{signatureSetObjectID}": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { - "x-feature-flag": "nap-waf-m3", - "tags": [ - "NGINX App Protect" - ], - "summary": "Retrieve a NGINX App Protect signature set", - "description": "Returns a NGINX App Protect signature set. Signature sets are predefined or user-defined groups of detection \nmechanisms (signatures) that identify specific attack types, such as SQL injection, Cross-Site Scripting (XSS), \nor other web-based threats.\n", - "operationId": "getSignatureSet", - "parameters": [ - { - "$ref": "#/components/parameters/NapSignatureSetObjectID" - } - ], - "responses": { - "200": { - "description": "Successfully returned Signature Sets.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapSignatureSet" - } - } - } - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/app-protect/signature-sets/{signatureSetObjectID}/signatures": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { - "x-feature-flag": "nap-waf-m3", - "tags": [ - "NGINX App Protect" - ], - "summary": "List NGINX App Protect signatures in the specified signature set.", - "description": "Returns a list of signatures in the NGINX App Protect signature set.\n", - "operationId": "listSignatureSetSignatures", - "parameters": [ - { - "$ref": "#/components/parameters/NapSignatureSetObjectID" - } - ], - "responses": { - "200": { - "description": "Successfully returned signatures for signature set.", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NapSignatureMeta" - } - } - } - } - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/app-protect/threat-campaign/versions": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { - "tags": [ - "NGINX App Protect" - ], - "summary": "List Threat Campaign versions", - "description": "Returns Threat Campaign versions.", - "operationId": "listThreatCampaignVersions", - "responses": { - "200": { - "description": "Successfully returned Threat Campaign versions.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ThreatCampaignVersionsListResponse" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - } - }, - "/app-protect/attack-signature/versions": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { - "tags": [ - "NGINX App Protect" - ], - "summary": "List Attack Signature versions", - "description": "Returns Attack Signature versions.", - "operationId": "listAttackSignatureVersions", - "responses": { - "200": { - "description": "Successfully returned Attack Signature versions.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/AttackSignatureVersionsListResponse" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - } - }, - "/app-protect/bot-signature/versions": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { - "tags": [ - "NGINX App Protect" - ], - "summary": "List Bot Signature versions", - "description": "Returns Bot Signature versions.", - "operationId": "listBotSignatureVersions", - "responses": { - "200": { - "description": "Successfully returned Bot Signature versions.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/BotSignatureVersionsListResponse" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - } - }, - "/app-protect/versions": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { - "tags": [ - "NGINX App Protect" - ], - "summary": "List supported NGINX App Protect versions", - "description": "Returns supported NGINX App Protect versions details for releases.", - "operationId": "listNapVersions", - "responses": { - "200": { - "description": "Successfully returned NGINX App Protect versions.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapVersionsListResponse" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - } - }, - "/app-protect/policies": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { - "tags": [ - "NGINX App Protect" - ], - "summary": "List NGINX App Protect policies", - "description": "Returns a list of NGINX App Protect policies along with deployment details.", - "operationId": "listNapPolicies", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameNapPolicies" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/FilterFieldNapPolicy" - } - ], - "responses": { - "200": { - "description": "Successfully returned NGINX App Protect policies.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapPolicyListResponse" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - }, - "post": { - "x-nginx-one-action": "create", - "x-nginx-one-entity": "NGINX App Protect Policies", - "tags": [ - "NGINX App Protect" - ], - "summary": "Create NGINX App Protect policy", - "description": "Creates NGINX App Protect policy.", - "operationId": "createNapPolicy", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapPolicy" - } - } - } - }, - "responses": { - "201": { - "description": "Successfully created NGINX App Protect policy.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapPolicyMetadata" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - }, - "patch": { - "x-nginx-one-action": "bulk", - "x-nginx-one-entity": "NGINX App Protect Policies", - "tags": [ - "NGINX App Protect" - ], - "summary": "Bulk operation on multiple Nap policy", - "operationId": "bulkNAPPolicy", - "description": "Performs bulk operation on one or more Nap policy, only delete is supported.", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapPolicyBulkRequest" - } - } - } - }, - "responses": { - "200": { - "description": "Batch request completed.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapBulkResponse" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - } - }, - "/app-protect/policies/{nap_policy_object_id}": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { - "tags": [ - "NGINX App Protect" - ], - "summary": "Get NGINX App Protect policy details", - "description": "Returns NGINX App Protect policy summary.", - "operationId": "getNapPolicy", - "parameters": [ - { - "$ref": "#/components/parameters/NapPolicyParamObjectID" - } - ], - "responses": { - "200": { - "description": "Successfully returned NGINX App Protect policy details.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapPolicyObject" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "404": { - "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - }, - "put": { - "tags": [ - "NGINX App Protect" - ], - "x-nginx-one-action": "update", - "x-nginx-one-entity": "NGINX App Protect Policies", - "summary": "Update NGINX App Protect policy details", - "description": "Update NGINX App Protect policy details.", - "operationId": "updateNapPolicy", - "parameters": [ - { - "$ref": "#/components/parameters/NapPolicyParamObjectID" - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapPolicy" - } - } - } - }, - "responses": { - "201": { - "description": "Successfully created an NGINX App Protect policy version.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapPolicyMetadata" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "404": { - "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - }, - "delete": { - "tags": [ - "NGINX App Protect" - ], - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "NGINX App Protect Policies", - "summary": "Delete NGINX App Protect policy", - "description": "Deletes NGINX App Protect policy.", - "operationId": "deleteNapPolicy", - "parameters": [ - { - "$ref": "#/components/parameters/NapPolicyParamObjectID" - } - ], - "responses": { - "204": { - "description": "Successfully deleted NGINX App Protect policy." - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "404": { - "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - } - }, - "/app-protect/policies/{nap_policy_object_id}/versions": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { - "tags": [ - "NGINX App Protect" - ], - "summary": "List NGINX App Protect policy versions", - "description": "Returns NGINX App Protect policy versions.", - "operationId": "listNapPolicyVersions", - "parameters": [ - { - "$ref": "#/components/parameters/NapPolicyParamObjectID" - }, - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameNapPolicyVersions" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/FilterFieldNapPolicyVersion" - } - ], - "responses": { - "200": { - "description": "Successfully returned the NGINX App Protect policy versions.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapPolicyVersionsListResponse" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "404": { - "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - } - }, - "/app-protect/policies/{nap_policy_object_id}/version": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { - "tags": [ - "NGINX App Protect" - ], - "summary": "Get the latest NGINX App Protect policy version details", - "description": "Returns the latest NGINX App Protect policy version details.", - "operationId": "getLatestNapPolicyVersion", - "parameters": [ - { - "$ref": "#/components/parameters/NapPolicyParamObjectID" - } - ], - "responses": { - "200": { - "description": "Successfully returned NGINX App Protect policy version details.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapPolicyVersionDetails" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "404": { - "description": "The NGINX App Protect policy version with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - } - }, - "/app-protect/policies/{nap_policy_object_id}/versions/{nap_policy_version_object_id}": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { - "tags": [ - "NGINX App Protect" - ], - "summary": "Get the specified NGINX App Protect policy version details", - "description": "Returns the specified NGINX App Protect policy version details.", - "operationId": "getNapPolicyVersion", - "parameters": [ - { - "$ref": "#/components/parameters/NapPolicyParamObjectID" - }, - { - "$ref": "#/components/parameters/NapPolicyVersionParamObjectID" - } - ], - "responses": { - "200": { - "description": "Successfully returned NGINX App Protect policy version details.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapPolicyVersionDetails" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "404": { - "description": "The NGINX App Protect policy version with the specified nap_policy_version_object_id and nap_policy_version_object_id was not found. Check that the object IDs provided are correct and corresponds to existing resources.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - }, - "delete": { - "x-nginx-one-action": "delete", - "x-nginx-one-entity": "NGINX App Protect Policy Version", - "tags": [ - "NGINX App Protect" - ], - "summary": "Delete NGINX App Protect policy version", - "description": "Deletes the NGINX App Protect policy version.", - "operationId": "deleteNapPolicyVersion", - "parameters": [ - { - "$ref": "#/components/parameters/NapPolicyParamObjectID" - }, - { - "$ref": "#/components/parameters/NapPolicyVersionParamObjectID" - } - ], - "responses": { - "204": { - "description": "Successfully deleted the NGINX App Protect policy version." - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "404": { - "description": "The NGINX App Protect policy version with the specified nap_policy_version_object_id and nap_policy_version_object_id was not found. Check that the object IDs provided are correct and corresponds to existing resources.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - } - }, - "/app-protect/policies/{nap_policy_object_id}/deployments": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { - "tags": [ - "NGINX App Protect" - ], - "summary": "List NGINX App Protect deployments", - "description": "Returns NGINX App Protect deployments, providing details such as:\n * Target of the deployment\n * Time of deployment\n * Enforcement mode\n * Policy version\n * Threat campaign\n * Attack signature\n * Bot signature\n", - "operationId": "listNapPolicyDeployments", - "parameters": [ - { - "$ref": "#/components/parameters/NapPolicyParamObjectID" - }, - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameNapPolicyDeployments" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/FilterFieldNapPolicyDeployment" - } - ], - "responses": { - "200": { - "description": "Successfully returned NGINX App Protect deployments.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapPolicyDeploymentsListResponse" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "404": { - "description": "The NGINX App Protect policy with the specified nap_policy_object_id was not found. Check that the nap_policy_object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - } - }, - "/app-protect/log-profiles": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { - "tags": [ - "NGINX App Protect" - ], - "summary": "List NGINX App Protect log profiles", - "description": "Returns NGINX App Protect log profiles.", - "operationId": "listNapLogProfiles", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameNapLogProfiles" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/FilterFieldNapLogProfile" - } - ], - "responses": { - "200": { - "description": "Successfully returned NGINX App Protect log profiles.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapLogProfileListResponse" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - }, - "post": { - "tags": [ - "NGINX App Protect" - ], - "summary": "Create NGINX App Protect log profile", - "description": "Creates NGINX App Protect log profile.", - "operationId": "createNapLogProfile", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapLogProfileCreateRequest" - } - } - } - }, - "responses": { - "201": { - "description": "Successfully created NGINX App Protect log profile.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapLogProfileMetadata" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - } - }, - "/app-protect/log-profiles/{nap_log_profile_object_id}": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { - "tags": [ - "NGINX App Protect" - ], - "summary": "Get NGINX App Protect log profile details", - "description": "Returns NGINX App Protect log profile details.", - "operationId": "getNapLogProfile", - "parameters": [ - { - "$ref": "#/components/parameters/NapLogProfileParamObjectID" - } - ], - "responses": { - "200": { - "description": "Successfully returned NGINX App Protect log profile details.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapLogProfileGetResponse" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "404": { - "description": "The NGINX App Protect log profile with the specified nap_log_profile_object_id was not found. Check that the nap_log_profile_object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - }, - "put": { - "tags": [ - "NGINX App Protect" - ], - "summary": "Update NGINX App Protect log profile details", - "description": "Update NGINX App Protect log profile details.", - "operationId": "updateNapLogProfile", - "parameters": [ - { - "$ref": "#/components/parameters/NapLogProfileParamObjectID" - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapLogProfileUpdateRequest" - } - } - } - }, - "responses": { - "200": { - "description": "Successfully updated NGINX App Protect log profile details.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapLogProfileMetadata" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "404": { - "description": "The NGINX App Protect log profile with the specified nap_log_profile_object_id was not found. Check that the nap_log_profile_object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - }, - "delete": { - "tags": [ - "NGINX App Protect" - ], - "summary": "Delete NGINX App Protect log profile", - "description": "Deletes NGINX App Protect log profile.", - "operationId": "deleteNapLogProfile", - "parameters": [ - { - "$ref": "#/components/parameters/NapLogProfileParamObjectID" - } - ], - "responses": { - "204": { - "description": "Successfully deleted NGINX App Protect log profile." - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "404": { - "description": "The NGINX App Protect log profile with the specified nap_log_profile_object_id was not found. Check that the nap_log_profile_object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - } - }, - "/app-protect/global-settings": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { - "tags": [ - "NGINX App Protect" - ], - "summary": "List NGINX App Protect global setting objects", - "description": "Returns NGINX App Protect global setting objects.", - "operationId": "listNapGlobalSettings", - "parameters": [ - { - "$ref": "#/components/parameters/Paginated" - }, - { - "$ref": "#/components/parameters/Limit" - }, - { - "$ref": "#/components/parameters/Offset" - }, - { - "$ref": "#/components/parameters/SortDirection" - }, - { - "$ref": "#/components/parameters/SortNameNapGlobalSettings" - }, - { - "$ref": "#/components/parameters/FilterOperands" - }, - { - "$ref": "#/components/parameters/FilterValues" - }, - { - "$ref": "#/components/parameters/FilterFieldNapGlobalSetting" - } - ], - "responses": { - "200": { - "description": "Successfully returned NGINX App Protect global settings.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapGlobalSettingsListResponse" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - }, - "post": { - "tags": [ - "NGINX App Protect" - ], - "summary": "Create NGINX App Protect global setting object", - "description": "Creates NGINX App Protect global setting object.", - "operationId": "createNapGlobalSetting", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapGlobalSettingCreateRequest" - } - } - } - }, - "responses": { - "201": { - "description": "Successfully created NGINX App Protect global setting object.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapGlobalSettingMetadata" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - } - }, - "/app-protect/global-settings/{nap_global_setting_object_id}": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { - "tags": [ - "NGINX App Protect" - ], - "summary": "Get NGINX App Protect global setting details", - "description": "Returns the NGINX App Protect global setting details.", - "operationId": "getNapGlobalSetting", - "parameters": [ - { - "$ref": "#/components/parameters/NapGlobalSettingParamObjectID" - } - ], - "responses": { - "200": { - "description": "Successfully returned NGINX App Protect global setting details.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapGlobalSettingGetResponse" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "404": { - "description": "The NGINX App Protect global setting object with the specified nap_global_setting_object_id was not found. Check that the nap_global_setting_object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - }, - "put": { - "tags": [ - "NGINX App Protect" - ], - "summary": "Update NGINX App Protect global setting details", - "description": "Update NGINX App Protect global setting details.", - "operationId": "updateNapGlobalSetting", - "parameters": [ - { - "$ref": "#/components/parameters/NapGlobalSettingParamObjectID" - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapGlobalSettingUpdateRequest" - } - } - } - }, - "responses": { - "200": { - "description": "Successfully updated NGINX App Protect global setting details.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/NapGlobalSettingMetadata" - } - } - } - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "404": { - "description": "The NGINX App Protect global setting object with the specified nap_global_setting_object_id was not found. Check that the nap_global_setting_object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - }, - "delete": { - "tags": [ - "NGINX App Protect" - ], - "summary": "Delete NGINX App Protect global setting object", - "description": "Deletes NGINX App Protect global setting object.", - "operationId": "deleteNapGlobalSetting", - "parameters": [ - { - "$ref": "#/components/parameters/NapGlobalSettingParamObjectID" - } - ], - "responses": { - "204": { - "description": "Successfully deleted NGINX App Protect global setting object." - }, - "400": { - "description": "Request cannot be processed due to invalid input or parameters. Verify the request format and provided data.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "401": { - "description": "Access denied.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "404": { - "description": "The NGINX App Protect global setting object with the specified nap_global_setting_object_id was not found. Check that the nap_global_setting_object_id provided is correct and corresponds to an existing resource.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - }, - "500": { - "description": "An unexpected error occurred on the server. Please try the request again later.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - } - }, - "/deployments": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - } - } - ], - "get": { - "tags": [ - "Deployments" - ], - "summary": "List NAAS deployments", - "description": "Returns a list of NAAS deployments.", - "operationId": "listDeployments", - "responses": { - "200": { - "description": "Successfully returned the list of NAAS deployments.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/DeploymentListResponse" - }, - "examples": { - "DeploymentListResponse": { - "$ref": "#/components/examples/DeploymentListResponse" - } - } - } - } - }, - "400": { - "$ref": "#/components/responses/InvalidRequest" - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - }, - "post": { - "tags": [ - "Deployments" - ], - "summary": "Create deployment", - "description": "Creates a new NAAS deployment.", - "operationId": "createDeployment", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/DeploymentCreateRequest" - }, - "examples": { - "DeploymentCreateRequest": { - "$ref": "#/components/examples/DeploymentCreateRequest" - } - } - } - } - }, - "responses": { - "202": { - "description": "Successfully created the NAAS deployment.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Deployment" - }, - "examples": { - "DeploymentCreateResponse": { - "$ref": "#/components/examples/DeploymentCreateResponse" - } - } - } - } - }, - "400": { - "$ref": "#/components/responses/InvalidRequest" - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/deployments/{deployment_id}": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - } - } - ], - "get": { - "tags": [ - "Deployments" - ], - "summary": "Get NAAS deployment", - "description": "Returns NAAS deployment details.", - "operationId": "getDeployment", - "parameters": [ - { - "$ref": "#/components/parameters/DeploymentObjectID" - } - ], - "responses": { - "200": { - "description": "Successfully returned the deployment details.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Deployment" - }, - "examples": { - "DeploymentGetResponse": { - "$ref": "#/components/examples/DeploymentCreateResponse" - } - } - } - } - }, - "400": { - "$ref": "#/components/responses/InvalidRequest" - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "404": { - "$ref": "#/components/responses/NotFound" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - }, - "patch": { - "tags": [ - "Deployments" - ], - "summary": "Update NAAS deployment", - "description": "Updates the specified NAAS deployment.", - "operationId": "updateDeployment", - "parameters": [ - { - "$ref": "#/components/parameters/DeploymentObjectID" - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/DeploymentUpdateRequest" - }, - "examples": { - "DeploymentUpdateRequest": { - "$ref": "#/components/examples/DeploymentUpdateRequest" - } - } - } - } - }, - "responses": { - "202": { - "description": "Successfully updated the deployment.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Deployment" - }, - "examples": { - "DeploymentUpdateResponse": { - "$ref": "#/components/examples/DeploymentUpdateResponse" - } - } - } - } - }, - "400": { - "$ref": "#/components/responses/InvalidRequest" - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "404": { - "$ref": "#/components/responses/NotFound" - }, - "409": { - "$ref": "#/components/responses/Conflict" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - }, - "delete": { - "tags": [ - "Deployments" - ], - "summary": "Delete NAAS deployment", - "description": "Deletes the specified NAAS deployment.", - "operationId": "deleteDeployment", - "parameters": [ - { - "$ref": "#/components/parameters/DeploymentObjectID" - } - ], - "responses": { - "202": { - "description": "Successfully deleted the deployment.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Deployment" - }, - "examples": { - "DeploymentDeleteResponse": { - "$ref": "#/components/examples/DeploymentDeleteResponse" - } - } - } - } - }, - "401": { - "$ref": "#/components/responses/Unauthorized" - }, - "404": { - "$ref": "#/components/responses/NotFound" - }, - "500": { - "$ref": "#/components/responses/InternalServerErr" - } - } - } - }, - "/load-test/load-model": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "post": { - "tags": [ - "Load Test" - ], - "summary": "Create a new load model", - "description": "Creates a new load model with specified parameters and begins pre-loading.", - "requestBody": { - "required": true, - "content": { - "text/plain": { - "schema": { - "type": "string", - "example": "numberOfInstances: 10\ntype: monitor\ncustomer: customer_1\n" - } - } - } - }, - "responses": { - "202": { - "description": "Load model created successfully and pre-loading started", - "content": { - "application/json": { - "schema": { - "type": "object", - "properties": { - "loadModelUID": { - "type": "string", - "example": "644f78cf1e7342af967707d5" - } - } - } - } - } - }, - "400": { - "description": "Invalid input", - "$ref": "#/components/responses/InvalidRequest" - } - } - } - }, - "/load-test/load-runner/{loadModelUID}/configuration": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { - "tags": [ - "Load Test" - ], - "summary": "Get load runner configuration and model details", - "description": "Returns details of the load model and configuration after creation.", - "parameters": [ - { - "$ref": "#/components/parameters/loadModelUID" - } - ], - "responses": { - "200": { - "description": "Configuration details", - "content": { - "application/json": { - "schema": { - "type": "object", - "properties": { - "loadModelUID": { - "type": "string", - "example": "644f78cf1e7342af967707d5" - }, - "configurationDetails": { - "type": "object", - "example": { - "numberOfInstances": 10 - } - } - } - } - } - } - }, - "404": { - "description": "Configuration not found", - "$ref": "#/components/responses/NotFound" - } - } - } - }, - "/load-test/load-runner/{loadModelUID}/status": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { - "tags": [ - "Load Test" - ], - "summary": "Get current status of a load test", - "description": "Returns the current status of a load test run (e.g., in-progress, not started, provisioning).", - "parameters": [ - { - "$ref": "#/components/parameters/loadModelUID" - } - ], - "responses": { - "200": { - "description": "Status details for a load test that's ready to run, is running, or has completed.", - "content": { - "application/json": { - "schema": { - "type": "string", - "example": "not started" - } - } - } - }, - "202": { - "description": "Status details for a load test that is currently being provisioned or failed to be provisioned.", - "content": { - "application/json": { - "schema": { - "type": "string", - "example": "provisioning" - } - } - } - }, - "404": { - "description": "Status not found", - "$ref": "#/components/responses/NotFound" - } - } - } - }, - "/load-test/load-runner/{loadModelUID}/start": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { - "tags": [ - "Load Test" - ], - "summary": "Begins the run for a load model", - "description": "Starts a load test after data preloading is complete.", - "parameters": [ - { - "$ref": "#/components/parameters/loadModelUID" - } - ], - "responses": { - "200": { - "description": "Operation successful" - }, - "404": { - "description": "Failed to start run", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - } - }, - "/load-test/load-runner/{loadModelUID}/shutdown": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "put": { - "tags": [ - "Load Test" - ], - "summary": "Initiate stop, shutdown, and cleanup", - "description": "Stops an ongoing load test and performs necessary cleanup operations.", - "parameters": [ - { - "$ref": "#/components/parameters/loadModelUID" - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "type": "object", - "properties": { - "comment": { - "type": "string", - "description": "Optional comment to associate with the shutdown." - } - }, - "required": [ - "comment" - ] - } - } - } - }, - "responses": { - "200": { - "description": "Operation successful" - }, - "400": { - "description": "Invalid action or LoadModelUID", - "$ref": "#/components/responses/NotFound" - } - } - } - }, - "/load-test/{loadModelUID}/summary": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "get": { - "tags": [ - "Load Test" - ], - "summary": "Get summary by LoadModelUID of a load test run", - "description": "Returns the summary of a load test run including metrics and results.", - "parameters": [ - { - "$ref": "#/components/parameters/loadModelUID" - } - ], - "responses": { - "200": { - "description": "Load test summary", - "content": { - "application/json": { - "schema": { - "type": "object", - "properties": { - "loadModelUID": { - "type": "string" - }, - "summaryDetails": { - "type": "object", - "example": { - "instancesChecked": 10, - "totalRequests": 10000, - "averageResponseTime": "200ms", - "successRate": "99.9%" - } - } - }, - "required": [ - "loadModelUID", - "summaryDetails" - ] - } - } - } - }, - "404": { - "description": "Load test not found", - "$ref": "#/components/responses/NotFound" - } - } - } - }, - "/load-test/observability-metrics": { - "servers": [ - { - "url": "/api/v1/namespaces/{namespace}", - "variables": { - "namespace": { - "default": "default" - } - }, - "x-nodoc": true - } - ], - "post": { - "tags": [ - "Load Test" - ], - "summary": "Store observability metrics for the current load test run", - "description": "Stores observability metrics generated during the test run (e.g., CPU, memory, network usage).", - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ObservabilityMetricsRequest" - } - } - } - }, - "responses": { - "201": { - "description": "Metrics stored successfully" - }, - "400": { - "description": "Invalid input data.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } - } - } - } - } - }, - "components": { - "parameters": { - "Paginated": { - "name": "paginated", - "in": "query", - "schema": { - "type": "boolean", - "default": true - }, - "description": "A boolean indicating if the results should be presented as a paginated list. Defaults to `true`. \nWhen set to `false` a maximum of 3000 results are returned.\n", - "required": false - }, - "Limit": { - "name": "limit", - "in": "query", - "schema": { - "type": "integer", - "minimum": 0 - }, - "description": "An integer that specifies the maximum number of items to be returned. \nSetting this to `0` will result in no items being returned, but a total count will still be provided. \nThis parameter is not applicable if `paginated` is `false`.\n", - "required": false - }, - "Offset": { - "name": "offset", - "in": "query", - "schema": { - "type": "integer", - "minimum": 1 - }, - "description": "An integer that specifies the starting position of the results, starting at `1`.\nThis parameter is not applicable if `paginated` is `false`.\n" - }, - "FilterFieldDataPlaneKeys": { - "name": "filter_fields", - "in": "query", - "description": "Filter options for data plane keys; used in conjunction with other filter parameters having the same array length.\n\nWhen filtering on `status`, only the following `filter_values` are supported:\n * revoked\n * expired\n * valid\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameDataPlaneKeys" - } - } - }, - "FilterOperands": { - "name": "filter_ops", - "in": "query", - "description": "An array of strings defining the operands for filtering, to be used in conjunction with `filter_fields` and `filter_values`. \nAll filter parameters must have matching array lengths. Currently, the only supported operand is `\"IN\"`.\n", - "schema": { - "$ref": "#/components/schemas/FilterOperands" - } - }, - "FilterValues": { - "name": "filter_values", - "in": "query", - "description": "An array of strings containing the keywords for filtering. \nMultiple keywords can be chained using the `|` character. \nEnsure this parameter's array length matches those of `filter_fields` and `filter_ops` for effective filtering.\nThe total length of the filter string should not exceed 1024 characters.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "example": "value1|value2|value3", - "minLength": 1, - "maxLength": 1024 - } - } - }, - "DataPlaneKeyParamObjectID": { - "name": "data_plane_key_id", - "in": "path", - "schema": { - "$ref": "#/components/schemas/DataPlaneKeyObjectID" - }, - "description": "A globally unique identifier for the data plane key.\n", - "required": true - }, - "FilterFieldInstances": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `hostname`, `nginx_version`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameInstances" - } - } - }, - "SortDirection": { - "name": "sort_dir", - "in": "query", - "description": "Sorting direction for the criteria and the resulting collection returned. Defaults to descending if not specified.\n", - "schema": { - "type": "string", - "enum": [ - "Ascending", - "Descending" - ], - "x-enum-varnames": [ - "ascending", - "descending" - ] - } - }, - "SortNameInstances": { - "name": "sort_instances", - "in": "query", - "description": "Sort instances by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "hostname", - "status", - "last_reported" - ], - "x-enum-varnames": [ - "sort_name_instance_hostname", - "sort_name_instance_status", - "sort_name_instance_last_reported" - ] - } - } - }, - "InstanceParamObjectID": { - "name": "instanceObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/InstanceObjectID" - }, - "description": "A globally unique identifier for the NGINX instance.\n", - "required": true - }, - "InstanceConfigurationParamObjectID": { - "name": "instanceConfigurationObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/NginxConfigObjectID" - }, - "description": "A globally unique identifier for the NGINX instance configuration.\n", - "required": true - }, - "PublicationParamObjectID": { - "name": "publicationObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/PublicationObjectID" - }, - "description": "A globally unique identifier for a Publication.\n", - "required": true - }, - "FilterFieldConfigSyncGroups": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `name`, `config_status`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameConfigSyncGroups" - } - } - }, - "SortNameConfigSyncGroups": { - "name": "sort_config_sync_groups", - "in": "query", - "description": "Sort config sync groups by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name" - ], - "x-enum-varnames": [ - "sort_name_config_sync_group_name" - ] - } - } - }, - "ConfigSyncGroupParamObjectID": { - "name": "configSyncGroupObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/ConfigSyncGroupObjectID" - }, - "description": "A globally unique identifier for the NGINX config sync group.\n", - "required": true - }, - "ConfigSyncGroupConfigurationParamObjectID": { - "name": "configSyncGroupConfigurationObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/NginxConfigObjectID" - }, - "description": "A globally unique identifier for the NGINX config sync group configuration.\n", - "required": true - }, - "FilterFieldCertificates": { - "name": "filter_fields", - "in": "query", - "description": "Filter options for certificates; used in conjunction with other filter parameters having the same array length.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameCertificates" - } - } - }, - "SortNameCertificates": { - "name": "sort_certificates", - "in": "query", - "description": "Sort certificates by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name", - "subject_name", - "not_before", - "not_after" - ], - "x-enum-varnames": [ - "sort_name_certificates_name", - "sort_name_certificates_subject_name", - "sort_name_certificates_not_before", - "sort_name_certificates_not_after" - ] - } - } - }, - "CertificateParamObjectID": { - "name": "certificateObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/CertificateObjectID" - }, - "description": "A globally unique identifier for the certificate.\n", - "required": true - }, - "DeleteFromDataPlanesParamFlag": { - "name": "deleteFromDataPlanes", - "in": "query", - "schema": { - "type": "boolean" - }, - "description": "Flag indicating whether the certificate should be deleted from its associated data planes.\n" - }, - "FilterFieldCertificateDeployments": { - "name": "filter_fields", - "in": "query", - "description": "Filter options for certificate deployments; used in conjunction with other filter parameters having the same array length.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameCertificateDeployments" - } - } - }, - "SortNameCertificateDeployments": { - "name": "sort_certificate_deployments", - "in": "query", - "description": "Sort certificate deployments by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name" - ], - "x-enum-varnames": [ - "sort_name_certificate_deployments_name" - ] - } - } - }, - "SortNameCVEs": { - "name": "sort_cves", - "in": "query", - "description": "Sort CVEs by the number of instances/control planes affected by that CVE.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "instance_count", - "control_plane_count", - "severity", - "cve_id", - "published_at" - ], - "x-enum-varnames": [ - "sort_instance_count", - "sort_control_plane_count", - "sort_cve_severity", - "sort_cve_id", - "sort_published_at" - ] - } - } - }, - "NginxCVEParamID": { - "name": "nginxCVEID", - "in": "path", - "schema": { - "type": "string", - "pattern": "^\\d{4}-\\d{4,19}$" - }, - "description": "A globally unique identifier for NGINX CVE.\n", - "required": true - }, - "SortNameCVEImpactedInstances": { - "name": "sort_cve_impacted_instances", - "in": "query", - "description": "Sort the Instances that are affected by a CVE\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "hostname", - "status" - ], - "x-enum-varnames": [ - "sort_name_cve_impacted_instances_hostname", - "sort_name_cve_impacted_instances_status" - ] - } - } - }, - "SortNameCVEImpactedControlPlanes": { - "name": "sort_cve_impacted_control_planes", - "in": "query", - "description": "Sort the control planes that are affected by a CVE\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name", - "product_version" - ], - "x-enum-varnames": [ - "sort_name_cve_impacted_control_planes_name", - "sort_name_cve_impacted_control_planes_product_version" - ] - } - } - }, - "FilterFieldEvents": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `hostname`, `object_id`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameEvents" - } - } - }, - "EventParamObjectID": { - "name": "eventObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/EventObjectID" - }, - "description": "A globally unique identifier for an event.\n", - "required": true - }, - "FilterFieldStagedConfigs": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterStagedConfigs" - } - } - }, - "SortNameStagedConfigs": { - "name": "sort_staged_configs", - "in": "query", - "description": "Sort staged configs by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name" - ], - "x-enum-varnames": [ - "sort_name_staged_config_name" - ] - } - } - }, - "StagedConfigParamObjectID": { - "name": "stagedConfigObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/StagedConfigObjectID" - }, - "description": "A globally unique identifier for the NGINX staged config.\n", - "required": true - }, - "StagedConfigImportParseOnly": { - "name": "parseOnly", - "in": "query", - "schema": { - "type": "boolean", - "default": false - }, - "description": "Optional flag to control how the request is processed.\n - When `false` or omitted (by default), the request creates a Staged Config directly. (`StagedConfigCreateResponse`)\n - When `true`, the request parses the import and returns metadata you can use to create a Staged Config through a POST. ( `StagedConfigCreateRequest`)\n", - "required": false - }, - "SortNameControlPlanes": { - "name": "sort_control_planes", - "in": "query", - "description": "Sort control planes by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name" - ], - "x-enum-varnames": [ - "sort_name_control_plane_name" - ] - } - } - }, - "FilterFieldControlPlanes": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings. Identifies the fields to filter by (for example, `name`, `product`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameControlPlanes" - } - } - }, - "ControlPlaneParamObjectID": { - "name": "controlPlaneObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/ControlPlaneObjectID" - }, - "description": "A globally unique identifier for the control plane.\n", - "required": true - }, - "NapSignatureID": { - "name": "signatureID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/NapSignatureID" - }, - "description": "An unique identifier for the NGINX App Protect signature.\n", - "required": true - }, - "NapSignatureSetObjectID": { - "name": "signatureSetObjectID", - "in": "path", - "schema": { - "$ref": "#/components/schemas/NapSignatureSetObjectID" - }, - "description": "A globally unique identifier for the NGINX App Protect signature set.\n", - "required": true - }, - "SortNameNapSignatures": { - "name": "sort_fields", - "in": "query", - "description": "Sort NGINX App Protect signatures by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name", - "signature_id" - ], - "x-enum-varnames": [ - "sort_name_nap_signatures_name", - "sort_name_nap_signatures_signature_id" - ] - } - } - }, - "SortNameNapSignatureSets": { - "name": "sort_fields", - "in": "query", - "description": "Sort NGINX App Protect signature sets by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name", - "signature_count" - ], - "x-enum-varnames": [ - "sort_name_nap_signature_sets_name", - "sort_name_nap_signature_sets_signature_count" - ] - } - } - }, - "FilterFieldNapSignatures": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `accuracy`, `risk`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameNapSignatures" - } - } - }, - "FilterFieldNapSignatureSets": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `type`, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameNapSignatureSets" - } - } - }, - "SortNameNapPolicies": { - "name": "sort_nap_policies", - "in": "query", - "description": "Sort NGINX App Protect policies by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name", - "deployment_count", - "enforcement_mode", - "last_deployed" - ], - "x-enum-varnames": [ - "sort_name_nap_policies_name", - "sort_name_nap_policies_deployment_count", - "sort_name_nap_policies_enforcement_mode", - "sort_name_nap_policies_last_deployed" - ] - } - } - }, - "FilterFieldNapPolicy": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameNapPolicy" - } - } - }, - "NapPolicyParamObjectID": { - "name": "nap_policy_object_id", - "in": "path", - "schema": { - "$ref": "#/components/schemas/NapPolicyObjectID" - }, - "description": "A globally unique identifier for the App Protect policy.\n", - "required": true - }, - "SortNameNapPolicyVersions": { - "name": "sort_nap_policy_versions", - "in": "query", - "description": "Sort NGINX App Protect policy versions by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "created_at", - "deployment_status", - "deployment_count", - "enforcement_mode" - ], - "x-enum-varnames": [ - "sort_name_nap_policy_versions_created_at", - "sort_name_nap_policy_versions_deployment_status", - "sort_name_nap_policy_versions_deployment_count", - "sort_name_nap_policy_versions_enforcement_mode" - ] - } - } - }, - "FilterFieldNapPolicyVersion": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameNapPolicyVersion" - } - } - }, - "NapPolicyVersionParamObjectID": { - "name": "nap_policy_version_object_id", - "in": "path", - "schema": { - "$ref": "#/components/schemas/NapPolicyVersionObjectID" - }, - "description": "A globally unique identifier for the App Protect policy version.\n", - "required": true - }, - "SortNameNapPolicyDeployments": { - "name": "sort_nap_deployments", - "in": "query", - "description": "Sort NGINX App Protect deployments by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name", - "type", - "policy_version", - "status", - "deployed_on", - "threat_campaign_version", - "attack_signature_version", - "bot_signature_version" - ], - "x-enum-varnames": [ - "sort_name_nap_policy_deployments_name", - "sort_name_nap_policy_deployments_type", - "sort_name_nap_policy_deployments_policy_version", - "sort_name_nap_policy_deployments_status", - "sort_name_nap_policy_deployments_deployed_on", - "sort_name_nap_policy_deployments_threat_campaign_version", - "sort_name_nap_policy_deployments_attack_signature_version", - "sort_name_nap_policy_deployments_bot_sigature_version" - ] - } - } - }, - "FilterFieldNapPolicyDeployment": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameNapPolicyDeployment" - } - } - }, - "SortNameNapLogProfiles": { - "name": "sort_nap_log_profiles", - "in": "query", - "description": "Sort NGINX App Protect log profiles by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name" - ], - "x-enum-varnames": [ - "sort_name_nap_log_profiles_name" - ] - } - } - }, - "FilterFieldNapLogProfile": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameNapLogProfile" - } - } - }, - "NapLogProfileParamObjectID": { - "name": "nap_log_profile_object_id", - "in": "path", - "schema": { - "$ref": "#/components/schemas/NapLogProfileObjectID" - }, - "description": "A globally unique identifier for the App Protect log profile.\n", - "required": true - }, - "SortNameNapGlobalSettings": { - "name": "sort_nap_global_settings", - "in": "query", - "description": "Sort NGINX App Protect global settings by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", - "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "name" - ], - "x-enum-varnames": [ - "sort_name_nap_global_settings_name" - ] - } - } - }, - "FilterFieldNapGlobalSetting": { - "name": "filter_fields", - "in": "query", - "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterNameNapGlobalSettings" - } - } - }, - "NapGlobalSettingParamObjectID": { - "name": "nap_global_setting_object_id", - "in": "path", - "schema": { - "$ref": "#/components/schemas/NapGlobalSettingObjectID" - }, - "description": "A globally unique identifier for the App Protect global settings object.\n", - "required": true - }, - "DeploymentObjectID": { - "name": "deployment_id", - "in": "path", - "schema": { - "$ref": "#/components/schemas/DeploymentObjectID" - }, - "description": "A globally unique identifier for the NAAS deployment.", - "required": true - }, - "loadModelUID": { - "name": "loadModelUID", - "in": "path", - "required": true, - "schema": { - "type": "string", - "format": "uuid" - }, - "description": "A globally unique identifier for a Load Model.", - "example": "f038dca0-b55c-410a-95a6-b9f876792ce8" - } - }, - "schemas": { - "FilterNameDataPlaneKeys": { - "type": "string", - "description": "Keywords for data plane key filters.\nWhen filtering on `status`, only the following `filter_values` are supported:\n * revoked\n * valid\n", - "enum": [ - "name", - "status", - "object_id" - ], - "x-enum-varnames": [ - "filter_name_data_plane_key_name", - "filter_name_data_plane_key_status", - "filter_name_data_plane_key_object_id" - ] - }, - "FilterOperand": { - "type": "string", - "enum": [ - "IN" - ], - "x-enum-varnames": [ - "filter_operands_in" - ] - }, - "FilterOperands": { - "type": "array", - "items": { - "$ref": "#/components/schemas/FilterOperand" - } - }, - "PaginationResponse": { - "type": "object", - "description": "Outlines pagination details for list responses, including total results, start index, and items per page.", - "required": [ - "total", - "count" - ], - "properties": { - "total": { - "type": "integer", - "description": "The absolute total number of the resource in the NGINX One Console, ignoring any filter(s).\n" - }, - "count": { - "type": "integer", - "description": "The total number of results generated by the list or query operation, accounting for any filter(s).\nThis number can be greater than the number of returned resources when pagination is in effect and a page size limit (or maximum allowed) is reached.\n" - }, - "start_index": { - "type": "integer", - "description": "The first result's starting position in the list. This is disregarded when `paginated=false`.\n" - }, - "items_per_page": { - "type": "integer", - "description": "The number of items to display per page. This is disregarded when `paginated=false`.\n" - } - }, - "example": { - "total": 101, - "count": 1, - "start_index": 1, - "items_per_page": 100 - } - }, - "DataPlaneKeyObjectID": { - "description": "A globally unique identifier for the data plane key.", - "type": "string", - "format": "object_id", - "pattern": "^key_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } - }, - "DataPlaneKey": { - "type": "object", - "description": "Represents a data plane key with details such as object_id, name, and timestamps.", - "required": [ - "object_id", - "name", - "revoked", - "expires_at", - "created_at", - "modified_at" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/DataPlaneKeyObjectID" - }, - "name": { - "description": "The name given to the data plane key.", - "type": "string" - }, - "revoked": { - "description": "Indicates whether the data plane key has been revoked or not.", - "type": "boolean" - }, - "revoked_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the data plane key was revoked." - }, - "expires_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the data plane key expires." - }, - "created_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the data plane key was created." - }, - "modified_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the data plane key was last modified." - }, - "instances_count": { - "type": "integer", - "description": "The number of registered instances using this data plane key. If field not populated, user should see the key has `unknown` key count" - }, - "control_planes_count": { - "type": "integer", - "description": "The number of observed control planes using this data plane key." - } - } - }, - "DataPlaneKeyListResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" - }, - { - "type": "object", - "description": "List of data plane keys.", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of DataPlaneKey objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/DataPlaneKey" - } - } - } - } - ] - }, - "Error": { - "description": "This object contains details about the errors that are returned when API requests fail.", - "type": "object", - "required": [ - "message", - "request_id", - "timestamp" - ], - "properties": { - "message": { - "description": "The error message describing the problem.", - "type": "string" - }, - "request_id": { - "description": "The unique identifier of the API request that failed.", - "type": "string" - }, - "timestamp": { - "description": "The date and time (in UTC) when the error happened.", - "type": "string" - }, - "detail": { - "description": "Additional information about the error, if available.", - "type": "string" - } - } - }, - "DataPlaneKeyCreateRequest": { - "type": "object", - "description": "Request structure for creating a new data plane key.", - "required": [ - "name" - ], - "properties": { - "name": { - "description": "Give the data plane key a name so you can tell it apart from others.", - "type": "string", - "minLength": 1, - "maxLength": 128 - }, - "expires_at": { - "type": "string", - "format": "date-time", - "description": "Set an expiration date and time for the data plane key in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. \nIf an expiration date isn't specified, the key will expire one year after it's created. \n\nYou can use the _Update a data plane key_ endpoint to extend the expiration date.\nIt's not possible to update the expiration date once the data plane key has expired.\n" - } - } - }, - "DataPlaneKeyResponse": { - "type": "object", - "description": "Response structure containing details of the created or retrieved data plane key.", - "required": [ - "key", - "object_id", - "expires_at" - ], - "properties": { - "name": { - "description": "The name to be give to the new data plane key.", - "type": "string" - }, - "object_id": { - "$ref": "#/components/schemas/DataPlaneKeyObjectID" - }, - "key": { - "description": "The data plane key value. Save this key somewhere secure as it isn't saved and is shown only once.", - "type": "string" - }, - "expires_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the data plane key will expire." - } - } - }, - "BulkRequestAction": { - "type": "string", - "default": "modify", - "description": "Bulk action to perform:\n * `create` creates a new object given all required elements.\n * `modify` updates one or more elements of an existing object.\n * `delete` removes the existing object.\n", - "enum": [ - "create", - "modify", - "delete" - ], - "x-enum-varnames": [ - "bulk_action_create", - "bulk_action_modify", - "bulk_action_delete" - ] - }, - "DataPlaneKeyBulkRequestData": { - "type": "object", - "description": "Part of bulk operation on a data plane key, only `delete` is supported.", - "required": [ - "action", - "object_id" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/DataPlaneKeyObjectID" - }, - "action": { - "$ref": "#/components/schemas/BulkRequestAction" - } - }, - "example": { - "object_id": "key_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" - } - }, - "DataPlaneKeyBulkRequest": { - "type": "array", - "items": { - "$ref": "#/components/schemas/DataPlaneKeyBulkRequestData" - }, - "minItems": 1, - "maxItems": 50, - "example": [ - { - "object_id": "key_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" - }, - { - "object_id": "key_PL0c1XodRemmzVEjiXSsTg", - "action": "delete" - } - ] - }, - "ObjectID": { - "description": "A globally unique identifier.", - "type": "string", - "format": "object_id", - "pattern": "^\\w+_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } - }, - "BulkRequestObjectStatus": { - "type": "object", - "required": [ - "outcome" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/ObjectID" - }, - "name": { - "type": "string", - "description": "this is the user facing name of the object." - }, - "outcome": { - "type": "string", - "description": "This is the outcome that corresponds to the action.\n* deleted - the object deletion was processed, and the object was deleted.\n* accepted - the request was accepted, and will be processed.\n* failed - the request failed, see failure_reason for more details.\n* invalid - the request was invalid, see failure_reason for more details.\n", - "enum": [ - "deleted", - "accepted", - "failed", - "invalid" - ], - "x-enum-varnames": [ - "build_request_object_status_deleted", - "build_request_object_status_accepted", - "build_request_object_status_failed", - "build_request_object_status_invalid" - ] - }, - "failure_reason": { - "type": "string", - "description": "this is the failure reason populated when outcome is 'failed' or 'invalid'." - } - } - }, - "DataPlaneKeyBulkResponse": { - "description": "The data plane key bulk outcome.", - "type": "array", - "items": { - "$ref": "#/components/schemas/BulkRequestObjectStatus" - } - }, - "DataPlaneKeyUpdateRequest": { - "type": "object", - "description": "Request structure for updating an existing data plane key.", - "properties": { - "name": { - "description": "Give the data plane key a new name so you can tell it apart from others.", - "type": "string", - "minLength": 1, - "maxLength": 128 - }, - "expires_at": { - "type": "string", - "format": "date-time", - "description": "Adjust the expiration date and time for the data plane key in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. \n\nIt's not possible to update the expiration date once the data plane key has expired.\n" - } - } - }, - "CertificateStatus": { - "type": "string", - "description": "Status of the certificate:\n * `valid` - The certificate is currently valid and operational.\n * `expiring` - The certificate will expire within the next 30 days. Consider renewing it to maintain uninterrupted service.\n * `expired` - The certificate is no longer valid. Immediate renewal is recommended to ensure secure connections.\n * `not_ready` - The certificate is not ready to be used, based on the start date of its validity period.\n", - "enum": [ - "valid", - "expiring", - "expired", - "not_ready" - ], - "x-enum-varnames": [ - "certificate_status_valid", - "certificate_status_expiring", - "certificate_status_expired", - "certificate_status_not_ready" - ] - }, - "CertificateSummaryItem": { - "description": "summary information for certificate with certain status.", - "type": "object", - "required": [ - "status", - "count", - "affected_instances" - ], - "properties": { - "status": { - "$ref": "#/components/schemas/CertificateStatus" - }, - "count": { - "description": "The total number of SSL certificates for each status category.", - "type": "integer" - }, - "affected_instances": { - "description": "Indicates the total number of SSL/TLS certificates corresponding to the status provided.", - "type": "integer" - } - } - }, - "SummaryDisplayCount": { - "description": "The name, the total count, and an optional user-friendly display name of the resource being summarized.", - "type": "object", - "required": [ - "name", - "count" - ], - "properties": { - "name": { - "description": "Identifies the category of data being reported, such as an operating system, NGINX version, or another type.", - "type": "string" - }, - "count": { - "description": "The number of resources matching the given type.", - "type": "integer" - }, - "display": { - "description": "A user-friendly label for the category count, intended for display purposes where a more descriptive or readable format is preferred.", - "type": "string" - } - } - }, - "OperatingSystemVersionSummary": { - "description": "An array of operating systems and their versions on the NGINX data plane.", - "type": "array", - "items": { - "$ref": "#/components/schemas/SummaryDisplayCount" - } - }, - "NGINXVersionSummary": { - "description": "An array of NGINX versions installed across the NGINX data plane.", - "type": "array", - "items": { - "$ref": "#/components/schemas/SummaryDisplayCount" - } - }, - "StatusSummary": { - "description": "An overview of the status for each NGINX instance, indicating availability.", - "type": "object", - "required": [ - "online", - "offline", - "unavailable" - ], - "properties": { - "online": { - "description": "The number of NGINX instances reporting as `online`.\nThe NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n", - "type": "integer" - }, - "offline": { - "description": "The number of NGINX instances reporting as `offline`.\nThe NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n", - "type": "integer" - }, - "unavailable": { - "description": "The number of NGINX instances reporting as `unavailable`.\nThe NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n", - "type": "integer" - } - } - }, - "CveSeverityType": { - "type": "string", - "description": "Severity ratings:\n * `high` - High severity.\n * `medium` - Moderate severity.\n * `low` - Least severe.\n * `none` - Not severe.\n * `other` - Severity that does not fit the other categories.\n", - "enum": [ - "high", - "medium", - "low", - "none", - "other" - ], - "x-enum-varnames": [ - "cve_severity_type_high", - "cve_severity_type_medium", - "cve_severity_type_low", - "cve_severity_type_none", - "cve_severity_type_other" - ] - }, - "CveSummary": { - "description": "A summary of Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", - "type": "object", - "required": [ - "severity", - "count", - "affected_instances" - ], - "properties": { - "severity": { - "$ref": "#/components/schemas/CveSeverityType" - }, - "count": { - "description": "The number of CVEs at each severity level.", - "type": "integer" - }, - "affected_instances": { - "description": "The number of NGINX instances affected by each CVE.", - "type": "integer" - } - } - }, - "RecommendationType": { - "type": "string", - "description": "Types of configuration recommendations:\n * `best_practice` - Suggestions based on established best practices.\n * `security` - Recommendations related to security.\n * `optimization` - Advice for optimizing performance.\n * `other` - Recommendations that do not fit the above categories.\n", - "enum": [ - "best_practice", - "security", - "optimization", - "other" - ], - "x-enum-varnames": [ - "recommendation_type_best_practice", - "recommendation_type_security", - "recommendation_type_optimization", - "recommendation_type_other" - ] - }, - "IssueSummary": { - "description": "A summary of issue details from the configuration analysis report.", - "type": "object", - "required": [ - "type", - "count", - "affected_instances" - ], - "properties": { - "type": { - "$ref": "#/components/schemas/RecommendationType" - }, - "count": { - "description": "The number of times this recommendation appears in the configuration analysis report.", - "type": "integer" - }, - "affected_instances": { - "description": "The number of instances affected by this issue.", - "type": "integer" - } - } - }, - "InstanceSummary": { - "description": "A summary of NGINX instances, including certificates, OS versions, NGINX versions, and status details.", - "type": "object", - "properties": { - "certs": { - "description": "An array detailing each certificate's status across all NGINX instances.", - "type": "array", - "items": { - "$ref": "#/components/schemas/CertificateSummaryItem" - } - }, - "os": { - "$ref": "#/components/schemas/OperatingSystemVersionSummary" - }, - "nginx_versions": { - "$ref": "#/components/schemas/NGINXVersionSummary" - }, - "statuses": { - "$ref": "#/components/schemas/StatusSummary" - }, - "cves": { - "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", - "type": "array", - "items": { - "$ref": "#/components/schemas/CveSummary" - } - }, - "recommendations": { - "description": "An array summarizing the suggestions from the configuration analysis report.", - "type": "array", - "items": { - "$ref": "#/components/schemas/IssueSummary" - } - } - } - }, - "FilterNameInstances": { - "type": "string", - "description": "Keywords for instance filters.\n\nWhen filtering on `instance_status`, only the following `filter_values` are supported:\n * online\n * offline\n * unavailable\n * unknown\nWhen filtering base on `cert_status`, only the following `filter_values` are supported:\n * valid\n * expiring\n * expired\n * not_ready\n", - "enum": [ - "hostname", - "nginx_version", - "os_version", - "instance_status", - "cert_status", - "cve_severity", - "config_recommendation", - "key_object_id", - "system_id", - "object_id" - ], - "x-enum-varnames": [ - "filter_name_instances_hostname", - "filter_name_instances_nginx_version", - "filter_name_instances_os_version", - "filter_name_instances_instance_status", - "filter_name_instances_cert_status", - "filter_name_instances_cve_severity", - "filter_name_instances_config_recommendation", - "filter_name_instances_key_object_id", - "filter_name_instances_system_id", - "filter_name_instances_object_id" - ] - }, - "InstanceObjectID": { - "description": "A globally unique identifier for the NGINX instance.", - "type": "string", - "format": "object_id", - "pattern": "^inst_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } - }, - "NginxBuild": { - "description": "The build details for the NGINX binary, including its configuration parameters.\n", - "type": "object", - "required": [ - "version" - ], - "properties": { - "version": { - "description": "The version number of the base open-source NGINX.", - "type": "string" - }, - "plus_release": { - "description": "The NGINX Plus release version, if applicable.", - "type": "string" - }, - "conf_path": { - "description": "The absolute path to the NGINX configuration, as set by the `--conf-path` option during build time.", - "type": "string" - } - } - }, - "NginxAppProtectVersions": { - "description": "Version information regarding NGINX App Protect.\n", - "type": "object", - "required": [ - "engine_version" - ], - "properties": { - "release_version": { - "description": "The release version of NGINX App Protect.", - "type": "string" - }, - "engine_version": { - "description": "The version of the App Protect enforcement engine.", - "type": "string" - } - } - }, - "NginxAppProtectDeploymentCounts": { - "type": "object", - "description": "Summary count of NAP policy version deployment statues.", - "required": [ - "total", - "deployed", - "deploying", - "failed" - ], - "properties": { - "total": { - "description": "Total count of NAP policy versions across the NGINX data plane.", - "type": "integer" - }, - "deployed": { - "description": "The number of NAP policy versions that have deployed.", - "type": "integer" - }, - "deploying": { - "description": "The number of NAP policy versions that are deploying.", - "type": "integer" - }, - "failed": { - "description": "The number of NAP policy versions that have failed deployment.", - "type": "integer" - } - } - }, - "NginxAppProtectSummary": { - "description": "Summary information regarding NGINX App Protect.\n", - "type": "object", - "allOf": [ - { - "$ref": "#/components/schemas/NginxAppProtectVersions" - }, - { - "type": "object", - "required": [ - "deployments" - ], - "properties": { - "deployments": { - "$ref": "#/components/schemas/NginxAppProtectDeploymentCounts" - } - } - } - ] - }, - "CertificateInstanceSummary": { - "description": "A breakdown and tally of certificates, detailing the total count, number of expired certificates, certificates nearing expiration, and those that are valid.", - "type": "object", - "required": [ - "total", - "expired", - "expiring", - "valid", - "not_ready" - ], - "properties": { - "total": { - "description": "Total count of certificates across the NGINX data plane.", - "type": "integer" - }, - "expired": { - "description": "The number of certificates that have expired and are no longer valid.", - "type": "integer" - }, - "expiring": { - "description": "The number of certificates due to expire in the next 30 days.", - "type": "integer" - }, - "valid": { - "description": "The number of certificates that are valid and in good standing.", - "type": "integer" - }, - "not_ready": { - "description": "The number of certificates that are not ready to be used.", - "type": "integer" - } - } - }, - "CveDetails": { - "description": "CVEs details, including the type and count.\n", - "type": "object", - "required": [ - "type", - "count" - ], - "properties": { - "type": { - "$ref": "#/components/schemas/CveSeverityType" - }, - "count": { - "description": "The total number of each CVE type.", - "type": "integer" - } - } - }, - "IssueDetails": { - "description": "Issue details, including the type and count.\n", - "type": "object", - "required": [ - "type", - "count" - ], - "properties": { - "type": { - "$ref": "#/components/schemas/RecommendationType" - }, - "count": { - "description": "The total number of issues identified for the specific recommendation type.", - "type": "integer" - } - } + } + }, + "components": { + "parameters": { + "Paginated": { + "name": "paginated", + "in": "query", + "schema": { + "type": "boolean", + "default": true + }, + "description": "A boolean indicating if the results should be presented as a paginated list. Defaults to `true`. \nWhen set to `false` a maximum of 3000 results are returned.\n", + "required": false }, - "ControlPlaneObjectID": { - "description": "A globally unique identifier for the control plane.", - "type": "string", - "format": "object_id", - "pattern": "^ecp_.*", - "x-go-type": "objects.ID" + "Limit": { + "name": "limit", + "in": "query", + "schema": { + "type": "integer", + "minimum": 0 + }, + "description": "An integer that specifies the maximum number of items to be returned. \nSetting this to `0` will result in no items being returned, but a total count will still be provided. \nThis parameter is not applicable if `paginated` is `false`.\n", + "required": false }, - "ControlPlaneBaseInfo": { - "type": "object", - "description": "Base information of a control plane, which includes name, product version and optionally an object ID.", - "required": [ - "name", - "product_version", - "created_at" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/ControlPlaneObjectID" - }, - "name": { - "description": "Control plane name.", - "type": "string" - }, - "product_version": { - "description": "Control plane product name and version.", - "type": "string" - }, - "created_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the control plane was created." - } - } + "Offset": { + "name": "offset", + "in": "query", + "schema": { + "type": "integer", + "minimum": 1 + }, + "description": "An integer that specifies the starting position of the results, starting at `1`.\nThis parameter is not applicable if `paginated` is `false`.\n" }, - "Instance": { - "type": "object", - "description": "Summary information about a NGINX instance.", - "required": [ - "object_id", - "hostname", - "system_id", - "agent_version", - "registered_at", - "last_reported", - "status" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/InstanceObjectID" - }, - "hostname": { - "description": "The name of the host system where the NGINX instance is running.", - "type": "string" - }, - "system_id": { - "description": "The unique identifier assigned to the host system by the NGINX Agent.", - "type": "string" - }, - "nginx_id": { - "description": "The unique identifier for the NGINX process on the host system, assigned by the NGINX Agent.", - "type": "string" - }, - "agent_version": { - "description": "The version of the NGINX Agent.", - "type": "string" - }, - "key_object_id": { - "$ref": "#/components/schemas/DataPlaneKeyObjectID" - }, - "nginx_build": { - "$ref": "#/components/schemas/NginxBuild" - }, - "os_version": { - "description": "The operating system's name and its and version or codename.\n", - "type": "string", - "example": "ubuntu_jammy" - }, - "nginx_app_protect": { - "$ref": "#/components/schemas/NginxAppProtectSummary" - }, - "registered_at": { - "description": "The date and time when the NGINX instance first registered with NGINX One.", - "type": "string", - "format": "date-time" - }, - "last_reported": { - "description": "The date and time of the most recent report received from the NGINX Agent.", - "type": "string", - "format": "date-time" - }, - "status": { - "type": "string", - "description": "The current operational status of the NGINX instance, with the following possible values:\n* `unknown` - The status of the NGINX instance cannot be determined at this moment.\n* `unavailable` - The NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n* `offline` - The NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n* `online` - The NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n", - "enum": [ - "unknown", - "unavailable", - "offline", - "online" - ] - }, - "cert_summary": { - "$ref": "#/components/schemas/CertificateInstanceSummary" - }, - "cve_severity": { - "type": "array", - "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", - "items": { - "$ref": "#/components/schemas/CveDetails" - } - }, - "recommendations": { - "type": "array", - "description": "An array summarizing the suggestions from the configuration analysis report.", - "items": { - "$ref": "#/components/schemas/IssueDetails" - } - }, - "control_plane": { - "$ref": "#/components/schemas/ControlPlaneBaseInfo" + "FilterFieldDataPlaneKeys": { + "name": "filter_fields", + "in": "query", + "description": "Filter options for data plane keys; used in conjunction with other filter parameters having the same array length.\n\nWhen filtering on `status`, only the following `filter_values` are supported:\n * revoked\n * expired\n * valid\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameDataPlaneKeys" } } }, - "InstanceListResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" - }, - { - "type": "object", - "description": "List of data plane instances.", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of Instance objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/Instance" - } - } - } - } - ], - "example": { - "total": 10, - "count": 1, - "start_index": 1, - "items_per_page": 100, - "items": [ - { - "agent_version": "v2.30.3", - "hostname": "4d116619f106", - "key": "key_Tet21AeYTHCj7taOwVfzyw", - "last_reported": "2023-12-06T22:37:24.120114Z", - "nginx_build": { - "conf_path": "/etc/nginx/nginx.conf", - "version": "1.25.3" - }, - "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", - "registered_at": "2023-12-06T22:37:24.120114Z", - "status": "unknown", - "system_id": "b2c0b6a8-8b6a-3a8f-a541-17d8899c119a", - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw" - } - ] + "FilterOperands": { + "name": "filter_ops", + "in": "query", + "description": "An array of strings defining the operands for filtering, to be used in conjunction with `filter_fields` and `filter_values`. \nAll filter parameters must have matching array lengths. Currently, the only supported operand is `\"IN\"`.\n", + "schema": { + "$ref": "#/components/schemas/FilterOperands" } }, - "InstanceBulkRequestData": { - "type": "object", - "description": "Part of bulk operation on a NGINX instance, only `delete` is supported.", - "required": [ - "action" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/InstanceObjectID" - }, - "action": { - "$ref": "#/components/schemas/BulkRequestAction" + "FilterValues": { + "name": "filter_values", + "in": "query", + "description": "An array of strings containing the keywords for filtering. \nMultiple keywords can be chained using the `|` character. \nEnsure this parameter's array length matches those of `filter_fields` and `filter_ops` for effective filtering.\nThe total length of the filter string should not exceed 1024 characters.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "example": "value1|value2|value3", + "minLength": 1, + "maxLength": 1024 } - }, - "example": { - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" } }, - "InstanceBulkRequest": { - "type": "array", - "items": { - "$ref": "#/components/schemas/InstanceBulkRequestData" + "DataPlaneKeyParamObjectID": { + "name": "data_plane_key_id", + "in": "path", + "schema": { + "$ref": "#/components/schemas/DataPlaneKeyObjectID" }, - "maxItems": 50, - "example": [ - { - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" - }, - { - "object_id": "inst_PL0c1XodRemmzVEjiXSsTg", - "action": "delete" + "description": "A globally unique identifier for the data plane key.\n", + "required": true + }, + "FilterFieldCertificates": { + "name": "filter_fields", + "in": "query", + "description": "Filter options for certificates; used in conjunction with other filter parameters having the same array length.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameCertificates" } - ] + } }, - "InstanceBulkResponse": { - "description": "The NGINX instance bulk outcome.", - "type": "array", - "items": { - "$ref": "#/components/schemas/BulkRequestObjectStatus" + "SortDirection": { + "name": "sort_dir", + "in": "query", + "description": "Sorting direction for the criteria and the resulting collection returned. Defaults to descending if not specified.\n", + "schema": { + "type": "string", + "enum": [ + "Ascending", + "Descending" + ], + "x-enum-varnames": [ + "ascending", + "descending" + ] } }, - "NginxSecurityAdvisory": { - "type": "object", - "description": "Details about a specific NGINX security advisory, including its severity, a link to more information, and a brief description.", - "required": [ - "id", - "severity", - "advisory", - "info" - ], - "properties": { - "id": { - "description": "The security advisory's unique identifier.", - "type": "string" - }, - "severity": { - "$ref": "#/components/schemas/CveSeverityType" - }, - "advisory": { - "description": "The URL to detailed information about the security advisory.", - "type": "string" - }, - "info": { - "description": "A brief description of security advisory.", - "type": "string" + "SortNameCertificates": { + "name": "sort_certificates", + "in": "query", + "description": "Sort certificates by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name", + "subject_name", + "not_before", + "not_after" + ], + "x-enum-varnames": [ + "sort_name_certificates_name", + "sort_name_certificates_subject_name", + "sort_name_certificates_not_before", + "sort_name_certificates_not_after" + ] } } }, - "CertificateObjectID": { - "description": "A globally unique identifier for the certificates.", - "type": "string", - "format": "object_id", - "pattern": "^cert_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } + "CertificateParamObjectID": { + "name": "certificateObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/CertificateObjectID" + }, + "description": "A globally unique identifier for the certificate.\n", + "required": true }, - "CertificateType": { - "type": "string", - "description": "Certificate type:\n * `ca_bundle` - This certificate object is a CA bundle.\n * `cert_key` - This certificate object is consisted of public certificates and key.\n * `unmanaged` - This certificate is not managed by NGINX One console and its type is unmanaged.\n", - "enum": [ - "ca_bundle", - "cert_key", - "unmanaged" - ], - "x-enum-varnames": [ - "certificate_type_ca_bundle", - "certificate_type_pem_cert_key", - "certificate_type_unmanaged" - ] + "DeleteFromDataPlanesParamFlag": { + "name": "deleteFromDataPlanes", + "in": "query", + "schema": { + "type": "boolean" + }, + "description": "Flag indicating whether the certificate should be deleted from its associated data planes.\n" }, - "CertificateDeploymentStatus": { - "type": "string", - "description": "Certificate deployment status:\n * `latest` - This certificate deployment is up to date with the latest certificates and key.\n * `stale` - This certificate deployment is outdated and needs to deploy the latest certificates and key.\n * `unmanaged` - This certificate deployment is unmanaged by NGINX One Console.\n", - "enum": [ - "latest", - "stale", - "unmanaged" - ], - "x-enum-varnames": [ - "certificate_deployment_status_latest", - "certificate_deployment_status_stale", - "certificate_deployment_status_unmanaged" - ] + "FilterFieldCertificateDeployments": { + "name": "filter_fields", + "in": "query", + "description": "Filter options for certificate deployments; used in conjunction with other filter parameters having the same array length.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameCertificateDeployments" + } + } }, - "CertAssociation": { - "type": "object", - "description": "Details for a certificate that's associated with an instance or a config sync group.", - "required": [ - "name", - "object_id", - "cert_type", - "subject_name", - "not_before", - "not_after", - "cert_status", - "deployment_status" - ], - "properties": { - "name": { + "SortNameCertificateDeployments": { + "name": "sort_certificate_deployments", + "in": "query", + "description": "Sort certificate deployments by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { "type": "string", - "description": "A friendly name for the certificate." - }, - "object_id": { - "$ref": "#/components/schemas/CertificateObjectID" - }, - "cert_type": { - "$ref": "#/components/schemas/CertificateType" - }, - "cert_paths": { - "type": "array", - "description": "The list of file system paths where the certificate file is installed. \nSince a single certificate file may be applied in multiple contexts, all relevant paths are included.\n", - "example": [ - "/etc/ssl/cert.pem", - "/etc/ssl/cert.crt" - ], - "items": { - "type": "string" - } - }, - "key_paths": { - "type": "array", - "description": "The list of file system paths where the private key file is installed.\nSince a single key file may be applied in multiple contexts, all relevant paths are included.\n", - "example": [ - "/etc/nginx/key.pem", - "/etc/ssl/server.key" + "enum": [ + "name" ], - "items": { - "type": "string" - } - }, - "deployment_status": { - "$ref": "#/components/schemas/CertificateDeploymentStatus" - }, - "subject_name": { - "type": "string", - "description": "Hostname or domain for the certificate. Usually the subject-alt-name (SAN) value for the certificate.\nif SAN is not present, this will be the certificate subject's common name.\n", - "example": "nginx.com" - }, - "cert_status": { - "$ref": "#/components/schemas/CertificateStatus" - }, - "not_before": { - "type": "string", - "format": "date-time", - "description": "the effective date of the certificate." - }, - "not_after": { - "type": "string", - "format": "date-time", - "description": "The expiration date for the certificate." + "x-enum-varnames": [ + "sort_name_certificate_deployments_name" + ] + } + } + }, + "FilterFieldConfigSyncGroups": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `name`, `config_status`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameConfigSyncGroups" + } + } + }, + "SortNameConfigSyncGroups": { + "name": "sort_config_sync_groups", + "in": "query", + "description": "Sort config sync groups by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name" + ], + "x-enum-varnames": [ + "sort_name_config_sync_group_name" + ] } } }, - "OperatingSystem": { - "description": "Release details for the operating system.", - "type": "object", - "required": [ - "name", - "id", - "codename", - "version", - "version_id" - ], - "properties": { - "name": { - "description": "The official name of the operating system release.", - "type": "string" - }, - "id": { - "description": "The distinctive identifier for the operating system release.", - "type": "string" - }, - "codename": { - "description": "The codename assigned to the operating system release.", - "type": "string" - }, - "version": { - "description": "The version label for the operating system, which may include the name and version number or codename.", - "type": "string" - }, - "version_id": { - "description": "The specific version number of the operating system release.", - "type": "string" - } + "ConfigSyncGroupParamObjectID": { + "name": "configSyncGroupObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/ConfigSyncGroupObjectID" }, - "example": { - "name": "Ubuntu", - "id": "ubuntu", - "codename": "bionic", - "version": "18.04.5 LTS (Bionic Beaver)", - "version_id": "18.04" + "description": "A globally unique identifier for the NGINX config sync group.\n", + "required": true + }, + "ConfigSyncGroupConfigurationParamObjectID": { + "name": "configSyncGroupConfigurationObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/NginxConfigObjectID" + }, + "description": "A globally unique identifier for the NGINX config sync group configuration.\n", + "required": true + }, + "PublicationParamObjectID": { + "name": "publicationObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/PublicationObjectID" + }, + "description": "A globally unique identifier for a Publication.\n", + "required": true + }, + "SortNameControlPlanes": { + "name": "sort_control_planes", + "in": "query", + "description": "Sort control planes by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name" + ], + "x-enum-varnames": [ + "sort_name_control_plane_name" + ] + } } }, - "ConfigSyncGroupObjectID": { - "description": "A globally unique identifier for the NGINX config sync group.", - "type": "string", - "format": "object_id", - "pattern": "^csg_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + "FilterFieldControlPlanes": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings. Identifies the fields to filter by (for example, `name`, `product`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameControlPlanes" + } } }, - "ConfigSyncGroupMeta": { - "type": "object", - "description": "Meta information of the NGINX config sync group including:\n* NGINX config sync group object ID\n* unique name of the config sync group in the tenant namespace\n* last publication timestamp\n", - "required": [ - "object_id", - "name", - "created_at" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/ConfigSyncGroupObjectID" - }, - "name": { - "description": "Name of the NGINX config sync group.", - "type": "string" - }, - "last_publication": { - "description": "The date and time of the most recent config sync group publication.", - "type": "string", - "format": "date-time" - }, - "created_at": { - "description": "The date and time when the config sync group was created.", + "ControlPlaneParamObjectID": { + "name": "controlPlaneObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/ControlPlaneObjectID" + }, + "description": "A globally unique identifier for the control plane.\n", + "required": true + }, + "SortNameCVEs": { + "name": "sort_cves", + "in": "query", + "description": "Sort CVEs by the number of instances/control planes affected by that CVE.\n", + "schema": { + "type": "array", + "items": { "type": "string", - "format": "date-time" + "enum": [ + "instance_count", + "control_plane_count", + "severity", + "cve_id", + "published_at" + ], + "x-enum-varnames": [ + "sort_instance_count", + "sort_control_plane_count", + "sort_cve_severity", + "sort_cve_id", + "sort_published_at" + ] } - }, - "example": { - "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", - "name": "test-config-sync-group", - "last_publication": "2023-12-06T22:37:24.120114Z", - "created_at": "2023-12-05T22:30:20.220114Z" } }, - "ConfigSyncStatus": { - "type": "string", - "description": "The current config sync status of the NGINX config sync group, with the following possible values:\n* `unknown` - The status cannot be determined at this moment.\n* `in_sync` - All NGINX instances in config sync group have same config as indicated by config_version.\n* `out_of_sync` - Some NGINX instances in config sync group have config different than indicated by config_version.\n* `sync_in_progress` - The operation of applying config_version to all NGINX instances in config sync group is in progress.\n", - "enum": [ - "unknown", - "in_sync", - "out_of_sync", - "sync_in_progress" - ], - "x-enum-varnames": [ - "nginx_config_sync_group_config_status_unknown", - "nginx_config_sync_group_config_status_in_sync", - "nginx_config_sync_group_config_status_out_of_sync", - "nginx_config_sync_group_config_status_in_progress" - ] + "NginxCVEParamID": { + "name": "nginxCVEID", + "in": "path", + "schema": { + "type": "string", + "pattern": "^\\d{4}-\\d{4,19}$" + }, + "description": "A globally unique identifier for NGINX CVE.\n", + "required": true }, - "ConfigSyncGroupInstanceMeta": { - "allOf": [ - { - "$ref": "#/components/schemas/ConfigSyncGroupMeta" - }, - { - "type": "object", - "description": "Additional details on instance in the NGINX config sync group including:\n* config sync status\n", - "properties": { - "instance_config_status": { - "$ref": "#/components/schemas/ConfigSyncStatus" - } - } + "SortNameCVEImpactedInstances": { + "name": "sort_cve_impacted_instances", + "in": "query", + "description": "Sort the Instances that are affected by a CVE\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "hostname", + "status" + ], + "x-enum-varnames": [ + "sort_name_cve_impacted_instances_hostname", + "sort_name_cve_impacted_instances_status" + ] } - ] + } }, - "NapPolicyObjectID": { - "description": "A globally unique identifier for the App Protect policy.", - "type": "string", - "format": "object_id", - "pattern": "^pol_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + "FilterFieldEvents": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `hostname`, `object_id`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameEvents" + } + } + }, + "EventParamObjectID": { + "name": "eventObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/EventObjectID" + }, + "description": "A globally unique identifier for an event.\n", + "required": true + }, + "FilterFieldInstances": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `hostname`, `nginx_version`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameInstances" + } } }, - "NapPolicyVersionObjectID": { - "description": "A globally unique identifier for the App Protect policy version.", - "type": "string", - "format": "object_id", - "pattern": "^pv_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + "SortNameInstances": { + "name": "sort_instances", + "in": "query", + "description": "Sort instances by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "hostname", + "status", + "last_reported" + ], + "x-enum-varnames": [ + "sort_name_instance_hostname", + "sort_name_instance_status", + "sort_name_instance_last_reported" + ] + } } }, - "PublicationObjectID": { - "description": "A globally unique identifier for the publication.", - "type": "string", - "format": "object_id", - "example": "pub_72pGHoGsSICL_THZrs964g", - "pattern": "^pub_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } + "InstanceParamObjectID": { + "name": "instanceObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/InstanceObjectID" + }, + "description": "A globally unique identifier for the NGINX instance.\n", + "required": true }, - "NapPolicyEnforcementMode": { - "description": "The current enforcement mode of the NGINX App Protect policy, with the following possible values:\n* `blocking` - Any illegal or suspicious requests are logged and blocked.\n* `transparent` - Any illegal or suspicious requests are logged but not blocked.\n", - "type": "string", - "enum": [ - "blocking", - "transparent" - ], - "x-enum-varnames": [ - "nap_enforcement_mode_blocking", - "nap_enforcement_mode_transparent" - ] + "InstanceConfigurationParamObjectID": { + "name": "instanceConfigurationObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/NginxConfigObjectID" + }, + "description": "A globally unique identifier for the NGINX instance configuration.\n", + "required": true }, - "NapDeploymentStatus": { - "description": "The current enforcement mode of the NGINX App Protect policy, with the following possible values:\n* `deployed` - The NGINX App Protect policy has been deployed.\n* `not_deployed` - The NGINX App Protect policy has not been deployed.\n* `deploying` - The NGINX App Protect policy is currently being deployed.\n* `failed` - The NGINX App Protect policy failed deploying.\n", - "type": "string", - "enum": [ - "deployed", - "not_deployed", - "deploying", - "failed" - ], - "x-enum-varnames": [ - "nap_deployment_status_deployed", - "nap_deployment_status_not_deployed", - "nap_deployment_status_deploying", - "nap_deployment_status_failed" - ] + "FilterFieldStagedConfigs": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterStagedConfigs" + } + } }, - "NapAssociation": { - "description": "Details for a NGINX App Protect policy version that's associated with an instance or a config sync group.", - "required": [ - "name", - "version", - "policy_object_id", - "policy_version_object_id", - "paths", - "deployment_status", - "publication_object_id", - "deployed_on", - "enforcement_mode" - ], - "properties": { - "name": { - "type": "string", - "description": "Name of the policy at the time of the deployment." - }, - "version": { + "SortNameStagedConfigs": { + "name": "sort_staged_configs", + "in": "query", + "description": "Sort staged configs by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { "type": "string", - "description": "Version of the policy at the time of the deployment." - }, - "policy_object_id": { - "$ref": "#/components/schemas/NapPolicyObjectID" - }, - "policy_version_object_id": { - "$ref": "#/components/schemas/NapPolicyVersionObjectID" - }, - "publication_object_id": { - "$ref": "#/components/schemas/PublicationObjectID" - }, - "enforcement_mode": { - "$ref": "#/components/schemas/NapPolicyEnforcementMode" - }, - "paths": { - "type": "array", - "description": "The list of file system paths where the compiled NAP policy version bundle file is installed. \nSince a single compiled NAP policy version bundle file may be applied in multiple contexts, all relevant paths are included.\n", - "example": [ - "/etc/nginx/default_policy.tgz", - "/etc/nginx/default_policy_server_2.tgz" + "enum": [ + "name" ], - "items": { - "type": "string" - } - }, - "deployment_status": { - "$ref": "#/components/schemas/NapDeploymentStatus" - }, - "deployed_on": { - "description": "Date and time of the deployment.", - "type": "string", - "format": "date-time" + "x-enum-varnames": [ + "sort_name_staged_config_name" + ] } + } + }, + "StagedConfigParamObjectID": { + "name": "stagedConfigObjectID", + "in": "path", + "schema": { + "$ref": "#/components/schemas/StagedConfigObjectID" }, - "example": { - "name": "default_policy", - "version": "2025.05.01", - "policy_object_id": "pol_panEdeY-Sh2rWm365y7wsw", - "policy_version_object_id": "pv_kem7SCosTTOL9mMlNyY2GQ", - "publication_object_id": "pub_72pGHoGsSICL_THZrs964g", - "paths": [ - "/etc/nginx/default_policy.tgz" - ], - "deployment_status": "deployed", - "enforcement_mode": "transparent", - "deployed_on": "2023-12-06T22:37:24.120114Z" + "description": "A globally unique identifier for the NGINX staged config.\n", + "required": true + }, + "SortNameNapPolicies": { + "name": "sort_nap_policies", + "in": "query", + "description": "Sort NGINX App Protect policies by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name", + "deployment_count", + "enforcement_mode", + "last_deployed" + ], + "x-enum-varnames": [ + "sort_name_nap_policies_name", + "sort_name_nap_policies_deployment_count", + "sort_name_nap_policies_enforcement_mode", + "sort_name_nap_policies_last_deployed" + ] + } } }, - "NapSignatureVersion": { - "description": "The version of the NGINX App Protect resource.", - "type": "string", - "example": "2023.12.06" + "FilterFieldNapPolicy": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameNapPolicy" + } + } }, - "NapInstanceAssociation": { - "allOf": [ - { - "$ref": "#/components/schemas/NapAssociation" - }, - { - "type": "object", - "required": [ + "NapPolicyParamObjectID": { + "name": "nap_policy_object_id", + "in": "path", + "schema": { + "$ref": "#/components/schemas/NapPolicyObjectID" + }, + "description": "A globally unique identifier for the App Protect policy.\n", + "required": true + }, + "SortNameNapPolicyDeployments": { + "name": "sort_nap_deployments", + "in": "query", + "description": "Sort NGINX App Protect deployments by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "name", + "type", + "policy_version", + "status", + "deployed_on", "threat_campaign_version", "attack_signature_version", "bot_signature_version" ], - "properties": { - "threat_campaign_version": { - "$ref": "#/components/schemas/NapSignatureVersion" - }, - "attack_signature_version": { - "$ref": "#/components/schemas/NapSignatureVersion" - }, - "bot_signature_version": { - "$ref": "#/components/schemas/NapSignatureVersion" - } - } + "x-enum-varnames": [ + "sort_name_nap_policy_deployments_name", + "sort_name_nap_policy_deployments_type", + "sort_name_nap_policy_deployments_policy_version", + "sort_name_nap_policy_deployments_status", + "sort_name_nap_policy_deployments_deployed_on", + "sort_name_nap_policy_deployments_threat_campaign_version", + "sort_name_nap_policy_deployments_attack_signature_version", + "sort_name_nap_policy_deployments_bot_sigature_version" + ] } - ], - "example": { - "name": "default_policy", - "version": "2025.05.01", - "policy_object_id": "pol_panEdeY-Sh2rWm365y7wsw", - "policy_version_object_id": "pv_kem7SCosTTOL9mMlNyY2GQ", - "publication_object_id": "pub_72pGHoGsSICL_THZrs964g", - "paths": [ - "/etc/nginx/default_policy.tgz" - ], - "deployment_status": "deployed", - "enforcement_mode": "transparent", - "deployed_on": "2023-12-06T22:37:24.120114Z", - "threat_campaign_version": "2025.01.23", - "attack_signature_version": "2025.01.19", - "bot_signature_version": "2025.01.19" } }, - "NginxAppProtectDetails": { - "description": "Information regarding NGINX App Protect. Includes version and deployments.\n", - "type": "object", - "required": [ - "engine_version", - "deployments" - ], - "properties": { - "release_version": { - "description": "The release version of NGINX App Protect.", - "type": "string" - }, - "engine_version": { - "description": "The version of the App Protect enforcement engine.", - "type": "string" - }, - "deployments": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NapInstanceAssociation" - } + "FilterFieldNapPolicyDeployment": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameNapPolicyDeployment" } } }, - "InstanceDetails": { - "type": "object", - "description": "Detailed information about an NGINX instance.", - "allOf": [ - { - "$ref": "#/components/schemas/Instance" - }, - { - "type": "object", - "properties": { - "certs": { - "description": "An array detailing each certificate's information, including its friendly name, unique identifier, applicable file system paths, subject name, and validity dates. \nIt provides insights into the operational status of each certificate, such as whether it's currently valid, nearing expiration, is not ready to be used, or has already expired.\nThe deployment status indicates whether the latest certs and key managed by NGINX One Console are deployed onto this data plane instance.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/CertAssociation" - } - }, - "os": { - "$ref": "#/components/schemas/OperatingSystem" - }, - "config_sync_group": { - "$ref": "#/components/schemas/ConfigSyncGroupInstanceMeta" - }, - "nginx_app_protect": { - "$ref": "#/components/schemas/NginxAppProtectDetails" - }, - "control_plane": { - "$ref": "#/components/schemas/ControlPlaneBaseInfo" - } - } + "SortNameNapPolicyVersions": { + "name": "sort_nap_policy_versions", + "in": "query", + "description": "Sort NGINX App Protect policy versions by enumerate value(s). Ordinal position determines primary, secondary, etc.\n", + "schema": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "created_at", + "deployment_status", + "deployment_count", + "enforcement_mode" + ], + "x-enum-varnames": [ + "sort_name_nap_policy_versions_created_at", + "sort_name_nap_policy_versions_deployment_status", + "sort_name_nap_policy_versions_deployment_count", + "sort_name_nap_policy_versions_enforcement_mode" + ] } - ], - "example": { - "agent_version": "v2.30.3", - "certs": [ - { - "subject_name": "test.com", - "name": "client", - "cert_type": "cert_key", - "not_after": "2024-01-06T00:01:30Z", - "not_before": "2023-12-07T00:01:30Z", - "cert_paths": [ - "/etc/nginx/client.pem" - ], - "cert_status": "expiring", - "deployment_status": "latest", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw" - } - ], - "hostname": "4d116619f106", - "key": "key_wN3IhLCmR3qmwybG_6ptEg", - "control_plane": { - "object_id": "ecp_CO1DdBxZToWmr3pTcaQ8QA", - "name": "nginx-ingress-001", - "product_version": "nginx-ingress-controller-4.0.1", - "created_at": "2023-12-06T22:37:24.120114Z" - }, - "last_reported": "2023-12-06T22:37:24.120114Z", - "nginx_build": { - "conf_path": "/etc/nginx/nginx.conf", - "version": "1.25.3" - }, - "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", - "os": { - "codename": "jammy", - "id": "ubuntu", - "name": "Ubuntu", - "version": "22.04.3 LTS (Jammy Jellyfish)", - "version_id": "22.04" - }, - "registered_at": "2023-12-06T22:37:24.120114Z", - "status": "unknown", - "system_id": "b2c0b6a8-8b6a-3a8f-a541-17d8899c119a", - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw" } }, - "ConfigPath": { - "type": "string", - "minLength": 1, - "maxLength": 4096, - "description": "The full path to the main NGINX configuration file. This corresponds to the `--conf-path` parameter used in the NGINX binary.\n", - "example": "/etc/nginx/nginx.conf." - }, - "FileDataRequest": { - "type": "object", - "description": "Details about a file, name, and content.", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string", - "description": "The file's relative path to the parent directory, absolute path also accepted.", - "minLength": 1, - "maxLength": 4096 - }, - "contents": { - "type": "string", - "format": "byte", - "description": "The base64-encoded contents of the file.", - "maxLength": 3145728 + "FilterFieldNapPolicyVersion": { + "name": "filter_fields", + "in": "query", + "description": "An array of strings indicating which fields to filter by (for example, `name`). This parameter works in conjunction with `filter_values` and `filter_ops`.\n", + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterNameNapPolicyVersion" } } }, - "DirectoryRequestWithFileContent": { - "type": "object", - "description": "Represents a directory and its contents, detailing the directory's full path, and the files within it.", - "required": [ + "NapPolicyVersionParamObjectID": { + "name": "nap_policy_version_object_id", + "in": "path", + "schema": { + "$ref": "#/components/schemas/NapPolicyVersionObjectID" + }, + "description": "A globally unique identifier for the App Protect policy version.\n", + "required": true + } + }, + "schemas": { + "FilterNameDataPlaneKeys": { + "type": "string", + "description": "Keywords for data plane key filters.\nWhen filtering on `status`, only the following `filter_values` are supported:\n * revoked\n * valid\n", + "enum": [ "name", - "files" + "status", + "object_id" ], - "properties": { - "name": { - "type": "string", - "minLength": 1, - "description": "The complete path of the directory." - }, - "files": { - "type": "array", - "description": "The list of files in the directory.", - "items": { - "$ref": "#/components/schemas/FileDataRequest" - } - } + "x-enum-varnames": [ + "filter_name_data_plane_key_name", + "filter_name_data_plane_key_status", + "filter_name_data_plane_key_object_id" + ] + }, + "FilterOperand": { + "type": "string", + "enum": [ + "IN" + ], + "x-enum-varnames": [ + "filter_operands_in" + ] + }, + "FilterOperands": { + "type": "array", + "items": { + "$ref": "#/components/schemas/FilterOperand" } }, - "NginxConfigObjectRequest": { + "PaginationResponse": { "type": "object", - "description": "Details of an NGINX configuration, the main configuration path, and the configuration directories.\n", + "description": "Outlines pagination details for list responses, including total results, start index, and items per page.", "required": [ - "conf_path", - "configs" + "total", + "count" ], "properties": { - "config_version": { - "type": "string", - "description": "A hash that uniquely identifies the contents of the config object. Can be used to detect change when updating the NginxConfig.\n" - }, - "conf_path": { - "$ref": "#/components/schemas/ConfigPath" + "total": { + "type": "integer", + "description": "The absolute total number of the resource in the NGINX One Console, ignoring any filter(s).\n" }, - "configs": { - "type": "array", - "description": "An array of directories containing NGINX configuration files.", - "items": { - "$ref": "#/components/schemas/DirectoryRequestWithFileContent" - } + "count": { + "type": "integer", + "description": "The total number of results generated by the list or query operation, accounting for any filter(s).\nThis number can be greater than the number of returned resources when pagination is in effect and a page size limit (or maximum allowed) is reached.\n" }, - "aux": { - "type": "array", - "description": "An array of auxiliary directory contents related to the NGINX configuration. When auxiliary contents are\nprovided, they become the authoritative source of non-NGINX configuration content. Please ensure the\nprovided contents are complete, missing files that are referenced in the NGINX configuration can cause\nNGINX reload failure. When not provided, the previous known auxiliary contents will be used as part of\npublish.\n", - "items": { - "$ref": "#/components/schemas/DirectoryRequestWithFileContent" - } + "start_index": { + "type": "integer", + "description": "The first result's starting position in the list. This is disregarded when `paginated=false`.\n" + }, + "items_per_page": { + "type": "integer", + "description": "The number of items to display per page. This is disregarded when `paginated=false`.\n" } + }, + "example": { + "total": 101, + "count": 1, + "start_index": 1, + "items_per_page": 100 } }, - "PayloadObjectID": { - "description": "A globally unique identifier for the valid payload object reference.", + "DataPlaneKeyObjectID": { + "description": "A globally unique identifier for the data plane key.", "type": "string", "format": "object_id", - "pattern": "^(cert|pv)_.*", + "pattern": "^key_.*", "x-go-type": "objects.ID", "x-go-type-import": { "name": "objects", "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "NginxConfigPayload": { + "DataPlaneKey": { "type": "object", - "description": "Details of Aux File Payload that goes with an NGINX configuration. Provide hints for the backend system on \nadditional file contents that should be part of the NGINX Config Publication.\nCan be used to deploy files related to SSL certificates, to a data plane instance.\n", + "description": "Represents a data plane key with details such as object_id, name, and timestamps.", "required": [ - "type", - "paths" + "object_id", + "name", + "revoked", + "expires_at", + "created_at", + "modified_at" ], "properties": { - "type": { + "object_id": { + "$ref": "#/components/schemas/DataPlaneKeyObjectID" + }, + "name": { + "description": "The name given to the data plane key.", + "type": "string" + }, + "revoked": { + "description": "Indicates whether the data plane key has been revoked or not.", + "type": "boolean" + }, + "revoked_at": { "type": "string", - "description": "Types of Aux File Payload:\n - inline_secret - indicates the provided content for the payload should be stored in a secret location, and removed after the publication is done.\n - inline_content - indicates the provided content for the payload should be stored, and removed after the publication is done. Note, the contents may end up in the `aux` content if used in this NGINX configuration.\n - unmanaged_certificate - indicates certificate content for an unmanaged certificate detected from a data plane instance through NGINX configurations. Will be filtered and ignored in the payload deployment.\n - managed_certificate - indicates public certificates managed by NGINX One Console.\n - managed_key - indicates a private key managed by NGINX One Console.\n - nap_policy_version - indicates a version of NAP policy managed by NGINX One Console. A valid policy_version object\n", - "enum": [ - "inline_secret", - "inline_content", - "unmanaged_certificate", - "managed_certificate", - "managed_key", - "nap_policy_version" - ], - "x-enum-varnames": [ - "nginx_config_payload_inline_secret", - "nginx_config_payload_inline_content", - "nginx_config_payload_unmanaged_certificate", - "nginx_config_payload_managed_certificate", - "nginx_config_payload_managed_key", - "nginx_config_payload_nap_policy_version" - ] + "format": "date-time", + "description": "The date and time when the data plane key was revoked." }, - "contents": { + "expires_at": { "type": "string", - "format": "base64", - "description": "The base64-encoded contents of the file.", - "maxLength": 3145728 + "format": "date-time", + "description": "The date and time when the data plane key expires." }, - "object_id": { - "$ref": "#/components/schemas/PayloadObjectID" + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the data plane key was created." }, - "paths": { - "type": "array", - "items": { - "type": "string" - } - } - }, - "example": { - "type": "inline_content", - "contents": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURUVENDQWpXZ0F3SUJBZ0lVVkcycitidUwwRk83U1FVeUtoVkNTN3YyRHZZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05qRVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNUk13RVFZRFZRUUtEQXBPUjBsT1dDQkpibU11TVFzdwpDUVlEVlFRR0V3SlZVekFlRncweU5EQTBNall5TURVeE5ERmFGdzB5TkRBME1qY3lNRFV4TkRGYU1EWXhFakFRCkJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERFVE1CRUdBMVVFQ2d3S1RrZEpUbGdnU1c1akxqRUxNQWtHQTFVRUJoTUMKVlZNd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMyb0FJVU9HMkxGMFVGclpMeQp5aWhZRjBZWjdYTWFYZnZ4dWJMYVZZdUdJNjlYN1FQRUJtUXp2OXdod25aUktDUExDZHVCNG04Y0o3Q3BGenRHCldPYVFMbmNxVVA4RFU1aHlQeFBSbmZUdFFBcUdiMDJRZ1RVQXY1QkpJMFZheGhCcnNaemd0KzgyM3ZoTTZTUHcKMGdSc1NZRlFpKzVDWW9MMWZNSWdhS0N2Ri9zZGl5cHZFQ0JDZVZyTWZFZ0pGSVJBQ1kvdFBzdEsvTkxwKzlmawppZ3hFMlYxcldoSGdvRmhZRm5YYnVqM2RIMHJLai9DVlM5anZMMk9vRTlvenM5MkRVLytySGJ6eFR3QndVQjBzCmVPS2hPY2d2cENyTVlSUWxUUlhmWVJmV0NLN2Q2Mk1JR3kvajcvV1VieDFOYzl4MjJzUitydVRlZkxnRTA2NWgKMldDZkFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFmQmdOVgpIU01FR0RBV2dCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFCNC9VM3lrMFYzMTFNRFQvaEttbFJ4MWRqalRyMlhIQnVEcXZYY3BIRTQKVDJwZ0xnWURwN2tmUTQrdnlHWUt1cndEc0F1VDhEZCtUUUZLZEIraEFGRzMyazlxS1RyY1ZCZ2tNSjIwQitvWQp4T2diWW5zVnpiTDhXL0hOR3BlbDkrbThwYURtMGRXNzhMUit5UnJleDVlY2pjYWlZMDg3b0dHNlJDeWhyUVd4CkpkdkFvNlU1ejl3TnVhNmMyNlY2cy84Yit6SkJWektGZ0tQNVVGL2lIcGJVNW1QcVMwWlk4ckhRLzZPTHRGRjgKZ1J2UUlRZjZLSjRmOXlUOFBYSHBIdGJCMzEzaWh2Z09wWW9la3lIWTZaSmllTWhkd0J4MzB1N3d2Uy9POEluYwpsZWZzTkxUcWFTM2JWdldLeUFaVlZyenFtU043aGh4QWZrc0RZelBFbkF3OAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t", - "paths": [ - "/etc/nginx/ssl/server.crt" - ] - } - }, - "NginxConfigPayloads": { - "type": "array", - "description": "An array of payloads that track the file paths of each SSL certificates and key, indicating where to deploy\nthem onto the data plane instance.\n* If the `type` is `managed_certificate` or `managed_key`, you need to specify an `object_id`.\n * The `object_id` must represent a managed certificate object, or a `400 Bad Request` is returned. \n * The `contents` field is optional and is ignored if included.\n* The NGINX One Console manages deployed file paths only for managed certificates and keys. If you don't want \nthem to be managed by NGINX One Console, `inline_content` and `inline_secret` can be used for certificates or \nkeys, respectively. When you retrieve certificate deployment details, only the file paths of managed \ncertificates and keys will be shown.\n* If you use `inline_content` and `inline_secret` in your NGINX configuration, the NGINX One Console \nwill detect them. When they are used as SSL directives of the NGINX configuration \nfor certificates and keys, the certificates will be listed as `unmanaged_certificate` in the certificate \ndeployment details.\n", - "items": { - "$ref": "#/components/schemas/NginxConfigPayload" - }, - "example": [ - { - "type": "managed_certificate", - "object_id": "cert_rto8NYiCQputrIasNx2NOA", - "paths": [ - "/etc/nginx/cert.pem" - ] + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the data plane key was last modified." }, - { - "type": "managed_key", - "object_id": "cert_rto8NYiCQputrIasNx2NOA", - "paths": [ - "/etc/nginx/key.pem" - ] + "instances_count": { + "type": "integer", + "description": "The number of registered instances using this data plane key. If field not populated, user should see the key has `unknown` key count" }, - { - "type": "inline_content", - "contents": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURUVENDQWpXZ0F3SUJBZ0lVVkcycitidUwwRk83U1FVeUtoVkNTN3YyRHZZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05qRVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNUk13RVFZRFZRUUtEQXBPUjBsT1dDQkpibU11TVFzdwpDUVlEVlFRR0V3SlZVekFlRncweU5EQTBNall5TURVeE5ERmFGdzB5TkRBME1qY3lNRFV4TkRGYU1EWXhFakFRCkJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERFVE1CRUdBMVVFQ2d3S1RrZEpUbGdnU1c1akxqRUxNQWtHQTFVRUJoTUMKVlZNd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMyb0FJVU9HMkxGMFVGclpMeQp5aWhZRjBZWjdYTWFYZnZ4dWJMYVZZdUdJNjlYN1FQRUJtUXp2OXdod25aUktDUExDZHVCNG04Y0o3Q3BGenRHCldPYVFMbmNxVVA4RFU1aHlQeFBSbmZUdFFBcUdiMDJRZ1RVQXY1QkpJMFZheGhCcnNaemd0KzgyM3ZoTTZTUHcKMGdSc1NZRlFpKzVDWW9MMWZNSWdhS0N2Ri9zZGl5cHZFQ0JDZVZyTWZFZ0pGSVJBQ1kvdFBzdEsvTkxwKzlmawppZ3hFMlYxcldoSGdvRmhZRm5YYnVqM2RIMHJLai9DVlM5anZMMk9vRTlvenM5MkRVLytySGJ6eFR3QndVQjBzCmVPS2hPY2d2cENyTVlSUWxUUlhmWVJmV0NLN2Q2Mk1JR3kvajcvV1VieDFOYzl4MjJzUitydVRlZkxnRTA2NWgKMldDZkFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFmQmdOVgpIU01FR0RBV2dCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFCNC9VM3lrMFYzMTFNRFQvaEttbFJ4MWRqalRyMlhIQnVEcXZYY3BIRTQKVDJwZ0xnWURwN2tmUTQrdnlHWUt1cndEc0F1VDhEZCtUUUZLZEIraEFGRzMyazlxS1RyY1ZCZ2tNSjIwQitvWQp4T2diWW5zVnpiTDhXL0hOR3BlbDkrbThwYURtMGRXNzhMUit5UnJleDVlY2pjYWlZMDg3b0dHNlJDeWhyUVd4CkpkdkFvNlU1ejl3TnVhNmMyNlY2cy84Yit6SkJWektGZ0tQNVVGL2lIcGJVNW1QcVMwWlk4ckhRLzZPTHRGRjgKZ1J2UUlRZjZLSjRmOXlUOFBYSHBIdGJCMzEzaWh2Z09wWW9la3lIWTZaSmllTWhkd0J4MzB1N3d2Uy9POEluYwpsZWZzTkxUcWFTM2JWdldLeUFaVlZyenFtU043aGh4QWZrc0RZelBFbkF3OAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t", - "paths": [ - "/etc/nginx/inline_cert.crt" - ] + "control_planes_count": { + "type": "integer", + "description": "The number of observed control planes using this data plane key." } - ] + } }, - "NginxConfigRequest": { + "DataPlaneKeyListResponse": { "allOf": [ { - "$ref": "#/components/schemas/NginxConfigObjectRequest" + "$ref": "#/components/schemas/PaginationResponse" }, { "type": "object", + "description": "List of data plane keys.", + "required": [ + "items" + ], "properties": { - "payloads": { - "$ref": "#/components/schemas/NginxConfigPayloads" + "items": { + "description": "An array of DataPlaneKey objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/DataPlaneKey" + } } } } ] }, - "NginxConfigDirectives": { - "type": "array", - "x-go-type": "xp.Directives", - "x-go-type-import": { - "name": "xp", - "path": "github.com/nginxinc/nginx-go-crossplane" - }, - "items": { - "$ref": "#/components/schemas/NginxConfigDirective" - } - }, - "NginxConfigDirective": { - "type": "object", - "x-go-type": "xp.Directive", - "x-go-type-import": { - "name": "xp", - "path": "github.com/nginxinc/nginx-go-crossplane" - }, - "required": [ - "directive", - "line", - "args" - ], - "properties": { - "directive": { - "type": "string" - }, - "line": { - "type": "integer" - }, - "args": { - "type": "array", - "items": { - "type": "string" - } - }, - "file": { - "type": "string" - }, - "includes": { - "type": "array", - "items": { - "type": "integer" - } - }, - "block": { - "$ref": "#/components/schemas/NginxConfigDirectives" - }, - "comment": { - "type": "string" - } - } - }, - "ParsedNginxConfig": { + "Error": { + "description": "This object contains details about the errors that are returned when API requests fail.", "type": "object", "required": [ - "file", - "parsed" + "message", + "request_id", + "timestamp" ], "properties": { - "file": { - "type": "string", - "description": "NGINX Instance configuration file, corresponds to the conf-path." - }, - "parsed": { - "$ref": "#/components/schemas/NginxConfigDirectives" - } - } - }, - "NginxConfigProblem": { - "type": "object", - "description": "Representation of a problem found during NGINX configuration analysis.", - "properties": { - "directive": { - "description": "Directive in the NGINX configuration where the issue is identified.", - "type": "string" - }, - "file": { - "description": "File where the issue is detected.", - "type": "string" - }, - "line": { - "description": "Line number in the configuration where the issue is found.", - "type": "integer" - } - } - }, - "NginxConfigReport": { - "type": "object", - "description": "An analysis of the NGINX configuration, highlighting issues and their severity, and offering recommendations.", - "properties": { - "rule": { - "description": "The name of the configuration rule that was violated.", + "message": { + "description": "The error message describing the problem.", "type": "string" }, - "info": { - "description": "A detailed description of the issue.", + "request_id": { + "description": "The unique identifier of the API request that failed.", "type": "string" }, - "severity": { - "description": "The severity level of the issue.", + "timestamp": { + "description": "The date and time (in UTC) when the error happened.", "type": "string" }, - "category": { - "description": "Classification category of the issue.", + "detail": { + "description": "Additional information about the error, if available.", "type": "string" - }, - "documentation": { - "description": "Links to documentation that can assist in resolving the identified issue.", - "type": "array", - "items": { - "type": "string" - } - }, - "where": { - "description": "Specific locations in the configuration where issues were detected.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NginxConfigProblem" - } - } - } - }, - "NginxConfigReports": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NginxConfigReport" + } } }, - "FileData": { + "DataPlaneKeyCreateRequest": { "type": "object", - "description": "Details about a file, including its path, content, size, and last modified time.", + "description": "Request structure for creating a new data plane key.", "required": [ - "name", - "contents", - "size", - "mtime" + "name" ], "properties": { "name": { + "description": "Give the data plane key a name so you can tell it apart from others.", "type": "string", - "description": "The file's relative path to the parent directory.", "minLength": 1, - "maxLength": 4096 - }, - "contents": { - "type": "string", - "format": "byte", - "description": "The base64-encoded contents of the file.", - "maxLength": 3145728 - }, - "size": { - "type": "integer", - "description": "The size of the file, in bytes." + "maxLength": 128 }, - "mtime": { + "expires_at": { "type": "string", "format": "date-time", - "description": "Timestamp of the last modification made to the file." + "description": "Set an expiration date and time for the data plane key in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. \nIf an expiration date isn't specified, the key will expire one year after it's created. \n\nYou can use the _Update a data plane key_ endpoint to extend the expiration date.\nIt's not possible to update the expiration date once the data plane key has expired.\n" } } }, - "DirectoryWithFileContent": { + "DataPlaneKeyResponse": { "type": "object", - "description": "Represents a directory and its contents, detailing the directory's full path, assigned permissions, last modified time, and the files within it.", + "description": "Response structure containing details of the created or retrieved data plane key.", "required": [ - "name", - "files" + "key", + "object_id", + "expires_at" ], "properties": { "name": { - "type": "string", - "description": "The complete path of the directory." + "description": "The name to be give to the new data plane key.", + "type": "string" }, - "permissions": { - "type": "string", - "description": "The permissions for the directory." + "object_id": { + "$ref": "#/components/schemas/DataPlaneKeyObjectID" }, - "mtime": { - "type": "string", - "description": "The date and time when the directory was last modified.", - "format": "date-time" + "key": { + "description": "The data plane key value. Save this key somewhere secure as it isn't saved and is shown only once.", + "type": "string" }, - "files": { - "type": "array", - "description": "The list of files in the directory.", - "items": { - "$ref": "#/components/schemas/FileData" - } + "expires_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the data plane key will expire." } } }, - "NginxConfigObject": { + "BulkRequestAction": { + "type": "string", + "default": "modify", + "description": "Bulk action to perform:\n * `create` creates a new object given all required elements.\n * `modify` updates one or more elements of an existing object.\n * `delete` removes the existing object.\n", + "enum": [ + "create", + "modify", + "delete" + ], + "x-enum-varnames": [ + "bulk_action_create", + "bulk_action_modify", + "bulk_action_delete" + ] + }, + "DataPlaneKeyBulkRequestData": { "type": "object", - "description": "Details of an NGINX configuration, the main configuration path, and the configuration directories.\n", + "description": "Part of bulk operation on a data plane key, only `delete` is supported.", "required": [ - "conf_path", - "configs" + "action", + "object_id" ], "properties": { - "config_version": { - "type": "string", - "description": "A hash that uniquely identifies the contents of the config object. Can be used to detect change when updating the NginxConfig.\n" - }, - "conf_path": { - "$ref": "#/components/schemas/ConfigPath" - }, - "configs": { - "type": "array", - "description": "An array of directories containing NGINX configuration files.", - "items": { - "$ref": "#/components/schemas/DirectoryWithFileContent" - } + "object_id": { + "$ref": "#/components/schemas/DataPlaneKeyObjectID" }, - "aux": { - "type": "array", - "description": "An array of auxiliary directory contents related to the NGINX configuration.", - "items": { - "$ref": "#/components/schemas/DirectoryWithFileContent" - } + "action": { + "$ref": "#/components/schemas/BulkRequestAction" } }, "example": { - "aux": [], - "conf_path": "/etc/nginx/nginx.conf", - "configs": [ - { - "files": [ - { - "contents": "Cm1hcCAkdXJpICRtYXBwZWRfc2VydmljZSB7CiAgICBkZWZhdWx0IFVOTUFUQ0hFRDsKICAgICJ+Xi9hcGkvdjEvbmFtZXNwYWNlcy9cdysvaW5zdGFuY2VzIiAgICAgICAgaW5zdGFuY2VzLXN2YzsKICAgICJ+Xi9hcGkvdjEvbmFtZXNwYWNlcy9cdysvZGF0YS1wbGFuZS1rZXlzIiAga2V5cy1zdmM7CiAgICAifl4vYXBpL3YxL25hbWVzcGFjZXMvXHcrL21vbml0b3IiICAgICAgICAgIG1vbml0b3Itc3ZjOwp9Cgp1cHN0cmVhbSBpbnN0YW5jZXMtc3ZjIHsKICAgIHNlcnZlciBpbnN0YW5jZXMtc3ZjOjgwODA7Cn0KCnVwc3RyZWFtIGtleXMtc3ZjIHsKICAgIHNlcnZlciBrZXlzLXN2Yzo4MDkwOwp9Cgp1cHN0cmVhbSBkYXRhcGxhbmUtY3RybCB7CiAgICBzZXJ2ZXIgZGF0YXBsYW5lLWN0cmw6ODA4MDsKfQoKdXBzdHJlYW0gbW9uaXRvci1zdmMgewogICAgc2VydmVyIG1vbml0b3Itc3ZjOjgwODA7Cn0KCnVwc3RyZWFtIG1ldHJpY3MtaW5nZXN0IHsKICAgIHNlcnZlciBtZXRyaWNzLWluZ2VzdDo4MDgwOwp9CgpzZXJ2ZXIgewogICAgbGlzdGVuIDg4ODg7CiAgICBzZXJ2ZXJfbmFtZSBfOwogICAgaHR0cDIgb247CgogICAgcHJveHlfcGFzc19yZXF1ZXN0X2hlYWRlcnMgb247CiAgICByZXdyaXRlICJeL2FwaS8obmdpbngvb25lfHYxKS8oLiopJCIgIi9hcGkvdjEvJDIiIGJyZWFrOwogICAgbG9jYXRpb24gL2FwaS92MS8gewogICAgICAgIGlmICgkbWFwcGVkX3NlcnZpY2UgPSAiVU5NQVRDSEVEIikgewogICAgICAgICAgICByZXR1cm4gNDA0ICd7ImVycm9yOiAiTm90IGZvdW5kIn0nOwogICAgICAgIH0KICAgICAgICBwcm94eV9wYXNzX2hlYWRlciBYLVZvbHRlcnJhLUFwaWd3LVRlbmFudDsKICAgICAgICBwcm94eV9wYXNzIGh0dHA6Ly8kbWFwcGVkX3NlcnZpY2U7CiAgICB9CgogICAgIyBnUlBDIHNlcnZpY2UgZm9yIGRhdGFwbGFuZS1jdHJsCiAgICBsb2NhdGlvbiAvZjUubmdpbnguYWdlbnQuc2RrLkNvbW1hbmRlciB7CiAgICAgICAgZ3JwY19zb2NrZXRfa2VlcGFsaXZlIG9uOwogICAgICAgIGdycGNfcmVhZF90aW1lb3V0IDVtOwogICAgICAgIGdycGNfc2VuZF90aW1lb3V0IDVtOwogICAgICAgIGNsaWVudF9ib2R5X3RpbWVvdXQgMTBtOwogICAgICAgIGdycGNfcGFzcyBncnBjOi8vZGF0YXBsYW5lLWN0cmw7CiAgICB9CgogICAgIyBnUlBDIHNlcnZpY2UgZm9yIG1ldHJpY3MgaW5nZXN0aW9uCiAgICBsb2NhdGlvbiAvZjUubmdpbnguYWdlbnQuc2RrLk1ldHJpY3NTZXJ2aWNlIHsKICAgICAgICBncnBjX3NvY2tldF9rZWVwYWxpdmUgb247CiAgICAgICAgZ3JwY19yZWFkX3RpbWVvdXQgNW07CiAgICAgICAgZ3JwY19zZW5kX3RpbWVvdXQgNW07CiAgICAgICAgY2xpZW50X2JvZHlfdGltZW91dCAxMG07CiAgICAgICAgY2xpZW50X21heF9ib2R5X3NpemUgMDsKICAgICAgICBncnBjX3Bhc3MgZ3JwYzovL21ldHJpY3MtaW5nZXN0OwogICAgfQp9CgojIHByb3h5IHRvIHRoZSBtYW5hZ2VtZW50IHNlcnZlcnMKc2VydmVyIHsKICAgIGxpc3RlbiAxNTAwMDsKICAgIHNlcnZlcl9uYW1lIF87CiAgICAjIHVzZSBkb2NrZXIgRE5TCiAgICByZXNvbHZlciAxMjcuMC4wLjExIHZhbGlkPTMwczsKCiAgICAjIG1hdGNoIC88c2VydmljZT4vPG1nbXQgZW5kcG9pbnQ+CiAgICBsb2NhdGlvbiB+Xi8oW14vXSspLyguKykkIHsKICAgICAgICBwcm94eV9wYXNzIGh0dHA6Ly8kMToxNTAwMC8kMjsKICAgIH0KCiAgICBsb2NhdGlvbiAvIHsKICAgICAgICBhZGRfaGVhZGVyICJDb250ZW50LVR5cGUiICJ0ZXh0L2h0bWwiOwogICAgICAgIHJldHVybiAyMDAgIjxwPkFjY2VzcyB0aGUgbWFuYWdlbWVudCBzZXJ2ZXIgb2YgYW55IHNlcnZpY2Ugd2l0aCBVUkxzIGxpa2UgPGNvZGU+aHR0cDovL2xvY2FsaG9zdDoxNTAwMC8mbHQ7U0VSVklDRV9OQU1FJmd0Oy9tZXRyaWNzPC9jb2RlPjwvcD4iOwogICAgfQp9Cg==", - "mtime": "1970-01-01T00:00:00Z", - "name": "default.conf", - "size": 1942 - } - ], - "name": "/etc/nginx/conf.d" - }, - { - "files": [ - { - "contents": "CnVzZXIgIG5naW54Owp3b3JrZXJfcHJvY2Vzc2VzICBhdXRvOwoKZXJyb3JfbG9nICAvdmFyL2xvZy9uZ2lueC9lcnJvci5sb2cgbm90aWNlOwpwaWQgICAgICAgIC92YXIvcnVuL25naW54LnBpZDsKCgpldmVudHMgewogICAgd29ya2VyX2Nvbm5lY3Rpb25zICAxMDI0Owp9CgoKaHR0cCB7CiAgICBpbmNsdWRlICAgICAgIC9ldGMvbmdpbngvbWltZS50eXBlczsKICAgIGRlZmF1bHRfdHlwZSAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtOwoKICAgIGxvZ19mb3JtYXQgIG1haW4gICckcmVtb3RlX2FkZHIgLSAkcmVtb3RlX3VzZXIgWyR0aW1lX2xvY2FsXSAiJHJlcXVlc3QiICcKICAgICAgICAgICAgICAgICAgICAgICckc3RhdHVzICRib2R5X2J5dGVzX3NlbnQgIiRodHRwX3JlZmVyZXIiICcKICAgICAgICAgICAgICAgICAgICAgICciJGh0dHBfdXNlcl9hZ2VudCIgIiRodHRwX3hfZm9yd2FyZGVkX2ZvciInOwoKICAgIGFjY2Vzc19sb2cgIC92YXIvbG9nL25naW54L2FjY2Vzcy5sb2cgIG1haW47CgogICAgc2VuZGZpbGUgICAgICAgIG9uOwogICAgI3RjcF9ub3B1c2ggICAgIG9uOwoKICAgIGtlZXBhbGl2ZV90aW1lb3V0ICA2NTsKCiAgICAjZ3ppcCAgb247CgogICAgaW5jbHVkZSAvZXRjL25naW54L2NvbmYuZC8qLmNvbmY7Cn0K", - "mtime": "1970-01-01T00:00:00Z", - "name": "nginx.conf", - "size": 648 - }, - { - "contents": "CnR5cGVzIHsKICAgIHRleHQvaHRtbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBodG1sIGh0bSBzaHRtbDsKICAgIHRleHQvY3NzICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjc3M7CiAgICB0ZXh0L3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeG1sOwogICAgaW1hZ2UvZ2lmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdpZjsKICAgIGltYWdlL2pwZWcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqcGVnIGpwZzsKICAgIGFwcGxpY2F0aW9uL2phdmFzY3JpcHQgICAgICAgICAgICAgICAgICAgICAgICAgICBqczsKICAgIGFwcGxpY2F0aW9uL2F0b20reG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdG9tOwogICAgYXBwbGljYXRpb24vcnNzK3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJzczsKCiAgICB0ZXh0L21hdGhtbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbW1sOwogICAgdGV4dC9wbGFpbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHR4dDsKICAgIHRleHQvdm5kLnN1bi5qMm1lLmFwcC1kZXNjcmlwdG9yICAgICAgICAgICAgICAgICBqYWQ7CiAgICB0ZXh0L3ZuZC53YXAud21sICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd21sOwogICAgdGV4dC94LWNvbXBvbmVudCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGh0YzsKCiAgICBpbWFnZS9hdmlmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXZpZjsKICAgIGltYWdlL3BuZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwbmc7CiAgICBpbWFnZS9zdmcreG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZnIHN2Z3o7CiAgICBpbWFnZS90aWZmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGlmIHRpZmY7CiAgICBpbWFnZS92bmQud2FwLndibXAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2JtcDsKICAgIGltYWdlL3dlYnAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJwOwogICAgaW1hZ2UveC1pY29uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGljbzsKICAgIGltYWdlL3gtam5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqbmc7CiAgICBpbWFnZS94LW1zLWJtcCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYm1wOwoKICAgIGZvbnQvd29mZiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3b2ZmOwogICAgZm9udC93b2ZmMiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdvZmYyOwoKICAgIGFwcGxpY2F0aW9uL2phdmEtYXJjaGl2ZSAgICAgICAgICAgICAgICAgICAgICAgICBqYXIgd2FyIGVhcjsKICAgIGFwcGxpY2F0aW9uL2pzb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqc29uOwogICAgYXBwbGljYXRpb24vbWFjLWJpbmhleDQwICAgICAgICAgICAgICAgICAgICAgICAgIGhxeDsKICAgIGFwcGxpY2F0aW9uL21zd29yZCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2M7CiAgICBhcHBsaWNhdGlvbi9wZGYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcGRmOwogICAgYXBwbGljYXRpb24vcG9zdHNjcmlwdCAgICAgICAgICAgICAgICAgICAgICAgICAgIHBzIGVwcyBhaTsKICAgIGFwcGxpY2F0aW9uL3J0ZiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBydGY7CiAgICBhcHBsaWNhdGlvbi92bmQuYXBwbGUubXBlZ3VybCAgICAgICAgICAgICAgICAgICAgbTN1ODsKICAgIGFwcGxpY2F0aW9uL3ZuZC5nb29nbGUtZWFydGgua21sK3htbCAgICAgICAgICAgICBrbWw7CiAgICBhcHBsaWNhdGlvbi92bmQuZ29vZ2xlLWVhcnRoLmtteiAgICAgICAgICAgICAgICAga216OwogICAgYXBwbGljYXRpb24vdm5kLm1zLWV4Y2VsICAgICAgICAgICAgICAgICAgICAgICAgIHhsczsKICAgIGFwcGxpY2F0aW9uL3ZuZC5tcy1mb250b2JqZWN0ICAgICAgICAgICAgICAgICAgICBlb3Q7CiAgICBhcHBsaWNhdGlvbi92bmQubXMtcG93ZXJwb2ludCAgICAgICAgICAgICAgICAgICAgcHB0OwogICAgYXBwbGljYXRpb24vdm5kLm9hc2lzLm9wZW5kb2N1bWVudC5ncmFwaGljcyAgICAgIG9kZzsKICAgIGFwcGxpY2F0aW9uL3ZuZC5vYXNpcy5vcGVuZG9jdW1lbnQucHJlc2VudGF0aW9uICBvZHA7CiAgICBhcHBsaWNhdGlvbi92bmQub2FzaXMub3BlbmRvY3VtZW50LnNwcmVhZHNoZWV0ICAgb2RzOwogICAgYXBwbGljYXRpb24vdm5kLm9hc2lzLm9wZW5kb2N1bWVudC50ZXh0ICAgICAgICAgIG9kdDsKICAgIGFwcGxpY2F0aW9uL3ZuZC5vcGVueG1sZm9ybWF0cy1vZmZpY2Vkb2N1bWVudC5wcmVzZW50YXRpb25tbC5wcmVzZW50YXRpb24KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwcHR4OwogICAgYXBwbGljYXRpb24vdm5kLm9wZW54bWxmb3JtYXRzLW9mZmljZWRvY3VtZW50LnNwcmVhZHNoZWV0bWwuc2hlZXQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB4bHN4OwogICAgYXBwbGljYXRpb24vdm5kLm9wZW54bWxmb3JtYXRzLW9mZmljZWRvY3VtZW50LndvcmRwcm9jZXNzaW5nbWwuZG9jdW1lbnQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2N4OwogICAgYXBwbGljYXRpb24vdm5kLndhcC53bWxjICAgICAgICAgICAgICAgICAgICAgICAgIHdtbGM7CiAgICBhcHBsaWNhdGlvbi93YXNtICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2FzbTsKICAgIGFwcGxpY2F0aW9uL3gtN3otY29tcHJlc3NlZCAgICAgICAgICAgICAgICAgICAgICA3ejsKICAgIGFwcGxpY2F0aW9uL3gtY29jb2EgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjY287CiAgICBhcHBsaWNhdGlvbi94LWphdmEtYXJjaGl2ZS1kaWZmICAgICAgICAgICAgICAgICAgamFyZGlmZjsKICAgIGFwcGxpY2F0aW9uL3gtamF2YS1qbmxwLWZpbGUgICAgICAgICAgICAgICAgICAgICBqbmxwOwogICAgYXBwbGljYXRpb24veC1tYWtlc2VsZiAgICAgICAgICAgICAgICAgICAgICAgICAgIHJ1bjsKICAgIGFwcGxpY2F0aW9uL3gtcGVybCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwbCBwbTsKICAgIGFwcGxpY2F0aW9uL3gtcGlsb3QgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwcmMgcGRiOwogICAgYXBwbGljYXRpb24veC1yYXItY29tcHJlc3NlZCAgICAgICAgICAgICAgICAgICAgIHJhcjsKICAgIGFwcGxpY2F0aW9uL3gtcmVkaGF0LXBhY2thZ2UtbWFuYWdlciAgICAgICAgICAgICBycG07CiAgICBhcHBsaWNhdGlvbi94LXNlYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2VhOwogICAgYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2ggICAgICAgICAgICAgICAgICAgIHN3ZjsKICAgIGFwcGxpY2F0aW9uL3gtc3R1ZmZpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBzaXQ7CiAgICBhcHBsaWNhdGlvbi94LXRjbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGNsIHRrOwogICAgYXBwbGljYXRpb24veC14NTA5LWNhLWNlcnQgICAgICAgICAgICAgICAgICAgICAgIGRlciBwZW0gY3J0OwogICAgYXBwbGljYXRpb24veC14cGluc3RhbGwgICAgICAgICAgICAgICAgICAgICAgICAgIHhwaTsKICAgIGFwcGxpY2F0aW9uL3hodG1sK3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICB4aHRtbDsKICAgIGFwcGxpY2F0aW9uL3hzcGYreG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICB4c3BmOwogICAgYXBwbGljYXRpb24vemlwICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHppcDsKCiAgICBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0gICAgICAgICAgICAgICAgICAgICAgICAgYmluIGV4ZSBkbGw7CiAgICBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0gICAgICAgICAgICAgICAgICAgICAgICAgZGViOwogICAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtICAgICAgICAgICAgICAgICAgICAgICAgIGRtZzsKICAgIGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbSAgICAgICAgICAgICAgICAgICAgICAgICBpc28gaW1nOwogICAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtICAgICAgICAgICAgICAgICAgICAgICAgIG1zaSBtc3AgbXNtOwoKICAgIGF1ZGlvL21pZGkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtaWQgbWlkaSBrYXI7CiAgICBhdWRpby9tcGVnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbXAzOwogICAgYXVkaW8vb2dnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9nZzsKICAgIGF1ZGlvL3gtbTRhICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtNGE7CiAgICBhdWRpby94LXJlYWxhdWRpbyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcmE7CgogICAgdmlkZW8vM2dwcCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDNncHAgM2dwOwogICAgdmlkZW8vbXAydCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRzOwogICAgdmlkZW8vbXA0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1wNDsKICAgIHZpZGVvL21wZWcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtcGVnIG1wZzsKICAgIHZpZGVvL3F1aWNrdGltZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtb3Y7CiAgICB2aWRlby93ZWJtICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2VibTsKICAgIHZpZGVvL3gtZmx2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBmbHY7CiAgICB2aWRlby94LW00diAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbTR2OwogICAgdmlkZW8veC1tbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1uZzsKICAgIHZpZGVvL3gtbXMtYXNmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhc3ggYXNmOwogICAgdmlkZW8veC1tcy13bXYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdtdjsKICAgIHZpZGVvL3gtbXN2aWRlbyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdmk7Cn0K", - "mtime": "1970-01-01T00:00:00Z", - "name": "mime.types", - "size": 5349 - } - ], - "name": "/etc/nginx" - } - ] + "object_id": "key_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" } }, - "NginxConfigObjectID": { - "description": "A globally unique identifier for the NGINX Config object.", + "DataPlaneKeyBulkRequest": { + "type": "array", + "items": { + "$ref": "#/components/schemas/DataPlaneKeyBulkRequestData" + }, + "minItems": 1, + "maxItems": 50, + "example": [ + { + "object_id": "key_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" + }, + { + "object_id": "key_PL0c1XodRemmzVEjiXSsTg", + "action": "delete" + } + ] + }, + "ObjectID": { + "description": "A globally unique identifier.", "type": "string", "format": "object_id", - "pattern": "^nc_.*", + "pattern": "^\\w+_.*", "x-go-type": "objects.ID", "x-go-type-import": { "name": "objects", "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "NginxConfig": { - "description": "Details of an NGINX configuration, including its unique identifier, the main configuration path, the \nconfiguration directories, and the NGINX configuration payloads that indicate where managed SSL certificates\nand keys were deployed to on the data plane instance.\n", - "allOf": [ - { - "$ref": "#/components/schemas/NginxConfigObject" - }, - { - "type": "object", - "required": [ - "object_id" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/NginxConfigObjectID" - }, - "payloads": { - "$ref": "#/components/schemas/NginxConfigPayloads" - } - } - } - ] - }, - "PublicationStatusCause": { - "description": "Cause of the failure, provided only if the status is `failed`.", + "BulkRequestObjectStatus": { "type": "object", - "properties": { - "cause": { - "description": "Cause of the failure, detailed as follows:\n* `unknown` - The reason for the failure is not known.\n* `timeout` - The publication request reached its time limit without receiving a response from the NGINX Agent.\n* `remote` - The NGINX Agent reported a failure when trying to apply the configuration. See the message for more details.\n* `payload` - The publication was successful, but there were warnings reported by attached payloads, see message for more details.\n", - "type": "string", - "enum": [ - "unknown", - "timeout", - "remote", - "payload" - ], - "x-enum-varnames": [ - "publication_instance_status_cause_unknown", - "publication_instance_status_cause_timeout", - "publication_instance_status_cause_remote", - "publication_instance_status_cause_payload" - ] - }, - "message": { - "type": "string", - "description": "more specific failure message from the agent." - } - } - }, - "PublicationInstance": { - "description": "Details of a publication request for an NGINX instance.", "required": [ - "status", - "created_at", - "modified_at" + "outcome" ], "properties": { "object_id": { - "$ref": "#/components/schemas/PublicationObjectID" + "$ref": "#/components/schemas/ObjectID" }, - "config_version": { + "name": { "type": "string", - "description": "A hash that uniquely identifies the contents of the config object in the publication.\n" + "description": "this is the user facing name of the object." }, - "status": { - "description": "Publication status for the NGINX instance:\n* `pending` - The publication request has been accepted and is currently processing.\n* `failed` - The publication attempt failed.\n* `succeeded` - The publication was successful.\n* `succeeded_with_warnings` - The publication was successful, but there were warnings.\n", + "outcome": { "type": "string", + "description": "This is the outcome that corresponds to the action.\n* deleted - the object deletion was processed, and the object was deleted.\n* accepted - the request was accepted, and will be processed.\n* failed - the request failed, see failure_reason for more details.\n* invalid - the request was invalid, see failure_reason for more details.\n", "enum": [ - "pending", + "deleted", + "accepted", "failed", - "succeeded", - "succeeded_with_warnings" + "invalid" ], "x-enum-varnames": [ - "publication_instance_status_pending", - "publication_instance_status_failed", - "publication_instance_status_succeeded", - "publication_instance_status_succeeded_with_warnings" + "build_request_object_status_deleted", + "build_request_object_status_accepted", + "build_request_object_status_failed", + "build_request_object_status_invalid" ] }, - "status_cause": { - "$ref": "#/components/schemas/PublicationStatusCause" - }, - "created_at": { + "failure_reason": { + "type": "string", + "description": "this is the failure reason populated when outcome is 'failed' or 'invalid'." + } + } + }, + "DataPlaneKeyBulkResponse": { + "description": "The data plane key bulk outcome.", + "type": "array", + "items": { + "$ref": "#/components/schemas/BulkRequestObjectStatus" + } + }, + "DataPlaneKeyUpdateRequest": { + "type": "object", + "description": "Request structure for updating an existing data plane key.", + "properties": { + "name": { + "description": "Give the data plane key a new name so you can tell it apart from others.", "type": "string", - "format": "date-time", - "description": "The date and time when the publication was created for the instance." + "minLength": 1, + "maxLength": 128 }, - "modified_at": { + "expires_at": { "type": "string", "format": "date-time", - "description": "The date and time when the publication was last modified for the instance." + "description": "Adjust the expiration date and time for the data plane key in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. \n\nIt's not possible to update the expiration date once the data plane key has expired.\n" } - }, - "example": { - "config_version": "c039fbbd5d7f73d894390fb446bd3690da099ed8862b2527299bc2ba", - "created_at": "2024-05-14T20:36:06.272704Z", - "modified_at": "2024-05-14T20:36:06.272704Z", - "object_id": "pub_vfr5Oqv-AhxGzyqTXW-Ubw", - "status": "pending" } }, - "NginxConfigMeta": { - "type": "object", - "description": "Meta data of an NGINX configuration, including its unique identifier, the config_version.\n", + "FilterNameCertificates": { + "type": "string", + "description": "Keywords for certificates filters.\nWhen filtering on `management`, only the following `filter_values` are supported:\n * managed\n * unmanaged\nWhen filtering on `type`, only the following `filter_values` are supported:\n * cert_key\n * ca_bundle\n * unknown\nWhen filtering on `status`, only the following `filter_values` are supported:\n * valid\n * expiring\n * expired\n * not_ready\n", + "enum": [ + "name", + "management", + "type", + "subject_name", + "status", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_certificates_name", + "filter_name_certificates_management", + "filter_name_certificates_type", + "filter_name_certificates_subject_name", + "filter_name_certificates_status", + "filter_name_certificates_object_id" + ] + }, + "CertificateObjectID": { + "description": "A globally unique identifier for the certificates.", + "type": "string", + "format": "object_id", + "pattern": "^cert_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "CertificateManagement": { + "type": "string", + "description": "Management type:\n * `managed` - Certificate managed by NGINX One Console.\n * `unmanaged` - Certificate that only exists on a data plane instance, detected from its NGINX configuration.\n", + "enum": [ + "managed", + "unmanaged" + ], + "x-enum-varnames": [ + "certificate_management_managed", + "certificate_management_unmanaged" + ] + }, + "CertificateType": { + "type": "string", + "description": "Certificate type:\n * `ca_bundle` - This certificate object is a CA bundle.\n * `cert_key` - This certificate object is consisted of public certificates and key.\n * `unmanaged` - This certificate is not managed by NGINX One console and its type is unmanaged.\n", + "enum": [ + "ca_bundle", + "cert_key", + "unmanaged" + ], + "x-enum-varnames": [ + "certificate_type_ca_bundle", + "certificate_type_pem_cert_key", + "certificate_type_unmanaged" + ] + }, + "CertificateObjectMetadata": { "required": [ - "object_id", - "config_version", - "created_at", - "modified_at", - "config_source" + "management", + "type" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/NginxConfigObjectID" + "name": { + "description": "Name of the certificate, optionally specified upon creation", + "type": "string" }, - "config_version": { - "type": "string", - "description": "A hash that uniquely identifies the contents of the config object.\n" + "object_id": { + "$ref": "#/components/schemas/CertificateObjectID" }, - "created_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the NGINX configuration object was created for the instance." + "management": { + "$ref": "#/components/schemas/CertificateManagement" }, - "modified_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the NGINX configuration object was last modified for the instance." + "type": { + "$ref": "#/components/schemas/CertificateType" }, - "config_source": { - "type": "string", - "enum": [ - "NGINX One", - "Other", - "Unspecified" - ], - "x-enum-varnames": [ - "config_source_nginx_one", - "config_source_other", - "config_source_unspecified" - ], - "description": "The source from which the config was created:\n- `NGINX One`: The config was created from NGINX One.\n- `Other`: The config was created from data plane.\n- `Unspecified`: The source of the config is unspecified.\n" + "certs_count": { + "description": "The number of public certificates under this certificate object.", + "type": "integer", + "format": "int64" } }, "example": { - "object_id": "nc_AamgWtYSSb6OWGljx3wNDA", - "config_version": "Cm1hcCAkdXJpICRtYXBwZWRfc2V", - "created_at": "2023-08-10T16:59:15Z", - "modified_at": "2023-08-10T16:59:15Z", - "config_source": "NGINX One" + "name": "example-ca-bundle", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", + "management": "managed", + "type": "ca_bundle", + "certs_count": 5 } }, - "FeatureFlagKey": { - "type": "string", - "description": "String representation of a feature flag key." - }, - "FilterNameConfigSyncGroups": { + "CertificateStatus": { "type": "string", - "description": "Keywords for config sync groups filters.\nWhen filtering on `config_status`, only the following `filter_values` are supported:\n * in_sync\n * out_of_sync\n * sync_in_progress\n * unknown\n", + "description": "Status of the certificate:\n * `valid` - The certificate is currently valid and operational.\n * `expiring` - The certificate will expire within the next 30 days. Consider renewing it to maintain uninterrupted service.\n * `expired` - The certificate is no longer valid. Immediate renewal is recommended to ensure secure connections.\n * `not_ready` - The certificate is not ready to be used, based on the start date of its validity period.\n", "enum": [ - "name", - "config_status", - "object_id" + "valid", + "expiring", + "expired", + "not_ready" ], "x-enum-varnames": [ - "filter_name_config_sync_group_name", - "filter_name_config_sync_group_config_status", - "filter_name_config_sync_group_object_id" + "certificate_status_valid", + "certificate_status_expiring", + "certificate_status_expired", + "certificate_status_not_ready" ] }, - "ListConfigSyncGroupObject": { + "CertificateDisplayMetadata": { + "description": "This represents the essential metadata of a public certificate.", "type": "object", - "description": "Summary information of the NGINX config sync group.", "required": [ - "object_id", - "name", - "created_at", - "instances_count", - "config_status" + "subject_name", + "status", + "not_before", + "not_after" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/ConfigSyncGroupObjectID" + "subject_name": { + "type": "string", + "example": "www.example.com", + "description": "DNS name that identifies the certificate. If DNS is not present in the SAN extension, this will be the common name.\n" }, - "name": { - "description": "Name of the NGINX config sync group.", - "type": "string" + "status": { + "$ref": "#/components/schemas/CertificateStatus" }, - "created_at": { - "description": "The date and time when the config sync group was created.", + "not_before": { "type": "string", - "format": "date-time" - }, - "instances_count": { - "description": "Number of instances in the NGINX config sync group.", - "type": "integer" + "format": "date-time", + "example": "2023-06-12T09:12:33.001Z", + "description": "The start of the validity period for the certificate." }, - "config_status": { - "$ref": "#/components/schemas/ConfigSyncStatus" + "not_after": { + "type": "string", + "format": "date-time", + "example": "2029-12-25T09:12:33.001Z", + "description": "The end of the validity period for the certificate." + } + }, + "example": { + "subject_name": "self_ca_signed", + "status": "valid", + "not_before": "2023-08-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z" + } + }, + "CertificateOverviewMetadata": { + "description": "Represents an overview of all the public certificates under a single cert object.\nIf multiple public certificates on the same CA chain, including the leaf certificate and key are provided, \nthis includes `status`, `subject_name`, `not_before` and `not_after` for the leaf certificate.\nIf a CA bundle is provided, the above mentioned certificate metadata is for the Certificate Authority that\nexpires the soonest in the bundle.\n", + "type": "object", + "allOf": [ + { + "$ref": "#/components/schemas/CertificateObjectMetadata" }, - "cert_summary": { - "$ref": "#/components/schemas/CertificateInstanceSummary" + { + "$ref": "#/components/schemas/CertificateDisplayMetadata" } + ], + "example": { + "name": "example-ca-bundle", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", + "management": "managed", + "type": "ca_bundle", + "subject_name": "self_ca_signed", + "status": "valid", + "not_before": "2023-08-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z", + "certs_count": 5 } }, - "ConfigSyncGroupListResponse": { + "CertificateListResponse": { "allOf": [ { "$ref": "#/components/schemas/PaginationResponse" }, { "type": "object", - "description": "List of NGINX config sync groups.", + "description": "List of SSL certificates.", "required": [ "items" ], "properties": { "items": { - "description": "An array of Config Sync Group objects.", + "description": "An array of basic metadata for all the SSL certificates in NGINX One Console. \nFor a CA bundle, an overview with metadata on the first Certificate Authority in the bundle will be displayed.\nOtherwise, an overview with metadata on the leaf certificate will be displayed.\n", "type": "array", "items": { - "$ref": "#/components/schemas/ListConfigSyncGroupObject" + "$ref": "#/components/schemas/CertificateOverviewMetadata" } } } @@ -11143,454 +5892,454 @@ ], "example": { "total": 10, - "count": 1, + "count": 2, "start_index": 1, "items_per_page": 100, "items": [ { - "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", - "name": "test-config-sync-group", - "created_at": "2023-12-05T22:30:20.220114Z", - "config_status": "in_sync", - "instances_count": 1 + "name": "example-cert_key", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", + "management": "managed", + "type": "cert_key", + "status": "valid", + "subject_name": "www.example.com", + "not_before": "2023-08-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z", + "certs_count": 1 + }, + { + "name": "example-ca-bundle", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", + "management": "managed", + "type": "ca_bundle", + "subject_name": "self_ca_signed", + "status": "valid", + "not_before": "2023-08-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z", + "certs_count": 5 } ] } }, - "ConfigSyncGroupCreateRequest": { - "description": "Body to create a NGINX config sync group.", + "CertificateContent": { + "type": "object", + "description": "Defines the PEM-formatted certificate content which includes the certificates and corresponding private key, all encoded in base64.\n", "required": [ - "name" + "public_certs" ], "properties": { - "name": { + "public_certs": { "type": "string", - "description": "A name to uniquely identify the NGINX config sync group in a given tenant namespace.", - "minLength": 1, - "maxLength": 256 + "format": "base64", + "maxLength": 3145728, + "description": "Base64-encoded PEM-formatted certificate information. \nThe `public_certs` field can include a leaf certificate along with its full chain of trust or a CA bundle. \nFor leaf certificates, the accompanying `private_key` is required to authenticate the certificate's validity. \nCA bundles contain trusted CA certificates and may consist of certificates from different CA chains. A private\nkey should not be included in a CA bundle.\n" + }, + "private_key": { + "type": "string", + "format": "base64", + "maxLength": 3145728, + "description": "Base64-encoded private key string for the leaf certificate, required only for certificate-key pairs to \nverify the certificate's authenticity.\n" } }, "example": { - "name": "my-nginx-config-sync-group" + "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==" } }, - "ConfigSyncGroupCreateResponse": { - "description": "Response to a create NGINX config sync group request.", + "CertificateRequest": { + "type": "object", + "description": "Request structure for parsing or upserting certificates with an optional private key.\n", "required": [ - "object_id", - "name" + "content" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/ConfigSyncGroupObjectID" - }, "name": { - "description": "Name of the NGINX config sync group.", - "type": "string" + "description": "A name for the certificate, making it identifiable among others.", + "type": "string", + "minLength": 1, + "maxLength": 128 + }, + "content": { + "$ref": "#/components/schemas/CertificateContent" } }, "example": { - "name": "my-nginx-config-sync-group", - "object_id": "csg_Tet21AeYTHCj7taOwVfzyw" + "name": "example-ca-bundle", + "content": { + "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==", + "private_key": "" + } } }, - "ConfigSyncGroupBulkRequestData": { + "CertificateMetadata": { + "description": "A comprehensive list of all the metadata for a public certificate.", "type": "object", - "description": "Part of bulk operation on a config sync group, only `delete` is supported.", "required": [ - "action", - "object_id" + "status", + "serial_number", + "signature_algorithm", + "not_before", + "not_after", + "public_key_type", + "thumbprint" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/ConfigSyncGroupObjectID" + "status": { + "$ref": "#/components/schemas/CertificateStatus" }, - "action": { - "$ref": "#/components/schemas/BulkRequestAction" + "version": { + "type": "integer", + "format": "int64", + "example": 3, + "description": "The version of the certificate, typically 3 for X.509 certificates." + }, + "serial_number": { + "type": "string", + "example": "16469416336579571270", + "description": "A unique identifier for the certificate." + }, + "signature_algorithm": { + "type": "string", + "example": "SHA-256", + "description": "Identifies the algorithm used to sign the certificate." + }, + "issuer": { + "type": "string", + "example": "CN=Example CA, O=Certificate Authority Inc., OU=CA Department, L=City, ST=State, C=Country", + "description": "Identifies the entity who signed and issued the certificate." + }, + "not_before": { + "type": "string", + "format": "date-time", + "example": "2023-06-12T09:12:33.001Z", + "description": "The start of the validity period for the certificate." + }, + "not_after": { + "type": "string", + "format": "date-time", + "example": "2029-12-25T09:12:33.001Z", + "description": "The end of the validity period for the certificate." + }, + "subject": { + "type": "string", + "example": "CN=www.example.com, O=Example Inc., OU=IT Department, L=City, ST=State, C=Country", + "description": "Identifies the primary entity to which the certificate is issued. Typically, it contains information\nsuch as the Common Name (CN), Organization (O), Organizational Unit (OU), Country (C), etc.\n" + }, + "subject_alternative_name": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "DNS:www.example.com", + "DNS:example.com", + "email:info@example.com" + ], + "description": "Defines additional identifies bound to the subject of the certificate. \nFor example, the DNS name is used to add additional domain names to a certificate.\n" + }, + "public_key_type": { + "type": "string", + "example": "RSA (2048 Bits)", + "description": "Identifies the encryption algorithm used to create the public key for the certificate." + }, + "common_name": { + "type": "string", + "example": "www.example.com", + "description": "The Common Name (CN) for the certificate, used when DNS name is not present in the SAN extension.\n" + }, + "authority_key_identifier": { + "type": "string", + "example": "2B D0 69 47 94 76 09 FE F4 6B 8D 2E 40 A6 F7 47 4D 7F 08 5E", + "description": "The identifier of the signing authority for the certificate." + }, + "subject_key_identifier": { + "type": "string", + "example": "31 EA 76 A9 23 74 A5 DF D4 FD EE A0 C1 A6 9E C6 11 0E 11 EC", + "description": "A hash value of the SSL certificate that can be used to identify certificates that \ncontain a particular public key.\n" + }, + "thumbprint_algorithm": { + "type": "string", + "example": "SHA-1", + "description": "Defines the algorithm used to hash the certificate." + }, + "thumbprint": { + "type": "string", + "example": "E6 A7 87 96 E0 C7 A3 E5 43 78 35 CA 16 78 5B 48 5A A9 DD C4 5C CD 0A 65 AA 89 33 E3 C3 D0 89 71", + "description": "A hash to ensure that the certificate has not been modified." } }, "example": { - "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" - } - }, - "ConfigSyncGroupBulkRequest": { - "type": "array", - "items": { - "$ref": "#/components/schemas/ConfigSyncGroupBulkRequestData" - }, - "minItems": 1, - "maxItems": 50, - "example": [ - { - "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" - }, - { - "object_id": "csg_PL0c1XodRemmzVEjiXSsTg", - "action": "delete" - } - ] - }, - "ConfigSyncGroupBulkResponse": { - "description": "The config sync group bulk outcome.", - "type": "array", - "items": { - "$ref": "#/components/schemas/BulkRequestObjectStatus" + "status": "valid", + "version": 3, + "serial_number": "71283929", + "signature_algorithm": "SHA256-RSA", + "issuer": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=eg3bsriq_cert_bundle_CA", + "not_before": "2023-02-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z", + "subject": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=self_ca_signed", + "subject_alternative_name": [], + "public_key_type": "RSA (2048 bit)", + "common_name": "self_ca_signed", + "authority_key_identifier": "3A:79:E0:3E:61:CD:94:29:1D:BB:45:37:0B:E9:78:E9:2F:40:67:CA", + "subject_key_identifier": "93:35:2B:75:09:B9:FF:01:1B:63:F1:0E:50:71:9C:4E:B4:E2:02:BA", + "thumbprint_algorithm": "SHA-256", + "thumbprint": "C1:EB:E8:CE:35:77:63:75:D3:C0:E7:97:5F:02:8C:D3:D8:C4:12:34:40:45:D3:98:67:39:BE:8A:33:CE:1F:B2" } }, - "ConfigSyncGroupInstance": { - "allOf": [ - { - "$ref": "#/components/schemas/Instance" + "PrivateKeyMetadata": { + "type": "object", + "description": "Metadata for a private key.", + "properties": { + "key_size": { + "description": "Size of the private key in bits.", + "type": "integer", + "format": "int64" }, - { - "type": "object", - "required": [ - "config_status", - "config_version" - ], - "properties": { - "config_status": { - "$ref": "#/components/schemas/ConfigSyncStatus" - }, - "config_version": { - "description": "A computed hash of current config on the config sync group.", - "type": "string" - } - } + "encryption_algorithm": { + "description": "The encryption algorithm used for the private key.", + "type": "string" } - ] - }, - "ConfigSyncGroupPublicationStatus": { - "type": "string", - "description": "The status on the last publication issued on this config sync group:\n* `pending` - The publication request has been accepted and is currently processing.\n* `failed` - The publication attempt failed.\n* `succeeded` - The publication was successful.\n* `partially_succeeded` - The publication attempt had one or more failures.\n", - "enum": [ - "pending", - "failed", - "succeeded", - "partially_succeeded" - ], - "x-enum-varnames": [ - "publication_config_sync_group_status_pending", - "publication_config_sync_group_status_failed", - "publication_config_sync_group_status_succeeded", - "publication_config_sync_group_status_partially_succeeded" - ] + }, + "example": { + "key_size": 512, + "encryption_algorithm": "RSA" + } }, - "ConfigSyncGroup": { + "CertificateResponse": { + "type": "object", + "description": "Response structure containing details of the created, updated or retrieved SSL certificate. In general, \nthe response should contain:\n * an overview of all the public certificates\n * `warnings` whether any issue is found after parsing the certificates and key\n * `certs`\n * `key_metadata` if key provided in the request body\n * timestamps that represent when this cert object was created or modified\n", "allOf": [ { - "$ref": "#/components/schemas/ConfigSyncGroupMeta" + "$ref": "#/components/schemas/CertificateOverviewMetadata" }, { "type": "object", - "description": "Additional information of the NGINX config sync group including:\n* config sync status\n* config checksum\n* instances\n* last known publication status\n* certs associated with this config sync group\n", "properties": { - "config_status": { - "$ref": "#/components/schemas/ConfigSyncStatus" - }, - "config_version": { - "description": "A computed hash of current config on the config sync group.", - "type": "string" + "warnings": { + "type": "string", + "description": "Warnings indicate whether there are any issues with the stored cert object. Empty when no issues were found.\n" }, - "instances": { - "description": "An array of Instance objects.", + "certs": { + "description": "An array of metadata for all the public certificates under the cert object.", "type": "array", "items": { - "$ref": "#/components/schemas/ConfigSyncGroupInstance" + "$ref": "#/components/schemas/CertificateMetadata" } }, - "last_publication_status": { - "$ref": "#/components/schemas/ConfigSyncGroupPublicationStatus" + "key": { + "$ref": "#/components/schemas/PrivateKeyMetadata" }, - "certs": { - "description": "An array detailing each certificate's information, including its friendly name, unique identifier, applicable file system paths, subject name, and validity dates. \nIt provides insights into the operational status of each certificate, such as whether it's currently valid, nearing expiration, is not ready to be used, or has already expired.\nThe deployment status indicates whether the latest certs and key managed by NGINX One Console are deployed onto the data plane instances that are part of this config sync group.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/CertAssociation" - } + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the SSL certificate was created." }, - "nginx_app_protect": { - "type": "object", - "required": [ - "deployments" - ], - "properties": { - "deployments": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NapAssociation" - } - } - } + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the SSL certificate was last modified." } } } ], "example": { - "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", - "name": "test-config-sync-group", - "created_at": "2023-12-06T22:37:24.120114Z", - "config_status": "in_sync", - "config_version": "uvR3F2TQGm18jnl7bpaGw", - "instances": [ - { - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "hostname": "816e3c194d59", - "system_id": "6066aad2-211e-3718-be5d-fcc01ffc5cc8", - "agent_version": "v2.33.0", - "registered_at": "2024-05-16T18:26:40.556048Z", - "last_reported": "2023-12-06T22:37:24.120114Z", - "status": "unavailable", - "nginx_build": { - "conf_path": "/etc/nginx/nginx.conf", - "version": "1.25.3" - }, - "os_version": "Ubuntu 22.04", - "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", - "config_status": "in_sync", - "config_version": "abc123def456" - } - ], + "name": "example-cert_key", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", + "management": "managed", + "type": "cert_key", + "status": "valid", + "subject_name": "www.example.com", + "not_before": "2023-08-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z", + "warnings": "The provided private key does not match the certificate's signing key.", + "certs_count": 1, "certs": [ { - "subject_name": "test.com", - "name": "client", - "cert_type": "cert_key", - "not_after": "2024-01-06T00:01:30Z", - "not_before": "2023-12-07T00:01:30Z", - "cert_paths": [ - "/etc/nginx/client.pem" - ], - "cert_status": "expiring", - "deployment_status": "latest", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw" + "status": "valid", + "version": 3, + "serial_number": "71283929", + "signature_algorithm": "SHA256-RSA", + "issuer": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=eg3bsriq_cert_A", + "not_before": "2023-02-10T16:59:15Z", + "not_after": "2024-08-14T16:59:15Z", + "subject": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=eg3bsriq_cert_B", + "subject_alternative_name": [], + "public_key_type": "RSA (2048 bit)", + "common_name": "eg3bsriq_cert_B", + "authority_key_identifier": "3A:79:E0:3E:61:CD:94:29:1D:BB:45:37:0B:E9:78:E9:2F:40:67:CA", + "subject_key_identifier": "93:35:2B:75:09:B9:FF:01:1B:63:F1:0E:50:71:9C:4E:B4:E2:02:BA", + "thumbprint_algorithm": "SHA-256", + "thumbprint": "C1:EB:E8:CE:35:77:63:75:D3:C0:E7:97:5F:02:8C:D3:D8:C4:12:34:40:45:D3:98:67:39:BE:8A:33:CE:1F:B2" } - ] + ], + "key": { + "key_size": 512, + "encryption_algorithm": "RSA" + }, + "modified_at": "2023-11-01T00:00:00Z", + "created_at": "2023-10-01T00:00:00Z" } }, - "ConfigSyncGroupDetails": { - "type": "object", - "description": "Detailed information of the NGINX config sync group.", - "allOf": [ - { - "$ref": "#/components/schemas/ConfigSyncGroup" - } - ] + "PublicationBulkResponse": { + "description": "The publication bulk operation outcome.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/BulkRequestObjectStatus" + } }, - "ConfigSyncGroupPublicationStatusReason": { - "allOf": [ - { - "$ref": "#/components/schemas/PublicationStatusCause" + "CertificateUpdateContent": { + "type": "object", + "description": "Defines the PEM-formatted certificate content which includes the certificates and corresponding private key, all encoded in base64.\n", + "properties": { + "public_certs": { + "type": "string", + "format": "base64", + "maxLength": 3145728, + "description": "Base64-encoded PEM-formatted certificate information. \nThis is used for updating an existing certificate object. The schema is the same as `CertificateContent`,\nthe only difference is that both `public_certs` and `private_key` fields are optional. There are three use\ncases for this schema:\n* the below update can be done on either a Cert Key Pair or a CA Bundle:\n * when only `public_certs` is populated, update the public certificates on a certificate object. \n The updated public certificates will be validated against the existing private key.\n* the below update can be done only on a Cert Key Pair:\n * when only `private_key` is populated, update only the private key on a certificate object. \n The updated private key will be validated against the existing public certificates.\n * when both `public_certs` and `private_key` fields are populated, update both of them on a certificate \n object.\n" }, - { - "type": "object", - "required": [ - "object_id" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/InstanceObjectID" - } - } + "private_key": { + "type": "string", + "format": "base64", + "maxLength": 3145728, + "description": "Base64-encoded private key string for the leaf certificate, required only for certificate-key pairs to \nverify the certificate's authenticity.\n" } - ] + }, + "example": { + "private_key": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFM295ZHVlT0FOSkhodkwzeXZKZFRwaG9ldjVHTzdnbytCeVlPTy9sNTR1NU8yUHhNZVgrQWpBYjZBeG1xCmxpdkl1aHc9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0t" + } }, - "ConfigSyncGroupPublication": { - "description": "Details of a publication request for the NGINX config sync group.", - "required": [ - "status", - "created_at", - "modified_at" - ], + "CertificateUpdateRequest": { + "type": "object", + "description": "Request structure for updating a certificate object. If key provided, it will be validated against the \nexisting leaf certificate stored under the certificate object.\n* Update for an unmanaged certificate object:\n * This converts the unmanaged certificate object to managed.\n * `public_certs` should always be provided during the conversion.\n * When key is provided, this certificate object is converted to a managed Cert Key Pair. Otherwise, it is\n converted to a managed CA Bundle.\n", "properties": { - "object_id": { - "$ref": "#/components/schemas/PublicationObjectID" - }, - "status": { - "$ref": "#/components/schemas/ConfigSyncGroupPublicationStatus" - }, - "created_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the publication was created for the instance." - }, - "modified_at": { + "name": { + "description": "A name for the certificate, making it identifiable among others.", "type": "string", - "format": "date-time", - "description": "The date and time when the publication was last modified for the instance." - }, - "status_reasons": { - "description": "Detailed failure reasons on each instance's publication, when 'status' is in 'failed' or 'partially_succeeded'", - "type": "array", - "items": { - "$ref": "#/components/schemas/ConfigSyncGroupPublicationStatusReason" - } + "minLength": 1, + "maxLength": 128 }, - "config_version": { - "type": "string", - "description": "A hash that uniquely identifies the contents of the config object in the publication.\n" + "content": { + "$ref": "#/components/schemas/CertificateUpdateContent" } }, "example": { - "config_version": "fc3bb4b50c145b3ca5c5d1342be5ec0718eeb9bb84f8d53c5734b6b8", - "created_at": "2024-05-23T21:57:13.048285Z", - "modified_at": "2024-05-23T21:57:13.048285Z", - "object_id": "pub_UPV8jXFwSgm1vHQJCvLD1w", - "status": "failed", - "status_reasons": [ - { - "cause": "remote", - "message": "Config apply failed (write): error running nginx -t -c /etc/nginx/nginx.conf:\n error running nginx -t -c /etc/nginx/nginx.conf:\nnginx: [emerg] invalid number of arguments in \"worker_processes\" directive in /etc/nginx/nginx.conf:7\nnginx: configuration file /etc/nginx/nginx.conf test failed\n", - "object_id": "inst_QBBobKIAQ_21grAwV83VYw" - } - ] + "name": "example-cert-object", + "content": { + "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==" + } } }, - "FilterNameCertificates": { + "FilterNameCertificateDeployments": { "type": "string", - "description": "Keywords for certificates filters.\nWhen filtering on `management`, only the following `filter_values` are supported:\n * managed\n * unmanaged\nWhen filtering on `type`, only the following `filter_values` are supported:\n * cert_key\n * ca_bundle\n * unknown\nWhen filtering on `status`, only the following `filter_values` are supported:\n * valid\n * expiring\n * expired\n * not_ready\n", + "description": "Keywords for certificate deployment filters.\nWhen filtering on `association_type`, only the following `filter_values` are supported:\n * instance\n * config_sync_group\nWhen filtering on `deployment_status`, only the following `filter_values` are supported:\n * latest\n * stale\n", "enum": [ "name", - "management", - "type", - "subject_name", - "status", - "object_id" + "association_type", + "deployment_status" ], "x-enum-varnames": [ - "filter_name_certificates_name", - "filter_name_certificates_management", - "filter_name_certificates_type", - "filter_name_certificates_subject_name", - "filter_name_certificates_status", - "filter_name_certificates_object_id" + "filter_name_certificate_deployments_name", + "filter_name_certificate_deployments_association_type", + "filter_name_certificate_deployments_deployment_status" + ] + }, + "DeploymentAssociatedType": { + "type": "string", + "description": "The type of the deployment association, with the following values:\n * `instance`\n * `config_sync_group`\n", + "enum": [ + "instance", + "config_sync_group" + ], + "x-enum-varnames": [ + "deployment_associated_type_instance", + "deployment_associated_type_config_sync_group" ] }, - "CertificateManagement": { + "DeploymentAssociatedName": { "type": "string", - "description": "Management type:\n * `managed` - Certificate managed by NGINX One Console.\n * `unmanaged` - Certificate that only exists on a data plane instance, detected from its NGINX configuration.\n", + "description": "Based on deployment type:\n * `instance`\n * `config_sync_group`\n" + }, + "CertificateDeploymentStatus": { + "type": "string", + "description": "Certificate deployment status:\n * `latest` - This certificate deployment is up to date with the latest certificates and key.\n * `stale` - This certificate deployment is outdated and needs to deploy the latest certificates and key.\n * `unmanaged` - This certificate deployment is unmanaged by NGINX One Console.\n", "enum": [ - "managed", + "latest", + "stale", "unmanaged" ], "x-enum-varnames": [ - "certificate_management_managed", - "certificate_management_unmanaged" + "certificate_deployment_status_latest", + "certificate_deployment_status_stale", + "certificate_deployment_status_unmanaged" ] }, - "CertificateObjectMetadata": { + "CertificateDeployment": { + "type": "object", + "description": "Response structure containing certificate deployment details for an SSL certificate, which include\n * `association_type` represents type of the object affected by this certificate deployment, which is either\n an instance or config sync group\n * `object_id` represents the object ID for the associated instance or config sync group\n * `name` for either the host name of an instance or the name of a config sync group\n * `deployment_status`:\n * `latest`: deployment is up to date with the latest updated certificate and key contents\n * `stale`: deployment for either certificates or key is outdated, requires a redeployment with the latest contents\n * `cert_paths` represents the file paths used for deploying public certificates of this certificate object\n * `key_paths` represents the file paths used for deploying the private key of this certificate object, if a\n private key is present\n", "required": [ - "management", - "type" + "association_type", + "object_id", + "name", + "deployment_status" ], "properties": { - "name": { - "description": "Name of the certificate, optionally specified upon creation", - "type": "string" + "association_type": { + "$ref": "#/components/schemas/DeploymentAssociatedType" }, "object_id": { - "$ref": "#/components/schemas/CertificateObjectID" - }, - "management": { - "$ref": "#/components/schemas/CertificateManagement" - }, - "type": { - "$ref": "#/components/schemas/CertificateType" + "$ref": "#/components/schemas/ObjectID" }, - "certs_count": { - "description": "The number of public certificates under this certificate object.", - "type": "integer", - "format": "int64" - } - }, - "example": { - "name": "example-ca-bundle", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", - "management": "managed", - "type": "ca_bundle", - "certs_count": 5 - } - }, - "CertificateDisplayMetadata": { - "description": "This represents the essential metadata of a public certificate.", - "type": "object", - "required": [ - "subject_name", - "status", - "not_before", - "not_after" - ], - "properties": { - "subject_name": { - "type": "string", - "example": "www.example.com", - "description": "DNS name that identifies the certificate. If DNS is not present in the SAN extension, this will be the common name.\n" + "name": { + "$ref": "#/components/schemas/DeploymentAssociatedName" }, - "status": { - "$ref": "#/components/schemas/CertificateStatus" + "deployment_status": { + "$ref": "#/components/schemas/CertificateDeploymentStatus" }, - "not_before": { - "type": "string", - "format": "date-time", - "example": "2023-06-12T09:12:33.001Z", - "description": "The start of the validity period for the certificate." + "cert_paths": { + "description": "Deployment file paths for public certificates.", + "type": "array", + "items": { + "type": "string" + } }, - "not_after": { - "type": "string", - "format": "date-time", - "example": "2029-12-25T09:12:33.001Z", - "description": "The end of the validity period for the certificate." + "key_paths": { + "description": "Deployment file paths for the private key.", + "type": "array", + "items": { + "type": "string" + } } }, "example": { - "subject_name": "self_ca_signed", - "status": "valid", - "not_before": "2023-08-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z" - } - }, - "CertificateOverviewMetadata": { - "description": "Represents an overview of all the public certificates under a single cert object.\nIf multiple public certificates on the same CA chain, including the leaf certificate and key are provided, \nthis includes `status`, `subject_name`, `not_before` and `not_after` for the leaf certificate.\nIf a CA bundle is provided, the above mentioned certificate metadata is for the Certificate Authority that\nexpires the soonest in the bundle.\n", - "type": "object", - "allOf": [ - { - "$ref": "#/components/schemas/CertificateObjectMetadata" - }, - { - "$ref": "#/components/schemas/CertificateDisplayMetadata" - } - ], - "example": { - "name": "example-ca-bundle", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", - "management": "managed", - "type": "ca_bundle", - "subject_name": "self_ca_signed", - "status": "valid", - "not_before": "2023-08-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z", - "certs_count": 5 + "association_type": "instance", + "name": "instance-host-name", + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "deployment_status": "latest", + "cert_paths": [ + "/etc/nginx/example.crt", + "/etc/nginx/certs/cert.crt" + ], + "key_paths": [ + "/etc/nginx/example.key" + ] } }, - "CertificateListResponse": { + "CertificateDeploymentListResponse": { "allOf": [ { "$ref": "#/components/schemas/PaginationResponse" }, { "type": "object", - "description": "List of SSL certificates.", + "description": "List of certificate deployments for a SSL certificate.", "required": [ "items" ], "properties": { "items": { - "description": "An array of basic metadata for all the SSL certificates in NGINX One Console. \nFor a CA bundle, an overview with metadata on the first Certificate Authority in the bundle will be displayed.\nOtherwise, an overview with metadata on the leaf certificate will be displayed.\n", + "description": "An array of certificate deployments for an SSL certificate. If this certificate object represents a \nCA bundle, there will be only public certificate file paths in the certificate deployment details.\n", "type": "array", "items": { - "$ref": "#/components/schemas/CertificateOverviewMetadata" + "$ref": "#/components/schemas/CertificateDeployment" } } } @@ -11603,720 +6352,550 @@ "items_per_page": 100, "items": [ { - "name": "example-cert_key", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", - "management": "managed", - "type": "cert_key", - "status": "valid", - "subject_name": "www.example.com", - "not_before": "2023-08-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z", - "certs_count": 1 + "association_type": "instance", + "name": "instance-host-name", + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "deployment_status": "latest", + "cert_paths": [ + "/etc/nginx/example.crt", + "/etc/nginx/certs/cert.crt" + ], + "key_paths": [ + "/etc/nginx/example.key" + ] }, { - "name": "example-ca-bundle", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", - "management": "managed", - "type": "ca_bundle", - "subject_name": "self_ca_signed", - "status": "valid", - "not_before": "2023-08-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z", - "certs_count": 5 + "association_type": "config_sync_group", + "name": "group1", + "object_id": "csg_vfr5Oqv-AhxGzyqTXW-Ubw", + "deployment_status": "stale", + "cert_paths": [ + "/etc/nginx/cert.crt" + ], + "key_paths": [ + "/etc/nginx/server.key" + ] } ] } }, - "CertificateContent": { - "type": "object", - "description": "Defines the PEM-formatted certificate content which includes the certificates and corresponding private key, all encoded in base64.\n", - "required": [ - "public_certs" + "FilterNameConfigSyncGroups": { + "type": "string", + "description": "Keywords for config sync groups filters.\nWhen filtering on `config_status`, only the following `filter_values` are supported:\n * in_sync\n * out_of_sync\n * sync_in_progress\n * unknown\n", + "enum": [ + "name", + "config_status", + "object_id" ], - "properties": { - "public_certs": { - "type": "string", - "format": "base64", - "maxLength": 3145728, - "description": "Base64-encoded PEM-formatted certificate information. \nThe `public_certs` field can include a leaf certificate along with its full chain of trust or a CA bundle. \nFor leaf certificates, the accompanying `private_key` is required to authenticate the certificate's validity. \nCA bundles contain trusted CA certificates and may consist of certificates from different CA chains. A private\nkey should not be included in a CA bundle.\n" - }, - "private_key": { - "type": "string", - "format": "base64", - "maxLength": 3145728, - "description": "Base64-encoded private key string for the leaf certificate, required only for certificate-key pairs to \nverify the certificate's authenticity.\n" - } - }, - "example": { - "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==" + "x-enum-varnames": [ + "filter_name_config_sync_group_name", + "filter_name_config_sync_group_config_status", + "filter_name_config_sync_group_object_id" + ] + }, + "ConfigSyncGroupObjectID": { + "description": "A globally unique identifier for the NGINX config sync group.", + "type": "string", + "format": "object_id", + "pattern": "^csg_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "CertificateRequest": { - "type": "object", - "description": "Request structure for parsing or upserting certificates with an optional private key.\n", - "required": [ - "content" + "ConfigSyncStatus": { + "type": "string", + "description": "The current config sync status of the NGINX config sync group, with the following possible values:\n* `unknown` - The status cannot be determined at this moment.\n* `in_sync` - All NGINX instances in config sync group have same config as indicated by config_version.\n* `out_of_sync` - Some NGINX instances in config sync group have config different than indicated by config_version.\n* `sync_in_progress` - The operation of applying config_version to all NGINX instances in config sync group is in progress.\n", + "enum": [ + "unknown", + "in_sync", + "out_of_sync", + "sync_in_progress" ], - "properties": { - "name": { - "description": "A name for the certificate, making it identifiable among others.", - "type": "string", - "minLength": 1, - "maxLength": 128 - }, - "content": { - "$ref": "#/components/schemas/CertificateContent" - } - }, - "example": { - "name": "example-ca-bundle", - "content": { - "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==", - "private_key": "" - } - } + "x-enum-varnames": [ + "nginx_config_sync_group_config_status_unknown", + "nginx_config_sync_group_config_status_in_sync", + "nginx_config_sync_group_config_status_out_of_sync", + "nginx_config_sync_group_config_status_in_progress" + ] }, - "CertificateMetadata": { - "description": "A comprehensive list of all the metadata for a public certificate.", + "CertificateInstanceSummary": { + "description": "A breakdown and tally of certificates, detailing the total count, number of expired certificates, certificates nearing expiration, and those that are valid.", "type": "object", "required": [ - "status", - "serial_number", - "signature_algorithm", - "not_before", - "not_after", - "public_key_type", - "thumbprint" + "total", + "expired", + "expiring", + "valid", + "not_ready" ], "properties": { - "status": { - "$ref": "#/components/schemas/CertificateStatus" - }, - "version": { - "type": "integer", - "format": "int64", - "example": 3, - "description": "The version of the certificate, typically 3 for X.509 certificates." - }, - "serial_number": { - "type": "string", - "example": "16469416336579571270", - "description": "A unique identifier for the certificate." - }, - "signature_algorithm": { - "type": "string", - "example": "SHA-256", - "description": "Identifies the algorithm used to sign the certificate." - }, - "issuer": { - "type": "string", - "example": "CN=Example CA, O=Certificate Authority Inc., OU=CA Department, L=City, ST=State, C=Country", - "description": "Identifies the entity who signed and issued the certificate." - }, - "not_before": { - "type": "string", - "format": "date-time", - "example": "2023-06-12T09:12:33.001Z", - "description": "The start of the validity period for the certificate." - }, - "not_after": { - "type": "string", - "format": "date-time", - "example": "2029-12-25T09:12:33.001Z", - "description": "The end of the validity period for the certificate." - }, - "subject": { - "type": "string", - "example": "CN=www.example.com, O=Example Inc., OU=IT Department, L=City, ST=State, C=Country", - "description": "Identifies the primary entity to which the certificate is issued. Typically, it contains information\nsuch as the Common Name (CN), Organization (O), Organizational Unit (OU), Country (C), etc.\n" - }, - "subject_alternative_name": { - "type": "array", - "items": { - "type": "string" - }, - "example": [ - "DNS:www.example.com", - "DNS:example.com", - "email:info@example.com" - ], - "description": "Defines additional identifies bound to the subject of the certificate. \nFor example, the DNS name is used to add additional domain names to a certificate.\n" - }, - "public_key_type": { - "type": "string", - "example": "RSA (2048 Bits)", - "description": "Identifies the encryption algorithm used to create the public key for the certificate." - }, - "common_name": { - "type": "string", - "example": "www.example.com", - "description": "The Common Name (CN) for the certificate, used when DNS name is not present in the SAN extension.\n" + "total": { + "description": "Total count of certificates across the NGINX data plane.", + "type": "integer" }, - "authority_key_identifier": { - "type": "string", - "example": "2B D0 69 47 94 76 09 FE F4 6B 8D 2E 40 A6 F7 47 4D 7F 08 5E", - "description": "The identifier of the signing authority for the certificate." + "expired": { + "description": "The number of certificates that have expired and are no longer valid.", + "type": "integer" }, - "subject_key_identifier": { - "type": "string", - "example": "31 EA 76 A9 23 74 A5 DF D4 FD EE A0 C1 A6 9E C6 11 0E 11 EC", - "description": "A hash value of the SSL certificate that can be used to identify certificates that \ncontain a particular public key.\n" + "expiring": { + "description": "The number of certificates due to expire in the next 30 days.", + "type": "integer" }, - "thumbprint_algorithm": { - "type": "string", - "example": "SHA-1", - "description": "Defines the algorithm used to hash the certificate." + "valid": { + "description": "The number of certificates that are valid and in good standing.", + "type": "integer" }, - "thumbprint": { - "type": "string", - "example": "E6 A7 87 96 E0 C7 A3 E5 43 78 35 CA 16 78 5B 48 5A A9 DD C4 5C CD 0A 65 AA 89 33 E3 C3 D0 89 71", - "description": "A hash to ensure that the certificate has not been modified." + "not_ready": { + "description": "The number of certificates that are not ready to be used.", + "type": "integer" } - }, - "example": { - "status": "valid", - "version": 3, - "serial_number": "71283929", - "signature_algorithm": "SHA256-RSA", - "issuer": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=eg3bsriq_cert_bundle_CA", - "not_before": "2023-02-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z", - "subject": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=self_ca_signed", - "subject_alternative_name": [], - "public_key_type": "RSA (2048 bit)", - "common_name": "self_ca_signed", - "authority_key_identifier": "3A:79:E0:3E:61:CD:94:29:1D:BB:45:37:0B:E9:78:E9:2F:40:67:CA", - "subject_key_identifier": "93:35:2B:75:09:B9:FF:01:1B:63:F1:0E:50:71:9C:4E:B4:E2:02:BA", - "thumbprint_algorithm": "SHA-256", - "thumbprint": "C1:EB:E8:CE:35:77:63:75:D3:C0:E7:97:5F:02:8C:D3:D8:C4:12:34:40:45:D3:98:67:39:BE:8A:33:CE:1F:B2" } }, - "PrivateKeyMetadata": { + "ListConfigSyncGroupObject": { "type": "object", - "description": "Metadata for a private key.", + "description": "Summary information of the NGINX config sync group.", + "required": [ + "object_id", + "name", + "created_at", + "instances_count", + "config_status" + ], "properties": { - "key_size": { - "description": "Size of the private key in bits.", - "type": "integer", - "format": "int64" + "object_id": { + "$ref": "#/components/schemas/ConfigSyncGroupObjectID" }, - "encryption_algorithm": { - "description": "The encryption algorithm used for the private key.", + "name": { + "description": "Name of the NGINX config sync group.", "type": "string" + }, + "created_at": { + "description": "The date and time when the config sync group was created.", + "type": "string", + "format": "date-time" + }, + "instances_count": { + "description": "Number of instances in the NGINX config sync group.", + "type": "integer" + }, + "config_status": { + "$ref": "#/components/schemas/ConfigSyncStatus" + }, + "cert_summary": { + "$ref": "#/components/schemas/CertificateInstanceSummary" } - }, - "example": { - "key_size": 512, - "encryption_algorithm": "RSA" } }, - "CertificateResponse": { - "type": "object", - "description": "Response structure containing details of the created, updated or retrieved SSL certificate. In general, \nthe response should contain:\n * an overview of all the public certificates\n * `warnings` whether any issue is found after parsing the certificates and key\n * `certs`\n * `key_metadata` if key provided in the request body\n * timestamps that represent when this cert object was created or modified\n", + "ConfigSyncGroupListResponse": { "allOf": [ { - "$ref": "#/components/schemas/CertificateOverviewMetadata" + "$ref": "#/components/schemas/PaginationResponse" }, { "type": "object", + "description": "List of NGINX config sync groups.", + "required": [ + "items" + ], "properties": { - "warnings": { - "type": "string", - "description": "Warnings indicate whether there are any issues with the stored cert object. Empty when no issues were found.\n" - }, - "certs": { - "description": "An array of metadata for all the public certificates under the cert object.", + "items": { + "description": "An array of Config Sync Group objects.", "type": "array", "items": { - "$ref": "#/components/schemas/CertificateMetadata" + "$ref": "#/components/schemas/ListConfigSyncGroupObject" } - }, - "key": { - "$ref": "#/components/schemas/PrivateKeyMetadata" - }, - "created_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the SSL certificate was created." - }, - "modified_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the SSL certificate was last modified." } } } ], "example": { - "name": "example-cert_key", - "object_id": "cert_Tet21AeYTHCj7taOwVfzyw", - "management": "managed", - "type": "cert_key", - "status": "valid", - "subject_name": "www.example.com", - "not_before": "2023-08-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z", - "warnings": "The provided private key does not match the certificate's signing key.", - "certs_count": 1, - "certs": [ + "total": 10, + "count": 1, + "start_index": 1, + "items_per_page": 100, + "items": [ { - "status": "valid", - "version": 3, - "serial_number": "71283929", - "signature_algorithm": "SHA256-RSA", - "issuer": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=eg3bsriq_cert_A", - "not_before": "2023-02-10T16:59:15Z", - "not_after": "2024-08-14T16:59:15Z", - "subject": "C=US, ST=WA, L=Seattle, O=F5 Networks, OU=nginx.test, CN=eg3bsriq_cert_B", - "subject_alternative_name": [], - "public_key_type": "RSA (2048 bit)", - "common_name": "eg3bsriq_cert_B", - "authority_key_identifier": "3A:79:E0:3E:61:CD:94:29:1D:BB:45:37:0B:E9:78:E9:2F:40:67:CA", - "subject_key_identifier": "93:35:2B:75:09:B9:FF:01:1B:63:F1:0E:50:71:9C:4E:B4:E2:02:BA", - "thumbprint_algorithm": "SHA-256", - "thumbprint": "C1:EB:E8:CE:35:77:63:75:D3:C0:E7:97:5F:02:8C:D3:D8:C4:12:34:40:45:D3:98:67:39:BE:8A:33:CE:1F:B2" + "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", + "name": "test-config-sync-group", + "created_at": "2023-12-05T22:30:20.220114Z", + "config_status": "in_sync", + "instances_count": 1 } - ], - "key": { - "key_size": 512, - "encryption_algorithm": "RSA" + ] + } + }, + "ConfigSyncGroupCreateRequest": { + "description": "Body to create a NGINX config sync group.", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "description": "A name to uniquely identify the NGINX config sync group in a given tenant namespace.", + "minLength": 1, + "maxLength": 256 + } + }, + "example": { + "name": "my-nginx-config-sync-group" + } + }, + "ConfigSyncGroupCreateResponse": { + "description": "Response to a create NGINX config sync group request.", + "required": [ + "object_id", + "name" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/ConfigSyncGroupObjectID" }, - "modified_at": "2023-11-01T00:00:00Z", - "created_at": "2023-10-01T00:00:00Z" + "name": { + "description": "Name of the NGINX config sync group.", + "type": "string" + } + }, + "example": { + "name": "my-nginx-config-sync-group", + "object_id": "csg_Tet21AeYTHCj7taOwVfzyw" } }, - "CertificateBulkRequestData": { + "ConfigSyncGroupBulkRequestData": { "type": "object", - "description": "Part of bulk operation on a certificate, only `delete` is supported.", + "description": "Part of bulk operation on a config sync group, only `delete` is supported.", "required": [ "action", "object_id" ], "properties": { "object_id": { - "$ref": "#/components/schemas/CertificateObjectID" + "$ref": "#/components/schemas/ConfigSyncGroupObjectID" }, "action": { "$ref": "#/components/schemas/BulkRequestAction" } }, "example": { - "object_id": "cert_-uvR3F2TQGm18jnl7bpaGw", + "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", "action": "delete" } }, - "CertificateBulkRequest": { + "ConfigSyncGroupBulkRequest": { "type": "array", "items": { - "$ref": "#/components/schemas/CertificateBulkRequestData" + "$ref": "#/components/schemas/ConfigSyncGroupBulkRequestData" }, "minItems": 1, "maxItems": 50, "example": [ { - "object_id": "cert_-uvR3F2TQGm18jnl7bpaGw", + "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", "action": "delete" }, { - "object_id": "cert_PL0c1XodRemmzVEjiXSsTg", + "object_id": "csg_PL0c1XodRemmzVEjiXSsTg", "action": "delete" } ] }, - "CertificateBulkResponse": { - "description": "The certificate bulk operation outcome.", - "type": "array", - "items": { - "$ref": "#/components/schemas/BulkRequestObjectStatus" - } - }, - "PublicationBulkResponse": { - "description": "The publication bulk operation outcome.\n", + "ConfigSyncGroupBulkResponse": { + "description": "The config sync group bulk outcome.", "type": "array", "items": { "$ref": "#/components/schemas/BulkRequestObjectStatus" } }, - "CertificateUpdateContent": { + "ConfigSyncGroupMeta": { "type": "object", - "description": "Defines the PEM-formatted certificate content which includes the certificates and corresponding private key, all encoded in base64.\n", + "description": "Meta information of the NGINX config sync group including:\n* NGINX config sync group object ID\n* unique name of the config sync group in the tenant namespace\n* last publication timestamp\n", + "required": [ + "object_id", + "name", + "created_at" + ], "properties": { - "public_certs": { - "type": "string", - "format": "base64", - "maxLength": 3145728, - "description": "Base64-encoded PEM-formatted certificate information. \nThis is used for updating an existing certificate object. The schema is the same as `CertificateContent`,\nthe only difference is that both `public_certs` and `private_key` fields are optional. There are three use\ncases for this schema:\n* the below update can be done on either a Cert Key Pair or a CA Bundle:\n * when only `public_certs` is populated, update the public certificates on a certificate object. \n The updated public certificates will be validated against the existing private key.\n* the below update can be done only on a Cert Key Pair:\n * when only `private_key` is populated, update only the private key on a certificate object. \n The updated private key will be validated against the existing public certificates.\n * when both `public_certs` and `private_key` fields are populated, update both of them on a certificate \n object.\n" + "object_id": { + "$ref": "#/components/schemas/ConfigSyncGroupObjectID" }, - "private_key": { - "type": "string", - "format": "base64", - "maxLength": 3145728, - "description": "Base64-encoded private key string for the leaf certificate, required only for certificate-key pairs to \nverify the certificate's authenticity.\n" - } - }, - "example": { - "private_key": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFM295ZHVlT0FOSkhodkwzeXZKZFRwaG9ldjVHTzdnbytCeVlPTy9sNTR1NU8yUHhNZVgrQWpBYjZBeG1xCmxpdkl1aHc9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0t" - } - }, - "CertificateUpdateRequest": { - "type": "object", - "description": "Request structure for updating a certificate object. If key provided, it will be validated against the \nexisting leaf certificate stored under the certificate object.\n* Update for an unmanaged certificate object:\n * This converts the unmanaged certificate object to managed.\n * `public_certs` should always be provided during the conversion.\n * When key is provided, this certificate object is converted to a managed Cert Key Pair. Otherwise, it is\n converted to a managed CA Bundle.\n", - "properties": { "name": { - "description": "A name for the certificate, making it identifiable among others.", + "description": "Name of the NGINX config sync group.", + "type": "string" + }, + "last_publication": { + "description": "The date and time of the most recent config sync group publication.", "type": "string", - "minLength": 1, - "maxLength": 128 + "format": "date-time" }, - "content": { - "$ref": "#/components/schemas/CertificateUpdateContent" + "created_at": { + "description": "The date and time when the config sync group was created.", + "type": "string", + "format": "date-time" } }, "example": { - "name": "example-cert-object", - "content": { - "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==" - } + "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", + "name": "test-config-sync-group", + "last_publication": "2023-12-06T22:37:24.120114Z", + "created_at": "2023-12-05T22:30:20.220114Z" } }, - "FilterNameCertificateDeployments": { - "type": "string", - "description": "Keywords for certificate deployment filters.\nWhen filtering on `association_type`, only the following `filter_values` are supported:\n * instance\n * config_sync_group\nWhen filtering on `deployment_status`, only the following `filter_values` are supported:\n * latest\n * stale\n", - "enum": [ - "name", - "association_type", - "deployment_status" - ], - "x-enum-varnames": [ - "filter_name_certificate_deployments_name", - "filter_name_certificate_deployments_association_type", - "filter_name_certificate_deployments_deployment_status" - ] - }, - "DeploymentAssociatedType": { - "type": "string", - "description": "The type of the deployment association, with the following values:\n * `instance`\n * `config_sync_group`\n", - "enum": [ - "instance", - "config_sync_group" - ], - "x-enum-varnames": [ - "deployment_associated_type_instance", - "deployment_associated_type_config_sync_group" - ] - }, - "DeploymentAssociatedName": { + "InstanceObjectID": { + "description": "A globally unique identifier for the NGINX instance.", "type": "string", - "description": "Based on deployment type:\n * `instance`\n * `config_sync_group`\n" + "format": "object_id", + "pattern": "^inst_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } }, - "CertificateDeployment": { + "NginxBuild": { + "description": "The build details for the NGINX binary, including its configuration parameters.\n", "type": "object", - "description": "Response structure containing certificate deployment details for an SSL certificate, which include\n * `association_type` represents type of the object affected by this certificate deployment, which is either\n an instance or config sync group\n * `object_id` represents the object ID for the associated instance or config sync group\n * `name` for either the host name of an instance or the name of a config sync group\n * `deployment_status`:\n * `latest`: deployment is up to date with the latest updated certificate and key contents\n * `stale`: deployment for either certificates or key is outdated, requires a redeployment with the latest contents\n * `cert_paths` represents the file paths used for deploying public certificates of this certificate object\n * `key_paths` represents the file paths used for deploying the private key of this certificate object, if a\n private key is present\n", "required": [ - "association_type", - "object_id", - "name", - "deployment_status" + "version" ], "properties": { - "association_type": { - "$ref": "#/components/schemas/DeploymentAssociatedType" - }, - "object_id": { - "$ref": "#/components/schemas/ObjectID" - }, - "name": { - "$ref": "#/components/schemas/DeploymentAssociatedName" - }, - "deployment_status": { - "$ref": "#/components/schemas/CertificateDeploymentStatus" + "version": { + "description": "The version number of the base open-source NGINX.", + "type": "string" }, - "cert_paths": { - "description": "Deployment file paths for public certificates.", - "type": "array", - "items": { - "type": "string" - } + "plus_release": { + "description": "The NGINX Plus release version, if applicable.", + "type": "string" }, - "key_paths": { - "description": "Deployment file paths for the private key.", - "type": "array", - "items": { - "type": "string" - } + "conf_path": { + "description": "The absolute path to the NGINX configuration, as set by the `--conf-path` option during build time.", + "type": "string" } - }, - "example": { - "association_type": "instance", - "name": "instance-host-name", - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "deployment_status": "latest", - "cert_paths": [ - "/etc/nginx/example.crt", - "/etc/nginx/certs/cert.crt" - ], - "key_paths": [ - "/etc/nginx/example.key" - ] } }, - "CertificateDeploymentListResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" - }, - { - "type": "object", - "description": "List of certificate deployments for a SSL certificate.", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of certificate deployments for an SSL certificate. If this certificate object represents a \nCA bundle, there will be only public certificate file paths in the certificate deployment details.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/CertificateDeployment" - } - } - } - } + "NginxAppProtectVersions": { + "description": "Version information regarding NGINX App Protect.\n", + "type": "object", + "required": [ + "engine_version" ], - "example": { - "total": 10, - "count": 2, - "start_index": 1, - "items_per_page": 100, - "items": [ - { - "association_type": "instance", - "name": "instance-host-name", - "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "deployment_status": "latest", - "cert_paths": [ - "/etc/nginx/example.crt", - "/etc/nginx/certs/cert.crt" - ], - "key_paths": [ - "/etc/nginx/example.key" - ] - }, - { - "association_type": "config_sync_group", - "name": "group1", - "object_id": "csg_vfr5Oqv-AhxGzyqTXW-Ubw", - "deployment_status": "stale", - "cert_paths": [ - "/etc/nginx/cert.crt" - ], - "key_paths": [ - "/etc/nginx/server.key" - ] - } - ] + "properties": { + "release_version": { + "description": "The release version of NGINX App Protect.", + "type": "string" + }, + "engine_version": { + "description": "The version of the App Protect enforcement engine.", + "type": "string" + } } }, - "NginxCVEObject": { + "NginxAppProtectDeploymentCounts": { "type": "object", + "description": "Summary count of NAP policy version deployment statues.", "required": [ - "id", - "severity", - "info", - "published_at" + "total", + "deployed", + "deploying", + "failed" ], - "description": "Details about a specific NGINX security advisory, including the number of instances impacted by it, its severity, and a brief description.", "properties": { - "id": { - "description": "The security advisory's unique identifier.", - "type": "string" - }, - "severity": { - "$ref": "#/components/schemas/CveSeverityType" - }, - "info": { - "description": "A brief description of security advisory.", - "type": "string" + "total": { + "description": "Total count of NAP policy versions across the NGINX data plane.", + "type": "integer" }, - "instances_impacted": { - "description": "Number of instances impacted by the security advisory", + "deployed": { + "description": "The number of NAP policy versions that have deployed.", "type": "integer" }, - "control_planes_impacted": { - "description": "Number of control planes impacted by the security advisory", + "deploying": { + "description": "The number of NAP policy versions that are deploying.", "type": "integer" }, - "published_at": { - "description": "The date and time when the cve was published", - "type": "string", - "format": "date-time" + "failed": { + "description": "The number of NAP policy versions that have failed deployment.", + "type": "integer" } } }, - "CVEListResponse": { + "NginxAppProtectSummary": { + "description": "Summary information regarding NGINX App Protect.\n", + "type": "object", "allOf": [ { - "$ref": "#/components/schemas/PaginationResponse" + "$ref": "#/components/schemas/NginxAppProtectVersions" }, { "type": "object", - "description": "List of all CVEs.", "required": [ - "items" + "deployments" ], "properties": { - "items": { - "description": "An array of CVE objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NginxCVEObject" - } + "deployments": { + "$ref": "#/components/schemas/NginxAppProtectDeploymentCounts" } } } ] }, - "NginxProduct": { + "CveSeverityType": { "type": "string", - "description": "NGINX product :\n * `noss` - NGINX Open Source.\n * `nplus` - NGINX PLUS.\n * `nic` - NGINX Ingress Controller.\n * `ngf` - NGINX Gateway Fabric.\n", + "description": "Severity ratings:\n * `high` - High severity.\n * `medium` - Moderate severity.\n * `low` - Least severe.\n * `none` - Not severe.\n * `other` - Severity that does not fit the other categories.\n", "enum": [ - "noss", - "nplus", - "nic", - "ngf", - "unknown" + "high", + "medium", + "low", + "none", + "other" ], "x-enum-varnames": [ - "nginx_product_noss", - "nginx_product_nplus", - "nginx_product_nic", - "nginx_product_ngf", - "nginx_product_unknown" + "cve_severity_type_high", + "cve_severity_type_medium", + "cve_severity_type_low", + "cve_severity_type_none", + "cve_severity_type_other" ] }, - "CveImpactedNginxProduct": { + "CveDetails": { + "description": "CVEs details, including the type and count.\n", "type": "object", "required": [ - "versions", - "name" + "type", + "count" ], - "description": "security advisory impacted NGINX product and its version.", "properties": { - "versions": { - "description": "List of impacted NGINX product versions.", - "type": "array", - "items": { - "type": "string" - } + "type": { + "$ref": "#/components/schemas/CveSeverityType" }, - "name": { - "$ref": "#/components/schemas/NginxProduct" + "count": { + "description": "The total number of each CVE type.", + "type": "integer" } } }, - "NginxCVEDetailsResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/NginxCVEObject" + "RecommendationType": { + "type": "string", + "description": "Types of configuration recommendations:\n * `best_practice` - Suggestions based on established best practices.\n * `security` - Recommendations related to security.\n * `optimization` - Advice for optimizing performance.\n * `other` - Recommendations that do not fit the above categories.\n", + "enum": [ + "best_practice", + "security", + "optimization", + "other" + ], + "x-enum-varnames": [ + "recommendation_type_best_practice", + "recommendation_type_security", + "recommendation_type_optimization", + "recommendation_type_other" + ] + }, + "IssueDetails": { + "description": "Issue details, including the type and count.\n", + "type": "object", + "required": [ + "type", + "count" + ], + "properties": { + "type": { + "$ref": "#/components/schemas/RecommendationType" }, - { - "type": "object", - "required": [ - "detail", - "impacted_products" - ], - "description": "Details about a specific NGINX security advisory, including its severity, detail,\npublished date and time, description and impacted products.\n", - "properties": { - "impacted_products": { - "type": "array", - "items": { - "$ref": "#/components/schemas/CveImpactedNginxProduct" - } - }, - "detail": { - "description": "the details about security advisory", - "type": "string" - } - }, - "example": { - "detail": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-ID", - "id": "CVE-ID", - "impacted_products": [ - { - "name": "nplus", - "versions": [ - "r1", - "r2" - ] - }, - { - "name": "noss", - "versions": [ - "1.11.1", - "1.20.2", - "1.19.9" - ] - }, - { - "name": "nic", - "versions": [ - "1.0.0", - "2.1.0" - ] - }, - { - "name": "ngf", - "versions": [ - "1.6.2", - "2.0.1" - ] - } - ], - "info": "Memory disclosure in the ngx_http_mp4_module", - "published_at": "2022-10-19T00:00:00Z", - "severity": "medium" - } + "count": { + "description": "The total number of issues identified for the specific recommendation type.", + "type": "integer" } - ] + } }, - "NginxProductInfo": { + "ControlPlaneObjectID": { + "description": "A globally unique identifier for the control plane.", + "type": "string", + "format": "object_id", + "pattern": "^ecp_.*", + "x-go-type": "objects.ID" + }, + "ControlPlaneBaseInfo": { "type": "object", - "description": "Information about an NGINX product type and its version", + "description": "Base information of a control plane, which includes name, product version and optionally an object ID.", "required": [ "name", - "version" + "product_version", + "created_at" ], "properties": { + "object_id": { + "$ref": "#/components/schemas/ControlPlaneObjectID" + }, "name": { - "$ref": "#/components/schemas/NginxProduct" + "description": "Control plane name.", + "type": "string" }, - "version": { - "description": "version of the NGINX product installed on the instance.", + "product_version": { + "description": "Control plane product name and version.", "type": "string" + }, + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the control plane was created." } } }, - "CVEImpactedInstance": { + "Instance": { "type": "object", "description": "Summary information about a NGINX instance.", "required": [ "object_id", "hostname", + "system_id", + "agent_version", + "registered_at", + "last_reported", "status" ], "properties": { "object_id": { "$ref": "#/components/schemas/InstanceObjectID" }, - "hostname": { - "description": "The name of the host system where the NGINX instance is running.", - "type": "string" + "hostname": { + "description": "The name of the host system where the NGINX instance is running.", + "type": "string" + }, + "system_id": { + "description": "The unique identifier assigned to the host system by the NGINX Agent.", + "type": "string" + }, + "nginx_id": { + "description": "The unique identifier for the NGINX process on the host system, assigned by the NGINX Agent.", + "type": "string" + }, + "agent_version": { + "description": "The version of the NGINX Agent.", + "type": "string" + }, + "key_object_id": { + "$ref": "#/components/schemas/DataPlaneKeyObjectID" + }, + "nginx_build": { + "$ref": "#/components/schemas/NginxBuild" + }, + "os_version": { + "description": "The operating system's name and its and version or codename.\n", + "type": "string", + "example": "ubuntu_jammy" + }, + "nginx_app_protect": { + "$ref": "#/components/schemas/NginxAppProtectSummary" }, - "products": { - "description": "List of NGINX products in the instance", - "type": "array", - "items": { - "$ref": "#/components/schemas/NginxProductInfo" - } + "registered_at": { + "description": "The date and time when the NGINX instance first registered with NGINX One.", + "type": "string", + "format": "date-time" + }, + "last_reported": { + "description": "The date and time of the most recent report received from the NGINX Agent.", + "type": "string", + "format": "date-time" }, "status": { "type": "string", @@ -12327,527 +6906,975 @@ "offline", "online" ] - } - } - }, - "CVEImpactedInstancesListResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" }, - { - "type": "object", - "description": "List of instances affected by a CVE.", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of Instance objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/CVEImpactedInstance" - } - } - }, - "example": { - "total": 10, - "count": 1, - "start_index": 1, - "items_per_page": 100, - "items": [ - { - "object_id": "inst_8Iwn7dT7RF-PRLxkSt5EYQ", - "hostname": "4d116619f106", - "products": [ - { - "name": "noss", - "version": "1.18.0" - } - ], - "status": "unknown" - } - ] + "cert_summary": { + "$ref": "#/components/schemas/CertificateInstanceSummary" + }, + "cve_severity": { + "type": "array", + "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", + "items": { + "$ref": "#/components/schemas/CveDetails" + } + }, + "recommendations": { + "type": "array", + "description": "An array summarizing the suggestions from the configuration analysis report.", + "items": { + "$ref": "#/components/schemas/IssueDetails" } + }, + "control_plane": { + "$ref": "#/components/schemas/ControlPlaneBaseInfo" } - ] + } }, - "CVEImpactedControlPlanesListResponse": { + "ConfigSyncGroupInstance": { "allOf": [ { - "$ref": "#/components/schemas/PaginationResponse" + "$ref": "#/components/schemas/Instance" }, { "type": "object", - "description": "List of control planes affected by a CVE.", "required": [ - "items" + "config_status", + "config_version" ], "properties": { - "items": { - "description": "An array of Control Plane objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/ControlPlaneBaseInfo" - } + "config_status": { + "$ref": "#/components/schemas/ConfigSyncStatus" + }, + "config_version": { + "description": "A computed hash of current config on the config sync group.", + "type": "string" } - }, - "example": { - "total": 10, - "count": 1, - "start_index": 1, - "items_per_page": 100, - "items": [ - { - "object_id": "ecp_tgfVM3KQTxCyiDXgV38G7A", - "name": "nginx-ingress-001", - "product_version": "nginx-ingress-controller-4.0.1", - "created_at": "2023-08-10T16:59:15Z" - } - ] } } ] }, - "FilterNameEvents": { + "ConfigSyncGroupPublicationStatus": { "type": "string", - "description": "Keywords for events filters.\n", + "description": "The status on the last publication issued on this config sync group:\n* `pending` - The publication request has been accepted and is currently processing.\n* `failed` - The publication attempt failed.\n* `succeeded` - The publication was successful.\n* `partially_succeeded` - The publication attempt had one or more failures.\n", "enum": [ - "object_id" + "pending", + "failed", + "succeeded", + "partially_succeeded" ], "x-enum-varnames": [ - "filter_name_events_object_id" + "publication_config_sync_group_status_pending", + "publication_config_sync_group_status_failed", + "publication_config_sync_group_status_succeeded", + "publication_config_sync_group_status_partially_succeeded" ] }, - "EventObjectID": { - "description": "A globally unique identifier for a NGINX One system event.", + "CertAssociation": { + "type": "object", + "description": "Details for a certificate that's associated with an instance or a config sync group.", + "required": [ + "name", + "object_id", + "cert_type", + "subject_name", + "not_before", + "not_after", + "cert_status", + "deployment_status" + ], + "properties": { + "name": { + "type": "string", + "description": "A friendly name for the certificate." + }, + "object_id": { + "$ref": "#/components/schemas/CertificateObjectID" + }, + "cert_type": { + "$ref": "#/components/schemas/CertificateType" + }, + "cert_paths": { + "type": "array", + "description": "The list of file system paths where the certificate file is installed. \nSince a single certificate file may be applied in multiple contexts, all relevant paths are included.\n", + "example": [ + "/etc/ssl/cert.pem", + "/etc/ssl/cert.crt" + ], + "items": { + "type": "string" + } + }, + "key_paths": { + "type": "array", + "description": "The list of file system paths where the private key file is installed.\nSince a single key file may be applied in multiple contexts, all relevant paths are included.\n", + "example": [ + "/etc/nginx/key.pem", + "/etc/ssl/server.key" + ], + "items": { + "type": "string" + } + }, + "deployment_status": { + "$ref": "#/components/schemas/CertificateDeploymentStatus" + }, + "subject_name": { + "type": "string", + "description": "Hostname or domain for the certificate. Usually the subject-alt-name (SAN) value for the certificate.\nif SAN is not present, this will be the certificate subject's common name.\n", + "example": "nginx.com" + }, + "cert_status": { + "$ref": "#/components/schemas/CertificateStatus" + }, + "not_before": { + "type": "string", + "format": "date-time", + "description": "the effective date of the certificate." + }, + "not_after": { + "type": "string", + "format": "date-time", + "description": "The expiration date for the certificate." + } + } + }, + "NapPolicyObjectID": { + "description": "A globally unique identifier for the App Protect policy.", "type": "string", "format": "object_id", - "pattern": "^event_.*", + "pattern": "^pol_.*", "x-go-type": "objects.ID", "x-go-type-import": { "name": "objects", "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "Event": { - "type": "object", - "description": "An Event is a system message.", - "required": [ - "type", - "timestamp", - "object_id", - "message" + "NapPolicyVersionObjectID": { + "description": "A globally unique identifier for the App Protect policy version.", + "type": "string", + "format": "object_id", + "pattern": "^pv_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "PublicationObjectID": { + "description": "A globally unique identifier for the publication.", + "type": "string", + "format": "object_id", + "example": "pub_72pGHoGsSICL_THZrs964g", + "pattern": "^pub_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "NapPolicyEnforcementMode": { + "description": "The current enforcement mode of the NGINX App Protect policy, with the following possible values:\n* `blocking` - Any illegal or suspicious requests are logged and blocked.\n* `transparent` - Any illegal or suspicious requests are logged but not blocked.\n", + "type": "string", + "enum": [ + "blocking", + "transparent" + ], + "x-enum-varnames": [ + "nap_enforcement_mode_blocking", + "nap_enforcement_mode_transparent" + ] + }, + "NapDeploymentStatus": { + "description": "The current enforcement mode of the NGINX App Protect policy, with the following possible values:\n* `deployed` - The NGINX App Protect policy has been deployed.\n* `not_deployed` - The NGINX App Protect policy has not been deployed.\n* `deploying` - The NGINX App Protect policy is currently being deployed.\n* `failed` - The NGINX App Protect policy failed deploying.\n", + "type": "string", + "enum": [ + "deployed", + "not_deployed", + "deploying", + "failed" + ], + "x-enum-varnames": [ + "nap_deployment_status_deployed", + "nap_deployment_status_not_deployed", + "nap_deployment_status_deploying", + "nap_deployment_status_failed" + ] + }, + "NapAssociation": { + "description": "Details for a NGINX App Protect policy version that's associated with an instance or a config sync group.", + "required": [ + "name", + "version", + "policy_object_id", + "policy_version_object_id", + "paths", + "deployment_status", + "publication_object_id", + "deployed_on", + "enforcement_mode" ], "properties": { - "timestamp": { - "description": "time of the event", + "name": { "type": "string", - "format": "date-time", - "example": "2019-08-07T09:57:36.088757764Z" + "description": "Name of the policy at the time of the deployment." }, - "type": { + "version": { "type": "string", - "description": "type of event, indication for affected object type.", - "enum": [ - "instance_cleanup", - "certificates", - "publications", - "nap_compilation_jobs" - ], - "x-enum-varnames": [ - "event_type_instance_cleanup", - "event_type_certificates", - "event_type_publications", - "event_type_nap_compilation_jobs" - ] + "description": "Version of the policy at the time of the deployment." }, - "object_id": { - "$ref": "#/components/schemas/EventObjectID" + "policy_object_id": { + "$ref": "#/components/schemas/NapPolicyObjectID" }, - "affected_object_id": { - "$ref": "#/components/schemas/ObjectID" + "policy_version_object_id": { + "$ref": "#/components/schemas/NapPolicyVersionObjectID" }, - "hostname": { - "type": "string", - "description": "hostname of the affected instance, if any." + "publication_object_id": { + "$ref": "#/components/schemas/PublicationObjectID" }, - "message": { + "enforcement_mode": { + "$ref": "#/components/schemas/NapPolicyEnforcementMode" + }, + "paths": { + "type": "array", + "description": "The list of file system paths where the compiled NAP policy version bundle file is installed. \nSince a single compiled NAP policy version bundle file may be applied in multiple contexts, all relevant paths are included.\n", + "example": [ + "/etc/nginx/default_policy.tgz", + "/etc/nginx/default_policy_server_2.tgz" + ], + "items": { + "type": "string" + } + }, + "deployment_status": { + "$ref": "#/components/schemas/NapDeploymentStatus" + }, + "deployed_on": { + "description": "Date and time of the deployment.", "type": "string", - "description": "Details regarding the event.", - "example": "Instance \"demo-1\" deleted by instance cleanup after \"unavailable\" for 25 hours." + "format": "date-time" } }, "example": { - "timestamp": "2024-02-04T09:57:36.088757764Z", - "type": "instance_cleanup", - "object_id": "event_-uvR3F2TQGm18jnl7bpaGw", - "affected_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "message": "ip-170.0.1 deleted after age out period of 3 hours, last seen 2023-08-07T09:57:36.088757764Z" + "name": "default_policy", + "version": "2025.05.01", + "policy_object_id": "pol_panEdeY-Sh2rWm365y7wsw", + "policy_version_object_id": "pv_kem7SCosTTOL9mMlNyY2GQ", + "publication_object_id": "pub_72pGHoGsSICL_THZrs964g", + "paths": [ + "/etc/nginx/default_policy.tgz" + ], + "deployment_status": "deployed", + "enforcement_mode": "transparent", + "deployed_on": "2023-12-06T22:37:24.120114Z" } }, - "EventsListResponse": { + "ConfigSyncGroup": { "allOf": [ { - "$ref": "#/components/schemas/PaginationResponse" + "$ref": "#/components/schemas/ConfigSyncGroupMeta" }, { "type": "object", - "description": "List of Events.", - "required": [ - "items" - ], + "description": "Additional information of the NGINX config sync group including:\n* config sync status\n* config checksum\n* instances\n* last known publication status\n* certs associated with this config sync group\n", "properties": { - "items": { - "description": "An array of Event objects.", + "config_status": { + "$ref": "#/components/schemas/ConfigSyncStatus" + }, + "config_version": { + "description": "A computed hash of current config on the config sync group.", + "type": "string" + }, + "instances": { + "description": "An array of Instance objects.", "type": "array", "items": { - "$ref": "#/components/schemas/Event" + "$ref": "#/components/schemas/ConfigSyncGroupInstance" + } + }, + "last_publication_status": { + "$ref": "#/components/schemas/ConfigSyncGroupPublicationStatus" + }, + "certs": { + "description": "An array detailing each certificate's information, including its friendly name, unique identifier, applicable file system paths, subject name, and validity dates. \nIt provides insights into the operational status of each certificate, such as whether it's currently valid, nearing expiration, is not ready to be used, or has already expired.\nThe deployment status indicates whether the latest certs and key managed by NGINX One Console are deployed onto the data plane instances that are part of this config sync group.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/CertAssociation" + } + }, + "nginx_app_protect": { + "type": "object", + "required": [ + "deployments" + ], + "properties": { + "deployments": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NapAssociation" + } + } } } } } - ] - }, - "FilterStagedConfigs": { - "type": "string", - "description": "Keywords for staged configs filters.\n", - "enum": [ - "name", - "object_id" ], - "x-enum-varnames": [ - "filter_name_staged_config_name", - "filter_name_staged_config_object_id" + "example": { + "object_id": "csg_-uvR3F2TQGm18jnl7bpaGw", + "name": "test-config-sync-group", + "created_at": "2023-12-06T22:37:24.120114Z", + "config_status": "in_sync", + "config_version": "uvR3F2TQGm18jnl7bpaGw", + "instances": [ + { + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "hostname": "816e3c194d59", + "system_id": "6066aad2-211e-3718-be5d-fcc01ffc5cc8", + "agent_version": "v2.33.0", + "registered_at": "2024-05-16T18:26:40.556048Z", + "last_reported": "2023-12-06T22:37:24.120114Z", + "status": "unavailable", + "nginx_build": { + "conf_path": "/etc/nginx/nginx.conf", + "version": "1.25.3" + }, + "os_version": "Ubuntu 22.04", + "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", + "config_status": "in_sync", + "config_version": "abc123def456" + } + ], + "certs": [ + { + "subject_name": "test.com", + "name": "client", + "cert_type": "cert_key", + "not_after": "2024-01-06T00:01:30Z", + "not_before": "2023-12-07T00:01:30Z", + "cert_paths": [ + "/etc/nginx/client.pem" + ], + "cert_status": "expiring", + "deployment_status": "latest", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw" + } + ] + } + }, + "ConfigSyncGroupDetails": { + "type": "object", + "description": "Detailed information of the NGINX config sync group.", + "allOf": [ + { + "$ref": "#/components/schemas/ConfigSyncGroup" + } ] }, - "StagedConfigObjectID": { - "description": "A globally unique identifier for the NGINX staged config.", + "ConfigPath": { "type": "string", - "format": "object_id", - "pattern": "^sc_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } + "minLength": 1, + "maxLength": 4096, + "description": "The full path to the main NGINX configuration file. This corresponds to the `--conf-path` parameter used in the NGINX binary.\n", + "example": "/etc/nginx/nginx.conf." }, - "StagedConfigCertificateSummary": { + "FileData": { "type": "object", - "description": "Provides a summary of the current status of certificates used in NGINX configurations. It includes the total number of certificates, as well as the counts of expired certificates, those nearing expiration, valid certificates, certificates that are not found, and those that are not ready for use.", + "description": "Details about a file, including its path, content, size, and last modified time.", "required": [ - "total", - "expired", - "expiring", - "valid", - "not_found", - "not_ready" + "name", + "contents", + "size", + "mtime" ], "properties": { - "total": { - "description": "Total count of certificates used as `payloads` in NGINX config.", - "type": "integer" - }, - "expired": { - "description": "The number of certificates that have expired and are no longer valid.", - "type": "integer" - }, - "expiring": { - "description": "The number of certificates due to expire in the next 30 days.", - "type": "integer" + "name": { + "type": "string", + "description": "The file's relative path to the parent directory.", + "minLength": 1, + "maxLength": 4096 }, - "valid": { - "description": "The number of certificates that are valid and in good standing.", - "type": "integer" + "contents": { + "type": "string", + "format": "byte", + "description": "The base64-encoded contents of the file.", + "maxLength": 3145728 }, - "not_found": { - "description": "The number of certificates that are not found on NGINX One Console.", - "type": "integer" + "size": { + "type": "integer", + "description": "The size of the file, in bytes." }, - "not_ready": { - "description": "The number of certificates that are not ready to be used.", - "type": "integer" + "mtime": { + "type": "string", + "format": "date-time", + "description": "Timestamp of the last modification made to the file." } } }, - "StagedConfigMeta": { + "DirectoryWithFileContent": { "type": "object", - "description": "Summary information of the NGINX staged config.", + "description": "Represents a directory and its contents, detailing the directory's full path, assigned permissions, last modified time, and the files within it.", "required": [ - "object_id", "name", - "created_at", - "modified_at" + "files" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/StagedConfigObjectID" - }, "name": { - "description": "Name of the NGINX staged config", - "type": "string" + "type": "string", + "description": "The complete path of the directory." }, - "created_at": { + "permissions": { "type": "string", - "format": "date-time", - "description": "The date and time when the NGINX configuration object was created for the instance." + "description": "The permissions for the directory." }, - "modified_at": { + "mtime": { "type": "string", - "format": "date-time", - "description": "The date and time when the NGINX configuration object was last modified for the instance." + "description": "The date and time when the directory was last modified.", + "format": "date-time" }, - "cert_summary": { - "$ref": "#/components/schemas/StagedConfigCertificateSummary" + "files": { + "type": "array", + "description": "The list of files in the directory.", + "items": { + "$ref": "#/components/schemas/FileData" + } } } }, - "StagedConfigListResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" + "NginxConfigObject": { + "type": "object", + "description": "Details of an NGINX configuration, the main configuration path, and the configuration directories.\n", + "required": [ + "conf_path", + "configs" + ], + "properties": { + "config_version": { + "type": "string", + "description": "A hash that uniquely identifies the contents of the config object. Can be used to detect change when updating the NginxConfig.\n" }, - { - "type": "object", - "description": "List of NGINX staged configs.", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of Staged Config objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/StagedConfigMeta" - } - } + "conf_path": { + "$ref": "#/components/schemas/ConfigPath" + }, + "configs": { + "type": "array", + "description": "An array of directories containing NGINX configuration files.", + "items": { + "$ref": "#/components/schemas/DirectoryWithFileContent" + } + }, + "aux": { + "type": "array", + "description": "An array of auxiliary directory contents related to the NGINX configuration.", + "items": { + "$ref": "#/components/schemas/DirectoryWithFileContent" } } - ], + }, "example": { - "total": 10, - "count": 1, - "start_index": 1, - "items_per_page": 100, - "items": [ + "aux": [], + "conf_path": "/etc/nginx/nginx.conf", + "configs": [ { - "object_id": "sc_Tet21AeYTHCj7taOwVfzyw", - "name": "my-nginx-staged-config", - "created_at": "2023-08-10T16:59:15Z", - "modified_at": "2023-08-10T16:59:15Z" + "files": [ + { + "contents": "Cm1hcCAkdXJpICRtYXBwZWRfc2VydmljZSB7CiAgICBkZWZhdWx0IFVOTUFUQ0hFRDsKICAgICJ+Xi9hcGkvdjEvbmFtZXNwYWNlcy9cdysvaW5zdGFuY2VzIiAgICAgICAgaW5zdGFuY2VzLXN2YzsKICAgICJ+Xi9hcGkvdjEvbmFtZXNwYWNlcy9cdysvZGF0YS1wbGFuZS1rZXlzIiAga2V5cy1zdmM7CiAgICAifl4vYXBpL3YxL25hbWVzcGFjZXMvXHcrL21vbml0b3IiICAgICAgICAgIG1vbml0b3Itc3ZjOwp9Cgp1cHN0cmVhbSBpbnN0YW5jZXMtc3ZjIHsKICAgIHNlcnZlciBpbnN0YW5jZXMtc3ZjOjgwODA7Cn0KCnVwc3RyZWFtIGtleXMtc3ZjIHsKICAgIHNlcnZlciBrZXlzLXN2Yzo4MDkwOwp9Cgp1cHN0cmVhbSBkYXRhcGxhbmUtY3RybCB7CiAgICBzZXJ2ZXIgZGF0YXBsYW5lLWN0cmw6ODA4MDsKfQoKdXBzdHJlYW0gbW9uaXRvci1zdmMgewogICAgc2VydmVyIG1vbml0b3Itc3ZjOjgwODA7Cn0KCnVwc3RyZWFtIG1ldHJpY3MtaW5nZXN0IHsKICAgIHNlcnZlciBtZXRyaWNzLWluZ2VzdDo4MDgwOwp9CgpzZXJ2ZXIgewogICAgbGlzdGVuIDg4ODg7CiAgICBzZXJ2ZXJfbmFtZSBfOwogICAgaHR0cDIgb247CgogICAgcHJveHlfcGFzc19yZXF1ZXN0X2hlYWRlcnMgb247CiAgICByZXdyaXRlICJeL2FwaS8obmdpbngvb25lfHYxKS8oLiopJCIgIi9hcGkvdjEvJDIiIGJyZWFrOwogICAgbG9jYXRpb24gL2FwaS92MS8gewogICAgICAgIGlmICgkbWFwcGVkX3NlcnZpY2UgPSAiVU5NQVRDSEVEIikgewogICAgICAgICAgICByZXR1cm4gNDA0ICd7ImVycm9yOiAiTm90IGZvdW5kIn0nOwogICAgICAgIH0KICAgICAgICBwcm94eV9wYXNzX2hlYWRlciBYLVZvbHRlcnJhLUFwaWd3LVRlbmFudDsKICAgICAgICBwcm94eV9wYXNzIGh0dHA6Ly8kbWFwcGVkX3NlcnZpY2U7CiAgICB9CgogICAgIyBnUlBDIHNlcnZpY2UgZm9yIGRhdGFwbGFuZS1jdHJsCiAgICBsb2NhdGlvbiAvZjUubmdpbnguYWdlbnQuc2RrLkNvbW1hbmRlciB7CiAgICAgICAgZ3JwY19zb2NrZXRfa2VlcGFsaXZlIG9uOwogICAgICAgIGdycGNfcmVhZF90aW1lb3V0IDVtOwogICAgICAgIGdycGNfc2VuZF90aW1lb3V0IDVtOwogICAgICAgIGNsaWVudF9ib2R5X3RpbWVvdXQgMTBtOwogICAgICAgIGdycGNfcGFzcyBncnBjOi8vZGF0YXBsYW5lLWN0cmw7CiAgICB9CgogICAgIyBnUlBDIHNlcnZpY2UgZm9yIG1ldHJpY3MgaW5nZXN0aW9uCiAgICBsb2NhdGlvbiAvZjUubmdpbnguYWdlbnQuc2RrLk1ldHJpY3NTZXJ2aWNlIHsKICAgICAgICBncnBjX3NvY2tldF9rZWVwYWxpdmUgb247CiAgICAgICAgZ3JwY19yZWFkX3RpbWVvdXQgNW07CiAgICAgICAgZ3JwY19zZW5kX3RpbWVvdXQgNW07CiAgICAgICAgY2xpZW50X2JvZHlfdGltZW91dCAxMG07CiAgICAgICAgY2xpZW50X21heF9ib2R5X3NpemUgMDsKICAgICAgICBncnBjX3Bhc3MgZ3JwYzovL21ldHJpY3MtaW5nZXN0OwogICAgfQp9CgojIHByb3h5IHRvIHRoZSBtYW5hZ2VtZW50IHNlcnZlcnMKc2VydmVyIHsKICAgIGxpc3RlbiAxNTAwMDsKICAgIHNlcnZlcl9uYW1lIF87CiAgICAjIHVzZSBkb2NrZXIgRE5TCiAgICByZXNvbHZlciAxMjcuMC4wLjExIHZhbGlkPTMwczsKCiAgICAjIG1hdGNoIC88c2VydmljZT4vPG1nbXQgZW5kcG9pbnQ+CiAgICBsb2NhdGlvbiB+Xi8oW14vXSspLyguKykkIHsKICAgICAgICBwcm94eV9wYXNzIGh0dHA6Ly8kMToxNTAwMC8kMjsKICAgIH0KCiAgICBsb2NhdGlvbiAvIHsKICAgICAgICBhZGRfaGVhZGVyICJDb250ZW50LVR5cGUiICJ0ZXh0L2h0bWwiOwogICAgICAgIHJldHVybiAyMDAgIjxwPkFjY2VzcyB0aGUgbWFuYWdlbWVudCBzZXJ2ZXIgb2YgYW55IHNlcnZpY2Ugd2l0aCBVUkxzIGxpa2UgPGNvZGU+aHR0cDovL2xvY2FsaG9zdDoxNTAwMC8mbHQ7U0VSVklDRV9OQU1FJmd0Oy9tZXRyaWNzPC9jb2RlPjwvcD4iOwogICAgfQp9Cg==", + "mtime": "1970-01-01T00:00:00Z", + "name": "default.conf", + "size": 1942 + } + ], + "name": "/etc/nginx/conf.d" + }, + { + "files": [ + { + "contents": "CnVzZXIgIG5naW54Owp3b3JrZXJfcHJvY2Vzc2VzICBhdXRvOwoKZXJyb3JfbG9nICAvdmFyL2xvZy9uZ2lueC9lcnJvci5sb2cgbm90aWNlOwpwaWQgICAgICAgIC92YXIvcnVuL25naW54LnBpZDsKCgpldmVudHMgewogICAgd29ya2VyX2Nvbm5lY3Rpb25zICAxMDI0Owp9CgoKaHR0cCB7CiAgICBpbmNsdWRlICAgICAgIC9ldGMvbmdpbngvbWltZS50eXBlczsKICAgIGRlZmF1bHRfdHlwZSAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtOwoKICAgIGxvZ19mb3JtYXQgIG1haW4gICckcmVtb3RlX2FkZHIgLSAkcmVtb3RlX3VzZXIgWyR0aW1lX2xvY2FsXSAiJHJlcXVlc3QiICcKICAgICAgICAgICAgICAgICAgICAgICckc3RhdHVzICRib2R5X2J5dGVzX3NlbnQgIiRodHRwX3JlZmVyZXIiICcKICAgICAgICAgICAgICAgICAgICAgICciJGh0dHBfdXNlcl9hZ2VudCIgIiRodHRwX3hfZm9yd2FyZGVkX2ZvciInOwoKICAgIGFjY2Vzc19sb2cgIC92YXIvbG9nL25naW54L2FjY2Vzcy5sb2cgIG1haW47CgogICAgc2VuZGZpbGUgICAgICAgIG9uOwogICAgI3RjcF9ub3B1c2ggICAgIG9uOwoKICAgIGtlZXBhbGl2ZV90aW1lb3V0ICA2NTsKCiAgICAjZ3ppcCAgb247CgogICAgaW5jbHVkZSAvZXRjL25naW54L2NvbmYuZC8qLmNvbmY7Cn0K", + "mtime": "1970-01-01T00:00:00Z", + "name": "nginx.conf", + "size": 648 + }, + { + "contents": "CnR5cGVzIHsKICAgIHRleHQvaHRtbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBodG1sIGh0bSBzaHRtbDsKICAgIHRleHQvY3NzICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjc3M7CiAgICB0ZXh0L3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeG1sOwogICAgaW1hZ2UvZ2lmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdpZjsKICAgIGltYWdlL2pwZWcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqcGVnIGpwZzsKICAgIGFwcGxpY2F0aW9uL2phdmFzY3JpcHQgICAgICAgICAgICAgICAgICAgICAgICAgICBqczsKICAgIGFwcGxpY2F0aW9uL2F0b20reG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdG9tOwogICAgYXBwbGljYXRpb24vcnNzK3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJzczsKCiAgICB0ZXh0L21hdGhtbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbW1sOwogICAgdGV4dC9wbGFpbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHR4dDsKICAgIHRleHQvdm5kLnN1bi5qMm1lLmFwcC1kZXNjcmlwdG9yICAgICAgICAgICAgICAgICBqYWQ7CiAgICB0ZXh0L3ZuZC53YXAud21sICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd21sOwogICAgdGV4dC94LWNvbXBvbmVudCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGh0YzsKCiAgICBpbWFnZS9hdmlmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXZpZjsKICAgIGltYWdlL3BuZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwbmc7CiAgICBpbWFnZS9zdmcreG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc3ZnIHN2Z3o7CiAgICBpbWFnZS90aWZmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGlmIHRpZmY7CiAgICBpbWFnZS92bmQud2FwLndibXAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2JtcDsKICAgIGltYWdlL3dlYnAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJwOwogICAgaW1hZ2UveC1pY29uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGljbzsKICAgIGltYWdlL3gtam5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqbmc7CiAgICBpbWFnZS94LW1zLWJtcCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYm1wOwoKICAgIGZvbnQvd29mZiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB3b2ZmOwogICAgZm9udC93b2ZmMiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdvZmYyOwoKICAgIGFwcGxpY2F0aW9uL2phdmEtYXJjaGl2ZSAgICAgICAgICAgICAgICAgICAgICAgICBqYXIgd2FyIGVhcjsKICAgIGFwcGxpY2F0aW9uL2pzb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqc29uOwogICAgYXBwbGljYXRpb24vbWFjLWJpbmhleDQwICAgICAgICAgICAgICAgICAgICAgICAgIGhxeDsKICAgIGFwcGxpY2F0aW9uL21zd29yZCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2M7CiAgICBhcHBsaWNhdGlvbi9wZGYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcGRmOwogICAgYXBwbGljYXRpb24vcG9zdHNjcmlwdCAgICAgICAgICAgICAgICAgICAgICAgICAgIHBzIGVwcyBhaTsKICAgIGFwcGxpY2F0aW9uL3J0ZiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBydGY7CiAgICBhcHBsaWNhdGlvbi92bmQuYXBwbGUubXBlZ3VybCAgICAgICAgICAgICAgICAgICAgbTN1ODsKICAgIGFwcGxpY2F0aW9uL3ZuZC5nb29nbGUtZWFydGgua21sK3htbCAgICAgICAgICAgICBrbWw7CiAgICBhcHBsaWNhdGlvbi92bmQuZ29vZ2xlLWVhcnRoLmtteiAgICAgICAgICAgICAgICAga216OwogICAgYXBwbGljYXRpb24vdm5kLm1zLWV4Y2VsICAgICAgICAgICAgICAgICAgICAgICAgIHhsczsKICAgIGFwcGxpY2F0aW9uL3ZuZC5tcy1mb250b2JqZWN0ICAgICAgICAgICAgICAgICAgICBlb3Q7CiAgICBhcHBsaWNhdGlvbi92bmQubXMtcG93ZXJwb2ludCAgICAgICAgICAgICAgICAgICAgcHB0OwogICAgYXBwbGljYXRpb24vdm5kLm9hc2lzLm9wZW5kb2N1bWVudC5ncmFwaGljcyAgICAgIG9kZzsKICAgIGFwcGxpY2F0aW9uL3ZuZC5vYXNpcy5vcGVuZG9jdW1lbnQucHJlc2VudGF0aW9uICBvZHA7CiAgICBhcHBsaWNhdGlvbi92bmQub2FzaXMub3BlbmRvY3VtZW50LnNwcmVhZHNoZWV0ICAgb2RzOwogICAgYXBwbGljYXRpb24vdm5kLm9hc2lzLm9wZW5kb2N1bWVudC50ZXh0ICAgICAgICAgIG9kdDsKICAgIGFwcGxpY2F0aW9uL3ZuZC5vcGVueG1sZm9ybWF0cy1vZmZpY2Vkb2N1bWVudC5wcmVzZW50YXRpb25tbC5wcmVzZW50YXRpb24KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwcHR4OwogICAgYXBwbGljYXRpb24vdm5kLm9wZW54bWxmb3JtYXRzLW9mZmljZWRvY3VtZW50LnNwcmVhZHNoZWV0bWwuc2hlZXQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB4bHN4OwogICAgYXBwbGljYXRpb24vdm5kLm9wZW54bWxmb3JtYXRzLW9mZmljZWRvY3VtZW50LndvcmRwcm9jZXNzaW5nbWwuZG9jdW1lbnQKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2N4OwogICAgYXBwbGljYXRpb24vdm5kLndhcC53bWxjICAgICAgICAgICAgICAgICAgICAgICAgIHdtbGM7CiAgICBhcHBsaWNhdGlvbi93YXNtICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2FzbTsKICAgIGFwcGxpY2F0aW9uL3gtN3otY29tcHJlc3NlZCAgICAgICAgICAgICAgICAgICAgICA3ejsKICAgIGFwcGxpY2F0aW9uL3gtY29jb2EgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjY287CiAgICBhcHBsaWNhdGlvbi94LWphdmEtYXJjaGl2ZS1kaWZmICAgICAgICAgICAgICAgICAgamFyZGlmZjsKICAgIGFwcGxpY2F0aW9uL3gtamF2YS1qbmxwLWZpbGUgICAgICAgICAgICAgICAgICAgICBqbmxwOwogICAgYXBwbGljYXRpb24veC1tYWtlc2VsZiAgICAgICAgICAgICAgICAgICAgICAgICAgIHJ1bjsKICAgIGFwcGxpY2F0aW9uL3gtcGVybCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwbCBwbTsKICAgIGFwcGxpY2F0aW9uL3gtcGlsb3QgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwcmMgcGRiOwogICAgYXBwbGljYXRpb24veC1yYXItY29tcHJlc3NlZCAgICAgICAgICAgICAgICAgICAgIHJhcjsKICAgIGFwcGxpY2F0aW9uL3gtcmVkaGF0LXBhY2thZ2UtbWFuYWdlciAgICAgICAgICAgICBycG07CiAgICBhcHBsaWNhdGlvbi94LXNlYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2VhOwogICAgYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2ggICAgICAgICAgICAgICAgICAgIHN3ZjsKICAgIGFwcGxpY2F0aW9uL3gtc3R1ZmZpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBzaXQ7CiAgICBhcHBsaWNhdGlvbi94LXRjbCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGNsIHRrOwogICAgYXBwbGljYXRpb24veC14NTA5LWNhLWNlcnQgICAgICAgICAgICAgICAgICAgICAgIGRlciBwZW0gY3J0OwogICAgYXBwbGljYXRpb24veC14cGluc3RhbGwgICAgICAgICAgICAgICAgICAgICAgICAgIHhwaTsKICAgIGFwcGxpY2F0aW9uL3hodG1sK3htbCAgICAgICAgICAgICAgICAgICAgICAgICAgICB4aHRtbDsKICAgIGFwcGxpY2F0aW9uL3hzcGYreG1sICAgICAgICAgICAgICAgICAgICAgICAgICAgICB4c3BmOwogICAgYXBwbGljYXRpb24vemlwICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHppcDsKCiAgICBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0gICAgICAgICAgICAgICAgICAgICAgICAgYmluIGV4ZSBkbGw7CiAgICBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0gICAgICAgICAgICAgICAgICAgICAgICAgZGViOwogICAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtICAgICAgICAgICAgICAgICAgICAgICAgIGRtZzsKICAgIGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbSAgICAgICAgICAgICAgICAgICAgICAgICBpc28gaW1nOwogICAgYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtICAgICAgICAgICAgICAgICAgICAgICAgIG1zaSBtc3AgbXNtOwoKICAgIGF1ZGlvL21pZGkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtaWQgbWlkaSBrYXI7CiAgICBhdWRpby9tcGVnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbXAzOwogICAgYXVkaW8vb2dnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG9nZzsKICAgIGF1ZGlvL3gtbTRhICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtNGE7CiAgICBhdWRpby94LXJlYWxhdWRpbyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcmE7CgogICAgdmlkZW8vM2dwcCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDNncHAgM2dwOwogICAgdmlkZW8vbXAydCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRzOwogICAgdmlkZW8vbXA0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1wNDsKICAgIHZpZGVvL21wZWcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtcGVnIG1wZzsKICAgIHZpZGVvL3F1aWNrdGltZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtb3Y7CiAgICB2aWRlby93ZWJtICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2VibTsKICAgIHZpZGVvL3gtZmx2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBmbHY7CiAgICB2aWRlby94LW00diAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbTR2OwogICAgdmlkZW8veC1tbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1uZzsKICAgIHZpZGVvL3gtbXMtYXNmICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhc3ggYXNmOwogICAgdmlkZW8veC1tcy13bXYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdtdjsKICAgIHZpZGVvL3gtbXN2aWRlbyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdmk7Cn0K", + "mtime": "1970-01-01T00:00:00Z", + "name": "mime.types", + "size": 5349 + } + ], + "name": "/etc/nginx" } ] } }, - "StagedConfigName": { + "NginxConfigObjectID": { + "description": "A globally unique identifier for the NGINX Config object.", "type": "string", - "description": "A name to identify the NGINX staged config.", - "minLength": 1, - "maxLength": 256, - "pattern": "^[^\\s]+$" + "format": "object_id", + "pattern": "^nc_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } }, - "StagedConfigCreateRequest": { - "description": "Body to create a NGINX staged config. A staged config can be empty; config payload is optional.", + "PayloadObjectID": { + "description": "A globally unique identifier for the valid payload object reference.", + "type": "string", + "format": "object_id", + "pattern": "^(cert|pv)_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "NginxConfigPayload": { + "type": "object", + "description": "Details of Aux File Payload that goes with an NGINX configuration. Provide hints for the backend system on \nadditional file contents that should be part of the NGINX Config Publication.\nCan be used to deploy files related to SSL certificates, to a data plane instance.\n", "required": [ - "name" + "type", + "paths" ], "properties": { - "name": { - "$ref": "#/components/schemas/StagedConfigName" + "type": { + "type": "string", + "description": "Types of Aux File Payload:\n - inline_secret - indicates the provided content for the payload should be stored in a secret location, and removed after the publication is done.\n - inline_content - indicates the provided content for the payload should be stored, and removed after the publication is done. Note, the contents may end up in the `aux` content if used in this NGINX configuration.\n - unmanaged_certificate - indicates certificate content for an unmanaged certificate detected from a data plane instance through NGINX configurations. Will be filtered and ignored in the payload deployment.\n - managed_certificate - indicates public certificates managed by NGINX One Console.\n - managed_key - indicates a private key managed by NGINX One Console.\n - nap_policy_version - indicates a version of NAP policy managed by NGINX One Console. A valid policy_version object\n", + "enum": [ + "inline_secret", + "inline_content", + "unmanaged_certificate", + "managed_certificate", + "managed_key", + "nap_policy_version" + ], + "x-enum-varnames": [ + "nginx_config_payload_inline_secret", + "nginx_config_payload_inline_content", + "nginx_config_payload_unmanaged_certificate", + "nginx_config_payload_managed_certificate", + "nginx_config_payload_managed_key", + "nginx_config_payload_nap_policy_version" + ] }, - "config": { - "$ref": "#/components/schemas/NginxConfigRequest" + "contents": { + "type": "string", + "format": "base64", + "description": "The base64-encoded contents of the file.", + "maxLength": 3145728 + }, + "object_id": { + "$ref": "#/components/schemas/PayloadObjectID" + }, + "paths": { + "type": "array", + "items": { + "type": "string" + } } }, "example": { - "name": "my-nginx-staged-config", - "config": { - "aux": [], - "conf_path": "/etc/nginx/nginx.conf", - "configs": [ - { - "files": [ - { - "contents": "string", - "name": "default.conf" - } - ], - "name": "/etc/nginx/conf.d" - } + "type": "inline_content", + "contents": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURUVENDQWpXZ0F3SUJBZ0lVVkcycitidUwwRk83U1FVeUtoVkNTN3YyRHZZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05qRVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNUk13RVFZRFZRUUtEQXBPUjBsT1dDQkpibU11TVFzdwpDUVlEVlFRR0V3SlZVekFlRncweU5EQTBNall5TURVeE5ERmFGdzB5TkRBME1qY3lNRFV4TkRGYU1EWXhFakFRCkJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERFVE1CRUdBMVVFQ2d3S1RrZEpUbGdnU1c1akxqRUxNQWtHQTFVRUJoTUMKVlZNd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMyb0FJVU9HMkxGMFVGclpMeQp5aWhZRjBZWjdYTWFYZnZ4dWJMYVZZdUdJNjlYN1FQRUJtUXp2OXdod25aUktDUExDZHVCNG04Y0o3Q3BGenRHCldPYVFMbmNxVVA4RFU1aHlQeFBSbmZUdFFBcUdiMDJRZ1RVQXY1QkpJMFZheGhCcnNaemd0KzgyM3ZoTTZTUHcKMGdSc1NZRlFpKzVDWW9MMWZNSWdhS0N2Ri9zZGl5cHZFQ0JDZVZyTWZFZ0pGSVJBQ1kvdFBzdEsvTkxwKzlmawppZ3hFMlYxcldoSGdvRmhZRm5YYnVqM2RIMHJLai9DVlM5anZMMk9vRTlvenM5MkRVLytySGJ6eFR3QndVQjBzCmVPS2hPY2d2cENyTVlSUWxUUlhmWVJmV0NLN2Q2Mk1JR3kvajcvV1VieDFOYzl4MjJzUitydVRlZkxnRTA2NWgKMldDZkFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFmQmdOVgpIU01FR0RBV2dCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFCNC9VM3lrMFYzMTFNRFQvaEttbFJ4MWRqalRyMlhIQnVEcXZYY3BIRTQKVDJwZ0xnWURwN2tmUTQrdnlHWUt1cndEc0F1VDhEZCtUUUZLZEIraEFGRzMyazlxS1RyY1ZCZ2tNSjIwQitvWQp4T2diWW5zVnpiTDhXL0hOR3BlbDkrbThwYURtMGRXNzhMUit5UnJleDVlY2pjYWlZMDg3b0dHNlJDeWhyUVd4CkpkdkFvNlU1ejl3TnVhNmMyNlY2cy84Yit6SkJWektGZ0tQNVVGL2lIcGJVNW1QcVMwWlk4ckhRLzZPTHRGRjgKZ1J2UUlRZjZLSjRmOXlUOFBYSHBIdGJCMzEzaWh2Z09wWW9la3lIWTZaSmllTWhkd0J4MzB1N3d2Uy9POEluYwpsZWZzTkxUcWFTM2JWdldLeUFaVlZyenFtU043aGh4QWZrc0RZelBFbkF3OAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t", + "paths": [ + "/etc/nginx/ssl/server.crt" + ] + } + }, + "NginxConfigPayloads": { + "type": "array", + "description": "An array of payloads that track the file paths of each SSL certificates and key, indicating where to deploy\nthem onto the data plane instance.\n* If the `type` is `managed_certificate` or `managed_key`, you need to specify an `object_id`.\n * The `object_id` must represent a managed certificate object, or a `400 Bad Request` is returned. \n * The `contents` field is optional and is ignored if included.\n* The NGINX One Console manages deployed file paths only for managed certificates and keys. If you don't want \nthem to be managed by NGINX One Console, `inline_content` and `inline_secret` can be used for certificates or \nkeys, respectively. When you retrieve certificate deployment details, only the file paths of managed \ncertificates and keys will be shown.\n* If you use `inline_content` and `inline_secret` in your NGINX configuration, the NGINX One Console \nwill detect them. When they are used as SSL directives of the NGINX configuration \nfor certificates and keys, the certificates will be listed as `unmanaged_certificate` in the certificate \ndeployment details.\n", + "items": { + "$ref": "#/components/schemas/NginxConfigPayload" + }, + "example": [ + { + "type": "managed_certificate", + "object_id": "cert_rto8NYiCQputrIasNx2NOA", + "paths": [ + "/etc/nginx/cert.pem" + ] + }, + { + "type": "managed_key", + "object_id": "cert_rto8NYiCQputrIasNx2NOA", + "paths": [ + "/etc/nginx/key.pem" + ] + }, + { + "type": "inline_content", + "contents": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURUVENDQWpXZ0F3SUJBZ0lVVkcycitidUwwRk83U1FVeUtoVkNTN3YyRHZZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05qRVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNUk13RVFZRFZRUUtEQXBPUjBsT1dDQkpibU11TVFzdwpDUVlEVlFRR0V3SlZVekFlRncweU5EQTBNall5TURVeE5ERmFGdzB5TkRBME1qY3lNRFV4TkRGYU1EWXhFakFRCkJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERFVE1CRUdBMVVFQ2d3S1RrZEpUbGdnU1c1akxqRUxNQWtHQTFVRUJoTUMKVlZNd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMyb0FJVU9HMkxGMFVGclpMeQp5aWhZRjBZWjdYTWFYZnZ4dWJMYVZZdUdJNjlYN1FQRUJtUXp2OXdod25aUktDUExDZHVCNG04Y0o3Q3BGenRHCldPYVFMbmNxVVA4RFU1aHlQeFBSbmZUdFFBcUdiMDJRZ1RVQXY1QkpJMFZheGhCcnNaemd0KzgyM3ZoTTZTUHcKMGdSc1NZRlFpKzVDWW9MMWZNSWdhS0N2Ri9zZGl5cHZFQ0JDZVZyTWZFZ0pGSVJBQ1kvdFBzdEsvTkxwKzlmawppZ3hFMlYxcldoSGdvRmhZRm5YYnVqM2RIMHJLai9DVlM5anZMMk9vRTlvenM5MkRVLytySGJ6eFR3QndVQjBzCmVPS2hPY2d2cENyTVlSUWxUUlhmWVJmV0NLN2Q2Mk1JR3kvajcvV1VieDFOYzl4MjJzUitydVRlZkxnRTA2NWgKMldDZkFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFmQmdOVgpIU01FR0RBV2dCUnZnamkxWlByZlVBMnRlWlRMUGE0djlzdHFXakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFCNC9VM3lrMFYzMTFNRFQvaEttbFJ4MWRqalRyMlhIQnVEcXZYY3BIRTQKVDJwZ0xnWURwN2tmUTQrdnlHWUt1cndEc0F1VDhEZCtUUUZLZEIraEFGRzMyazlxS1RyY1ZCZ2tNSjIwQitvWQp4T2diWW5zVnpiTDhXL0hOR3BlbDkrbThwYURtMGRXNzhMUit5UnJleDVlY2pjYWlZMDg3b0dHNlJDeWhyUVd4CkpkdkFvNlU1ejl3TnVhNmMyNlY2cy84Yit6SkJWektGZ0tQNVVGL2lIcGJVNW1QcVMwWlk4ckhRLzZPTHRGRjgKZ1J2UUlRZjZLSjRmOXlUOFBYSHBIdGJCMzEzaWh2Z09wWW9la3lIWTZaSmllTWhkd0J4MzB1N3d2Uy9POEluYwpsZWZzTkxUcWFTM2JWdldLeUFaVlZyenFtU043aGh4QWZrc0RZelBFbkF3OAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t", + "paths": [ + "/etc/nginx/inline_cert.crt" ] } - } + ] + }, + "NginxConfig": { + "description": "Details of an NGINX configuration, including its unique identifier, the main configuration path, the \nconfiguration directories, and the NGINX configuration payloads that indicate where managed SSL certificates\nand keys were deployed to on the data plane instance.\n", + "allOf": [ + { + "$ref": "#/components/schemas/NginxConfigObject" + }, + { + "type": "object", + "required": [ + "object_id" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/NginxConfigObjectID" + }, + "payloads": { + "$ref": "#/components/schemas/NginxConfigPayloads" + } + } + } + ] }, - "StagedConfigCreateResponse": { - "description": "Response to a create NGINX staged config request.", + "FileDataRequest": { + "type": "object", + "description": "Details about a file, name, and content.", "required": [ - "object_id", "name" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/StagedConfigObjectID" + "name": { + "type": "string", + "description": "The file's relative path to the parent directory, absolute path also accepted.", + "minLength": 1, + "maxLength": 4096 }, + "contents": { + "type": "string", + "format": "byte", + "description": "The base64-encoded contents of the file.", + "maxLength": 3145728 + } + } + }, + "DirectoryRequestWithFileContent": { + "type": "object", + "description": "Represents a directory and its contents, detailing the directory's full path, and the files within it.", + "required": [ + "name", + "files" + ], + "properties": { "name": { - "description": "Name of the NGINX staged config.", - "type": "string" + "type": "string", + "minLength": 1, + "description": "The complete path of the directory." + }, + "files": { + "type": "array", + "description": "The list of files in the directory.", + "items": { + "$ref": "#/components/schemas/FileDataRequest" + } } - }, - "example": { - "name": "my-nginx-staged-config", - "object_id": "sc_Tet21AeYTHCj7taOwVfzyw" } }, - "StagedConfigBulkRequestData": { + "NginxConfigObjectRequest": { "type": "object", - "description": "Part of bulk operation on a staged config, only `delete` is supported.", + "description": "Details of an NGINX configuration, the main configuration path, and the configuration directories.\n", "required": [ - "action", - "object_id" + "conf_path", + "configs" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/StagedConfigObjectID" + "config_version": { + "type": "string", + "description": "A hash that uniquely identifies the contents of the config object. Can be used to detect change when updating the NginxConfig.\n" }, - "action": { - "$ref": "#/components/schemas/BulkRequestAction" + "conf_path": { + "$ref": "#/components/schemas/ConfigPath" + }, + "configs": { + "type": "array", + "description": "An array of directories containing NGINX configuration files.", + "items": { + "$ref": "#/components/schemas/DirectoryRequestWithFileContent" + } + }, + "aux": { + "type": "array", + "description": "An array of auxiliary directory contents related to the NGINX configuration. When auxiliary contents are\nprovided, they become the authoritative source of non-NGINX configuration content. Please ensure the\nprovided contents are complete, missing files that are referenced in the NGINX configuration can cause\nNGINX reload failure. When not provided, the previous known auxiliary contents will be used as part of\npublish.\n", + "items": { + "$ref": "#/components/schemas/DirectoryRequestWithFileContent" + } } - }, - "example": { - "object_id": "sc_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" } }, - "StagedConfigBulkRequest": { - "type": "array", - "items": { - "$ref": "#/components/schemas/StagedConfigBulkRequestData" - }, - "minItems": 1, - "maxItems": 50, - "example": [ + "NginxConfigRequest": { + "allOf": [ { - "object_id": "sc_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" + "$ref": "#/components/schemas/NginxConfigObjectRequest" }, { - "object_id": "sc_PL0c1XodRemmzVEjiXSsTg", - "action": "delete" + "type": "object", + "properties": { + "payloads": { + "$ref": "#/components/schemas/NginxConfigPayloads" + } + } } ] }, - "StagedConfigBulkResponse": { - "description": "The staged config bulk outcome.", - "type": "array", - "items": { - "$ref": "#/components/schemas/BulkRequestObjectStatus" + "PublicationStatusCause": { + "description": "Cause of the failure, provided only if the status is `failed`.", + "type": "object", + "properties": { + "cause": { + "description": "Cause of the failure, detailed as follows:\n* `unknown` - The reason for the failure is not known.\n* `timeout` - The publication request reached its time limit without receiving a response from the NGINX Agent.\n* `remote` - The NGINX Agent reported a failure when trying to apply the configuration. See the message for more details.\n* `payload` - The publication was successful, but there were warnings reported by attached payloads, see message for more details.\n", + "type": "string", + "enum": [ + "unknown", + "timeout", + "remote", + "payload" + ], + "x-enum-varnames": [ + "publication_instance_status_cause_unknown", + "publication_instance_status_cause_timeout", + "publication_instance_status_cause_remote", + "publication_instance_status_cause_payload" + ] + }, + "message": { + "type": "string", + "description": "more specific failure message from the agent." + } } }, - "StagedConfigResponse": { - "description": "Get an NGINX staged config.", + "ConfigSyncGroupPublicationStatusReason": { + "allOf": [ + { + "$ref": "#/components/schemas/PublicationStatusCause" + }, + { + "type": "object", + "required": [ + "object_id" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/InstanceObjectID" + } + } + } + ] + }, + "ConfigSyncGroupPublication": { + "description": "Details of a publication request for the NGINX config sync group.", "required": [ - "name" + "status", + "created_at", + "modified_at" ], "properties": { - "name": { + "object_id": { + "$ref": "#/components/schemas/PublicationObjectID" + }, + "status": { + "$ref": "#/components/schemas/ConfigSyncGroupPublicationStatus" + }, + "created_at": { "type": "string", - "description": "Name of the NGINX staged config." + "format": "date-time", + "description": "The date and time when the publication was created for the instance." }, - "config": { - "$ref": "#/components/schemas/NginxConfig" + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the publication was last modified for the instance." + }, + "status_reasons": { + "description": "Detailed failure reasons on each instance's publication, when 'status' is in 'failed' or 'partially_succeeded'", + "type": "array", + "items": { + "$ref": "#/components/schemas/ConfigSyncGroupPublicationStatusReason" + } + }, + "config_version": { + "type": "string", + "description": "A hash that uniquely identifies the contents of the config object in the publication.\n" } + }, + "example": { + "config_version": "fc3bb4b50c145b3ca5c5d1342be5ec0718eeb9bb84f8d53c5734b6b8", + "created_at": "2024-05-23T21:57:13.048285Z", + "modified_at": "2024-05-23T21:57:13.048285Z", + "object_id": "pub_UPV8jXFwSgm1vHQJCvLD1w", + "status": "failed", + "status_reasons": [ + { + "cause": "remote", + "message": "Config apply failed (write): error running nginx -t -c /etc/nginx/nginx.conf:\n error running nginx -t -c /etc/nginx/nginx.conf:\nnginx: [emerg] invalid number of arguments in \"worker_processes\" directive in /etc/nginx/nginx.conf:7\nnginx: configuration file /etc/nginx/nginx.conf test failed\n", + "object_id": "inst_QBBobKIAQ_21grAwV83VYw" + } + ] } }, - "StagedConfigUpdateRequest": { - "description": "Body to update a NGINX staged config name and config contents.", + "PublicationInstance": { + "description": "Details of a publication request for an NGINX instance.", "required": [ - "name", - "config" + "status", + "created_at", + "modified_at" ], "properties": { - "name": { - "$ref": "#/components/schemas/StagedConfigName" + "object_id": { + "$ref": "#/components/schemas/PublicationObjectID" }, - "config": { - "$ref": "#/components/schemas/NginxConfigRequest" + "config_version": { + "type": "string", + "description": "A hash that uniquely identifies the contents of the config object in the publication.\n" + }, + "status": { + "description": "Publication status for the NGINX instance:\n* `pending` - The publication request has been accepted and is currently processing.\n* `failed` - The publication attempt failed.\n* `succeeded` - The publication was successful.\n* `succeeded_with_warnings` - The publication was successful, but there were warnings.\n", + "type": "string", + "enum": [ + "pending", + "failed", + "succeeded", + "succeeded_with_warnings" + ], + "x-enum-varnames": [ + "publication_instance_status_pending", + "publication_instance_status_failed", + "publication_instance_status_succeeded", + "publication_instance_status_succeeded_with_warnings" + ] + }, + "status_cause": { + "$ref": "#/components/schemas/PublicationStatusCause" + }, + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the publication was created for the instance." + }, + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the publication was last modified for the instance." } }, "example": { - "name": "my-nginx-staged-config", - "config": { - "aux": [], - "conf_path": "/etc/nginx/nginx.conf", - "config_version": "c039fbbd5d7f73d894390fb446bd3690da099ed8862b2527299bc2ba", - "configs": [ - { - "files": [ - { - "contents": "string", - "name": "default.conf" - } - ], - "name": "/etc/nginx/conf.d" - } - ] - } + "config_version": "c039fbbd5d7f73d894390fb446bd3690da099ed8862b2527299bc2ba", + "created_at": "2024-05-14T20:36:06.272704Z", + "modified_at": "2024-05-14T20:36:06.272704Z", + "object_id": "pub_vfr5Oqv-AhxGzyqTXW-Ubw", + "status": "pending" } }, - "StagedConfigChangeRequest": { - "description": "Update an NGINX staged config.", + "NginxConfigProblem": { + "type": "object", + "description": "Representation of a problem found during NGINX configuration analysis.", "properties": { - "name": { - "$ref": "#/components/schemas/StagedConfigName" + "directive": { + "description": "Directive in the NGINX configuration where the issue is identified.", + "type": "string" }, - "config": { - "$ref": "#/components/schemas/NginxConfigRequest" + "file": { + "description": "File where the issue is detected.", + "type": "string" + }, + "line": { + "description": "Line number in the configuration where the issue is found.", + "type": "integer" } - }, - "example": { - "config": { - "aux": [], - "conf_path": "/etc/nginx/nginx.conf", - "config_version": "c039fbbd5d7f73d894390fb446bd3690da099ed8862b2527299bc2ba", - "configs": [ - { - "files": [ - { - "contents": "string", - "name": "default.conf" - } - ], - "name": "/etc/nginx/conf.d" - } - ] + } + }, + "NginxConfigReport": { + "type": "object", + "description": "An analysis of the NGINX configuration, highlighting issues and their severity, and offering recommendations.", + "properties": { + "rule": { + "description": "The name of the configuration rule that was violated.", + "type": "string" + }, + "info": { + "description": "A detailed description of the issue.", + "type": "string" + }, + "severity": { + "description": "The severity level of the issue.", + "type": "string" + }, + "category": { + "description": "Classification category of the issue.", + "type": "string" + }, + "documentation": { + "description": "Links to documentation that can assist in resolving the identified issue.", + "type": "array", + "items": { + "type": "string" + } + }, + "where": { + "description": "Specific locations in the configuration where issues were detected.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxConfigProblem" + } } } }, - "StagedConfigImportRequest": { + "NginxConfigReports": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxConfigReport" + } + }, + "NginxConfigMeta": { "type": "object", - "description": "Body to import a NGINX staged config", + "description": "Meta data of an NGINX configuration, including its unique identifier, the config_version.\n", "required": [ - "name", - "file", - "conf_path" + "object_id", + "config_version", + "created_at", + "modified_at", + "config_source" ], "properties": { - "name": { - "$ref": "#/components/schemas/StagedConfigName" + "object_id": { + "$ref": "#/components/schemas/NginxConfigObjectID" }, - "file": { + "config_version": { "type": "string", - "format": "binary", - "example": "my-staged-config.tar.gz", - "maxLength": 5242880 + "description": "A hash that uniquely identifies the contents of the config object.\n" }, - "conf_path": { - "$ref": "#/components/schemas/ConfigPath" + "created_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the NGINX configuration object was created for the instance." + }, + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the NGINX configuration object was last modified for the instance." + }, + "config_source": { + "type": "string", + "enum": [ + "NGINX One", + "Other", + "Unspecified" + ], + "x-enum-varnames": [ + "config_source_nginx_one", + "config_source_other", + "config_source_unspecified" + ], + "description": "The source from which the config was created:\n- `NGINX One`: The config was created from NGINX One.\n- `Other`: The config was created from data plane.\n- `Unspecified`: The source of the config is unspecified.\n" } }, "example": { - "name": "my-nginx-config", - "file": "my-staged-config.tar.gz", - "conf_path": "/etc/nginx/nginx.conf", - "parse_only": true + "object_id": "nc_AamgWtYSSb6OWGljx3wNDA", + "config_version": "Cm1hcCAkdXJpICRtYXBwZWRfc2V", + "created_at": "2023-08-10T16:59:15Z", + "modified_at": "2023-08-10T16:59:15Z", + "config_source": "NGINX One" } }, "FilterNameControlPlanes": { @@ -12924,49 +7951,164 @@ } } ], - "example": { - "total": 10, - "count": 1, - "start_index": 1, - "items_per_page": 100, - "items": [ - { - "object_id": "ecp_tgfVM3KQTxCyiDXgV38G7A", - "name": "nginx-ingress-001", - "product_version": "nginx-ingress-controller-4.0.1", - "created_at": "2023-12-06T22:37:24.120114Z", - "instances_count": 5, - "online_instances_count": 3, - "cve_severity": [ - { - "count": 6, - "type": "medium" - }, - { - "count": 1, - "type": "high" - } - ] - }, - { - "object_id": "ecp_-bRQlhscTKmbUIdJaYhGJA", - "name": "ngf-deployment", - "created_at": "2023-12-06T22:37:24.120114Z", - "product_version": "nginx-gateway-fabric-2.0.1", - "instances_count": 3, - "online_instances_count": 1, - "cve_severity": [ - { - "count": 2, - "type": "medium" - }, - { - "count": 3, - "type": "high" - } - ] - } - ] + "example": { + "total": 10, + "count": 1, + "start_index": 1, + "items_per_page": 100, + "items": [ + { + "object_id": "ecp_tgfVM3KQTxCyiDXgV38G7A", + "name": "nginx-ingress-001", + "product_version": "nginx-ingress-controller-4.0.1", + "created_at": "2023-12-06T22:37:24.120114Z", + "instances_count": 5, + "online_instances_count": 3, + "cve_severity": [ + { + "count": 6, + "type": "medium" + }, + { + "count": 1, + "type": "high" + } + ] + }, + { + "object_id": "ecp_-bRQlhscTKmbUIdJaYhGJA", + "name": "ngf-deployment", + "created_at": "2023-12-06T22:37:24.120114Z", + "product_version": "nginx-gateway-fabric-2.0.1", + "instances_count": 3, + "online_instances_count": 1, + "cve_severity": [ + { + "count": 2, + "type": "medium" + }, + { + "count": 3, + "type": "high" + } + ] + } + ] + } + }, + "StatusSummary": { + "description": "An overview of the status for each NGINX instance, indicating availability.", + "type": "object", + "required": [ + "online", + "offline", + "unavailable" + ], + "properties": { + "online": { + "description": "The number of NGINX instances reporting as `online`.\nThe NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n", + "type": "integer" + }, + "offline": { + "description": "The number of NGINX instances reporting as `offline`.\nThe NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n", + "type": "integer" + }, + "unavailable": { + "description": "The number of NGINX instances reporting as `unavailable`.\nThe NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n", + "type": "integer" + } + } + }, + "ControlPlane": { + "type": "object", + "description": "Information on control plane including:\n* Control plane object ID\n* Cluster UUID\n* Deployment UUID\n* Kubernetes namespace\n* Data plane key object ID\n* Certificate summary\n* Instance status summary\n", + "required": [ + "object_id", + "cluster_uuid", + "deployment_uuid", + "kubernetes_namespace" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/ControlPlaneObjectID" + }, + "cluster_uuid": { + "description": "The Kubernetes UID assigned to the cluster that the product is running in.", + "type": "string" + }, + "deployment_uuid": { + "description": "The Kubernetes UID assigned to the control plane.", + "type": "string" + }, + "key_object_id": { + "$ref": "#/components/schemas/DataPlaneKeyObjectID" + }, + "kubernetes_namespace": { + "description": "The kubernetes namespace that the product is running in.", + "type": "string" + }, + "cert_summary": { + "$ref": "#/components/schemas/CertificateInstanceSummary" + }, + "statuses": { + "$ref": "#/components/schemas/StatusSummary" + } + } + }, + "ControlPlaneDetails": { + "type": "object", + "description": "Detailed information of control plane.", + "allOf": [ + { + "$ref": "#/components/schemas/ControlPlaneBaseInfo" + }, + { + "$ref": "#/components/schemas/ControlPlane" + } + ], + "example": { + "name": "foo", + "object_id": "ecp_-uvR3F2TQGm18jnl7bpaGw", + "product_version": "nginx-ingress-controller-1.0.0", + "cluster_uuid": "d1ced6c7-8980-467e-a1db-dcdfec16b1f7", + "deployment_uuid": "b9b00e37-5ee4-4361-8c61-1329f3828dd3", + "key_object_id": "key_6AT9LXyUQHyhC8kF7bVMgg", + "kubernetes_namespace": "nginx-ingress-controller", + "created_at": "2023-12-06T22:37:24.120114Z", + "cert_summary": { + "total": 9, + "valid": 1, + "expired": 5, + "expiring": 3, + "not_ready": 0 + }, + "statuses": { + "offline": 0, + "online": 3, + "unavailable": 0 + } + } + }, + "SummaryDisplayCount": { + "description": "The name, the total count, and an optional user-friendly display name of the resource being summarized.", + "type": "object", + "required": [ + "name", + "count" + ], + "properties": { + "name": { + "description": "Identifies the category of data being reported, such as an operating system, NGINX version, or another type.", + "type": "string" + }, + "count": { + "description": "The number of resources matching the given type.", + "type": "integer" + }, + "display": { + "description": "A user-friendly label for the category count, intended for display purposes where a more descriptive or readable format is preferred.", + "type": "string" + } } }, "ControlPlaneProductVersionSummary": { @@ -13034,1049 +8176,1093 @@ ] } }, - "ControlPlane": { + "NginxCVEObject": { "type": "object", - "description": "Information on control plane including:\n* Control plane object ID\n* Cluster UUID\n* Deployment UUID\n* Kubernetes namespace\n* Data plane key object ID\n* Certificate summary\n* Instance status summary\n", "required": [ - "object_id", - "cluster_uuid", - "deployment_uuid", - "kubernetes_namespace" + "id", + "severity", + "info", + "published_at" ], + "description": "Details about a specific NGINX security advisory, including the number of instances impacted by it, its severity, and a brief description.", "properties": { - "object_id": { - "$ref": "#/components/schemas/ControlPlaneObjectID" - }, - "cluster_uuid": { - "description": "The Kubernetes UID assigned to the cluster that the product is running in.", - "type": "string" - }, - "deployment_uuid": { - "description": "The Kubernetes UID assigned to the control plane.", + "id": { + "description": "The security advisory's unique identifier.", "type": "string" }, - "key_object_id": { - "$ref": "#/components/schemas/DataPlaneKeyObjectID" + "severity": { + "$ref": "#/components/schemas/CveSeverityType" }, - "kubernetes_namespace": { - "description": "The kubernetes namespace that the product is running in.", + "info": { + "description": "A brief description of security advisory.", "type": "string" }, - "cert_summary": { - "$ref": "#/components/schemas/CertificateInstanceSummary" + "instances_impacted": { + "description": "Number of instances impacted by the security advisory", + "type": "integer" }, - "statuses": { - "$ref": "#/components/schemas/StatusSummary" + "control_planes_impacted": { + "description": "Number of control planes impacted by the security advisory", + "type": "integer" + }, + "published_at": { + "description": "The date and time when the cve was published", + "type": "string", + "format": "date-time" } } }, - "ControlPlaneDetails": { - "type": "object", - "description": "Detailed information of control plane.", + "CVEListResponse": { "allOf": [ { - "$ref": "#/components/schemas/ControlPlaneBaseInfo" + "$ref": "#/components/schemas/PaginationResponse" }, { - "$ref": "#/components/schemas/ControlPlane" + "type": "object", + "description": "List of all CVEs.", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of CVE objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NginxCVEObject" + } + } + } } + ] + }, + "NginxProduct": { + "type": "string", + "description": "NGINX product :\n * `noss` - NGINX Open Source.\n * `nplus` - NGINX PLUS.\n * `nic` - NGINX Ingress Controller.\n * `ngf` - NGINX Gateway Fabric.\n", + "enum": [ + "noss", + "nplus", + "nic", + "ngf", + "unknown" ], - "example": { - "name": "foo", - "object_id": "ecp_-uvR3F2TQGm18jnl7bpaGw", - "product_version": "nginx-ingress-controller-1.0.0", - "cluster_uuid": "d1ced6c7-8980-467e-a1db-dcdfec16b1f7", - "deployment_uuid": "b9b00e37-5ee4-4361-8c61-1329f3828dd3", - "key_object_id": "key_6AT9LXyUQHyhC8kF7bVMgg", - "kubernetes_namespace": "nginx-ingress-controller", - "created_at": "2023-12-06T22:37:24.120114Z", - "cert_summary": { - "total": 9, - "valid": 1, - "expired": 5, - "expiring": 3, - "not_ready": 0 - }, - "statuses": { - "offline": 0, - "online": 3, - "unavailable": 0 - } - } + "x-enum-varnames": [ + "nginx_product_noss", + "nginx_product_nplus", + "nginx_product_nic", + "nginx_product_ngf", + "nginx_product_unknown" + ] }, - "MetricQueryResultEx": { + "CveImpactedNginxProduct": { "type": "object", "required": [ - "query_metadata", - "metrics" + "versions", + "name" ], + "description": "security advisory impacted NGINX product and its version.", "properties": { - "query_metadata": { - "$ref": "#/components/schemas/MetricQueryMetadata" - }, - "metrics": { - "description": "An array of Metric objects, each including the name of the metric resource, aggregate function, and series details.", + "versions": { + "description": "List of impacted NGINX product versions.", "type": "array", "items": { - "$ref": "#/components/schemas/MetricEx" + "type": "string" + } + }, + "name": { + "$ref": "#/components/schemas/NginxProduct" + } + } + }, + "NginxCVEDetailsResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/NginxCVEObject" + }, + { + "type": "object", + "required": [ + "detail", + "impacted_products" + ], + "description": "Details about a specific NGINX security advisory, including its severity, detail,\npublished date and time, description and impacted products.\n", + "properties": { + "impacted_products": { + "type": "array", + "items": { + "$ref": "#/components/schemas/CveImpactedNginxProduct" + } + }, + "detail": { + "description": "the details about security advisory", + "type": "string" + } + }, + "example": { + "detail": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-ID", + "id": "CVE-ID", + "impacted_products": [ + { + "name": "nplus", + "versions": [ + "r1", + "r2" + ] + }, + { + "name": "noss", + "versions": [ + "1.11.1", + "1.20.2", + "1.19.9" + ] + }, + { + "name": "nic", + "versions": [ + "1.0.0", + "2.1.0" + ] + }, + { + "name": "ngf", + "versions": [ + "1.6.2", + "2.0.1" + ] + } + ], + "info": "Memory disclosure in the ngx_http_mp4_module", + "published_at": "2022-10-19T00:00:00Z", + "severity": "medium" } } - } + ] }, - "MetricQueryMetadata": { - "description": "This object includes details about the time period and resolution (granularity) used in the metrics query.\n", + "NginxProductInfo": { "type": "object", + "description": "Information about an NGINX product type and its version", + "required": [ + "name", + "version" + ], "properties": { - "start_time": { - "description": "The beginning of the time period for the metrics query (inclusive).", - "type": "string", - "format": "date-time", - "example": "2019-08-07T09:57:36.088757764Z" - }, - "end_time": { - "description": "The end point for the time period for the metrics query (non-inclusive).", - "type": "string", - "format": "date-time", - "example": "2019-08-07T09:57:36.088757764Z" + "name": { + "$ref": "#/components/schemas/NginxProduct" }, - "resolution": { - "description": "The level of granularity for the time series data.", - "type": "string", - "example": "30m" + "version": { + "description": "version of the NGINX product installed on the instance.", + "type": "string" } } }, - "MetricEx": { + "CVEImpactedInstance": { "type": "object", + "description": "Summary information about a NGINX instance.", "required": [ - "metric", - "series" + "object_id", + "hostname", + "status" ], - "description": "This object represents a metric, including the name of the metric resource, aggregate function, and series details.\n", "properties": { - "metric": { - "$ref": "#/components/schemas/MetricName" + "object_id": { + "$ref": "#/components/schemas/InstanceObjectID" }, - "aggregate": { - "$ref": "#/components/schemas/MetricAggregation" + "hostname": { + "description": "The name of the host system where the NGINX instance is running.", + "type": "string" }, - "series": { - "description": "An array of data points aligned along one or more dimensions from the Dimensions Catalog.\n", + "products": { + "description": "List of NGINX products in the instance", "type": "array", "items": { - "$ref": "#/components/schemas/SeriesEx" - }, - "example": [ - { - "dimensions": { - "nginx_id": "some-instance-obj-1", - "parent_hostname": "hostname-for-instance-1" - }, - "data": [ - { - "timestamp": "2019-08-07T09:57:30Z", - "value": 10 - } - ] - }, - { - "dimensions": { - "nginx_id": "some-instance-obj-2", - "parent_hostname": "hostname-for-instance-2" - }, - "data": [ - { - "timestamp": "2019-08-07T09:58:30Z", - "value": 5 - } - ] - } + "$ref": "#/components/schemas/NginxProductInfo" + } + }, + "status": { + "type": "string", + "description": "The current operational status of the NGINX instance, with the following possible values:\n* `unknown` - The status of the NGINX instance cannot be determined at this moment.\n* `unavailable` - The NGINX Agent has lost connection to NGINX One, rendering the NGINX instance unavailable.\n* `offline` - The NGINX Agent is connected to NGINX One, but the NGINX instance is offline.\n* `online` - The NGINX Agent is connected to NGINX One, and the NGINX instance is online.\n", + "enum": [ + "unknown", + "unavailable", + "offline", + "online" ] } } }, - "SeriesEx": { - "description": "This object represents a set of data points aligned along one or more dimensions from the Dimensions Catalog.", - "type": "object", - "required": [ - "dimensions", - "data" - ], - "properties": { - "dimensions": { - "description": "This object represents a set of data points aligned along one or more dimensions.\n", + "CVEImpactedInstancesListResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" + }, + { "type": "object", - "additionalProperties": { - "description": "The name(s) of the dimensions used in the metrics query.\n", - "type": "string" + "description": "List of instances affected by a CVE.", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of Instance objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/CVEImpactedInstance" + } + } }, "example": { - "nginx_id": "some-instance-object-id", - "parent_hostname": "hostname-for-instance" + "total": 10, + "count": 1, + "start_index": 1, + "items_per_page": 100, + "items": [ + { + "object_id": "inst_8Iwn7dT7RF-PRLxkSt5EYQ", + "hostname": "4d116619f106", + "products": [ + { + "name": "noss", + "version": "1.18.0" + } + ], + "status": "unknown" + } + ] } - }, - "data": { - "description": "Array of data points for a metric.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/MetricData" - }, - "example": [ - { - "timestamp": "2019-08-07T09:57:30Z", - "value": 10 - } - ] - } - } - }, - "MetricData": { - "type": "object", - "required": [ - "timestamp", - "value" - ], - "properties": { - "timestamp": { - "type": "string", - "description": "A date-time string that represent when the data point in the series was recorded.\n", - "format": "date-time" - }, - "value": { - "type": "number", - "format": "double", - "nullable": true, - "description": "A value for the data, where `null` indicates a gap.\n" } - } - }, - "StartTime": { - "description": "Sets the beginning of the time period for your metrics query (inclusive).\n\nUsage:\n* `start_time` is required if `end_time` is specified.\n* If `start_time` isn't provided, the API returns the latest metrics.\n* `start_time` is required for aggregated metrics in order to calculate the `resolution` (granularity).\n\nTime can be specified in two ways:\n* Using ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and the appropriate time unit. The time unit can can be `y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds). \nExample of an offset: \"now-3h\" (3 hours before now).\n", - "type": "string", - "example": "2019-08-07T09:57:36.088757764Z" - }, - "EndTime": { - "description": "Sets the end point for the time period for your metrics query (non-inclusive).\n\nUsage:\n* Must be greater than `start_time`.\n* If `start_time` is specified and `end_time` is not, `end_time` defaults to the current time.\n\nTime can be specified in two ways:\n* Using ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and the appropriate time unit. The time unit can can be `y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds). \nExample of an offset: \"now-3h\" (3 hours before now).\n", - "type": "string", - "example": "2019-08-07T09:57:36.088757764Z" - }, - "MetricAggregation": { - "type": "string", - "description": "Static list of aggregation functions that can be applied to a compatible metric.\n * min\n * max\n * sum\n * avg\n * rate\n", - "enum": [ - "min", - "max", - "sum", - "avg", - "rate" - ], - "x-enum-varnames": [ - "metric_aggregation_min", - "metric_aggregation_max", - "metric_aggregation_sum", - "metric_aggregation_avg", - "metric_aggregation_rate" - ] - }, - "MetricDimensions": { - "type": "array", - "description": "List the dimensions to include in the response for each metric series.\n\nUsage:\n\n* Specify the list of dimensions. Dimensions not specified in this parameter will be hidden in the results.\n* If you specify dimensions in `group_by`, you don't need to list them again in `dimensions`. \nHowever, if you are using `group_by`, then any dimensions you list in `dimensions` must also be included in `group_by`.\n * To return a single series, specify the metric name with aggregation (for example, `{ \"name\": \"agent.cpu.system\", \"aggregate\": \"avg\" }`) and leave the `dimensions` parameter empty.\n", - "items": { - "$ref": "#/components/schemas/MetricDimension" - } - }, - "GroupByDimensions": { - "type": "array", - "description": "Group the query results by the specified dimension(s).\n\nUsage:\n* Specify the list of dimensions.\n* For `group_by` to work, all metrics in the `names` parameter must be aggregated.\n", - "items": { - "$ref": "#/components/schemas/MetricDimension" - } - }, - "TopXMetricDimensions": { - "type": "array", - "description": "List additional dimensions to include in the response for each metric series. The dimension specified by `group_series_by` will be included by default.\n", - "items": { - "$ref": "#/components/schemas/MetricDimension" - } - }, - "MetricDimension": { - "type": "string", - "default": "display_name", - "description": "Static list of all metric dimensions.\n * `display_name` - The display name of the NGINX instance.\n * `file_path` - Path to a desired file.\n * `parent_hostname` - The hostname of the NGINX Plus instance.\n * `instance_object_id` - Instance Object ID is the unique identifier for an Instance registered with NGINX One Console.\n * `location_zone` - The name of an HTTP location zone.\n * `mount_point` - A filesystem mount point.\n * `namespace` - The Namespace associated with the metric data.\n * `network_interface` - A server network interface.\n * `nginx_id` - The unique identifier of an nginx instance running on the data plane.\n * `server_zone` - The name of an HTTP or Stream server zone.\n * `system_id` - The unique identifier of the the operating system where nginx-agent is running.\n * `tenant` - The Tenant associated with the metric data.\n * `csg_object_id` - Config Sync Group Object ID is the unique identifier for a Config Sync Group registered with NGINX One Console.\n * `mode` - Variant value associated with metric `system.cpu.utilization`.\n * `state` - Variant value associated with metrics `system.filesystem.usage`, `system.memory.usage`.\n * `io_direction` - Variant value associated with metric `system.network.io`.\n * `status_range` - Variant value associated with metric `nginx.http.response.count`.\n * `logical_number` - Variant value associated with metrics that result in a processor number.\n * `outcome` - Variant value associated with metrics that result in an outcome .\n", - "enum": [ - "display_name", - "file_path", - "parent_hostname", - "instance_object_id", - "location_zone", - "mount_point", - "namespace", - "network_interface", - "nginx_id", - "server_zone", - "system_id", - "tenant", - "csg_object_id", - "mode", - "state", - "io_direction", - "status_range", - "logical_number", - "outcome" + ] + }, + "FilterNameEvents": { + "type": "string", + "description": "Keywords for events filters.\n", + "enum": [ + "object_id" ], "x-enum-varnames": [ - "metric_dimension_display_name", - "metric_dimension_file_path", - "metric_dimension_hostname", - "metric_dimension_instance_object_id", - "metric_dimension_location_zone", - "metric_dimension_mount_point", - "metric_dimension_namespace", - "metric_dimension_network_interface", - "metric_dimension_nginx_id", - "metric_dimension_server_zone", - "metric_dimension_system_id", - "metric_dimension_tenant", - "metric_dimension_csg_object_id", - "metric_dimension_mode", - "metric_dimension_state", - "metric_dimension_io_direction", - "metric_dimension_status_range", - "metric_dimension_logical_number", - "metric_dimension_outcome" + "filter_name_events_object_id" ] }, - "BaseMetricQueryRequest": { + "EventObjectID": { + "description": "A globally unique identifier for a NGINX One system event.", + "type": "string", + "format": "object_id", + "pattern": "^event_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + } + }, + "Event": { "type": "object", + "description": "An Event is a system message.", "required": [ - "metrics", - "start_time", - "resolution" + "type", + "timestamp", + "object_id", + "message" ], "properties": { - "metrics": { - "$ref": "#/components/schemas/MetricNames" + "timestamp": { + "description": "time of the event", + "type": "string", + "format": "date-time", + "example": "2019-08-07T09:57:36.088757764Z" }, - "filter": { - "$ref": "#/components/schemas/MetricFilters" + "type": { + "type": "string", + "description": "type of event, indication for affected object type.", + "enum": [ + "instance_cleanup", + "certificates", + "publications", + "nap_compilation_jobs" + ], + "x-enum-varnames": [ + "event_type_instance_cleanup", + "event_type_certificates", + "event_type_publications", + "event_type_nap_compilation_jobs" + ] }, - "start_time": { - "$ref": "#/components/schemas/StartTime" + "object_id": { + "$ref": "#/components/schemas/EventObjectID" }, - "end_time": { - "$ref": "#/components/schemas/EndTime" + "affected_object_id": { + "$ref": "#/components/schemas/ObjectID" }, - "resolution": { + "hostname": { "type": "string", - "description": "Specifies the level of granularity for time series data in your results. Applicable only for endpoints that return time series data.\n\nUsage: \n* Specify as a string with a number followed by a unit of time, such as `y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes) or `s` (seconds).\n* Metrics in `names` must be aggregated.\n* `start_time` is required.\n* If `resolution` is not set, the API returns the maximum resolution (`end_time` - `start_time`).\n", - "example": "30s" + "description": "hostname of the affected instance, if any." + }, + "message": { + "type": "string", + "description": "Details regarding the event.", + "example": "Instance \"demo-1\" deleted by instance cleanup after \"unavailable\" for 25 hours." } + }, + "example": { + "timestamp": "2024-02-04T09:57:36.088757764Z", + "type": "instance_cleanup", + "object_id": "event_-uvR3F2TQGm18jnl7bpaGw", + "affected_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "message": "ip-170.0.1 deleted after age out period of 3 hours, last seen 2023-08-07T09:57:36.088757764Z" } }, - "MetricQueryRequest": { - "type": "object", + "EventsListResponse": { "allOf": [ { - "$ref": "#/components/schemas/BaseMetricQueryRequest" + "$ref": "#/components/schemas/PaginationResponse" }, { "type": "object", + "description": "List of Events.", + "required": [ + "items" + ], "properties": { - "dimensions": { - "$ref": "#/components/schemas/MetricDimensions" - }, - "group_by": { - "$ref": "#/components/schemas/GroupByDimensions" - }, - "order_by": { - "description": "List the order by for dimension(s).\n\nUsage:\n\n* Must be a dimension included by `dimensions` or `group_by`.\n", + "items": { + "description": "An array of Event objects.", "type": "array", "items": { - "$ref": "#/components/schemas/OrderBy" + "$ref": "#/components/schemas/Event" } } } } ] }, - "MetricTopXQueryRequest": { - "type": "object", + "FilterNameInstances": { + "type": "string", + "description": "Keywords for instance filters.\n\nWhen filtering on `instance_status`, only the following `filter_values` are supported:\n * online\n * offline\n * unavailable\n * unknown\nWhen filtering base on `cert_status`, only the following `filter_values` are supported:\n * valid\n * expiring\n * expired\n * not_ready\n", + "enum": [ + "hostname", + "nginx_version", + "os_version", + "instance_status", + "cert_status", + "cve_severity", + "config_recommendation", + "key_object_id", + "system_id", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_instances_hostname", + "filter_name_instances_nginx_version", + "filter_name_instances_os_version", + "filter_name_instances_instance_status", + "filter_name_instances_cert_status", + "filter_name_instances_cve_severity", + "filter_name_instances_config_recommendation", + "filter_name_instances_key_object_id", + "filter_name_instances_system_id", + "filter_name_instances_object_id" + ] + }, + "InstanceListResponse": { "allOf": [ { - "$ref": "#/components/schemas/BaseMetricQueryRequest" + "$ref": "#/components/schemas/PaginationResponse" }, { "type": "object", + "description": "List of data plane instances.", "required": [ - "series_limit", - "group_series_by" + "items" ], "properties": { - "dimensions": { - "$ref": "#/components/schemas/TopXMetricDimensions" - }, - "series_limit": { - "type": "integer", - "example": 25, - "description": "Sets the maximum number of series that can be returned. \n\nNotes:\n* Always returns an additional series with a dimension named `all`, aggregating the values of all metrics included in the results.\n* A series with a dimension named `other` may be returned, aggregating the values of metrics not included in the results.\n" - }, - "group_series_by": { - "$ref": "#/components/schemas/MetricDimension" - }, - "order_series_by": { - "$ref": "#/components/schemas/OrderSeriesBy" + "items": { + "description": "An array of Instance objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/Instance" + } } } } - ] + ], + "example": { + "total": 10, + "count": 1, + "start_index": 1, + "items_per_page": 100, + "items": [ + { + "agent_version": "v2.30.3", + "hostname": "4d116619f106", + "key": "key_Tet21AeYTHCj7taOwVfzyw", + "last_reported": "2023-12-06T22:37:24.120114Z", + "nginx_build": { + "conf_path": "/etc/nginx/nginx.conf", + "version": "1.25.3" + }, + "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", + "registered_at": "2023-12-06T22:37:24.120114Z", + "status": "unknown", + "system_id": "b2c0b6a8-8b6a-3a8f-a541-17d8899c119a", + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw" + } + ] + } }, - "MetricNames": { + "InstanceBulkRequestData": { + "type": "object", + "description": "Part of bulk operation on a NGINX instance, only `delete` is supported.", + "required": [ + "action" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/InstanceObjectID" + }, + "action": { + "$ref": "#/components/schemas/BulkRequestAction" + } + }, + "example": { + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" + } + }, + "InstanceBulkRequest": { "type": "array", - "description": "Specify the metrics you want details for.\n\nUsage: \n* List multiple metrics as json objects.\n * You can aggregate metrics with `avg`, `sum`, `min`, `max`, `rate`.\n* Metrics with aggregates require a `start_time`.\n* If you combine aggregated and non-aggregated metrics in a single query, any `group_by` clause applies only to the aggregated metrics.\n", "items": { - "$ref": "#/components/schemas/MetricQuery" + "$ref": "#/components/schemas/InstanceBulkRequestData" }, + "maxItems": 50, "example": [ { - "name": "system.cpu.utilization", - "aggregate": "avg", - "filter": [ - { - "filterSet": [ - { - "dimension": "mode", - "operator": "=", - "values": [ - "system" - ] - } - ] - } - ] + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" + }, + { + "object_id": "inst_PL0c1XodRemmzVEjiXSsTg", + "action": "delete" } ] }, - "MetricQuery": { + "InstanceBulkResponse": { + "description": "The NGINX instance bulk outcome.", + "type": "array", + "items": { + "$ref": "#/components/schemas/BulkRequestObjectStatus" + } + }, + "OperatingSystem": { + "description": "Release details for the operating system.", "type": "object", "required": [ - "name" + "name", + "id", + "codename", + "version", + "version_id" ], "properties": { "name": { - "$ref": "#/components/schemas/MetricName" + "description": "The official name of the operating system release.", + "type": "string" }, - "aggregate": { - "$ref": "#/components/schemas/MetricAggregation" + "id": { + "description": "The distinctive identifier for the operating system release.", + "type": "string" + }, + "codename": { + "description": "The codename assigned to the operating system release.", + "type": "string" + }, + "version": { + "description": "The version label for the operating system, which may include the name and version number or codename.", + "type": "string" + }, + "version_id": { + "description": "The specific version number of the operating system release.", + "type": "string" } + }, + "example": { + "name": "Ubuntu", + "id": "ubuntu", + "codename": "bionic", + "version": "18.04.5 LTS (Bionic Beaver)", + "version_id": "18.04" } }, - "MetricFilterPredicate": { - "type": "string", - "enum": [ - "AND", - "OR" - ], - "x-enum-varnames": [ - "metric_filter_predicate_and", - "metric_filter_predicate_or" - ] - }, - "MetricFilters": { - "type": "array", - "description": "Filter results based on dimension operations against one or more values.\n\nUsage:\n* Format as one or more predicates by providing all required elements.\n * `dimension`: The dimension name you want to filter on.\n * `operator`: The possible operators (`=`, `!=`, `<`, `<=`, `>`, `>=`, `in`, `not`) you can use for comparison or condition checking.\n * `value`: Case sensitive value of the dimension to filter against.\n\nFor more complex filtering:\n\n* Specify a `predicate` for logical expressions (`AND`,`OR`). \n* Use a wildcard `*` in the `value` for matching partial values.\n", - "items": { - "$ref": "#/components/schemas/MetricFilterSet" - }, - "example": [ + "ConfigSyncGroupInstanceMeta": { + "allOf": [ { - "filterSet": [ - { - "dimension": "server_zone", - "operator": "!=", - "values": [ - "server_zone_1" - ] - }, - { - "predicate": "OR", - "dimension": "server_zone", - "operator": "=", - "values": [ - "server_zone_2" - ] - } - ] + "$ref": "#/components/schemas/ConfigSyncGroupMeta" }, { - "predicate": "AND", - "filterSet": [ - { - "dimension": "nginx_id", - "operator": "in", - "values": [ - "id1", - "id2" - ] + "type": "object", + "description": "Additional details on instance in the NGINX config sync group including:\n* config sync status\n", + "properties": { + "instance_config_status": { + "$ref": "#/components/schemas/ConfigSyncStatus" } - ] + } } ] }, - "MetricFilterSet": { - "type": "object", - "description": "Encapsulates one or more `MetricFilter` object(s) to be grouped together.\n", - "required": [ - "filterSet" - ], - "properties": { - "predicate": { - "$ref": "#/components/schemas/MetricFilterPredicate" + "NapSignatureVersion": { + "description": "The version of the NGINX App Protect resource.", + "type": "string", + "example": "2023.12.06" + }, + "NapInstanceAssociation": { + "allOf": [ + { + "$ref": "#/components/schemas/NapAssociation" }, - "filterSet": { - "type": "array", - "items": { - "$ref": "#/components/schemas/MetricFilter" + { + "type": "object", + "required": [ + "threat_campaign_version", + "attack_signature_version", + "bot_signature_version" + ], + "properties": { + "threat_campaign_version": { + "$ref": "#/components/schemas/NapSignatureVersion" + }, + "attack_signature_version": { + "$ref": "#/components/schemas/NapSignatureVersion" + }, + "bot_signature_version": { + "$ref": "#/components/schemas/NapSignatureVersion" + } } } + ], + "example": { + "name": "default_policy", + "version": "2025.05.01", + "policy_object_id": "pol_panEdeY-Sh2rWm365y7wsw", + "policy_version_object_id": "pv_kem7SCosTTOL9mMlNyY2GQ", + "publication_object_id": "pub_72pGHoGsSICL_THZrs964g", + "paths": [ + "/etc/nginx/default_policy.tgz" + ], + "deployment_status": "deployed", + "enforcement_mode": "transparent", + "deployed_on": "2023-12-06T22:37:24.120114Z", + "threat_campaign_version": "2025.01.23", + "attack_signature_version": "2025.01.19", + "bot_signature_version": "2025.01.19" } }, - "MetricFilter": { + "NginxAppProtectDetails": { + "description": "Information regarding NGINX App Protect. Includes version and deployments.\n", "type": "object", "required": [ - "dimension", - "operator", - "values" + "engine_version", + "deployments" ], "properties": { - "dimension": { - "$ref": "#/components/schemas/MetricDimension" + "release_version": { + "description": "The release version of NGINX App Protect.", + "type": "string" }, - "operator": { - "type": "string", - "description": "Static list of all operations supported by filtering\n\n* The `=`, `!=` only use the first element of the `values` array. Wildcards for partial matching is supported.\n* The `in` and `not` both use all elements in the `values` array. Wildcards for partial matching is NOT supported.\n", - "enum": [ - "=", - "!=", - "in", - "not" - ], - "x-enum-varnames": [ - "metric_filter_equal", - "metric_filter_not_equal", - "metric_filter_in", - "metric_filter_not" - ] + "engine_version": { + "description": "The version of the App Protect enforcement engine.", + "type": "string" }, - "values": { + "deployments": { "type": "array", - "description": "Single value used for all operators except `in` and `not`.", "items": { - "type": "string" + "$ref": "#/components/schemas/NapInstanceAssociation" } - }, - "predicate": { - "$ref": "#/components/schemas/MetricFilterPredicate" } } }, - "OrderDirection": { - "type": "string", - "enum": [ - "asc", - "desc" - ], - "x-enum-varnames": [ - "order_by_asc", - "order_by_desc" + "InstanceDetails": { + "type": "object", + "description": "Detailed information about an NGINX instance.", + "allOf": [ + { + "$ref": "#/components/schemas/Instance" + }, + { + "type": "object", + "properties": { + "certs": { + "description": "An array detailing each certificate's information, including its friendly name, unique identifier, applicable file system paths, subject name, and validity dates. \nIt provides insights into the operational status of each certificate, such as whether it's currently valid, nearing expiration, is not ready to be used, or has already expired.\nThe deployment status indicates whether the latest certs and key managed by NGINX One Console are deployed onto this data plane instance.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/CertAssociation" + } + }, + "os": { + "$ref": "#/components/schemas/OperatingSystem" + }, + "config_sync_group": { + "$ref": "#/components/schemas/ConfigSyncGroupInstanceMeta" + }, + "nginx_app_protect": { + "$ref": "#/components/schemas/NginxAppProtectDetails" + }, + "control_plane": { + "$ref": "#/components/schemas/ControlPlaneBaseInfo" + } + } + } ], - "default": "desc" + "example": { + "agent_version": "v2.30.3", + "certs": [ + { + "subject_name": "test.com", + "name": "client", + "cert_type": "cert_key", + "not_after": "2024-01-06T00:01:30Z", + "not_before": "2023-12-07T00:01:30Z", + "cert_paths": [ + "/etc/nginx/client.pem" + ], + "cert_status": "expiring", + "deployment_status": "latest", + "object_id": "cert_Tet21AeYTHCj7taOwVfzyw" + } + ], + "hostname": "4d116619f106", + "key": "key_wN3IhLCmR3qmwybG_6ptEg", + "control_plane": { + "object_id": "ecp_CO1DdBxZToWmr3pTcaQ8QA", + "name": "nginx-ingress-001", + "product_version": "nginx-ingress-controller-4.0.1", + "created_at": "2023-12-06T22:37:24.120114Z" + }, + "last_reported": "2023-12-06T22:37:24.120114Z", + "nginx_build": { + "conf_path": "/etc/nginx/nginx.conf", + "version": "1.25.3" + }, + "nginx_id": "b636d4376dea15405589692d3c5d3869ff3a9b26b0e7bb4bb1aa7e658ace1437", + "os": { + "codename": "jammy", + "id": "ubuntu", + "name": "Ubuntu", + "version": "22.04.3 LTS (Jammy Jellyfish)", + "version_id": "22.04" + }, + "registered_at": "2023-12-06T22:37:24.120114Z", + "status": "unknown", + "system_id": "b2c0b6a8-8b6a-3a8f-a541-17d8899c119a", + "object_id": "inst_-uvR3F2TQGm18jnl7bpaGw" + } }, - "OrderBy": { + "NginxSecurityAdvisory": { "type": "object", - "description": "Sort order of the metric series in your results.\n\nUsage:\n* Provide all required elements. \n * `direction`: The sorting direction either `desc` or `asc`.\n * `dimension`: The dimension for ordering.\n", + "description": "Details about a specific NGINX security advisory, including its severity, a link to more information, and a brief description.", "required": [ - "direction", - "dimension" + "id", + "severity", + "advisory", + "info" ], "properties": { - "direction": { - "$ref": "#/components/schemas/OrderDirection" + "id": { + "description": "The security advisory's unique identifier.", + "type": "string" }, - "dimension": { - "$ref": "#/components/schemas/MetricDimension" + "severity": { + "$ref": "#/components/schemas/CveSeverityType" + }, + "advisory": { + "description": "The URL to detailed information about the security advisory.", + "type": "string" + }, + "info": { + "description": "A brief description of security advisory.", + "type": "string" } } }, - "OrderSeriesBy": { + "CertificateSummaryItem": { + "description": "summary information for certificate with certain status.", "type": "object", - "description": "Sort order of the metric series in your results.\n\nUsage:\n* Provide all required elements. \n * `direction`: The sorting direction either `desc` or `asc`.\n * `aggregate`: The aggregating function.\n", "required": [ - "direction", - "aggregate" + "status", + "count", + "affected_instances" ], "properties": { - "direction": { - "$ref": "#/components/schemas/OrderDirection" - }, - "aggregate": { - "$ref": "#/components/schemas/MetricAggregation", - "default": "sum" - } - } - }, - "MetricName": { - "type": "string", - "description": "Metric names available for querying.\n", - "example": "nginx.http.request.count", - "oneOf": [ - { - "$ref": "#/components/schemas/MetricSystemCpuUtilization" - }, - { - "$ref": "#/components/schemas/MetricSystemFilesystemUsage" - }, - { - "$ref": "#/components/schemas/MetricSystemMemoryUsage" - }, - { - "$ref": "#/components/schemas/MetricSystemCpuLogicalCount" - }, - { - "$ref": "#/components/schemas/MetricSystemNetworkIo" - }, - { - "$ref": "#/components/schemas/MetricNginxHttpRequestCount" + "status": { + "$ref": "#/components/schemas/CertificateStatus" }, - { - "$ref": "#/components/schemas/MetricNginxHttpResponseCount" + "count": { + "description": "The total number of SSL certificates for each status category.", + "type": "integer" }, - { - "$ref": "#/components/schemas/MetricNginxHttpConnectionCount" + "affected_instances": { + "description": "Indicates the total number of SSL/TLS certificates corresponding to the status provided.", + "type": "integer" } - ] - }, - "MetricSystemCpuUtilization": { - "type": "string", - "description": "Total system CPU utilization for 'system' or 'user', percentage. A filter differentiator is needed for specific mode(s).\n\nReplacement for depreciated variant(s):\n * system.cpu.system\n * system.cpu.user\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * mode (applicable filter values: 'system', 'user')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * logical_number\n", - "enum": [ - "system.cpu.utilization" - ] - }, - "MetricSystemFilesystemUsage": { - "type": "string", - "description": "System disk usage statistic, percentage. A filter differentiator is needed for specific state(s).\n\nReplacement for depreciated variant(s):\n * system.disk.in_use\n * system.disk.total\n * system.disk.used\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * state (applicable filter values: 'used', 'free', 'in_use')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * mount_point\n", - "enum": [ - "system.filesystem.usage" - ] - }, - "MetricSystemMemoryUsage": { - "type": "string", - "description": "Total available statistic about system memory usage, bytes. A filter differentiator is needed for specific state(s).\n\nReplacement for depreciated variant(s):\n * system.mem.pct_used\n * system.mem.total\n * system.mem.used\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate \n\nCatalog dimension filter differentiator:\n * state (applicable filter values: 'used', 'free', 'total', 'pct_used')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n", - "enum": [ - "system.memory.usage" - ] - }, - "MetricSystemCpuLogicalCount": { - "type": "string", - "description": "Number of logical (virtual) processor cores created by the operating system.\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate \n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n", - "enum": [ - "system.cpu.logical.count" - ] - }, - "MetricNginxHttpConnectionCount": { - "type": "string", - "description": "Number of connections group by outcome (such as 'ACCEPTED', 'DROPPED', 'ACTIVE', 'IDLE').\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * outcome\n", - "enum": [ - "nginx.http.connection.count" - ] - }, - "MetricSystemNetworkIo": { - "type": "string", - "description": "Network I/O statistics. Number of bytes sent or received per network interface. A filter differentiator is needed for specific I/O direction(s).\n\nReplacement for depreciated variant(s):\n * system.net.bytes_rcvd\n * system.net.bytes_sent\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * io_direction (applicable filter values: 'transmit', 'receive')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * network_interface\n", - "enum": [ - "system.network.io" - ] - }, - "MetricNginxHttpRequestCount": { - "type": "string", - "description": "The current number of client requests received from clients.\n\nReplacement for depreciated variant(s):\n * nginx.http.request.count\n * plus.http.request.count\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * server_zone\n * location_zone\n", - "enum": [ - "nginx.http.request.count" - ] + } }, - "MetricNginxHttpResponseCount": { - "type": "string", - "description": "The current number of responses, grouped by status code range. A filter differentiator is needed for specific status range(s).\n\nReplacement for depreciated variant(s):\n * nginx.http.status.4xx\n * plus.http.status.4xx\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * status_range (applicable filter values: '4xx', '5xx')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id \n * server_zone\n * location_zone\n", - "enum": [ - "nginx.http.response.count" - ] + "OperatingSystemVersionSummary": { + "description": "An array of operating systems and their versions on the NGINX data plane.", + "type": "array", + "items": { + "$ref": "#/components/schemas/SummaryDisplayCount" + } }, - "SettingsInstanceCleanup": { - "type": "object", - "description": "Preferences for automatic cleanup of stale NGINX One Instances.", - "required": [ - "age_out_duration" - ], - "properties": { - "age_out_duration": { - "type": "integer", - "format": "int32", - "description": "Specify the age of `unavailable` NGINX instances for clean up. NGINX instances older than this value in hours will be deleted automatically. Events related to automatically deleted NGINX instances will show up in `/events` API. '0' value disables the automatic clean up of `unavailable` NGINX instances.", - "default": 3, - "minimum": 0, - "maximum": 720 - } - }, - "example": { - "age_out_duration": 3 + "NGINXVersionSummary": { + "description": "An array of NGINX versions installed across the NGINX data plane.", + "type": "array", + "items": { + "$ref": "#/components/schemas/SummaryDisplayCount" } }, - "SettingsACMEIntegration": { + "CveSummary": { + "description": "A summary of Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", "type": "object", - "description": "ACME Integration to provision SSL certificates", "required": [ - "tos_accepted" + "severity", + "count", + "affected_instances" ], "properties": { - "tos_accepted": { - "type": "boolean", - "description": "Accept or deny terms of service for ACME server \n* true - Registers ACME account with the associated server\n* false - Deletes registered ACME account with the associated server\n", - "default": false + "severity": { + "$ref": "#/components/schemas/CveSeverityType" }, - "server": { - "type": "string", - "description": "Name of ACME server to get SSL certificates from\n* `LE` - Let's Encrypt\n", - "enum": [ - "LE" - ], - "x-enum-varnames": [ - "acme_integration_server_lets_encrypt" - ] + "count": { + "description": "The number of CVEs at each severity level.", + "type": "integer" + }, + "affected_instances": { + "description": "The number of NGINX instances affected by each CVE.", + "type": "integer" } } }, - "NginxUsageDeployment": { + "IssueSummary": { + "description": "A summary of issue details from the configuration analysis report.", "type": "object", "required": [ - "integration" + "type", + "count", + "affected_instances" ], "properties": { - "integration": { - "type": "string", - "description": "Type of integration for NGINX Instance", - "enum": [ - "nic", - "ngf" - ], - "x-enum-varnames": [ - "integration_type_nic", - "integration_type_ngf" - ] - }, - "cluster_id": { - "description": "UUID of the Kubernetes cluster where NGINX Instance is deployed", - "type": "string", - "format": "uuid" + "type": { + "$ref": "#/components/schemas/RecommendationType" }, - "cluster_node_count": { - "type": "integer", - "description": "Number of nodes in the cluster where NGINX Instance is deployed", - "minimum": 0 + "count": { + "description": "The number of times this recommendation appears in the configuration analysis report.", + "type": "integer" }, - "installation_id": { - "type": "string", - "description": "UUID of the individual NIC/NGF deployment relationship", - "format": "uuid" + "affected_instances": { + "description": "The number of instances affected by this issue.", + "type": "integer" } } }, - "HttpUsage": { + "InstanceSummary": { + "description": "A summary of NGINX instances, including certificates, OS versions, NGINX versions, and status details.", "type": "object", "properties": { - "client": { - "allOf": [ - { - "$ref": "#/components/schemas/UsageMetrics" - }, - { - "type": "object", - "properties": { - "requests": { - "type": "integer", - "description": "Total requests handled by an NGINX Instance", - "minimum": 0 - } - } - } - ] + "certs": { + "description": "An array detailing each certificate's status across all NGINX instances.", + "type": "array", + "items": { + "$ref": "#/components/schemas/CertificateSummaryItem" + } + }, + "os": { + "$ref": "#/components/schemas/OperatingSystemVersionSummary" + }, + "nginx_versions": { + "$ref": "#/components/schemas/NGINXVersionSummary" + }, + "statuses": { + "$ref": "#/components/schemas/StatusSummary" + }, + "cves": { + "description": "An array summarizing identified Common Vulnerabilities and Exposures (CVEs) across the NGINX data plane.", + "type": "array", + "items": { + "$ref": "#/components/schemas/CveSummary" + } }, - "upstream": { - "$ref": "#/components/schemas/UsageMetrics" + "recommendations": { + "description": "An array summarizing the suggestions from the configuration analysis report.", + "type": "array", + "items": { + "$ref": "#/components/schemas/IssueSummary" + } } } }, - "StreamUsage": { - "type": "object", - "properties": { - "client": { - "$ref": "#/components/schemas/UsageMetrics" - }, - "upstream": { - "$ref": "#/components/schemas/UsageMetrics" - } + "FilterStagedConfigs": { + "type": "string", + "description": "Keywords for staged configs filters.\n", + "enum": [ + "name", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_staged_config_name", + "filter_name_staged_config_object_id" + ] + }, + "StagedConfigObjectID": { + "description": "A globally unique identifier for the NGINX staged config.", + "type": "string", + "format": "object_id", + "pattern": "^sc_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "UsageMetrics": { + "StagedConfigCertificateSummary": { "type": "object", + "description": "Provides a summary of the current status of certificates used in NGINX configurations. It includes the total number of certificates, as well as the counts of expired certificates, those nearing expiration, valid certificates, certificates that are not found, and those that are not ready for use.", + "required": [ + "total", + "expired", + "expiring", + "valid", + "not_found", + "not_ready" + ], "properties": { - "received": { - "type": "integer", - "description": "Total bytes received by an NGINX Instance from clients/upstreams", - "minimum": 0 + "total": { + "description": "Total count of certificates used as `payloads` in NGINX config.", + "type": "integer" }, - "sent": { - "type": "integer", - "description": "Total bytes sent by the NGINX Instance to clients/upstreams", - "minimum": 0 + "expired": { + "description": "The number of certificates that have expired and are no longer valid.", + "type": "integer" }, - "connections": { - "type": "integer", - "description": "Total connections of the NGINX Instance with clients/upstreams", - "minimum": 0 + "expiring": { + "description": "The number of certificates due to expire in the next 30 days.", + "type": "integer" + }, + "valid": { + "description": "The number of certificates that are valid and in good standing.", + "type": "integer" + }, + "not_found": { + "description": "The number of certificates that are not found on NGINX One Console.", + "type": "integer" + }, + "not_ready": { + "description": "The number of certificates that are not ready to be used.", + "type": "integer" } } }, - "NginxUsageHttp": { - "$ref": "#/components/schemas/HttpUsage" - }, - "NginxUsageStream": { - "$ref": "#/components/schemas/StreamUsage" - }, - "NginxUsageTrackingRequest": { + "StagedConfigMeta": { "type": "object", - "description": "Request structure for sending usage information.", + "description": "Summary information of the NGINX staged config.", "required": [ - "version", - "uuid", - "nap", - "start_time", - "end_time" + "object_id", + "name", + "created_at", + "modified_at" ], "properties": { - "version": { - "type": "string", - "description": "Version of the NGINX instance.", - "minLength": 2, - "maxLength": 100 + "object_id": { + "$ref": "#/components/schemas/StagedConfigObjectID" }, - "hostname": { - "type": "string", - "description": "Hostname of the NGINX instance.", - "minLength": 3, - "maxLength": 255 + "name": { + "description": "Name of the NGINX staged config", + "type": "string" }, - "uuid": { + "created_at": { "type": "string", - "description": "UID of the NGINX instance, can be in hyphenated or non-hyphenated format.", - "maxLength": 38 + "format": "date-time", + "description": "The date and time when the NGINX configuration object was created for the instance." }, - "nap": { + "modified_at": { "type": "string", - "description": "NAP status of the NGINX instance.", - "enum": [ - "inactive", - "active" - ], - "x-enum-varnames": [ - "nap_status_inactive", - "nap_status_active" - ] - }, - "http": { - "$ref": "#/components/schemas/NginxUsageHttp" - }, - "stream": { - "$ref": "#/components/schemas/NginxUsageStream" - }, - "deployment": { - "$ref": "#/components/schemas/NginxUsageDeployment" - }, - "start_time": { - "type": "integer", - "description": "Usage collection start time (Unix epoch).", - "minimum": 0 - }, - "end_time": { - "type": "integer", - "description": "Usage collection end time (Unix epoch).", - "minimum": 0 - }, - "workers": { - "type": "integer", - "description": "Number of workers running on the NGINX Instance", - "minimum": 0 - }, - "uptime": { - "type": "integer", - "description": "Number of seconds the NGINX Instance has been continuously running", - "minimum": 0 + "format": "date-time", + "description": "The date and time when the NGINX configuration object was last modified for the instance." }, - "reloads": { - "type": "integer", - "description": "Number of times the instance was reloaded during uptime", - "minimum": 0 + "cert_summary": { + "$ref": "#/components/schemas/StagedConfigCertificateSummary" } } }, - "ChatbotMessage": { - "type": "object", - "description": "A singular message representing the actual content to be sent to AI Gateway.", - "properties": { - "role": { - "description": "The persona sending the prompt. Can be 'user' or 'assistant'.", - "type": "string", - "enum": [ - "user", - "assistant" - ], - "x-enum-varnames": [ - "chatbot_role_user", - "chatbot_role_assistant" - ] + "StagedConfigListResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" }, - "content": { - "description": "The prompt to be sent.", - "type": "string", - "maxLength": 7000 + { + "type": "object", + "description": "List of NGINX staged configs.", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of Staged Config objects.", + "type": "array", + "items": { + "$ref": "#/components/schemas/StagedConfigMeta" + } + } + } } - }, - "required": [ - "role", - "content" - ] + ], + "example": { + "total": 10, + "count": 1, + "start_index": 1, + "items_per_page": 100, + "items": [ + { + "object_id": "sc_Tet21AeYTHCj7taOwVfzyw", + "name": "my-nginx-staged-config", + "created_at": "2023-08-10T16:59:15Z", + "modified_at": "2023-08-10T16:59:15Z" + } + ] + } }, - "ChatbotRequest": { - "type": "object", - "description": "Request structure for sending a prompt to the AI Gateway LLM.", + "StagedConfigName": { + "type": "string", + "description": "A name to identify the NGINX staged config.", + "minLength": 1, + "maxLength": 256, + "pattern": "^[^\\s]+$" + }, + "StagedConfigCreateRequest": { + "description": "Body to create a NGINX staged config. A staged config can be empty; config payload is optional.", + "required": [ + "name" + ], "properties": { - "messages": { - "type": "array", - "items": { - "$ref": "#/components/schemas/ChatbotMessage" - } + "name": { + "$ref": "#/components/schemas/StagedConfigName" + }, + "config": { + "$ref": "#/components/schemas/NginxConfigRequest" } }, - "required": [ - "messages" - ] + "example": { + "name": "my-nginx-staged-config", + "config": { + "aux": [], + "conf_path": "/etc/nginx/nginx.conf", + "configs": [ + { + "files": [ + { + "contents": "string", + "name": "default.conf" + } + ], + "name": "/etc/nginx/conf.d" + } + ] + } + } }, - "ChatbotResponseChoice": { - "type": "object", - "description": "An individual completion option in response to the prompt.", + "StagedConfigCreateResponse": { + "description": "Response to a create NGINX staged config request.", + "required": [ + "object_id", + "name" + ], "properties": { - "index": { - "description": "The index of the value in the array of completions.", - "type": "integer", - "format": "int16" + "object_id": { + "$ref": "#/components/schemas/StagedConfigObjectID" }, - "text": { - "description": "The text of completion.", + "name": { + "description": "Name of the NGINX staged config.", "type": "string" } + }, + "example": { + "name": "my-nginx-staged-config", + "object_id": "sc_Tet21AeYTHCj7taOwVfzyw" } }, - "ChatbotResponse": { - "type": "object", - "description": "Response structure containing details of the LLM's response to the prompt.", + "StagedConfigResponse": { + "description": "Get an NGINX staged config.", "required": [ - "id", - "created", - "choices", - "object" + "name" ], "properties": { - "id": { - "description": "The identifier for the response generated by the AI Gateway.", - "type": "string" - }, - "created": { - "description": "The time when the response was created.", + "name": { "type": "string", - "format": "date-time" - }, - "choices": { - "description": "An array of possible completions in response to the prompt given by the 'user' persona.", - "type": "array", - "items": { - "$ref": "#/components/schemas/ChatbotResponseChoice" - } + "description": "Name of the NGINX staged config." }, - "object": { - "description": "The type of the object that the JSON is describing - will be 'text_completion'", - "type": "string" + "config": { + "$ref": "#/components/schemas/NginxConfig" } } }, - "ChatbotFeedbackTags": { - "type": "object", - "description": "Tags representing chatbot feedback (i.e. \"Inaccurate Data\", \"Unhelpful Answer\")\n", + "StagedConfigUpdateRequest": { + "description": "Body to update a NGINX staged config name and config contents.", "required": [ - "inaccurate", - "unhelpful", - "formatting", - "time", - "other" + "name", + "config" ], "properties": { - "inaccurate": { - "description": "Boolean representing whether the user thought the response from the LLM was inaccurate.", - "type": "boolean" - }, - "unhelpful": { - "description": "Boolean representing whether the user thought the response from the LLM was unhelpful.", - "type": "boolean" - }, - "formatting": { - "description": "Boolean representing whether the user thought the response from the LLM was poorly formatted.", - "type": "boolean" - }, - "time": { - "description": "Boolean representing whether the user thought the response time was too lengthy.", - "type": "boolean" + "name": { + "$ref": "#/components/schemas/StagedConfigName" }, - "other": { - "description": "Boolean representing whether the user wishes to provide any other feedback.", - "type": "boolean" + "config": { + "$ref": "#/components/schemas/NginxConfigRequest" + } + }, + "example": { + "name": "my-nginx-staged-config", + "config": { + "aux": [], + "conf_path": "/etc/nginx/nginx.conf", + "config_version": "c039fbbd5d7f73d894390fb446bd3690da099ed8862b2527299bc2ba", + "configs": [ + { + "files": [ + { + "contents": "string", + "name": "default.conf" + } + ], + "name": "/etc/nginx/conf.d" + } + ] } } }, - "ChatbotFeedback": { - "type": "object", - "description": "Response structure containing user provided feedback for a specific response from the LLM", - "required": [ - "response_id", - "is_positive" - ], + "StagedConfigChangeRequest": { + "description": "Update an NGINX staged config.", "properties": { - "response_id": { - "description": "The identifier for the response which the user is providing feedback on. It can be found in the response headers \"X-Request-ID\" property in a request to the AI Assistant", - "type": "string" - }, - "is_positive": { - "description": "A boolean property representing whether the user found the AI Assistant's response helpful", - "type": "boolean" - }, - "message": { - "description": "Freeform feedback from the user regarding a specific response from the LLM", - "type": "string", - "maxLength": 512 + "name": { + "$ref": "#/components/schemas/StagedConfigName" }, - "tags": { - "$ref": "#/components/schemas/ChatbotFeedbackTags" + "config": { + "$ref": "#/components/schemas/NginxConfigRequest" + } + }, + "example": { + "config": { + "aux": [], + "conf_path": "/etc/nginx/nginx.conf", + "config_version": "c039fbbd5d7f73d894390fb446bd3690da099ed8862b2527299bc2ba", + "configs": [ + { + "files": [ + { + "contents": "string", + "name": "default.conf" + } + ], + "name": "/etc/nginx/conf.d" + } + ] } } }, - "InventoryResponse": { + "MetricQueryResultEx": { "type": "object", "required": [ "query_metadata", @@ -14084,29 +9270,29 @@ ], "properties": { "query_metadata": { - "$ref": "#/components/schemas/InventoryMetricQueryMetadata" + "$ref": "#/components/schemas/MetricQueryMetadata" }, "metrics": { - "description": "An array of collected metrics, which includes the name of the resource, aggregate function, and series details.", + "description": "An array of Metric objects, each including the name of the metric resource, aggregate function, and series details.", "type": "array", "items": { - "$ref": "#/components/schemas/Metric" + "$ref": "#/components/schemas/MetricEx" } } } }, - "InventoryMetricQueryMetadata": { - "description": "Includes details about the time period and resolution of the metrics query.\n", + "MetricQueryMetadata": { + "description": "This object includes details about the time period and resolution (granularity) used in the metrics query.\n", "type": "object", "properties": { "start_time": { - "description": "The start time of your metrics query.", + "description": "The beginning of the time period for the metrics query (inclusive).", "type": "string", "format": "date-time", "example": "2019-08-07T09:57:36.088757764Z" }, "end_time": { - "description": "The end time of your metrics query.", + "description": "The end point for the time period for the metrics query (non-inclusive).", "type": "string", "format": "date-time", "example": "2019-08-07T09:57:36.088757764Z" @@ -14114,11 +9300,11 @@ "resolution": { "description": "The level of granularity for the time series data.", "type": "string", - "example": "1h" + "example": "30m" } } }, - "Metric": { + "MetricEx": { "type": "object", "required": [ "metric", @@ -14127,1349 +9313,1179 @@ "description": "This object represents a metric, including the name of the metric resource, aggregate function, and series details.\n", "properties": { "metric": { - "$ref": "#/components/schemas/InventoryMetricName" + "$ref": "#/components/schemas/MetricName" }, "aggregate": { - "$ref": "#/components/schemas/InventoryMetricAggregation" + "$ref": "#/components/schemas/MetricAggregation" }, "series": { - "description": "An array of data points.\n", + "description": "An array of data points aligned along one or more dimensions from the Dimensions Catalog.\n", "type": "array", "items": { - "$ref": "#/components/schemas/Series" + "$ref": "#/components/schemas/SeriesEx" }, "example": [ { + "dimensions": { + "nginx_id": "some-instance-obj-1", + "parent_hostname": "hostname-for-instance-1" + }, "data": [ { - "timestamp": "2019-08-07T09:00:00Z", + "timestamp": "2019-08-07T09:57:30Z", "value": 10 } ] }, { + "dimensions": { + "nginx_id": "some-instance-obj-2", + "parent_hostname": "hostname-for-instance-2" + }, "data": [ { - "timestamp": "2019-08-07T10:00:00Z", - "value": 5 - } - ] - } - ] - } - } - }, - "Series": { - "description": "This object represents a set of data points.", - "type": "object", - "required": [ - "data" - ], - "properties": { - "data": { - "description": "Array of data points for a metric.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/MetricData" - }, - "example": [ - { - "timestamp": "2019-08-07T09:00:00Z", - "value": 10 - } - ] - } - } - }, - "MetricStartTime": { - "description": "The start time of your metrics query.\n\nUsage:\n* `start_time` is required if `end_time` is specified.\n* If `start_time` and `end_time` isn't provided, the API returns metrics from the current time to the month before the current time.\n* The `start_time` cannot be older than 120 days before the current time.\n\nYou can set the `start_time` in these ways:\n* In ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and unit [`y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds)]. \n* Example of an offset: \"now-3h\" (3 hours before now).\n", - "type": "string", - "example": "2019-08-07T09:57:36.088757764Z" - }, - "MetricEndTime": { - "description": "The end time of your metrics query.\n\nUsage:\n* Must be greater than `start_time`.\n* The time difference between `start_time` and `end_time` should be greater than an hour.\n* The default `end_time` is the current time.\n* The `end_time` cannot be older than 120 days before the current time.\n\nYou can set the `end_time` in these ways:\n* In ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and unit [`y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds)]. \n* Example of an offset: \"now-3h\" (3 hours before now).\n", - "type": "string", - "example": "2019-08-07T09:57:36.088757764Z" - }, - "InventoryMetricAggregation": { - "type": "string", - "description": "Static list of aggregation functions that can be applied to a compatible metric.\n * count\n * sum\n * avg\n * min\n * max\n", - "enum": [ - "count", - "sum", - "avg", - "min", - "max" - ], - "x-enum-varnames": [ - "metric_aggregation_count", - "metric_aggregation_sum", - "metric_aggregation_avg", - "metric_aggregation_min", - "metric_aggregation_max" - ] - }, - "BaseInventoryQueryRequest": { - "type": "object", - "required": [ - "metrics" - ], - "properties": { - "metrics": { - "$ref": "#/components/schemas/InventoryMetricNames" - }, - "start_time": { - "$ref": "#/components/schemas/MetricStartTime" - }, - "end_time": { - "$ref": "#/components/schemas/MetricEndTime" - } - } - }, - "InventoryMetricQueryRequest": { - "type": "object", - "allOf": [ - { - "$ref": "#/components/schemas/BaseInventoryQueryRequest" - } - ] - }, - "InventoryMetricNames": { - "type": "array", - "description": "Specify the metrics to collect.\n\nUsage: \n* List multiple metrics as JSON objects.\n* You can aggregate metrics with `count`, `sum`, `avg`, `min`, `max`.\n", - "items": { - "$ref": "#/components/schemas/InventoryMetricQuery" - }, - "example": [ - { - "name": "nginx.plus.instances", - "aggregate": [ - "count" - ] - } - ] - }, - "InventoryMetricQuery": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "$ref": "#/components/schemas/InventoryMetricName" - }, - "aggregate": { - "type": "array", - "items": { - "$ref": "#/components/schemas/InventoryMetricAggregation" - } - } - } - }, - "InventoryMetricName": { - "type": "string", - "description": "Metric names available for querying.\n", - "example": "nginx.plus.instances", - "oneOf": [ - { - "$ref": "#/components/schemas/MetricNginxInstancesPlus" - }, - { - "$ref": "#/components/schemas/MetricK8sClusterNodes" - } - ] - }, - "MetricNginxInstancesPlus": { - "type": "string", - "description": "Total number of nginx plus instances.\n\nAggregation(s) supported:\n * count\n * sum\n * avg\n * min\n * max\n", - "enum": [ - "nginx.plus.instances" - ] - }, - "MetricK8sClusterNodes": { - "type": "string", - "description": "Sum of the Kubernetes worker nodes where nginx plus instances are deployed in a Kubernetes cluster.\n\nAggregation(s) supported:\n * count\n * sum\n * avg\n * min\n * max\n", - "enum": [ - "k8s.cluster.nodes" - ] - }, - "FilterNameNapSignatures": { - "type": "string", - "description": "Keywords for NGINX App Protect signature filters.\nWhen filtering on `accuracy`, only the following `filter_values` are supported:\n * high\n * medium\n * low\nWhen filtering on `risk`, only the following `filter_values` are supported:\n * high\n * medium\n * low\nWhen filtering on `signature_type`, only the following `filter_values` are supported:\n * request\n * response\n", - "enum": [ - "accuracy", - "risk", - "signature_type" - ], - "x-enum-varnames": [ - "filter_name_nap_signature_accuracy", - "filter_name_nap_signature_risk", - "filter_name_nap_signature_signature_type" - ] - }, - "FilterNameNapSignatureSets": { - "type": "string", - "description": "Keywords for NGINX App Protect signature set filters.\nWhen filtering on `type`, only the following `filter_values` are supported:\n * filter-based\n * manual\n", - "enum": [ - "type", - "name" - ], - "x-enum-varnames": [ - "filter_name_nap_signature_set_type", - "filter_name_nap_signature_set_name" - ] - }, - "NapSignatureID": { - "description": "An unique identifier for the NGINX App Protect signature.", - "type": "integer", - "pattern": "^\\d{9}" - }, - "NapSignatureSetObjectID": { - "description": "A globally unique identifier for the NGINX App Protect signature set.", - "type": "string", - "format": "object_id", - "pattern": "^sigset_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + "timestamp": "2019-08-07T09:58:30Z", + "value": 5 + } + ] + } + ] + } } }, - "VersionsList": { + "SeriesEx": { + "description": "This object represents a set of data points aligned along one or more dimensions from the Dimensions Catalog.", "type": "object", "required": [ - "items" + "dimensions", + "data" ], "properties": { - "items": { - "description": "An array of versions.", + "dimensions": { + "description": "This object represents a set of data points aligned along one or more dimensions.\n", + "type": "object", + "additionalProperties": { + "description": "The name(s) of the dimensions used in the metrics query.\n", + "type": "string" + }, + "example": { + "nginx_id": "some-instance-object-id", + "parent_hostname": "hostname-for-instance" + } + }, + "data": { + "description": "Array of data points for a metric.\n", "type": "array", "items": { - "$ref": "#/components/schemas/NapSignatureVersion" - } + "$ref": "#/components/schemas/MetricData" + }, + "example": [ + { + "timestamp": "2019-08-07T09:57:30Z", + "value": 10 + } + ] } } }, - "NapVersion": { - "description": "A collection of NGINX App Protect release and associated engine versions.", + "MetricData": { "type": "object", "required": [ - "release", - "engine" + "timestamp", + "value" ], "properties": { - "release": { - "description": "The version of the NGINX App Protect release.", - "type": "string" + "timestamp": { + "type": "string", + "description": "A date-time string that represent when the data point in the series was recorded.\n", + "format": "date-time" }, - "engine": { - "description": "The version of the NGINX App Protect engine.", - "type": "string" + "value": { + "type": "number", + "format": "double", + "nullable": true, + "description": "A value for the data, where `null` indicates a gap.\n" } } }, - "ThreatCampaignVersionsListResponse": { - "$ref": "#/components/schemas/VersionsList" + "StartTime": { + "description": "Sets the beginning of the time period for your metrics query (inclusive).\n\nUsage:\n* `start_time` is required if `end_time` is specified.\n* If `start_time` isn't provided, the API returns the latest metrics.\n* `start_time` is required for aggregated metrics in order to calculate the `resolution` (granularity).\n\nTime can be specified in two ways:\n* Using ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and the appropriate time unit. The time unit can can be `y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds). \nExample of an offset: \"now-3h\" (3 hours before now).\n", + "type": "string", + "example": "2019-08-07T09:57:36.088757764Z" }, - "AttackSignatureVersionsListResponse": { - "$ref": "#/components/schemas/VersionsList" + "EndTime": { + "description": "Sets the end point for the time period for your metrics query (non-inclusive).\n\nUsage:\n* Must be greater than `start_time`.\n* If `start_time` is specified and `end_time` is not, `end_time` defaults to the current time.\n\nTime can be specified in two ways:\n* Using ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and the appropriate time unit. The time unit can can be `y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds). \nExample of an offset: \"now-3h\" (3 hours before now).\n", + "type": "string", + "example": "2019-08-07T09:57:36.088757764Z" }, - "BotSignatureVersionsListResponse": { - "$ref": "#/components/schemas/VersionsList" + "MetricAggregation": { + "type": "string", + "description": "Static list of aggregation functions that can be applied to a compatible metric.\n * min\n * max\n * sum\n * avg\n * rate\n", + "enum": [ + "min", + "max", + "sum", + "avg", + "rate" + ], + "x-enum-varnames": [ + "metric_aggregation_min", + "metric_aggregation_max", + "metric_aggregation_sum", + "metric_aggregation_avg", + "metric_aggregation_rate" + ] }, - "NapVersionsListResponse": { - "description": "List of NGINX App Protect versions.", + "MetricDimensions": { "type": "array", + "description": "List the dimensions to include in the response for each metric series.\n\nUsage:\n\n* Specify the list of dimensions. Dimensions not specified in this parameter will be hidden in the results.\n* If you specify dimensions in `group_by`, you don't need to list them again in `dimensions`. \nHowever, if you are using `group_by`, then any dimensions you list in `dimensions` must also be included in `group_by`.\n * To return a single series, specify the metric name with aggregation (for example, `{ \"name\": \"agent.cpu.system\", \"aggregate\": \"avg\" }`) and leave the `dimensions` parameter empty.\n", "items": { - "$ref": "#/components/schemas/NapVersion" + "$ref": "#/components/schemas/MetricDimension" } }, - "NapPolicy": { - "description": "The base64-encoded contents of the NGINX App Protect policy.", - "type": "object", - "required": [ - "policy" - ], - "properties": { - "policy": { - "type": "string", - "format": "base64", - "maxLength": 3145728 - } + "GroupByDimensions": { + "type": "array", + "description": "Group the query results by the specified dimension(s).\n\nUsage:\n* Specify the list of dimensions.\n* For `group_by` to work, all metrics in the `names` parameter must be aggregated.\n", + "items": { + "$ref": "#/components/schemas/MetricDimension" } }, - "NapPolicyObject": { - "allOf": [ - { - "$ref": "#/components/schemas/NapPolicyMetadata" - }, - { - "$ref": "#/components/schemas/NapPolicyDeployments" - } - ] - }, - "NapPolicyMetadata": { - "description": "Summary information about NGINX App Protect policy.", - "type": "object", - "required": [ - "object_id", - "name", - "latest" - ], - "properties": { - "object_id": { - "$ref": "#/components/schemas/NapPolicyObjectID" - }, - "name": { - "description": "The name of the NGINX App Protect policy.", - "type": "string" - }, - "description": { - "type": "string", - "description": "Some detail on the NGINX App Protect policy." - }, - "latest": { - "$ref": "#/components/schemas/NapPolicyVersionMetadata" - } + "TopXMetricDimensions": { + "type": "array", + "description": "List additional dimensions to include in the response for each metric series. The dimension specified by `group_series_by` will be included by default.\n", + "items": { + "$ref": "#/components/schemas/MetricDimension" } }, - "NapPolicyListResponse": { - "description": "List of all NGINX App Protect policies.", - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" - }, - { - "description": "List of NGINX App Protect policies.", - "type": "object", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of NGINX App Protect policy objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NapPolicyObject" - } - } - }, - "example": { - "items": [ - { - "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", - "name": "test-policy", - "description": "test policy", - "deployments": [ - { - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "enforcement_mode": "blocking", - "policy_version": "2023-12-06 22:37:24", - "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw", - "deployed_on": "2023-12-06T22:37:24.120114Z" - } - ], - "latest": { - "object_id": "pv_-uvR3F2TQGm18jnl7bpaGw", - "version": "2023-12-06 22:37:24", - "created_at": "2023-12-06T22:37:24.120114Z", - "deployment_status": "deployed", - "enforcement_mode": "blocking" - } - } - ] - } - } + "MetricDimension": { + "type": "string", + "default": "display_name", + "description": "Static list of all metric dimensions.\n * `display_name` - The display name of the NGINX instance.\n * `file_path` - Path to a desired file.\n * `parent_hostname` - The hostname of the NGINX Plus instance.\n * `instance_object_id` - Instance Object ID is the unique identifier for an Instance registered with NGINX One Console.\n * `location_zone` - The name of an HTTP location zone.\n * `mount_point` - A filesystem mount point.\n * `namespace` - The Namespace associated with the metric data.\n * `network_interface` - A server network interface.\n * `nginx_id` - The unique identifier of an nginx instance running on the data plane.\n * `server_zone` - The name of an HTTP or Stream server zone.\n * `system_id` - The unique identifier of the the operating system where nginx-agent is running.\n * `tenant` - The Tenant associated with the metric data.\n * `csg_object_id` - Config Sync Group Object ID is the unique identifier for a Config Sync Group registered with NGINX One Console.\n * `mode` - Variant value associated with metric `system.cpu.utilization`.\n * `state` - Variant value associated with metrics `system.filesystem.usage`, `system.memory.usage`.\n * `io_direction` - Variant value associated with metric `system.network.io`.\n * `status_range` - Variant value associated with metric `nginx.http.response.count`.\n * `logical_number` - Variant value associated with metrics that result in a processor number.\n * `outcome` - Variant value associated with metrics that result in an outcome .\n", + "enum": [ + "display_name", + "file_path", + "parent_hostname", + "instance_object_id", + "location_zone", + "mount_point", + "namespace", + "network_interface", + "nginx_id", + "server_zone", + "system_id", + "tenant", + "csg_object_id", + "mode", + "state", + "io_direction", + "status_range", + "logical_number", + "outcome" + ], + "x-enum-varnames": [ + "metric_dimension_display_name", + "metric_dimension_file_path", + "metric_dimension_hostname", + "metric_dimension_instance_object_id", + "metric_dimension_location_zone", + "metric_dimension_mount_point", + "metric_dimension_namespace", + "metric_dimension_network_interface", + "metric_dimension_nginx_id", + "metric_dimension_server_zone", + "metric_dimension_system_id", + "metric_dimension_tenant", + "metric_dimension_csg_object_id", + "metric_dimension_mode", + "metric_dimension_state", + "metric_dimension_io_direction", + "metric_dimension_status_range", + "metric_dimension_logical_number", + "metric_dimension_outcome" ] }, - "NapPolicyVersionDeployments": { - "type": "object", - "properties": { - "deployments": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NapPolicyVersionDeployment" - } - } - } - }, - "NapDeploymentAssociation": { - "type": "object", - "required": [ - "associated_type", - "associated_object_id", - "associated_name" + "BaseMetricQueryRequest": { + "type": "object", + "required": [ + "metrics", + "start_time", + "resolution" ], "properties": { - "associated_type": { - "$ref": "#/components/schemas/DeploymentAssociatedType" + "metrics": { + "$ref": "#/components/schemas/MetricNames" }, - "associated_object_id": { - "$ref": "#/components/schemas/ObjectID" + "filter": { + "$ref": "#/components/schemas/MetricFilters" }, - "associated_name": { - "$ref": "#/components/schemas/DeploymentAssociatedName" + "start_time": { + "$ref": "#/components/schemas/StartTime" + }, + "end_time": { + "$ref": "#/components/schemas/EndTime" + }, + "resolution": { + "type": "string", + "description": "Specifies the level of granularity for time series data in your results. Applicable only for endpoints that return time series data.\n\nUsage: \n* Specify as a string with a number followed by a unit of time, such as `y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes) or `s` (seconds).\n* Metrics in `names` must be aggregated.\n* `start_time` is required.\n* If `resolution` is not set, the API returns the maximum resolution (`end_time` - `start_time`).\n", + "example": "30s" } } }, - "NapPolicyVersionDeployment": { + "MetricQueryRequest": { + "type": "object", "allOf": [ { - "$ref": "#/components/schemas/NapDeploymentAssociation" + "$ref": "#/components/schemas/BaseMetricQueryRequest" }, { "type": "object", - "description": "Information about a NGINX App Protect policy deployment.\n", - "required": [ - "publication_object_id", - "status", - "deployed_on" - ], "properties": { - "publication_object_id": { - "$ref": "#/components/schemas/PublicationObjectID" + "dimensions": { + "$ref": "#/components/schemas/MetricDimensions" }, - "status": { - "$ref": "#/components/schemas/NapDeploymentStatus" + "group_by": { + "$ref": "#/components/schemas/GroupByDimensions" }, - "deployed_on": { - "description": "Date and time of the deployment.", - "type": "string", - "format": "date-time" + "order_by": { + "description": "List the order by for dimension(s).\n\nUsage:\n\n* Must be a dimension included by `dimensions` or `group_by`.\n", + "type": "array", + "items": { + "$ref": "#/components/schemas/OrderBy" + } } - }, - "example": { - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "deployed_on": "2023-12-06T22:37:24.120114Z" } } ] }, - "NapPolicyDeployments": { - "type": "object", - "required": [ - "deployments" - ], - "properties": { - "deployments": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NapPolicyDeployment" - } - } - } - }, - "NapPolicyDeployment": { - "description": "detailed information about a NGINX App Protect policy deployment.", + "MetricTopXQueryRequest": { "type": "object", - "required": [ - "publication_object_id", - "associated_object_id", - "associated_name", - "associated_type", - "enforcement_mode", - "status", - "policy_version", - "policy_version_object_id", - "deployed_on" - ], "allOf": [ { - "$ref": "#/components/schemas/NapPolicyVersionDeployment" + "$ref": "#/components/schemas/BaseMetricQueryRequest" }, { "type": "object", "required": [ - "enforcement_mode", - "policy_version", - "policy_version_object_id" + "series_limit", + "group_series_by" ], "properties": { - "enforcement_mode": { - "$ref": "#/components/schemas/NapPolicyEnforcementMode" + "dimensions": { + "$ref": "#/components/schemas/TopXMetricDimensions" }, - "policy_version": { - "description": "The version associated with the NGINX App Protect policy.", - "type": "string" + "series_limit": { + "type": "integer", + "example": 25, + "description": "Sets the maximum number of series that can be returned. \n\nNotes:\n* Always returns an additional series with a dimension named `all`, aggregating the values of all metrics included in the results.\n* A series with a dimension named `other` may be returned, aggregating the values of metrics not included in the results.\n" }, - "policy_version_object_id": { - "$ref": "#/components/schemas/NapPolicyVersionObjectID" + "group_series_by": { + "$ref": "#/components/schemas/MetricDimension" + }, + "order_series_by": { + "$ref": "#/components/schemas/OrderSeriesBy" } } } - ], - "example": { - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "deployed_on": "2023-12-06T22:37:24.120114Z", - "enforcement_mode": "blocking", - "policy_version": "2023-12-06 22:37:24", - "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw" - } + ] }, - "NapPolicyDeploymentDetails": { + "MetricNames": { + "type": "array", + "description": "Specify the metrics you want details for.\n\nUsage: \n* List multiple metrics as json objects.\n * You can aggregate metrics with `avg`, `sum`, `min`, `max`, `rate`.\n* Metrics with aggregates require a `start_time`.\n* If you combine aggregated and non-aggregated metrics in a single query, any `group_by` clause applies only to the aggregated metrics.\n", + "items": { + "$ref": "#/components/schemas/MetricQuery" + }, + "example": [ + { + "name": "system.cpu.utilization", + "aggregate": "avg", + "filter": [ + { + "filterSet": [ + { + "dimension": "mode", + "operator": "=", + "values": [ + "system" + ] + } + ] + } + ] + } + ] + }, + "MetricQuery": { "type": "object", "required": [ - "publication_object_id", - "associated_object_id", - "associated_name", - "associated_type", - "enforcement_mode", - "status", - "policy_version", - "policy_version_object_id", - "deployed_on", - "threat_campaign_version", - "attack_signature_version", - "bot_signature_version" + "name" ], - "allOf": [ - { - "$ref": "#/components/schemas/NapPolicyDeployment" + "properties": { + "name": { + "$ref": "#/components/schemas/MetricName" }, + "aggregate": { + "$ref": "#/components/schemas/MetricAggregation" + } + } + }, + "MetricFilterPredicate": { + "type": "string", + "enum": [ + "AND", + "OR" + ], + "x-enum-varnames": [ + "metric_filter_predicate_and", + "metric_filter_predicate_or" + ] + }, + "MetricFilters": { + "type": "array", + "description": "Filter results based on dimension operations against one or more values.\n\nUsage:\n* Format as one or more predicates by providing all required elements.\n * `dimension`: The dimension name you want to filter on.\n * `operator`: The possible operators (`=`, `!=`, `<`, `<=`, `>`, `>=`, `in`, `not`) you can use for comparison or condition checking.\n * `value`: Case sensitive value of the dimension to filter against.\n\nFor more complex filtering:\n\n* Specify a `predicate` for logical expressions (`AND`,`OR`). \n* Use a wildcard `*` in the `value` for matching partial values.\n", + "items": { + "$ref": "#/components/schemas/MetricFilterSet" + }, + "example": [ { - "type": "object", - "properties": { - "threat_campaign_version": { - "$ref": "#/components/schemas/NapSignatureVersion" - }, - "attack_signature_version": { - "$ref": "#/components/schemas/NapSignatureVersion" + "filterSet": [ + { + "dimension": "server_zone", + "operator": "!=", + "values": [ + "server_zone_1" + ] }, - "bot_signature_version": { - "$ref": "#/components/schemas/NapSignatureVersion" + { + "predicate": "OR", + "dimension": "server_zone", + "operator": "=", + "values": [ + "server_zone_2" + ] } - } + ] + }, + { + "predicate": "AND", + "filterSet": [ + { + "dimension": "nginx_id", + "operator": "in", + "values": [ + "id1", + "id2" + ] + } + ] } + ] + }, + "MetricFilterSet": { + "type": "object", + "description": "Encapsulates one or more `MetricFilter` object(s) to be grouped together.\n", + "required": [ + "filterSet" ], - "example": { - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "policy_version": "2023-12-06 22:37:24", - "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw", - "deployed_on": "2023-12-06T22:37:24.120114Z", - "enforcement_mode": "blocking", - "threat_campaign_version": "2023.12.06", - "attack_signature_version": "2023.12.06", - "bot_signature_version": "2023.12.06" + "properties": { + "predicate": { + "$ref": "#/components/schemas/MetricFilterPredicate" + }, + "filterSet": { + "type": "array", + "items": { + "$ref": "#/components/schemas/MetricFilter" + } + } } }, - "NapPolicyDeploymentsListResponse": { - "description": "List of all NGINX App Protect deployments.", - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" + "MetricFilter": { + "type": "object", + "required": [ + "dimension", + "operator", + "values" + ], + "properties": { + "dimension": { + "$ref": "#/components/schemas/MetricDimension" }, - { - "type": "object", - "required": [ - "items" + "operator": { + "type": "string", + "description": "Static list of all operations supported by filtering\n\n* The `=`, `!=` only use the first element of the `values` array. Wildcards for partial matching is supported.\n* The `in` and `not` both use all elements in the `values` array. Wildcards for partial matching is NOT supported.\n", + "enum": [ + "=", + "!=", + "in", + "not" ], - "properties": { - "items": { - "description": "An array of NGINX App Protect deployments.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NapPolicyDeploymentDetails" - } - } - }, - "example": { - "items": [ - { - "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", - "associated_name": "test-instance", - "associated_type": "instance", - "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", - "status": "deployed", - "policy_version": "2023-12-06 22:37:24", - "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw", - "deployed_on": "2023-12-06T22:37:24.120114Z", - "enforcement_mode": "blocking", - "threat_campaign_version": "2023.12.06", - "attack_signature_version": "2023.12.06", - "bot_signature_version": "2023.12.06" - } - ] + "x-enum-varnames": [ + "metric_filter_equal", + "metric_filter_not_equal", + "metric_filter_in", + "metric_filter_not" + ] + }, + "values": { + "type": "array", + "description": "Single value used for all operators except `in` and `not`.", + "items": { + "type": "string" } + }, + "predicate": { + "$ref": "#/components/schemas/MetricFilterPredicate" } - ] + } }, - "NapPolicyVersionMetadata": { + "OrderDirection": { + "type": "string", + "enum": [ + "asc", + "desc" + ], + "x-enum-varnames": [ + "order_by_asc", + "order_by_desc" + ], + "default": "desc" + }, + "OrderBy": { "type": "object", - "description": "Summary information about the specific NGINX App Protect policy version.", + "description": "Sort order of the metric series in your results.\n\nUsage:\n* Provide all required elements. \n * `direction`: The sorting direction either `desc` or `asc`.\n * `dimension`: The dimension for ordering.\n", "required": [ - "object_id", - "version", - "enforcement_mode", - "created_at" + "direction", + "dimension" ], "properties": { - "object_id": { - "$ref": "#/components/schemas/NapPolicyVersionObjectID" - }, - "version": { - "$ref": "#/components/schemas/NapSignatureVersion" - }, - "enforcement_mode": { - "$ref": "#/components/schemas/NapPolicyEnforcementMode" + "direction": { + "$ref": "#/components/schemas/OrderDirection" }, - "created_at": { - "description": "The date and time when the NGINX App Protect policy version was created.", - "type": "string", - "format": "date-time" + "dimension": { + "$ref": "#/components/schemas/MetricDimension" } } }, - "NapPolicyVersionDetails": { - "description": "Detailed information about NGINX App Protect policy version.", + "OrderSeriesBy": { "type": "object", + "description": "Sort order of the metric series in your results.\n\nUsage:\n* Provide all required elements. \n * `direction`: The sorting direction either `desc` or `asc`.\n * `aggregate`: The aggregating function.\n", "required": [ - "policy", - "object_id", - "version", - "enforcement_mode", - "created_at" + "direction", + "aggregate" ], - "allOf": [ + "properties": { + "direction": { + "$ref": "#/components/schemas/OrderDirection" + }, + "aggregate": { + "$ref": "#/components/schemas/MetricAggregation", + "default": "sum" + } + } + }, + "MetricName": { + "type": "string", + "description": "Metric names available for querying.\n", + "example": "nginx.http.request.count", + "oneOf": [ { - "$ref": "#/components/schemas/NapPolicyVersionMetadata" + "$ref": "#/components/schemas/MetricSystemCpuUtilization" }, { - "$ref": "#/components/schemas/NapPolicy" + "$ref": "#/components/schemas/MetricSystemFilesystemUsage" }, { - "$ref": "#/components/schemas/NapPolicyVersionDeployments" - } - ] - }, - "NapPolicyVersionObject": { - "description": "Summary information about NGINX App Protect policy version.", - "allOf": [ + "$ref": "#/components/schemas/MetricSystemMemoryUsage" + }, { - "$ref": "#/components/schemas/NapPolicyVersionMetadata" + "$ref": "#/components/schemas/MetricSystemCpuLogicalCount" }, { - "$ref": "#/components/schemas/NapPolicyVersionDeployments" + "$ref": "#/components/schemas/MetricSystemNetworkIo" }, { - "type": "object", - "required": [ - "latest" - ], - "properties": { - "latest": { - "description": "Indicates whether the NGINX App Protect policy version is latest. Default (`false`) returns the current policy. \nWhen set to `true`, returns the latest policy.\n", - "type": "boolean", - "default": false - } - } - } - ] - }, - "NapPolicyVersionsListResponse": { - "description": "List of all NGINX App Protect versions.", - "allOf": [ + "$ref": "#/components/schemas/MetricNginxHttpRequestCount" + }, { - "$ref": "#/components/schemas/PaginationResponse" + "$ref": "#/components/schemas/MetricNginxHttpResponseCount" }, { - "type": "object", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of NGINX App Protect version objects.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NapPolicyVersionObject" - } - } - }, - "example": { - "items": [ - { - "version": "2023-12-06 22:37:24", - "object_id": "pv_-uvR3F2TQGm18jnl7bpaGw", - "created_at": "2023-12-06T22:37:24.120114Z", - "enforcement_mode": "blocking", - "latest": false - } - ] - } + "$ref": "#/components/schemas/MetricNginxHttpConnectionCount" } ] }, - "NapLogProfileListResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" - }, - { - "type": "object", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of NGINX App Protect log profiles.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NapLogProfileMetadata" - } - } - } - } + "MetricSystemCpuUtilization": { + "type": "string", + "description": "Total system CPU utilization for 'system' or 'user', percentage. A filter differentiator is needed for specific mode(s).\n\nReplacement for depreciated variant(s):\n * system.cpu.system\n * system.cpu.user\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * mode (applicable filter values: 'system', 'user')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * logical_number\n", + "enum": [ + "system.cpu.utilization" + ] + }, + "MetricSystemFilesystemUsage": { + "type": "string", + "description": "System disk usage statistic, percentage. A filter differentiator is needed for specific state(s).\n\nReplacement for depreciated variant(s):\n * system.disk.in_use\n * system.disk.total\n * system.disk.used\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * state (applicable filter values: 'used', 'free', 'in_use')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * mount_point\n", + "enum": [ + "system.filesystem.usage" + ] + }, + "MetricSystemMemoryUsage": { + "type": "string", + "description": "Total available statistic about system memory usage, bytes. A filter differentiator is needed for specific state(s).\n\nReplacement for depreciated variant(s):\n * system.mem.pct_used\n * system.mem.total\n * system.mem.used\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate \n\nCatalog dimension filter differentiator:\n * state (applicable filter values: 'used', 'free', 'total', 'pct_used')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n", + "enum": [ + "system.memory.usage" + ] + }, + "MetricSystemCpuLogicalCount": { + "type": "string", + "description": "Number of logical (virtual) processor cores created by the operating system.\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate \n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n", + "enum": [ + "system.cpu.logical.count" + ] + }, + "MetricNginxHttpConnectionCount": { + "type": "string", + "description": "Number of connections group by outcome (such as 'ACCEPTED', 'DROPPED', 'ACTIVE', 'IDLE').\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * outcome\n", + "enum": [ + "nginx.http.connection.count" ] }, - "NapLogProfileGetResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/NapLogProfileMetadata" - }, - { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "description": "The NGINX App Protect log profile configuration.", - "type": "string" - } - } - } + "MetricSystemNetworkIo": { + "type": "string", + "description": "Network I/O statistics. Number of bytes sent or received per network interface. A filter differentiator is needed for specific I/O direction(s).\n\nReplacement for depreciated variant(s):\n * system.net.bytes_rcvd\n * system.net.bytes_sent\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * io_direction (applicable filter values: 'transmit', 'receive')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * network_interface\n", + "enum": [ + "system.network.io" ] }, - "NapLogProfileMetadata": { + "MetricNginxHttpRequestCount": { + "type": "string", + "description": "The current number of client requests received from clients.\n\nReplacement for depreciated variant(s):\n * nginx.http.request.count\n * plus.http.request.count\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * server_zone\n * location_zone\n", + "enum": [ + "nginx.http.request.count" + ] + }, + "MetricNginxHttpResponseCount": { + "type": "string", + "description": "The current number of responses, grouped by status code range. A filter differentiator is needed for specific status range(s).\n\nReplacement for depreciated variant(s):\n * nginx.http.status.4xx\n * plus.http.status.4xx\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * status_range (applicable filter values: '4xx', '5xx')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id \n * server_zone\n * location_zone\n", + "enum": [ + "nginx.http.response.count" + ] + }, + "SettingsInstanceCleanup": { "type": "object", + "description": "Preferences for automatic cleanup of stale NGINX One Instances.", "required": [ - "name", - "object_id" + "age_out_duration" ], "properties": { - "name": { - "type": "string", - "description": "The name of the NGINX App Protect log profile." - }, - "object_id": { - "$ref": "#/components/schemas/NapLogProfileObjectID" - }, - "description": { - "description": "Optional field to describe the NGINX App Protect log profile.", - "type": "string", - "minLength": 5, - "maxLength": 256 + "age_out_duration": { + "type": "integer", + "format": "int32", + "description": "Specify the age of `unavailable` NGINX instances for clean up. NGINX instances older than this value in hours will be deleted automatically. Events related to automatically deleted NGINX instances will show up in `/events` API. '0' value disables the automatic clean up of `unavailable` NGINX instances.", + "default": 3, + "minimum": 0, + "maximum": 720 } + }, + "example": { + "age_out_duration": 3 } }, - "NapGlobalSettingsListResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/PaginationResponse" - }, - { - "type": "object", - "required": [ - "items" - ], - "properties": { - "items": { - "description": "An array of NGINX App Protect global settings.", - "type": "array", - "items": { - "$ref": "#/components/schemas/NapGlobalSettingMetadata" + "HttpUsage": { + "type": "object", + "properties": { + "client": { + "allOf": [ + { + "$ref": "#/components/schemas/UsageMetrics" + }, + { + "type": "object", + "properties": { + "requests": { + "type": "integer", + "description": "Total requests handled by an NGINX Instance", + "minimum": 0 + } } } - } + ] + }, + "upstream": { + "$ref": "#/components/schemas/UsageMetrics" } - ] + } }, - "NapGlobalSettingGetResponse": { - "allOf": [ - { - "$ref": "#/components/schemas/NapGlobalSettingMetadata" + "StreamUsage": { + "type": "object", + "properties": { + "client": { + "$ref": "#/components/schemas/UsageMetrics" }, - { - "type": "object", - "required": [ - "config" - ], - "properties": { - "config": { - "description": "The NGINX App Protect global setting configuration.", - "type": "string" - } - } + "upstream": { + "$ref": "#/components/schemas/UsageMetrics" } - ] + } }, - "NapGlobalSettingMetadata": { + "UsageMetrics": { "type": "object", - "required": [ - "name", - "object_id" - ], "properties": { - "name": { - "type": "string", - "description": "The name of the NGINX App Protect global setting object." + "received": { + "type": "integer", + "description": "Total bytes received by an NGINX Instance from clients/upstreams", + "minimum": 0 }, - "description": { - "description": "Optional field to describe the NGINX App Protect global setting object.", - "type": "string", - "minLength": 5, - "maxLength": 256 + "sent": { + "type": "integer", + "description": "Total bytes sent by the NGINX Instance to clients/upstreams", + "minimum": 0 }, - "object_id": { - "$ref": "#/components/schemas/NapGlobalSettingObjectID" + "connections": { + "type": "integer", + "description": "Total connections of the NGINX Instance with clients/upstreams", + "minimum": 0 } } }, - "NapGlobalSettingCreateRequest": { - "description": "Create NGINX App Protect global setting object.", + "NginxUsageHttp": { + "$ref": "#/components/schemas/HttpUsage" + }, + "NginxUsageStream": { + "$ref": "#/components/schemas/StreamUsage" + }, + "MetricStartTime": { + "description": "The start time of your metrics query.\n\nUsage:\n* `start_time` is required if `end_time` is specified.\n* If `start_time` and `end_time` isn't provided, the API returns metrics from the current time to the month before the current time.\n* The `start_time` cannot be older than 120 days before the current time.\n\nYou can set the `start_time` in these ways:\n* In ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and unit [`y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds)]. \n* Example of an offset: \"now-3h\" (3 hours before now).\n", + "type": "string", + "example": "2019-08-07T09:57:36.088757764Z" + }, + "MetricEndTime": { + "description": "The end time of your metrics query.\n\nUsage:\n* Must be greater than `start_time`.\n* The time difference between `start_time` and `end_time` should be greater than an hour.\n* The default `end_time` is the current time.\n* The `end_time` cannot be older than 120 days before the current time.\n\nYou can set the `end_time` in these ways:\n* In ISO 8601 format. For example, \"2019-08-07T09:57:36.088757764Z\".\n* As an offset from the current time. For the offset, use `+` or `-`, followed by a number and unit [`y` (years), `M` (months), `w` (weeks), `d` (days), `h` (hours), `m` (minutes), or `s` (seconds)]. \n* Example of an offset: \"now-3h\" (3 hours before now).\n", + "type": "string", + "example": "2019-08-07T09:57:36.088757764Z" + }, + "InventoryMetricAggregation": { + "type": "string", + "description": "Static list of aggregation functions that can be applied to a compatible metric.\n * count\n * sum\n * avg\n * min\n * max\n", + "enum": [ + "count", + "sum", + "avg", + "min", + "max" + ], + "x-enum-varnames": [ + "metric_aggregation_count", + "metric_aggregation_sum", + "metric_aggregation_avg", + "metric_aggregation_min", + "metric_aggregation_max" + ] + }, + "BaseInventoryQueryRequest": { "type": "object", "required": [ - "name", - "config" + "metrics" ], "properties": { - "name": { - "description": "The name of the NGINX App Protect global setting object.", - "type": "string", - "minLength": 3, - "maxLength": 32 + "metrics": { + "$ref": "#/components/schemas/InventoryMetricNames" }, - "description": { - "description": "Optional field to describe the NGINX App Protect global setting object.", - "type": "string", - "minLength": 5, - "maxLength": 256 + "start_time": { + "$ref": "#/components/schemas/MetricStartTime" }, - "config": { - "description": "The NGINX App Protect global setting configuration.", - "type": "string", - "format": "base64", - "maxLength": 3145728 + "end_time": { + "$ref": "#/components/schemas/MetricEndTime" } } }, - "NapGlobalSettingUpdateRequest": { - "description": "Update NGINX App Protect global setting object.", + "InventoryMetricQueryRequest": { + "type": "object", + "allOf": [ + { + "$ref": "#/components/schemas/BaseInventoryQueryRequest" + } + ] + }, + "InventoryMetricNames": { + "type": "array", + "description": "Specify the metrics to collect.\n\nUsage: \n* List multiple metrics as JSON objects.\n* You can aggregate metrics with `count`, `sum`, `avg`, `min`, `max`.\n", + "items": { + "$ref": "#/components/schemas/InventoryMetricQuery" + }, + "example": [ + { + "name": "nginx.plus.instances", + "aggregate": [ + "count" + ] + } + ] + }, + "InventoryMetricQuery": { "type": "object", "required": [ - "config" + "name" ], "properties": { - "description": { - "description": "Optional field to describe the NGINX App Protect global setting object.", - "type": "string", - "minLength": 5, - "maxLength": 256 + "name": { + "$ref": "#/components/schemas/InventoryMetricName" }, - "config": { - "description": "The NGINX App Protect global setting configuration.", - "type": "string", - "format": "base64", - "maxLength": 3145728 + "aggregate": { + "type": "array", + "items": { + "$ref": "#/components/schemas/InventoryMetricAggregation" + } } } }, - "NapLogProfileCreateRequest": { - "description": "Create NGINX App Protect log profile.", + "InventoryMetricName": { + "type": "string", + "description": "Metric names available for querying.\n", + "example": "nginx.plus.instances", + "oneOf": [ + { + "$ref": "#/components/schemas/MetricNginxInstancesPlus" + }, + { + "$ref": "#/components/schemas/MetricK8sClusterNodes" + } + ] + }, + "MetricNginxInstancesPlus": { + "type": "string", + "description": "Total number of nginx plus instances.\n\nAggregation(s) supported:\n * count\n * sum\n * avg\n * min\n * max\n", + "enum": [ + "nginx.plus.instances" + ] + }, + "MetricK8sClusterNodes": { + "type": "string", + "description": "Sum of the Kubernetes worker nodes where nginx plus instances are deployed in a Kubernetes cluster.\n\nAggregation(s) supported:\n * count\n * sum\n * avg\n * min\n * max\n", + "enum": [ + "k8s.cluster.nodes" + ] + }, + "VersionsList": { "type": "object", "required": [ - "name", - "config" + "items" ], "properties": { - "name": { - "description": "The name of the NGINX App Protect log profile.", - "type": "string", - "minLength": 5, - "maxLength": 32 - }, - "description": { - "description": "Optional field to describe the NGINX App Protect log profile.", - "type": "string", - "minLength": 5, - "maxLength": 256 - }, - "config": { - "description": "The NGINX App Protect log profile configuration.", - "type": "string", - "format": "base64", - "maxLength": 3145728 + "items": { + "description": "An array of versions.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapSignatureVersion" + } } } }, - "NapLogProfileUpdateRequest": { - "description": "Update NGINX App Protect log profile.", + "ThreatCampaignVersionsListResponse": { + "$ref": "#/components/schemas/VersionsList" + }, + "AttackSignatureVersionsListResponse": { + "$ref": "#/components/schemas/VersionsList" + }, + "BotSignatureVersionsListResponse": { + "$ref": "#/components/schemas/VersionsList" + }, + "NapPolicy": { + "description": "The base64-encoded contents of the NGINX App Protect policy.", "type": "object", "required": [ - "config" + "policy" ], "properties": { - "description": { - "description": "Optional field to describe describing the NGINX App Protect log profile.", - "type": "string", - "minLength": 5, - "maxLength": 256 - }, - "config": { - "description": "The NGINX App Protect log profile configuration.", + "policy": { "type": "string", "format": "base64", "maxLength": 3145728 } } }, - "NapPolicyBulkRequest": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NapPolicyBulkRequestData" - }, - "minItems": 1, - "maxItems": 50, - "example": [ + "NapPolicyObject": { + "allOf": [ { - "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" + "$ref": "#/components/schemas/NapPolicyMetadata" }, { - "object_id": "pol_PL0c1XodRemmzVEjiXSsTg", - "action": "delete" + "$ref": "#/components/schemas/NapPolicyDeployments" } ] }, - "NapPolicyBulkRequestData": { + "NapPolicyMetadata": { + "description": "Summary information about NGINX App Protect policy.", "type": "object", - "description": "Part of bulk operation on a Nap policy, only `delete` is supported.", "required": [ - "action", - "object_id" + "object_id", + "name", + "latest" ], "properties": { "object_id": { "$ref": "#/components/schemas/NapPolicyObjectID" }, - "action": { - "$ref": "#/components/schemas/BulkRequestAction" - } - }, - "example": { - "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", - "action": "delete" - } - }, - "NapBulkResponse": { - "description": "The Nap policy bulk outcome.", - "type": "array", - "items": { - "$ref": "#/components/schemas/BulkRequestObjectStatus" - } - }, - "NapSignatureMeta": { - "required": [ - "signature_id", - "name", - "attack_type" - ], - "properties": { "name": { + "description": "The name of the NGINX App Protect policy.", "type": "string" }, - "signature_id": { - "type": "integer" + "description": { + "type": "string", + "description": "Some detail on the NGINX App Protect policy." }, - "attack_type": { - "type": "string" + "latest": { + "$ref": "#/components/schemas/NapPolicyVersionMetadata" } } }, - "NapSignature": { + "NapPolicyListResponse": { + "description": "List of all NGINX App Protect policies.", "allOf": [ { - "$ref": "#/components/schemas/NapSignatureMeta" + "$ref": "#/components/schemas/PaginationResponse" }, { + "description": "List of NGINX App Protect policies.", "type": "object", "required": [ - "description", - "signature_type", - "risk", - "accuracy", - "has_cve", - "modified_at", - "systems" + "items" ], "properties": { - "accuracy": { - "default": "low", - "enum": [ - "high", - "low", - "medium" - ], - "x-enum-varnames": [ - "nap_signature_accuracy_high", - "nap_signature_accuracy_low", - "nap_signature_accuracy_medium" - ], - "type": "string" - }, - "description": { - "type": "string" - }, - "has_cve": { - "default": false, - "type": "boolean" - }, - "modified_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the signature was last modified." - }, - "references": { - "items": { - "required": [ - "type", - "value" - ], - "properties": { - "type": { - "default": "nessus", - "enum": [ - "bugtraq", - "cve", - "nessus", - "url" - ], - "x-enum-varnames": [ - "nap_signature_references_type_bugtrag", - "nap_signature_references_type_cve", - "nap_signature_references_type_nessus", - "nap_signature_references_type_url" - ], - "type": "string" - }, - "value": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "risk": { - "default": "low", - "enum": [ - "high", - "low", - "medium" - ], - "x-enum-varnames": [ - "nap_signature_risk_high", - "nap_signature_risk_low", - "nap_signature_risk_medium" - ], - "type": "string" - }, - "signature_type": { - "default": "request", - "enum": [ - "request", - "response" - ], - "type": "string", - "x-enum-varnames": [ - "nap_signature_signature_type_request", - "nap_signature_signature_type_response" - ] - }, - "systems": { + "items": { + "description": "An array of NGINX App Protect policy objects.", + "type": "array", "items": { - "type": "string" - }, - "type": "array" + "$ref": "#/components/schemas/NapPolicyObject" + } } + }, + "example": { + "items": [ + { + "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", + "name": "test-policy", + "description": "test policy", + "deployments": [ + { + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "enforcement_mode": "blocking", + "policy_version": "2023-12-06 22:37:24", + "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw", + "deployed_on": "2023-12-06T22:37:24.120114Z" + } + ], + "latest": { + "object_id": "pv_-uvR3F2TQGm18jnl7bpaGw", + "version": "2023-12-06 22:37:24", + "created_at": "2023-12-06T22:37:24.120114Z", + "deployment_status": "deployed", + "enforcement_mode": "blocking" + } + } + ] } } - ], - "example": { - "signature_id": 123456789, - "name": "Example Signature", - "description": "This is an example signature.", - "signature_type": "request", - "attack_type": "SQL Injection", - "risk": "high", - "accuracy": "medium", - "has_cve": true, - "modified_at": "2023-10-01T12:00:00Z", - "references": [ - { - "type": "cve", - "value": "CVE-2023-12345" + ] + }, + "NapPolicyVersionDeployments": { + "type": "object", + "properties": { + "deployments": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NapPolicyVersionDeployment" } - ], - "systems": [ - "System A" - ] + } } }, - "NapSignatureSet": { + "NapDeploymentAssociation": { "type": "object", "required": [ - "id", - "name", - "signature_count", - "default_alarm", - "default_block", - "default_learn", - "modified_at" + "associated_type", + "associated_object_id", + "associated_name" ], "properties": { - "id": { - "type": "string" - }, - "name": { - "type": "string" - }, - "signature_count": { - "type": "integer" - }, - "assign_to_policy_by_default": { - "default": false, - "type": "boolean" - }, - "category": { - "default": "User-defined", - "type": "string" - }, - "default_alarm": { - "default": true, - "type": "boolean" + "associated_type": { + "$ref": "#/components/schemas/DeploymentAssociatedType" }, - "default_block": { - "default": true, - "type": "boolean" + "associated_object_id": { + "$ref": "#/components/schemas/ObjectID" }, - "default_learn": { - "default": true, - "type": "boolean" + "associated_name": { + "$ref": "#/components/schemas/DeploymentAssociatedName" + } + } + }, + "NapPolicyVersionDeployment": { + "allOf": [ + { + "$ref": "#/components/schemas/NapDeploymentAssociation" }, - "filter": { + { + "type": "object", + "description": "Information about a NGINX App Protect policy deployment.\n", + "required": [ + "publication_object_id", + "status", + "deployed_on" + ], "properties": { - "accuracy_filter": { - "default": "ge", - "enum": [ - "all", - "eq", - "ge", - "le" - ], - "x-enum-varnames": [ - "nap_signature_set_accuracy_filter_all", - "nap_signature_set_accuracy_filter_eq", - "nap_signature_set_accuracy_filter_ge", - "nap_signature_set_accuracy_filter_le" - ], - "type": "string" - }, - "accuracy_value": { - "default": "all", - "enum": [ - "all", - "high", - "low", - "medium" - ], - "x-enum-varnames": [ - "nap_signature_set_accuracy_value_all", - "nap_signature_set_accuracy_value_high", - "nap_signature_set_accuracy_value_low", - "nap_signature_set_accuracy_value_medium" - ], - "type": "string" - }, - "attack_type": { - "properties": { - "name": { - "type": "string" - } - }, - "type": "object" - }, - "has_cve": { - "default": "all", - "enum": [ - "all", - "no", - "yes" - ], - "x-enum-varnames": [ - "nap_signature_set_filter_have_cve_all", - "nap_signature_set_filter_have_cve_no", - "nap_signature_set_filter_have_cve_yes" - ], - "type": "string" - }, - "modified_at_filter": { - "default": "all", - "enum": [ - "after", - "all", - "before" - ], - "x-enum-varnames": [ - "nap_signature_set_filter_modified_at_filter_after", - "nap_signature_set_filter_modified_at_filter_all", - "nap_signature_set_filter_modified_at_filter_before" - ], - "type": "string" - }, - "modified_at_value": { - "default": "1970-01-01", - "type": "string" + "publication_object_id": { + "$ref": "#/components/schemas/PublicationObjectID" }, - "risk_filter": { - "default": "eq", - "enum": [ - "all", - "eq", - "ge", - "le" - ], - "x-enum-varnames": [ - "nap_signature_set_filter_risk_filter_all", - "nap_signature_set_filter_risk_filter_eq", - "nap_signature_set_filter_risk_filter_ge", - "nap_signature_set_filter_risk_filter_le" - ], - "type": "string" + "status": { + "$ref": "#/components/schemas/NapDeploymentStatus" }, - "risk_value": { - "default": "low", - "enum": [ - "all", - "high", - "low", - "medium" - ], - "x-enum-varnames": [ - "nap_signature_set_filter_risk_value_all", - "nap_signature_set_filter_risk_value_high", - "nap_signature_set_filter_risk_value_low", - "nap_signature_set_filter_risk_value_medium" - ], - "type": "string" + "deployed_on": { + "description": "Date and time of the deployment.", + "type": "string", + "format": "date-time" + } + }, + "example": { + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "deployed_on": "2023-12-06T22:37:24.120114Z" + } + } + ] + }, + "NapPolicyDeployments": { + "type": "object", + "required": [ + "deployments" + ], + "properties": { + "deployments": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NapPolicyDeployment" + } + } + } + }, + "NapPolicyDeployment": { + "description": "detailed information about a NGINX App Protect policy deployment.", + "type": "object", + "required": [ + "publication_object_id", + "associated_object_id", + "associated_name", + "associated_type", + "enforcement_mode", + "status", + "policy_version", + "policy_version_object_id", + "deployed_on" + ], + "allOf": [ + { + "$ref": "#/components/schemas/NapPolicyVersionDeployment" + }, + { + "type": "object", + "required": [ + "enforcement_mode", + "policy_version", + "policy_version_object_id" + ], + "properties": { + "enforcement_mode": { + "$ref": "#/components/schemas/NapPolicyEnforcementMode" }, - "signature_type": { - "default": "request", - "enum": [ - "all", - "request", - "response" - ], - "x-enum-varnames": [ - "nap_signature_set_filter_signature_type_all", - "nap_signature_set_filter_signature_type_request", - "nap_signature_set_filter_signature_type_response" - ], + "policy_version": { + "description": "The version associated with the NGINX App Protect policy.", "type": "string" }, - "user_defined_filter": { - "default": "all", - "enum": [ - "all", - "no", - "yes" - ], - "x-enum-varnames": [ - "nap_signature_set_filter_user_defined_filter_all", - "nap_signature_set_filter_user_defined_filter_no", - "nap_signature_set_filter_user_defined_filter_yes" - ], - "type": "string" + "policy_version_object_id": { + "$ref": "#/components/schemas/NapPolicyVersionObjectID" } - }, - "type": "object" + } + } + ], + "example": { + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "deployed_on": "2023-12-06T22:37:24.120114Z", + "enforcement_mode": "blocking", + "policy_version": "2023-12-06 22:37:24", + "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw" + } + }, + "NapPolicyDeploymentDetails": { + "type": "object", + "required": [ + "publication_object_id", + "associated_object_id", + "associated_name", + "associated_type", + "enforcement_mode", + "status", + "policy_version", + "policy_version_object_id", + "deployed_on", + "threat_campaign_version", + "attack_signature_version", + "bot_signature_version" + ], + "allOf": [ + { + "$ref": "#/components/schemas/NapPolicyDeployment" }, - "modified_at": { - "type": "string", - "format": "date-time", - "description": "The date and time when the signature-set was last modified." + { + "type": "object", + "properties": { + "threat_campaign_version": { + "$ref": "#/components/schemas/NapSignatureVersion" + }, + "attack_signature_version": { + "$ref": "#/components/schemas/NapSignatureVersion" + }, + "bot_signature_version": { + "$ref": "#/components/schemas/NapSignatureVersion" + } + } + } + ], + "example": { + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "policy_version": "2023-12-06 22:37:24", + "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw", + "deployed_on": "2023-12-06T22:37:24.120114Z", + "enforcement_mode": "blocking", + "threat_campaign_version": "2023.12.06", + "attack_signature_version": "2023.12.06", + "bot_signature_version": "2023.12.06" + } + }, + "NapPolicyDeploymentsListResponse": { + "description": "List of all NGINX App Protect deployments.", + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" }, - "systems": { - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" + { + "type": "object", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of NGINX App Protect deployments.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapPolicyDeploymentDetails" } } }, - "type": "array" - }, - "type": { - "default": "filter-based", - "enum": [ - "filter-based", - "manual" - ], - "x-enum-varnames": [ - "nap_signature_set_type_filter_based", - "nap_signature_set_type_manual" - ], - "type": "string" + "example": { + "items": [ + { + "publication_object_id": "pub_-uvR3F2TQGm18jnl7bpaGw", + "associated_name": "test-instance", + "associated_type": "instance", + "associated_object_id": "inst_-uvR3F2TQGm18jnl7bpaGw", + "status": "deployed", + "policy_version": "2023-12-06 22:37:24", + "policy_version_object_id": "pv_-abc3F2TQGm18jnl7bpaGw", + "deployed_on": "2023-12-06T22:37:24.120114Z", + "enforcement_mode": "blocking", + "threat_campaign_version": "2023.12.06", + "attack_signature_version": "2023.12.06", + "bot_signature_version": "2023.12.06" + } + ] + } } - }, - "example": { - "default_block": true, - "default_learn": true, - "signature_count": 0, - "filter": { - "accuracy_value": "all", - "accuracy_filter": "all", - "attack_type": { - "name": "XML External Entities (XXE)" - }, - "risk_filter": "all", - "has_cve": "all", - "user_defined_filter": "all", - "risk_value": "all", - "modified_at_filter": "all", - "signature_type": "request" + ] + }, + "NapPolicyVersionMetadata": { + "type": "object", + "description": "Summary information about the specific NGINX App Protect policy version.", + "required": [ + "object_id", + "version", + "enforcement_mode", + "created_at" + ], + "properties": { + "object_id": { + "$ref": "#/components/schemas/NapPolicyVersionObjectID" }, - "assign_to_policy_by_default": false, - "default_alarm": true, - "type": "filter-based", - "name": "XML External Entities (XXE) Signatures", - "id": "sigset_-ZMshmi83MBL97dr5d0a9w", - "category": "User-defined", - "modified_at": "2023-08-10T16:59:15Z", - "systems": [] + "version": { + "$ref": "#/components/schemas/NapSignatureVersion" + }, + "enforcement_mode": { + "$ref": "#/components/schemas/NapPolicyEnforcementMode" + }, + "created_at": { + "description": "The date and time when the NGINX App Protect policy version was created.", + "type": "string", + "format": "date-time" + } } }, - "NapSignatureListResponse": { + "NapPolicyVersionDetails": { + "description": "Detailed information about NGINX App Protect policy version.", + "type": "object", + "required": [ + "policy", + "object_id", + "version", + "enforcement_mode", + "created_at" + ], + "allOf": [ + { + "$ref": "#/components/schemas/NapPolicyVersionMetadata" + }, + { + "$ref": "#/components/schemas/NapPolicy" + }, + { + "$ref": "#/components/schemas/NapPolicyVersionDeployments" + } + ] + }, + "NapPolicyVersionObject": { + "description": "Summary information about NGINX App Protect policy version.", + "allOf": [ + { + "$ref": "#/components/schemas/NapPolicyVersionMetadata" + }, + { + "$ref": "#/components/schemas/NapPolicyVersionDeployments" + }, + { + "type": "object", + "required": [ + "latest" + ], + "properties": { + "latest": { + "description": "Indicates whether the NGINX App Protect policy version is latest. Default (`false`) returns the current policy. \nWhen set to `true`, returns the latest policy.\n", + "type": "boolean", + "default": false + } + } + } + ] + }, + "NapPolicyVersionsListResponse": { + "description": "List of all NGINX App Protect versions.", "allOf": [ { "$ref": "#/components/schemas/PaginationResponse" @@ -15481,17 +10497,28 @@ ], "properties": { "items": { - "description": "An array of NGINX App Protect signatures.", + "description": "An array of NGINX App Protect version objects.", "type": "array", "items": { - "$ref": "#/components/schemas/NapSignature" + "$ref": "#/components/schemas/NapPolicyVersionObject" } } + }, + "example": { + "items": [ + { + "version": "2023-12-06 22:37:24", + "object_id": "pv_-uvR3F2TQGm18jnl7bpaGw", + "created_at": "2023-12-06T22:37:24.120114Z", + "enforcement_mode": "blocking", + "latest": false + } + ] } } ] }, - "NapSignatureSetListResponse": { + "NapLogProfileListResponse": { "allOf": [ { "$ref": "#/components/schemas/PaginationResponse" @@ -15503,662 +10530,665 @@ ], "properties": { "items": { - "description": "An array of NGINX App Protect signature sets.", + "description": "An array of NGINX App Protect log profiles.", "type": "array", "items": { - "$ref": "#/components/schemas/NapSignatureSet" + "$ref": "#/components/schemas/NapLogProfileMetadata" } } } } ] }, - "FilterNameNapPolicy": { - "type": "string", - "description": "Keywords for NGINX App Protect policy filters.\nWhen filtering on `enforcement_mode`, only the following `filter_values` are supported:\n * blocking\n * transparent\nWhen filtering on `object_id`, both NAP Policy and NAP Policy version object id prefixes are supported.\n", - "enum": [ - "name", - "enforcement_mode", - "object_id", - "deployment_enforcement_mode", - "deployment_status" - ], - "x-enum-varnames": [ - "filter_name_nap_policy_name", - "filter_name_nap_policy_enforcement_mode", - "filter_name_nap_policy_object_id", - "filter_name_nap_policy_deployment_enforcement_mode", - "filter_name_nap_policy_deployment_status" - ] - }, - "FilterNameNapPolicyVersion": { - "type": "string", - "description": "Keywords for NGINX App Protect policy version filters.\nWhen filtering on `deployment_status`, only the following `filter_values` are supported:\n * deployed\n * not_deployed\n * deploying\n * failed\nWhen filtering on `enforcement_mode`, only the following `filter_values` are supported:\n * blocking\n * transparent\n", - "enum": [ - "deployment_status", - "enforcement_mode", - "object_id" - ], - "x-enum-varnames": [ - "filter_name_nap_policy_version_deployment_status", - "filter_name_nap_policy_version_enforcement_mode", - "filter_name_nap_policy_version_object_id" - ] - }, - "FilterNameNapPolicyDeployment": { - "type": "string", - "description": "Keywords for NGINX App Protect deployment filters.\nWhen filtering on `type`, only the following `filter_values` are supported:\n * instance\n * config_sync_group\nWhen filtering on `status`, only the following `filter_values` are supported:\n * deployed\n * deploying\n * failed\n", - "enum": [ - "name", - "type", - "policy_version", - "status", - "object_id" - ], - "x-enum-varnames": [ - "filter_name_nap_deployment_name", - "filter_name_nap_deployment_type", - "filter_name_nap_deployment_policy_version", - "filter_name_nap_deployment_status", - "filter_name_nap_deployment_object_id" - ] - }, - "FilterNameNapLogProfile": { - "type": "string", - "description": "Keywords for NGINX App Protect log profile filters.\n", - "enum": [ - "name", - "object_id" - ], - "x-enum-varnames": [ - "filter_name_nap_log_profile_name", - "filter_name_nap_log_profile_object_id" - ] - }, - "NapLogProfileObjectID": { - "description": "A globally unique identifier for the App Protect log profile.", - "type": "string", - "format": "object_id", - "pattern": "^lp_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } - }, - "FilterNameNapGlobalSettings": { - "type": "string", - "description": "Keywords for NGINX App Protect global settings filters.\n", - "enum": [ - "name", - "object_id" - ], - "x-enum-varnames": [ - "filter_name_nap_global_setting_name", - "filter_name_nap_global_setting_object_id" - ] - }, - "NapGlobalSettingObjectID": { - "description": "A globally unique identifier for the App Protect global settings object.", - "type": "string", - "format": "object_id", - "pattern": "^gs_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } - }, - "DeploymentName": { - "type": "string", - "description": "Name of an NGINXaaS resource.", - "minLength": 3, - "maxLength": 30, - "pattern": "^[a-z][a-z0-9-]*[a-z0-9]$", - "example": "mydeployment" - }, - "DeploymentCloudName": { - "type": "string", - "description": "Name of the cloud where deployment resources are provisioned.", - "enum": [ - "google" - ] - }, - "DeploymentCloudInfo": { - "type": "object", - "description": "Cloud-specific deployment info.", - "oneOf": [ - { - "$ref": "#/components/schemas/GoogleDeploymentInfo" - } - ] - }, - "DeploymentScale": { - "type": "object", - "description": "NaaS deployment scale info.", - "required": [ - "capacity" - ], - "properties": { - "capacity": { - "type": "integer", - "description": "The number of desired NCUs for a NaaS deployment. Must be >= 10 and a multiple of 10.\n", - "minimum": 10 - } - } - }, - "CreateDeploymentCloudInfo": { - "type": "object", - "description": "Cloud-specific create info.", - "oneOf": [ - { - "$ref": "#/components/schemas/CreateGoogleDeploymentInfo" - } - ] - }, - "UpdateDeploymentCloudInfo": { - "type": "object", - "description": "Cloud-specific Patch info.", - "oneOf": [ + "NapLogProfileGetResponse": { + "allOf": [ { - "$ref": "#/components/schemas/UpdateGoogleDeploymentInfo" - } - ] - }, - "GoogleDeploymentInfo": { - "type": "object", - "description": "Google deployment info.", - "required": [ - "region", - "network_attachment" - ], - "properties": { - "region": { - "$ref": "#/components/schemas/GoogleRegion" - }, - "network_attachment": { - "$ref": "#/components/schemas/GoogleNetworkAttachment" - }, - "service_attachment": { - "$ref": "#/components/schemas/GoogleServiceAttachment" - }, - "service_attachment_accept_list": { - "type": "array", - "description": "List of google networkURls or project ids that should connect to the service attachment. The list must contain either all network urls or all project ids but not both simultaneously. An empty list indicates all connections to the service attachment should be accepted.\n", - "items": { - "$ref": "#/components/schemas/GoogleServiceAttachmentAcceptListItem" - } - }, - "log_project_id": { - "description": "The Google Cloud project ID where NGINX logs will be exported.", - "allOf": [ - { - "$ref": "#/components/schemas/GoogleProjectID" - } - ] + "$ref": "#/components/schemas/NapLogProfileMetadata" }, - "metric_project_id": { - "description": "The Google Cloud project ID where NGINXaaS metrics will be exported.", - "allOf": [ - { - "$ref": "#/components/schemas/GoogleProjectID" + { + "type": "object", + "required": [ + "config" + ], + "properties": { + "config": { + "description": "The NGINX App Protect log profile configuration.", + "type": "string" } - ] - }, - "identity": { - "$ref": "#/components/schemas/GoogleIdentity" + } } - } + ] }, - "CreateGoogleDeploymentInfo": { + "NapLogProfileMetadata": { "type": "object", - "description": "Google deployment information used in create request.", "required": [ - "region", - "network_attachment" + "name", + "object_id" ], "properties": { - "region": { - "$ref": "#/components/schemas/GoogleRegion" - }, - "network_attachment": { - "$ref": "#/components/schemas/GoogleNetworkAttachment" - }, - "service_attachment_accept_list": { - "type": "array", - "items": { - "$ref": "#/components/schemas/GoogleServiceAttachmentAcceptListItem" - } - }, - "log_project_id": { - "description": "The Google Cloud project ID where NGINX logs will be exported. Omit the field to disable log exporting.\n", - "allOf": [ - { - "$ref": "#/components/schemas/GoogleProjectID" - } - ] - }, - "metric_project_id": { - "description": "The Google Cloud project ID where NGINXaaS metrics will be exported. Omit the field to disable metric exporting.\n", - "allOf": [ - { - "$ref": "#/components/schemas/GoogleProjectID" - } - ] - }, - "identity": { - "$ref": "#/components/schemas/CreateOrUpdateGoogleIdentity" - } - } - }, - "UpdateGoogleDeploymentInfo": { - "type": "object", - "description": "Patch info for a Google-based deployment", - "properties": { - "network_attachment": { - "$ref": "#/components/schemas/GoogleNetworkAttachment" - }, - "service_attachment_accept_list": { - "type": "array", - "items": { - "$ref": "#/components/schemas/GoogleServiceAttachmentAcceptListItem" - } - }, - "log_project_id": { - "description": "The Google Cloud project ID where NGINX logs will be exported. Set to an empty string to disable log exporting.\n", - "allOf": [ - { - "$ref": "#/components/schemas/GoogleProjectID" - } - ] + "name": { + "type": "string", + "description": "The name of the NGINX App Protect log profile." }, - "metric_project_id": { - "description": "The Google Cloud project ID where NGINXaaS metrics will be exported. Set to an empty string to disable metric exporting.\n", - "allOf": [ - { - "$ref": "#/components/schemas/GoogleProjectID" - } - ] + "object_id": { + "$ref": "#/components/schemas/NapLogProfileObjectID" }, - "identity": { - "$ref": "#/components/schemas/CreateOrUpdateGoogleIdentity" + "description": { + "description": "Optional field to describe the NGINX App Protect log profile.", + "type": "string", + "minLength": 5, + "maxLength": 256 } } }, - "GoogleResourceName": { - "type": "string", - "minLength": 1, - "maxLength": 63, - "pattern": "^[a-z]([-a-z0-9]*[a-z0-9])?" - }, - "GoogleRegion": { - "description": "Google region.", - "$ref": "#/components/schemas/GoogleResourceName" - }, - "GoogleNetworkAttachment": { - "type": "string", - "description": "Google network attachment.", - "pattern": "projects/[a-z]([-a-z0-9]*[a-z0-9])?/regions/[a-z]([-a-z0-9]*[a-z0-9])?/networkAttachments/[a-z]([-a-z0-9]*[a-z0-9])?" - }, - "GoogleServiceAttachment": { - "type": "string", - "description": "Google service attachment.", - "pattern": "projects/[a-z]([-a-z0-9]*[a-z0-9])?/regions/[a-z]([-a-z0-9]*[a-z0-9])?/serviceAttachments/[a-z]([-a-z0-9]*[a-z0-9])?" - }, - "GoogleServiceAttachmentAcceptListItem": { - "type": "string", - "oneOf": [ + "NapGlobalSettingsListResponse": { + "allOf": [ { - "$ref": "#/components/schemas/GoogleServiceAttachmentAcceptNetworkItem" + "$ref": "#/components/schemas/PaginationResponse" }, { - "$ref": "#/components/schemas/GoogleProjectID" - } - ] - }, - "GoogleServiceAttachmentAcceptNetworkItem": { - "type": "string", - "pattern": "^(.*/networks/.*)" - }, - "GoogleProjectID": { - "type": "string", - "pattern": "^(|((\\d+)|([a-z][a-z0-9\\-]{5,29})))$" - }, - "GoogleWorkloadIdentityPoolProviderName": { - "type": "string", - "description": "The resource name of the Google workload identity pool provider", - "pattern": "^projects/([0-9]+)/locations/([a-z0-9\\-]+)/workloadIdentityPools/([a-zA-Z0-9_\\-]+)/providers/([a-zA-Z0-9_\\-]+)$" - }, - "GoogleServiceAccountUniqueID": { - "type": "string", - "description": "The unique numeric ID of the Google service account", - "pattern": "^[0-9]+$" - }, - "GoogleIdentity": { - "type": "object", - "description": "Identity info for a Google-based deployment", - "properties": { - "workload_identity_pool_provider_name": { - "$ref": "#/components/schemas/GoogleWorkloadIdentityPoolProviderName" - }, - "nginxaas_service_account_unique_id": { - "description": "The unique numeric ID of the Google service account created by NGINXaaS", - "readOnly": true, - "allOf": [ - { - "$ref": "#/components/schemas/GoogleServiceAccountUniqueID" + "type": "object", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of NGINX App Protect global settings.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapGlobalSettingMetadata" + } } - ] + } } - } + ] }, - "CreateOrUpdateGoogleIdentity": { - "type": "object", - "description": "Identity info for a Google-based deployment used in a create or update request", - "properties": { - "workload_identity_pool_provider_name": { - "$ref": "#/components/schemas/GoogleWorkloadIdentityPoolProviderName" + "NapGlobalSettingGetResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/NapGlobalSettingMetadata" + }, + { + "type": "object", + "required": [ + "config" + ], + "properties": { + "config": { + "description": "The NGINX App Protect global setting configuration.", + "type": "string" + } + } } - } + ] }, - "Deployment": { + "NapGlobalSettingMetadata": { "type": "object", - "description": "Deployment specification.", "required": [ - "id", - "account_id", "name", - "description", - "cloud", - "cloud_info", - "nginx_config_id", - "nginx_config_version_id", - "status", - "created_at", - "modified_at", - "scale" + "object_id" ], "properties": { - "id": { - "$ref": "#/components/schemas/DeploymentObjectID" - }, - "account_id": { - "$ref": "#/components/schemas/NginxaasAccountID" - }, "name": { - "$ref": "#/components/schemas/DeploymentName" - }, - "description": { - "$ref": "#/components/schemas/NginxaasDescription" - }, - "cloud": { - "$ref": "#/components/schemas/DeploymentCloudName" - }, - "cloud_info": { - "$ref": "#/components/schemas/DeploymentCloudInfo" - }, - "status": { - "$ref": "#/components/schemas/DeploymentStatus" - }, - "nginx_config_id": { - "$ref": "#/components/schemas/NginxaasNginxConfigObjectID" - }, - "nginx_config_version_id": { - "$ref": "#/components/schemas/NginxaasNginxConfigVersionObjectID" - }, - "created_at": { - "type": "string", - "description": "Datetime when request to create deployment was received.", - "format": "date-time" - }, - "modified_at": { "type": "string", - "description": "Datetime when deployment was last modified.", - "format": "date-time" + "description": "The name of the NGINX App Protect global setting object." }, - "deleted_at": { + "description": { + "description": "Optional field to describe the NGINX App Protect global setting object.", "type": "string", - "description": "Datetime when request to delete deployment was received.", - "format": "date-time" + "minLength": 5, + "maxLength": 256 }, - "scale": { - "$ref": "#/components/schemas/DeploymentScale" + "object_id": { + "$ref": "#/components/schemas/NapGlobalSettingObjectID" } } }, - "DeploymentStatus": { - "type": "object", - "description": "Deployment status info.", - "required": [ - "provisioning_state", - "config_state" - ], - "properties": { - "provisioning_state": { - "$ref": "#/components/schemas/DeploymentProvisioningState" + "NapPolicyBulkRequest": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NapPolicyBulkRequestData" + }, + "minItems": 1, + "maxItems": 50, + "example": [ + { + "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" }, - "config_state": { - "$ref": "#/components/schemas/DeploymentConfigState" + { + "object_id": "pol_PL0c1XodRemmzVEjiXSsTg", + "action": "delete" } - } + ] }, - "DeploymentState": { + "NapPolicyBulkRequestData": { "type": "object", - "description": "Deployment state info", + "description": "Part of bulk operation on a Nap policy, only `delete` is supported.", "required": [ - "state", - "modified_at" + "action", + "object_id" ], "properties": { - "state": { - "type": "string", - "description": "State name/value.", - "enum": [ - "deleting", - "failed", - "pending", - "ready" - ] - }, - "details": { - "type": "string", - "description": "State details.", - "maxLength": 256 + "object_id": { + "$ref": "#/components/schemas/NapPolicyObjectID" }, - "modified_at": { - "type": "string", - "description": "Datetime of last state change.", - "format": "date-time" + "action": { + "$ref": "#/components/schemas/BulkRequestAction" } + }, + "example": { + "object_id": "pol_-uvR3F2TQGm18jnl7bpaGw", + "action": "delete" } }, - "DeploymentProvisioningState": { - "$ref": "#/components/schemas/DeploymentState" - }, - "DeploymentConfigState": { - "$ref": "#/components/schemas/DeploymentState" + "NapBulkResponse": { + "description": "The Nap policy bulk outcome.", + "type": "array", + "items": { + "$ref": "#/components/schemas/BulkRequestObjectStatus" + } }, - "DeploymentListResponse": { - "type": "object", - "description": "List of deployments.", + "NapSignatureMeta": { "required": [ - "count", - "items" + "signature_id", + "name", + "attack_type" ], "properties": { - "count": { - "description": "The total number of deployments returned.", + "name": { + "type": "string" + }, + "signature_id": { "type": "integer" }, - "items": { - "type": "array", - "items": { - "$ref": "#/components/schemas/Deployment" + "attack_type": { + "type": "string" + } + } + }, + "NapSignature": { + "allOf": [ + { + "$ref": "#/components/schemas/NapSignatureMeta" + }, + { + "type": "object", + "required": [ + "description", + "signature_type", + "risk", + "accuracy", + "has_cve", + "modified_at", + "systems" + ], + "properties": { + "accuracy": { + "default": "low", + "enum": [ + "high", + "low", + "medium" + ], + "x-enum-varnames": [ + "nap_signature_accuracy_high", + "nap_signature_accuracy_low", + "nap_signature_accuracy_medium" + ], + "type": "string" + }, + "description": { + "type": "string" + }, + "has_cve": { + "default": false, + "type": "boolean" + }, + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the signature was last modified." + }, + "references": { + "items": { + "required": [ + "type", + "value" + ], + "properties": { + "type": { + "default": "nessus", + "enum": [ + "bugtraq", + "cve", + "nessus", + "url" + ], + "x-enum-varnames": [ + "nap_signature_references_type_bugtrag", + "nap_signature_references_type_cve", + "nap_signature_references_type_nessus", + "nap_signature_references_type_url" + ], + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "risk": { + "default": "low", + "enum": [ + "high", + "low", + "medium" + ], + "x-enum-varnames": [ + "nap_signature_risk_high", + "nap_signature_risk_low", + "nap_signature_risk_medium" + ], + "type": "string" + }, + "signature_type": { + "default": "request", + "enum": [ + "request", + "response" + ], + "type": "string", + "x-enum-varnames": [ + "nap_signature_signature_type_request", + "nap_signature_signature_type_response" + ] + }, + "systems": { + "items": { + "type": "string" + }, + "type": "array" + } + } + } + ], + "example": { + "signature_id": 123456789, + "name": "Example Signature", + "description": "This is an example signature.", + "signature_type": "request", + "attack_type": "SQL Injection", + "risk": "high", + "accuracy": "medium", + "has_cve": true, + "modified_at": "2023-10-01T12:00:00Z", + "references": [ + { + "type": "cve", + "value": "CVE-2023-12345" } - } + ], + "systems": [ + "System A" + ] } }, - "DeploymentCreateRequest": { + "NapSignatureSet": { "type": "object", - "description": "Request spec for creating a deployment.", "required": [ + "id", "name", - "cloud", - "cloud_info", - "nginx_config_id", - "nginx_config_version_id", - "scale" + "signature_count", + "default_alarm", + "default_block", + "default_learn", + "modified_at" ], "properties": { + "id": { + "type": "string" + }, "name": { - "$ref": "#/components/schemas/DeploymentName" + "type": "string" }, - "description": { - "$ref": "#/components/schemas/NginxaasDescription" + "signature_count": { + "type": "integer" }, - "cloud": { - "$ref": "#/components/schemas/DeploymentCloudName" + "assign_to_policy_by_default": { + "default": false, + "type": "boolean" }, - "cloud_info": { - "$ref": "#/components/schemas/CreateDeploymentCloudInfo" + "category": { + "default": "User-defined", + "type": "string" }, - "nginx_config_id": { - "$ref": "#/components/schemas/NginxaasNginxConfigObjectID" + "default_alarm": { + "default": true, + "type": "boolean" }, - "nginx_config_version_id": { - "$ref": "#/components/schemas/NginxaasNginxConfigVersionObjectID" + "default_block": { + "default": true, + "type": "boolean" }, - "scale": { - "$ref": "#/components/schemas/DeploymentScale" - } - } - }, - "DeploymentUpdateRequest": { - "type": "object", - "description": "Request spec for updating a deployment.", - "properties": { - "name": { - "$ref": "#/components/schemas/DeploymentName" + "default_learn": { + "default": true, + "type": "boolean" }, - "description": { - "$ref": "#/components/schemas/NginxaasDescription" + "filter": { + "properties": { + "accuracy_filter": { + "default": "ge", + "enum": [ + "all", + "eq", + "ge", + "le" + ], + "x-enum-varnames": [ + "nap_signature_set_accuracy_filter_all", + "nap_signature_set_accuracy_filter_eq", + "nap_signature_set_accuracy_filter_ge", + "nap_signature_set_accuracy_filter_le" + ], + "type": "string" + }, + "accuracy_value": { + "default": "all", + "enum": [ + "all", + "high", + "low", + "medium" + ], + "x-enum-varnames": [ + "nap_signature_set_accuracy_value_all", + "nap_signature_set_accuracy_value_high", + "nap_signature_set_accuracy_value_low", + "nap_signature_set_accuracy_value_medium" + ], + "type": "string" + }, + "attack_type": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "has_cve": { + "default": "all", + "enum": [ + "all", + "no", + "yes" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_have_cve_all", + "nap_signature_set_filter_have_cve_no", + "nap_signature_set_filter_have_cve_yes" + ], + "type": "string" + }, + "modified_at_filter": { + "default": "all", + "enum": [ + "after", + "all", + "before" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_modified_at_filter_after", + "nap_signature_set_filter_modified_at_filter_all", + "nap_signature_set_filter_modified_at_filter_before" + ], + "type": "string" + }, + "modified_at_value": { + "default": "1970-01-01", + "type": "string" + }, + "risk_filter": { + "default": "eq", + "enum": [ + "all", + "eq", + "ge", + "le" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_risk_filter_all", + "nap_signature_set_filter_risk_filter_eq", + "nap_signature_set_filter_risk_filter_ge", + "nap_signature_set_filter_risk_filter_le" + ], + "type": "string" + }, + "risk_value": { + "default": "low", + "enum": [ + "all", + "high", + "low", + "medium" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_risk_value_all", + "nap_signature_set_filter_risk_value_high", + "nap_signature_set_filter_risk_value_low", + "nap_signature_set_filter_risk_value_medium" + ], + "type": "string" + }, + "signature_type": { + "default": "request", + "enum": [ + "all", + "request", + "response" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_signature_type_all", + "nap_signature_set_filter_signature_type_request", + "nap_signature_set_filter_signature_type_response" + ], + "type": "string" + }, + "user_defined_filter": { + "default": "all", + "enum": [ + "all", + "no", + "yes" + ], + "x-enum-varnames": [ + "nap_signature_set_filter_user_defined_filter_all", + "nap_signature_set_filter_user_defined_filter_no", + "nap_signature_set_filter_user_defined_filter_yes" + ], + "type": "string" + } + }, + "type": "object" + }, + "modified_at": { + "type": "string", + "format": "date-time", + "description": "The date and time when the signature-set was last modified." + }, + "systems": { + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string" + } + } + }, + "type": "array" }, - "cloud_info": { - "$ref": "#/components/schemas/UpdateDeploymentCloudInfo" + "type": { + "default": "filter-based", + "enum": [ + "filter-based", + "manual" + ], + "x-enum-varnames": [ + "nap_signature_set_type_filter_based", + "nap_signature_set_type_manual" + ], + "type": "string" + } + }, + "example": { + "default_block": true, + "default_learn": true, + "signature_count": 0, + "filter": { + "accuracy_value": "all", + "accuracy_filter": "all", + "attack_type": { + "name": "XML External Entities (XXE)" + }, + "risk_filter": "all", + "has_cve": "all", + "user_defined_filter": "all", + "risk_value": "all", + "modified_at_filter": "all", + "signature_type": "request" }, - "nginx_config_id": { - "$ref": "#/components/schemas/NginxaasNginxConfigObjectID" + "assign_to_policy_by_default": false, + "default_alarm": true, + "type": "filter-based", + "name": "XML External Entities (XXE) Signatures", + "id": "sigset_-ZMshmi83MBL97dr5d0a9w", + "category": "User-defined", + "modified_at": "2023-08-10T16:59:15Z", + "systems": [] + } + }, + "NapSignatureListResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" }, - "nginx_config_version_id": { - "$ref": "#/components/schemas/NginxaasNginxConfigVersionObjectID" + { + "type": "object", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of NGINX App Protect signatures.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapSignature" + } + } + } + } + ] + }, + "NapSignatureSetListResponse": { + "allOf": [ + { + "$ref": "#/components/schemas/PaginationResponse" }, - "scale": { - "$ref": "#/components/schemas/DeploymentScale" + { + "type": "object", + "required": [ + "items" + ], + "properties": { + "items": { + "description": "An array of NGINX App Protect signature sets.", + "type": "array", + "items": { + "$ref": "#/components/schemas/NapSignatureSet" + } + } + } } - } + ] }, - "DeploymentObjectID": { + "FilterNameNapPolicy": { "type": "string", - "description": "A globally unique identifier for the deployment.", - "format": "object_id", - "pattern": "^depl_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } + "description": "Keywords for NGINX App Protect policy filters.\nWhen filtering on `enforcement_mode`, only the following `filter_values` are supported:\n * blocking\n * transparent\nWhen filtering on `object_id`, both NAP Policy and NAP Policy version object id prefixes are supported.\n", + "enum": [ + "name", + "enforcement_mode", + "object_id", + "deployment_enforcement_mode", + "deployment_status" + ], + "x-enum-varnames": [ + "filter_name_nap_policy_name", + "filter_name_nap_policy_enforcement_mode", + "filter_name_nap_policy_object_id", + "filter_name_nap_policy_deployment_enforcement_mode", + "filter_name_nap_policy_deployment_status" + ] }, - "NginxaasAccountID": { + "FilterNameNapPolicyDeployment": { "type": "string", - "description": "NGINXaaS account id", - "format": "object_id", - "pattern": "^acc_.*", - "example": "acc_FsFgfeDtScOjGbQJDaVNiQ", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - } + "description": "Keywords for NGINX App Protect deployment filters.\nWhen filtering on `type`, only the following `filter_values` are supported:\n * instance\n * config_sync_group\nWhen filtering on `status`, only the following `filter_values` are supported:\n * deployed\n * deploying\n * failed\n", + "enum": [ + "name", + "type", + "policy_version", + "status", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_nap_deployment_name", + "filter_name_nap_deployment_type", + "filter_name_nap_deployment_policy_version", + "filter_name_nap_deployment_status", + "filter_name_nap_deployment_object_id" + ] }, - "NginxaasDescription": { + "FilterNameNapPolicyVersion": { "type": "string", - "description": "Description of a resource.", - "maxLength": 256, - "example": "My example description" + "description": "Keywords for NGINX App Protect policy version filters.\nWhen filtering on `deployment_status`, only the following `filter_values` are supported:\n * deployed\n * not_deployed\n * deploying\n * failed\nWhen filtering on `enforcement_mode`, only the following `filter_values` are supported:\n * blocking\n * transparent\n", + "enum": [ + "deployment_status", + "enforcement_mode", + "object_id" + ], + "x-enum-varnames": [ + "filter_name_nap_policy_version_deployment_status", + "filter_name_nap_policy_version_enforcement_mode", + "filter_name_nap_policy_version_object_id" + ] }, - "NginxaasNginxConfigObjectID": { + "NapLogProfileObjectID": { + "description": "A globally unique identifier for the App Protect log profile.", "type": "string", - "description": "A globally unique identifier for the NGINX config.", "format": "object_id", - "pattern": "^cfg_.*", - "example": "cfg_6zYc64JKR0uxnoEcLH1gGA", + "pattern": "^lp_.*", "x-go-type": "objects.ID", "x-go-type-import": { "name": "objects", "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, - "NginxaasNginxConfigVersionObjectID": { + "NapGlobalSettingObjectID": { + "description": "A globally unique identifier for the App Protect global settings object.", "type": "string", - "description": "NGINX config version object id", "format": "object_id", - "pattern": "^cv_.*", - "example": "cv_DrRnpntTRpGOxaroQ6aOFg", + "pattern": "^gs_.*", "x-go-type": "objects.ID", "x-go-type-import": { "name": "objects", "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } - }, - "ObservabilityMetricsRequest": { - "type": "object", - "required": [ - "metrics" - ], - "properties": { - "metrics": { - "description": "Array of observed metrics.\n", - "type": "array", - "items": { - "$ref": "#/components/schemas/ObservedMetric" - } - } - } - }, - "ObservedMetric": { - "description": "Details for a single observed metric.", - "type": "object", - "required": [ - "name", - "timestamp", - "unit", - "value" - ], - "properties": { - "name": { - "type": "string", - "example": "cpuUsage" - }, - "timestamp": { - "type": "string", - "format": "date-time", - "example": "2019-08-07T09:57:36.088757764Z" - }, - "unit": { - "type": "string", - "example": "%" - }, - "value": { - "type": "number", - "example": 80 - } - }, - "example": { - "name": "cpuUsage", - "timestamp": "2019-08-07T09:57:30Z", - "unit": "%", - "value": 80 - } } }, "examples": { @@ -16260,371 +11290,6 @@ } ] } - }, - "NginxUsageTrackingRequest": { - "value": { - "version": "1.25.3", - "hostname": "nginx-plus-r30", - "uuid": "cef61b72-2a6b-4bb8-ae2b-c6cb9f44a487", - "nap": "inactive", - "http": { - "client": { - "received": 0, - "sent": 0, - "connections": 0, - "requests": 0 - }, - "upstream": { - "received": 0, - "sent": 0, - "connections": 0 - } - }, - "stream": { - "client": { - "received": 0, - "sent": 0, - "connections": 0 - }, - "upstream": { - "received": 0, - "sent": 0, - "connections": 0 - } - }, - "deployment": { - "integration": "nic", - "cluster_id": "b5db8897-86db-4cd2-8c61-4a915db93d6d", - "cluster_node_count": 5, - "installation_id": "238efb5a-2a59-48c5-96cf-7d195b8af044" - }, - "workers": 2, - "uptime": 120, - "reloads": 0, - "start_time": 0, - "end_time": 0 - } - }, - "ChatbotRequest": { - "value": { - "messages": [ - { - "role": "user", - "content": "What is a dog and a cat?" - } - ] - } - }, - "ChatbotResponse": { - "value": { - "id": "cmpl-8a17ba557d904b2287bbf4e1ae22433b", - "object": "text_completion", - "created": "2023-10-01T00:00:00Z", - "choices": [ - { - "index": 0, - "text": "\n\nA dog is a domesticated mammal, a member of the species Canis lupus familiaris. Dogs are often referred to as \"man's best friend\" due to their long history of companionship with humans. They are highly social animals and thrive on interaction with their human families and other dogs. Dogs come in a wide range of sizes, shapes, and breeds, each with its unique characteristics and needs.\n\nA cat is a domesticated mammal, a member of the Felidae family. Cats are often independent and self-sufficient animals, but they also enjoy companionship with their human families and other cats. They are agile and graceful animals, known for their ability to jump high and climb trees. Cats come in a wide range of sizes, shapes, and breeds, each with its unique characteristics and needs.\n\nBoth dogs and cats have been domesticated for thousands of years and have become beloved companions for many people around the world. They each have their unique personalities and needs, and choosing between a dog and a cat ultimately comes down to personal preference and lifestyle." - } - ] - } - }, - "ChatbotFeedback": { - "value": { - "response_id": "chatcmpl-123", - "is_positive": false, - "message": "freeform evaluation", - "tags": { - "inaccurate": false, - "unhelpful": true, - "formatting": false, - "time": true, - "other": false - } - } - }, - "DeploymentListResponse": { - "value": { - "count": 3, - "items": [ - { - "id": "depl_6zYc64JKR0uxnoEcLH1gGA", - "account_id": "acc_FsFgfeDtScOjGbQJDaVNiQ", - "name": "tst-foo", - "description": "", - "cloud": "google", - "cloud_info": { - "region": "us-east1", - "network_attachment": "projects/foo/regions/us-east1/networkAttachments/foo", - "service_attachment": "projects/foo/regions/us-east1/serviceAttachments/foo", - "service_attachment_accept_list": [] - }, - "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", - "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", - "scale": { - "capacity": 10 - }, - "status": { - "provisioning_state": { - "state": "ready", - "details": "", - "modified_at": "2025-03-31T10:05:00Z" - }, - "config_state": { - "state": "ready", - "details": "", - "modified_at": "2025-03-31T10:05:00Z" - } - }, - "created_at": "2025-03-31T10:00:00Z", - "modified_at": "2025-03-31T10:05:00Z" - }, - { - "id": "depl_DrRnpntTRpGOxaroQ6aOFg", - "account_id": "acc_FsFgfeDtScOjGbQJDaVNiQ", - "name": "tst-bar", - "description": "test w/ network attachment from project bar", - "cloud": "google", - "cloud_info": { - "region": "eu-west-1", - "network_attachment": "projects/bar/regions/us-east1/networkAttachments/bar", - "service_attachment_accept_list": [ - "project-id1", - "project-id2" - ] - }, - "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", - "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", - "scale": { - "capacity": 20 - }, - "status": { - "provisioning_state": { - "state": "failed", - "details": "network attachment 'bar' not found", - "modified_at": "2025-03-31T11:03:00Z" - }, - "config_state": { - "state": "ready", - "details": "", - "modified_at": "2025-03-31T10:05:00Z" - } - }, - "created_at": "2025-03-31T11:00:00Z", - "modified_at": "2025-03-31T11:03:00Z" - }, - { - "id": "depl_4zYc35JKR0uxnoBcLH1gGA", - "account_id": "acc_AxFgfeDtScOjGbQJDaRHiQ", - "name": "tst-max", - "description": "", - "cloud": "google", - "cloud_info": { - "region": "us-east1", - "network_attachment": "projects/foo/regions/us-east1/networkAttachments/foo", - "service_attachment": "projects/foo/regions/us-east1/serviceAttachments/foo", - "service_attachment_accept_list": [ - "projects/project-1/networks/vpc-net1", - "projects/project-2/networks/vpc-net2" - ] - }, - "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", - "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", - "scale": { - "capacity": 100 - }, - "status": { - "provisioning_state": { - "state": "ready", - "details": "", - "modified_at": "2025-03-31T10:05:00Z" - }, - "config_state": { - "state": "pending", - "details": "", - "modified_at": "2025-03-31T10:05:00Z" - } - }, - "created_at": "2025-03-31T10:00:00Z", - "modified_at": "2025-03-31T10:05:00Z" - } - ] - } - }, - "DeploymentCreateRequest": { - "value": { - "name": "tst-foo", - "description": "", - "cloud": "google", - "cloud_info": { - "region": "us-east1", - "network_attachment": "projects/foo/regions/us-east1/networkAttachments/foo", - "service_attachment_accept_list": [ - "project-foo", - "project-bar" - ] - }, - "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", - "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", - "scale": { - "capacity": 10 - } - } - }, - "DeploymentCreateResponse": { - "value": { - "id": "depl_6zYc64JKR0uxnoEcLH1gGA", - "account_id": "acc_FsFgfeDtScOjGbQJDaVNiQ", - "name": "tst-foo", - "description": "", - "cloud": "google", - "cloud_info": { - "region": "us-east1", - "network_attachment": "projects/foo/regions/us-east1/networkAttachments/foo", - "service_attachment_accept_list": [ - "project-foo", - "project-bar" - ] - }, - "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", - "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", - "status": { - "provisioning_state": { - "state": "pending", - "details": "", - "modified_at": "2025-03-31T10:05:00Z" - }, - "config_state": { - "state": "pending", - "details": "", - "modified_at": "2025-03-31T10:05:00Z" - } - }, - "scale": { - "capacity": 10 - }, - "created_at": "2025-03-31T10:05:00Z", - "modified_at": "2025-03-31T10:05:00Z" - } - }, - "DeploymentGetResponse": { - "value": { - "id": "depl_6zYc64JKR0uxnoEcLH1gGA", - "account_id": "acc_FsFgfeDtScOjGbQJDaVNiQ", - "name": "tst-foo", - "description": "", - "cloud": "google", - "cloud_info": { - "region": "us-east1", - "network_attachment": "projects/foo/regions/us-east1/networkAttachments/foo", - "service_attachment": "projects/foo/regions/us-east1/serviceAttachments/foo", - "service_attachment_accept_list": [ - "projects/project-foo/networks/vpc-foo", - "projects/project-bar/networks/vpc-bar" - ] - }, - "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", - "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", - "scale": { - "capacity": 10 - }, - "status": { - "provisioning_state": { - "state": "ready", - "details": "", - "modified_at": "2025-03-31T10:05:00Z" - }, - "config_state": { - "state": "pending", - "details": "", - "modified_at": "2025-03-31T10:05:00Z" - } - }, - "created_at": "2025-03-31T10:00:00Z", - "modified_at": "2025-03-31T10:05:00Z" - } - }, - "DeploymentUpdateRequest": { - "value": { - "name": "poc-foo", - "description": "test deployment for project foo", - "cloud_info": { - "service_attachment_accept_list": [] - }, - "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", - "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA" - } - }, - "DeploymentUpdateResponse": { - "value": { - "id": "depl_6zYc64JKR0uxnoEcLH1gGA", - "account_id": "acc_FsFgfeDtScOjGbQJDaVNiQ", - "name": "poc-foo", - "description": "test deployment for project foo", - "cloud": "google", - "cloud_info": { - "region": "us-east1", - "network_attachment": "projects/foo/regions/us-east1/networkAttachments/foo", - "service_attachment": "projects/foo/regions/us-east1/serviceAttachments/foo", - "service_attachment_accept_list": [] - }, - "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", - "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", - "scale": { - "capacity": 10 - }, - "status": { - "provisioning_state": { - "state": "ready", - "details": "", - "modified_at": "2025-03-31T10:05:00Z" - }, - "config_state": { - "state": "pending", - "details": "", - "modified_at": "2025-03-31T10:05:00Z" - } - }, - "created_at": "2025-03-31T10:00:00Z", - "modified_at": "2025-03-31T10:05:00Z" - } - }, - "DeploymentDeleteResponse": { - "value": { - "id": "depl_6zYc64JKR0uxnoEcLH1gGA", - "account_id": "acc_FsFgfeDtScOjGbQJDaVNiQ", - "name": "poc-foo", - "description": "test deployment for project foo", - "cloud": "google", - "cloud_info": { - "region": "us-east1", - "network_attachment": "projects/foo/regions/us-east1/networkAttachments/foo", - "service_attachment": "projects/foo/regions/us-east1/serviceAttachments/foo", - "service_attachment_accept_list": [ - "projects/project-foo/networks/vpc-foo", - "projects/project-bar/networks/vpc-bar" - ] - }, - "nginx_config_id": "cfg_6zYc64JKR0uxnoEcLH1gGA", - "nginx_config_version_id": "cv_vBgZUfItSPii2REcgCaiMA", - "scale": { - "capacity": 10 - }, - "status": { - "provisioning_state": { - "state": "deleting", - "details": "", - "modified_at": "2025-03-31T10:15:00Z" - }, - "config_state": { - "state": "ready", - "details": "", - "modified_at": "2025-03-31T10:05:00Z" - } - }, - "created_at": "2025-03-31T10:00:00Z", - "modified_at": "2025-03-31T10:05:00Z", - "deleted_at": "2025-03-31T10:15:00Z" - } } }, "responses": { @@ -16667,16 +11332,6 @@ } } } - }, - "Conflict": { - "description": "Requested operation cannot be performed at this time.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Error" - } - } - } } }, "securitySchemes": { @@ -16698,7 +11353,6 @@ "name": "Manage NGINX Instances", "tags": [ "Instances", - "Feature Flags", "Config Sync Groups", "Certificates", "CVEs", @@ -16719,41 +11373,11 @@ "Settings" ] }, - { - "name": "NGINX Usage API", - "tags": [ - "Usage" - ] - }, - { - "name": "Chatbot API", - "tags": [ - "Chatbot" - ] - }, - { - "name": "NGINX Plus Usage Inventory", - "tags": [ - "Inventory" - ] - }, { "name": "NGINX One App Protect", "tags": [ "NGINX App Protect" ] - }, - { - "name": "Manage NAAS deployments", - "tags": [ - "Deployments" - ] - }, - { - "name": "Load Test API", - "tags": [ - "Load Test" - ] } ] } \ No newline at end of file From 3bacef9c8e1362dfe379181381a7643ce7d20bf1 Mon Sep 17 00:00:00 2001 From: Mike Jang <3287976+mjang@users.noreply.github.com> Date: Wed, 20 Aug 2025 09:50:08 -0700 Subject: [PATCH 3/3] Aug 19 update, N1C api --- static/nginx-one/api/one.json | 76 ++++++++++------------------------- 1 file changed, 22 insertions(+), 54 deletions(-) diff --git a/static/nginx-one/api/one.json b/static/nginx-one/api/one.json index b142af24d..00154c9a0 100644 --- a/static/nginx-one/api/one.json +++ b/static/nginx-one/api/one.json @@ -5,6 +5,21 @@ "description": "The API Reference documentation for NGINX One Console", "version": "v1" }, + "servers": [ + { + "url": "https://{tenant_cname}.console.ves.volterra.io/api/nginx/one/namespaces/{namespace}", + "variables": { + "namespace": { + "description": "The application namespace used to organize and scope API resources.", + "default": "default" + }, + "tenant_cname": { + "description": "The specific DNS name used to access your tenant.", + "default": "tenant-example" + } + } + } + ], "tags": [ { "name": "Data Plane Key", @@ -63,7 +78,6 @@ ], "paths": { "/data-plane-keys": { - "servers": [], "get": { "tags": [ "Data Plane Key" @@ -245,7 +259,6 @@ } }, "/data-plane-keys/{data_plane_key_id}": { - "servers": [], "delete": { "tags": [ "Data Plane Key" @@ -425,7 +438,6 @@ } }, "/data-plane-keys/{data_plane_key_id}/revoke": { - "servers": [], "put": { "tags": [ "Data Plane Key" @@ -480,7 +492,6 @@ } }, "/certificates": { - "servers": [], "get": { "tags": [ "Certificates" @@ -611,7 +622,6 @@ } }, "/certificates/{certificateObjectID}": { - "servers": [], "delete": { "x-nginx-one-action": "delete", "x-nginx-one-entity": "NGINX certificate", @@ -811,7 +821,6 @@ } }, "/certificates/{certificateObjectID}/deployments": { - "servers": [], "get": { "tags": [ "Certificates" @@ -893,7 +902,6 @@ } }, "/certificates/parse": { - "servers": [], "post": { "x-nginx-one-action": "validate", "x-nginx-one-entity": "NGINX certificate", @@ -957,11 +965,8 @@ } } }, - "/config-report": { - "servers": [] - }, + "/config-report": {}, "/config-sync-groups": { - "servers": [], "get": { "tags": [ "Config Sync Groups" @@ -1144,7 +1149,6 @@ } }, "/config-sync-groups/{configSyncGroupObjectID}": { - "servers": [], "delete": { "x-nginx-one-action": "delete", "x-nginx-one-entity": "NGINX config sync group", @@ -1252,7 +1256,6 @@ ] }, "/config-sync-groups/{configSyncGroupObjectID}/config": { - "servers": [], "get": { "tags": [ "Config Sync Groups" @@ -1474,7 +1477,6 @@ } }, "/config-sync-groups/{configSyncGroupObjectID}/config-report": { - "servers": [], "get": { "tags": [ "Config Sync Groups" @@ -1669,7 +1671,6 @@ } }, "/config-sync-groups/{configSyncGroupObjectID}/config/{configSyncGroupConfigurationObjectID}": { - "servers": [], "get": { "tags": [ "Config Sync Groups" @@ -1730,7 +1731,6 @@ ] }, "/config-sync-groups/{configSyncGroupObjectID}/configs": { - "servers": [], "get": { "tags": [ "Config Sync Groups" @@ -1791,7 +1791,6 @@ ] }, "/config-sync-groups/{configSyncGroupObjectID}/publications": { - "servers": [], "get": { "tags": [ "Config Sync Groups" @@ -1852,7 +1851,6 @@ ] }, "/config-sync-groups/{configSyncGroupObjectID}/publications/{publicationObjectID}": { - "servers": [], "get": { "tags": [ "Config Sync Groups" @@ -1913,7 +1911,6 @@ ] }, "/control-planes": { - "servers": [], "get": { "tags": [ "Control Planes" @@ -1968,7 +1965,6 @@ } }, "/control-planes/{controlPlaneObjectID}": { - "servers": [], "delete": { "x-nginx-one-action": "delete", "x-nginx-one-entity": "Control Plane", @@ -2029,7 +2025,6 @@ ] }, "/control-planes/summary": { - "servers": [], "get": { "tags": [ "Control Planes" @@ -2058,14 +2053,13 @@ } }, "/cves": { - "servers": [], "get": { "tags": [ "CVEs" ], - "summary": "List of all CVEs affecting any instance/control plane", + "summary": "List of all CVEs affecting any instance or control plane", "operationId": "listNginxCVEs", - "description": "Returns a list of all CVEs that affect an instance/control plane under the tenant\n", + "description": "Returns a list of all CVEs that affect an instance or control plane under the tenant\n", "parameters": [ { "$ref": "#/components/parameters/Paginated" @@ -2118,7 +2112,6 @@ } }, "/cves/{nginxCVEID}": { - "servers": [], "get": { "tags": [ "CVEs" @@ -2176,7 +2169,6 @@ } }, "/cves/{nginxCVEID}/impacted_instances": { - "servers": [], "get": { "tags": [ "CVEs" @@ -2249,7 +2241,6 @@ } }, "/events": { - "servers": [], "get": { "tags": [ "Events" @@ -2312,7 +2303,6 @@ } }, "/events/{eventObjectID}": { - "servers": [], "get": { "tags": [ "Events" @@ -2370,7 +2360,6 @@ } }, "/instances": { - "servers": [], "get": { "tags": [ "Instances" @@ -2491,7 +2480,6 @@ } }, "/instances/{instanceObjectID}": { - "servers": [], "delete": { "tags": [ "Instances" @@ -2599,7 +2587,6 @@ } }, "/instances/{instanceObjectID}/config": { - "servers": [], "get": { "tags": [ "Instances" @@ -2801,7 +2788,6 @@ } }, "/instances/{instanceObjectID}/config-report": { - "servers": [], "get": { "tags": [ "Instances" @@ -2996,7 +2982,6 @@ } }, "/instances/{instanceObjectID}/configs": { - "servers": [], "get": { "tags": [ "Instances" @@ -3057,7 +3042,6 @@ ] }, "/instances/{instanceObjectID}/configs/{instanceConfigurationObjectID}": { - "servers": [], "get": { "tags": [ "Instances" @@ -3118,7 +3102,6 @@ ] }, "/instances/{instanceObjectID}/cves": { - "servers": [], "get": { "tags": [ "Instances" @@ -3179,7 +3162,6 @@ } }, "/instances/{instanceObjectID}/publications": { - "servers": [], "get": { "tags": [ "Instances" @@ -3230,7 +3212,6 @@ } }, "/instances/{instanceObjectID}/publications/{publicationObjectID}": { - "servers": [], "get": { "tags": [ "Instances" @@ -3291,7 +3272,6 @@ } }, "/instances/summary": { - "servers": [], "get": { "tags": [ "Instances" @@ -3334,7 +3314,6 @@ } }, "/staged-configs": { - "servers": [], "get": { "x-feature-flag": "staged-configs", "tags": [ @@ -3467,7 +3446,6 @@ } }, "/staged-configs/{stagedConfigObjectID}": { - "servers": [], "delete": { "x-feature-flag": "staged-configs", "x-nginx-one-action": "delete", @@ -3572,7 +3550,6 @@ ] }, "/staged-configs/{stagedConfigObjectID}/config": { - "servers": [], "get": { "tags": [ "Staged Configs" @@ -3787,7 +3764,6 @@ } }, "/staged-configs/{stagedConfigObjectID}/config-report": { - "servers": [], "get": { "tags": [ "Staged Configs" @@ -3912,7 +3888,6 @@ } }, "/monitor/metrics_query_topx": { - "servers": [], "post": { "tags": [ "Metrics" @@ -3987,7 +3962,6 @@ } }, "/settings/instance-cleanup": { - "servers": [], "get": { "tags": [ "Settings" @@ -4051,7 +4025,6 @@ } }, "/app-protect/policies": { - "servers": [], "get": { "tags": [ "NGINX App Protect" @@ -4244,7 +4217,6 @@ } }, "/app-protect/policies/{nap_policy_object_id}": { - "servers": [], "delete": { "tags": [ "NGINX App Protect" @@ -4449,7 +4421,6 @@ } }, "/app-protect/policies/{nap_policy_object_id}/deployments": { - "servers": [], "get": { "tags": [ "NGINX App Protect" @@ -4541,7 +4512,6 @@ } }, "/app-protect/policies/{nap_policy_object_id}/version": { - "servers": [], "get": { "tags": [ "NGINX App Protect" @@ -4599,7 +4569,6 @@ } }, "/app-protect/policies/{nap_policy_object_id}/versions": { - "servers": [], "get": { "tags": [ "NGINX App Protect" @@ -4691,7 +4660,6 @@ } }, "/app-protect/policies/{nap_policy_object_id}/versions/{nap_policy_version_object_id}": { - "servers": [], "delete": { "x-nginx-one-action": "delete", "x-nginx-one-entity": "NGINX App Protect Policy Version", @@ -5068,7 +5036,7 @@ "SortNameCVEs": { "name": "sort_cves", "in": "query", - "description": "Sort CVEs by the number of instances/control planes affected by that CVE.\n", + "description": "Sort CVEs by the number of instances or control planes affected by that CVE.\n", "schema": { "type": "array", "items": { @@ -9460,7 +9428,7 @@ "MetricDimension": { "type": "string", "default": "display_name", - "description": "Static list of all metric dimensions.\n * `display_name` - The display name of the NGINX instance.\n * `file_path` - Path to a desired file.\n * `parent_hostname` - The hostname of the NGINX Plus instance.\n * `instance_object_id` - Instance Object ID is the unique identifier for an Instance registered with NGINX One Console.\n * `location_zone` - The name of an HTTP location zone.\n * `mount_point` - A filesystem mount point.\n * `namespace` - The Namespace associated with the metric data.\n * `network_interface` - A server network interface.\n * `nginx_id` - The unique identifier of an nginx instance running on the data plane.\n * `server_zone` - The name of an HTTP or Stream server zone.\n * `system_id` - The unique identifier of the the operating system where nginx-agent is running.\n * `tenant` - The Tenant associated with the metric data.\n * `csg_object_id` - Config Sync Group Object ID is the unique identifier for a Config Sync Group registered with NGINX One Console.\n * `mode` - Variant value associated with metric `system.cpu.utilization`.\n * `state` - Variant value associated with metrics `system.filesystem.usage`, `system.memory.usage`.\n * `io_direction` - Variant value associated with metric `system.network.io`.\n * `status_range` - Variant value associated with metric `nginx.http.response.count`.\n * `logical_number` - Variant value associated with metrics that result in a processor number.\n * `outcome` - Variant value associated with metrics that result in an outcome .\n", + "description": "Static list of all metric dimensions:\n * `display_name` - Display name of the NGINX instance.\n * `file_path` - Path to the file.\n * `parent_hostname` - Hostname of the NGINX Plus instance.\n * `instance_object_id` - Unique ID of the instance registered with NGINX One Console.\n * `location_zone` - Name of an HTTP location zone.\n * `mount_point` - Filesystem mount point.\n * `namespace` - Namespace for the metric data.\n * `network_interface` - Server network interface.\n * `nginx_id` - Unique ID of the NGINX instance running on the data plane.\n * `server_zone` - Name of an HTTP or Stream server zone.\n * `system_id` - Unique ID of the operating system running nginx-agent.\n * `tenant` - Tenant for the metric data.\n * `csg_object_id` - Unique ID of the Config Sync Group registered with NGINX One Console.\n * `mode` - Variant value for metric `system.cpu.utilization`.\n * `state` - Variant value for metrics `system.filesystem.usage`, `system.memory.usage`.\n * `io_direction` - Variant value for metric `system.network.io`.\n * `status_range` - Variant value for metric `nginx.http.response.count`.\n * `logical_number` - Variant value for metrics that return a processor number.\n * `outcome` - Variant value for metrics that return an outcome.\n", "enum": [ "display_name", "file_path", @@ -9815,7 +9783,7 @@ }, "MetricSystemCpuUtilization": { "type": "string", - "description": "Total system CPU utilization for 'system' or 'user', percentage. A filter differentiator is needed for specific mode(s).\n\nReplacement for depreciated variant(s):\n * system.cpu.system\n * system.cpu.user\n\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter differentiator:\n * mode (applicable filter values: 'system', 'user')\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * logical_number\n", + "description": "Total system CPU use for 'system' or 'user' (percent). A filter is required to specify the mode.\n\nReplaces deprecated variants:\n * system.cpu.system\n * system.cpu.user\n\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension filter:\n * mode (valid values:: 'system', 'user')\n\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * logical_number\n", "enum": [ "system.cpu.utilization" ] @@ -9843,7 +9811,7 @@ }, "MetricNginxHttpConnectionCount": { "type": "string", - "description": "Number of connections group by outcome (such as 'ACCEPTED', 'DROPPED', 'ACTIVE', 'IDLE').\nAggregation(s) supported:\n * min\n * max\n * sum\n * avg\n * rate\n\nCatalog dimension(s) supported:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * outcome\n", + "description": "Number of connections grouped by outcome ('ACCEPTED', 'DROPPED', 'ACTIVE', 'IDLE').\nSupported aggregations:\n * min\n * max\n * sum\n * avg\n * rate\n\nSupported catalog dimensions:\n * instance_object_id\n * csg_object_id\n * system_id\n * parent_hostname\n * display_name\n * nginx_id\n * outcome\n", "enum": [ "nginx.http.connection.count" ]